Key Generator, System Alert Popup

Key Generator, System Alert Popup

HijackTHis

O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Key Generator\isaddon.dll

O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programme\Key Generator\isaddon.dll

O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Key Generator\iesplugin.dll

O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Key Generator\iesplugin.dll

O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Key Generator\iesplugin.dll

O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll

O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll

O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll

O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll

Avenger

Registry values to delete: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{96ebbe6a-2864-4345-b32b-26ee9be524b5} HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|hirtellous HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} registry keys to delete: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Key Generator HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418} Files to delete: C:\Dokumente und Einstellungen\%UserName%\Desktop\Key Generator.lnk C:\WINDOWS\system32\xxfgmy.dll C:\WINDOWS\system32\vcehaeb.dll C:\WINDOWS\system32\cthkpcv.dll C:\WINDOWS\system32\hjpprpu.dll C:\WINDOWS\system32\nbbrhbd.dll C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url Folders to delete: C:\Programme\Key Generator C:\Programme\Video ActiveX Object C:\Programme\AntiVermins C:\Programme\System Alert Popup C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Key Generator C:\Programme\System Alert Popup C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp

lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

scanne mit smitfrautfix - Option 1 und 2 ( lasse auch die Registry mitreinigen)

Beispiel:

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\Username\STARTM~1\Programs\Key Generator FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Username\Desktop\Key Generator.lnk FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Key Generator\ FOUND !

Download Registry Search by Bobbi Flekman Regsearch
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)

Key Generator

in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab.

# %PROGRAMFILES%\Key Generator\
# %DESKTOP%\Key Generator.lnk
# %STARTMENU%\Programs\Key Generator\
# [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Key Generator] (C:\Program Files\Key Generator\uninst.exe)
# [-HKEY_CURRENT_USER\Software\Internet Security]

C:\Programme\Key Generator\pmmon.exe
C:\Programme\Key Generator\isamini.exe
C:\Programme\Key Generator\pmsngr.exe
C:\Programme\Key Generator\isamonitor.exe