Key Generator, System Alert Popup
HijackTHis
O2 - BHO: (no name) - {1a1ddc19-5893-43ab-a73f-f41a0f34d115} - C:\Programme\Key Generator\isaddon.dll
O2 - BHO: (no name) - {67982BB7-0F95-44C5-92DC-E3AF3DC19D6D} - C:\Programme\Key Generator\isaddon.dll
O3 - Toolbar: Protection Bar - {96ebbe6a-2864-4345-b32b-26ee9be524b5} - C:\Program Files\Key Generator\iesplugin.dll
O3 - Toolbar: Protection Bar - {5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2} - C:\Program Files\Key Generator\iesplugin.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Programme\Key Generator\iesplugin.dll
O21 - SSODL: emptins - {588599f4-de26-4c28-ba14-f4eb17e33481} - C:\WINDOWS\system32\xxfgmy.dll
O21 - SSODL: flammei - {9d635a36-6b3c-4146-8625-f3aaf507bbf8} - C:\WINDOWS\system32\vcehaeb.dll
O21 - SSODL: buprestidae - {b59f3ba4-98da-4b5f-8a2d-7b56fb11140b} - C:\WINDOWS\system32\cthkpcv.dll
O21 - SSODL: hirtellous - {fa19bd7e-50bc-4203-80ac-c4edc81ca9a3} - C:\WINDOWS\system32\nbbrhbd.dll
Avenger
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{84938242-5C5B-4A55-B6B9-A1507543B418}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamonitor.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|pmsngr.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|isamini.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|wininet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run|none
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|emptins
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{588599f4-de26-4c28-ba14-f4eb17e33481}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|flammei
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{9d635a36-6b3c-4146-8625-f3aaf507bbf8}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|buprestidae
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|haematobia
HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler|{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}
HKLM\software\microsoft\windows\currentversion\shellserviceobjectdelayload|hirtellous
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler|{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}
registry keys to delete:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Key Generator
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67982BB7-0F95-44C5-92DC-E3AF3DC19D6D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96ebbe6a-2864-4345-b32b-26ee9be524b5}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a1ddc19-5893-43ab-a73f-f41a0f34d115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{588599f4-de26-4c28-ba14-f4eb17e33481}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d635a36-6b3c-4146-8625-f3aaf507bbf8}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b59f3ba4-98da-4b5f-8a2d-7b56fb11140b}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c767c6b-602d-4b9b-829d-a3dc5b2d89dd}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fa19bd7e-50bc-4203-80ac-c4edc81ca9a3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84938242-5C5B-4A55-B6B9-A1507543B418}
Files to delete:
C:\Dokumente und Einstellungen\%UserName%\Desktop\Key Generator.lnk
C:\WINDOWS\system32\xxfgmy.dll
C:\WINDOWS\system32\vcehaeb.dll
C:\WINDOWS\system32\cthkpcv.dll
C:\WINDOWS\system32\hjpprpu.dll
C:\WINDOWS\system32\nbbrhbd.dll
C:\Dokumente und Einstellungen\%Username%\Favoriten\Antivirus Test Online.url
C:\Dokumente und Einstellungen\%Username%\Favoriten\Online Security Test.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Online Security Guide.url
C:\Dokumente und Einstellungen\All Users\Startmenü\Security Troubleshooting.url
Folders to delete:
C:\Programme\Key Generator
C:\Programme\Video ActiveX Object
C:\Programme\AntiVermins
C:\Programme\System Alert Popup
C:\Dokumente und Einstellungen\%Username%\Startmenü\Programme\Key Generator
C:\Programme\System Alert Popup
C:\Dokumente und Einstellungen\%Username%\Lokale Einstellungen\Temp\~nsu.tmp
|
lösche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb
scanne mit
smitfrautfix - Option 1 und 2
( lasse auch die Registry mitreinigen)
Beispiel:
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
C:\DOCUME~1\Username\STARTM~1\Programs\Key Generator FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
C:\DOCUME~1\Username\Desktop\Key Generator.lnk FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\Key Generator\ FOUND !
Download Registry Search by Bobbi Flekman
Regsearch
und doppelklicken, um zu starten. in: "Enter search strings" (reinschreiben oder reinkopieren)
Key Generator
in edit und klicke "Ok".
Notepad wird sich öffnen -- kopiere den Text ab.
# %PROGRAMFILES%\Key Generator\
# %DESKTOP%\Key Generator.lnk
# %STARTMENU%\Programs\Key Generator\
# [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Key Generator] (C:\Program Files\Key Generator\uninst.exe)
# [-HKEY_CURRENT_USER\Software\Internet Security]
C:\Programme\Key Generator\pmmon.exe
C:\Programme\Key Generator\isamini.exe
C:\Programme\Key Generator\pmsngr.exe
C:\Programme\Key Generator\isamonitor.exe
Counter-Box.de
