backdoorprogramm bds/agent.ay dringend hilfe
10 Beiträge • Seite 1 von 1
backdoorprogramm bds/agent.ay dringend hilfe
von annibannanni am 27.07.2005, 22:25
bräuchte dringend hilfe von jemandem! kenn mich zwar mit computern aus, aber viren... hmm! wär sehr nett, wenn ihr ganz genau sagt, was ich machen soll um den virus zu entfernen. ist er eigentlich schlimm? was macht er?
hier mein logfile!
Logfile of HijackThis v1.99.1
Scan saved at 22:10:40, on 27.07.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Medionkeyboard\1.3\KbdAp32A.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Messenger\MSMSGS.EXE
C:\Programme\AOL 9.0\aoltray.exe
C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~2\Altnet\DOWNLO~1\asm.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\AOL 9.0\waol.exe
C:\Programme\AOL 9.0\shellmon.exe
C:\Programme\Gemeinsame Dateien\Aol\aoltpspd.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\PROGRA~2\Altnet\DOWNLO~1\adm4005.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\DOKUME~1\Annika\LOKALE~1\Temp\Temporäres Verzeichnis 1 für hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.t-online.de/software/ie401/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.t-online.de
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer von T-Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: woerterbuch.info Toolbar - {E0283B34-6037-49EE-B7CA-E61E83E9206D} - C:\Programme\woerterbuch.info\woerte_12000_tb.dll (file missing)
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Programme\RXToolBar\RXToolBar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series (Kopie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P41 "EPSON Stylus Photo RX420 Series (Kopie 1)" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [FLMK08KB] C:\Programme\Medionkeyboard\1.3\MMKEYBD.EXE
O4 - HKLM\..\Run: [AOLDialer] C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\system32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Tray-Symbol.lnk = C:\Programme\AOL 9.0\aoltray.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programme\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O8 - Extra context menu item: &woerterbuch.info Toolbar - Übersetzung - - res://C:\Programme\woerterbuch.info\woerte_12000_tb.dll/GoSEAR.dll.htm
O8 - Extra context menu item: &woerterbuch.info Toolbar - Synonym - - res://C:\Programme\woerterbuch.info\woerte_12000_tb.dll/Go2Sear.dll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.t-online.de
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7843666468
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF676A4B-EDCC-4E4B-8593-67D1147AF4EB}: NameServer = 205.188.146.145
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
- annibannanni
- Beiträge: 9
- Registriert: 27.07.2005, 22:15
- Wohnort: Berlin
von Holy Marcell am 27.07.2005, 22:35
Übel immer diese p2ps LESEN: http://www.spywareinfo.com/articles/p2p/
======================================
P2P- networking deinstallieren!
======================================
HJT Starten ==> Scannen ==> Folgendes antippen ==> Button "Fix Checked":
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Programme\RXToolBar\RXToolBar.dl
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
===============================================
{nenenenennenenene Kein bock mehr heute abend}
===============================================
Du machst noch den escan:
http://nikita.eddys-domain.de/escan.html
Log posten
==============================================
Onlinescans machen (Mehrere) und mit der killbox alles löschen was die finden:
http://nikita.eddys-domain.de/onlinescans.html
http://nikita.eddys-domain.de/Killbox.html
{Schluss aus ende *shisha anmach*}
======================================
P2P- networking deinstallieren!
======================================
HJT Starten ==> Scannen ==> Folgendes antippen ==> Button "Fix Checked":
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\Programme\INSTAFINK\instafink.dll
O3 - Toolbar: RX Toolbar - {25D8BACF-3DE2-4B48-AE22-D659B8D835B0} - C:\Programme\RXToolBar\RXToolBar.dl
O4 - HKLM\..\Run: [AltnetPointsManager] C:\Program Files\Altnet\Points Manager\Points Manager.exe -s
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O8 - Extra context menu item: &Search - http://ky.bar.need2find.com/KY/menusearch.html?p=KY
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
===============================================
{nenenenennenenene Kein bock mehr heute abend}
===============================================
Du machst noch den escan:
http://nikita.eddys-domain.de/escan.html
Log posten
==============================================
Onlinescans machen (Mehrere) und mit der killbox alles löschen was die finden:
http://nikita.eddys-domain.de/onlinescans.html
http://nikita.eddys-domain.de/Killbox.html
{Schluss aus ende *shisha anmach*}
- Holy Marcell
von Holy Marcell am 27.07.2005, 22:36
ach vergessen:
Holy Marcell hat geschrieben:nee aber egal erstmal folgendes:
======================
[windows-taste]+[Pause]
Häkchen rein ==> neustart ==> Häkchen raus ==> neustart
- Holy Marcell
von annibannanni am 28.07.2005, 19:31
bei hijack this erscheinen nich mehr die dateien aus dem c: ordner... verstehst? weiß nich so richtig, wie ich das erklären soll, aufjedenfall kann ich folgendes nicht fixen
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
weil es garnicht erscheint!
was kann ich tun?
den escan werd ich jetz bald durchführen. morgen wahrscheinlich, weil ich da zeit hab... dauert sehr lang, ne? schick ihn dann! dnake für deine hilfe! a
C:\WINDOWS\system32\P2P Networking\P2P Networking.exe
C:\Program Files\Altnet\Points Manager\Points Manager.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
weil es garnicht erscheint!
was kann ich tun?
den escan werd ich jetz bald durchführen. morgen wahrscheinlich, weil ich da zeit hab... dauert sehr lang, ne? schick ihn dann! dnake für deine hilfe! a
- annibannanni
- Beiträge: 9
- Registriert: 27.07.2005, 22:15
- Wohnort: Berlin
von Holy Marcell am 28.07.2005, 19:39
Wenn du gut bist eine halbe stunde.
Wenn die dateien nicht mehr im log auftauchen umso besser.
ESCAN machen!!
Wenn die dateien nicht mehr im log auftauchen umso besser.
ESCAN machen!!
- Holy Marcell
von annibannanni am 29.07.2005, 00:42
hier die escan ergebnisse
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Thu Jul 28 19:58:31 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken.
2: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
3: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken.
4: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({3f4d4f88-0198-4921-b630-957f3eb814e0})! Action taken: No Action Taken.
5: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
6: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({9bbcf06c-dcd7-495d-80df-cdd5399d0ff8})! Action taken: No Action Taken.
7: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({e813099d-5529-47f4-9b37-4afafcb00a43})! Action taken: No Action Taken.
8: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb})! Action taken: No Action Taken.
9: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware (adm4.adm4)! Action taken: No Action Taken.
10: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken.
11: Thu Jul 28 19:58:36 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
12: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
13: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
14: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
15: Thu Jul 28 19:59:41 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
16: Thu Jul 28 20:07:14 2005 => Scanning File C:\DOKUME~1\Annika\LOKALE~1\TEMPOR~1\Content.IE5\61F0DKF2\infected6xz[1].gif [**]
17: Thu Jul 28 20:30:50 2005 => Scanning File C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temporary Internet Files\Content.IE5\61F0DKF2\infected6xz[1].gif [**]
18: Thu Jul 28 20:53:23 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
19: Thu Jul 28 20:53:23 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR
20: Thu Jul 28 20:53:23 2005 => File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
21: Thu Jul 28 23:49:13 2005 => C:\Programme\INSTAFINK\InstaFinderK_inst.exe possibly infected and removed by background antivirus package!
22: Thu Jul 28 23:49:13 2005 => File C:\Programme\INSTAFINK\InstaFinderK_inst.exe infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
23: Fri Jul 29 00:21:01 2005 => C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe possibly infected and removed by background antivirus package!
24: Fri Jul 29 00:21:01 2005 => File C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Thu Jul 28 20:03:56 2005 => File C:\DOKUME~1\Annika\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
2: Thu Jul 28 20:27:35 2005 => File C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
3: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
4: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
5: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm4005.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
6: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
7: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
8: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
9: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\altnetuninstall.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
10: Thu Jul 28 20:42:30 2005 => File C:\Program Files\Altnet\Download Manager\asm.exe tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
11: Thu Jul 28 20:42:31 2005 => File C:\Program Files\Altnet\Download Manager\asmps.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
12: Thu Jul 28 20:42:34 2005 => File C:\Program Files\Altnet\Points Manager\Points Manager.exe tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
13: Thu Jul 28 20:42:35 2005 => File C:\Program Files\Altnet\Points Manager\sysdetect.dll tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
14: Thu Jul 28 20:53:23 2005 => File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
15: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
16: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe tagged as "not-a-virus:AdWare.Gator.6034". Action Taken: No Action Taken.
17: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
18: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
19: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll tagged as "not-a-virus:AdWare.Gator.3124". Action Taken: No Action Taken.
20: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
21: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
22: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
23: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
24: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
25: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
26: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
27: Thu Jul 28 20:57:57 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
28: Thu Jul 28 20:57:57 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
29: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll tagged as "not-a-virus:AdWare.Gator.5017". Action Taken: No Action Taken.
30: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
31: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe tagged as "not-a-virus:AdWare.Gator.6034". Action Taken: No Action Taken.
32: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
33: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
34: Thu Jul 28 23:54:08 2005 => File C:\Programme\Kazaa\TopSearch.dll tagged as "not-a-virus:AdWare.Altnet.d". Action Taken: No Action Taken.
35: Thu Jul 28 23:56:07 2005 => File C:\Programme\Need2Find\bar\1.bin\N2PLUGIN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
36: Thu Jul 28 23:56:07 2005 => File C:\Programme\Need2Find\bar\1.bin\NPND2FN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
37: Thu Jul 28 23:57:45 2005 => File C:\Programme\RXToolBar\RXToolBar.dll tagged as "not-a-virus:AdWare.ToolBar.RXBar.b". Action Taken: No Action Taken.
38: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Adware\RXToolbar.exe tagged as "not-a-virus:AdWare.ToolBar.RXBar.b". Action Taken: No Action Taken.
39: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
40: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
41: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
42: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
43: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
44: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
45: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
46: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
47: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
48: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
49: Fri Jul 29 00:21:04 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Thu Jul 28 19:58:18 2005 => ERROR!!! Invalid Entry \??\E:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
2: Thu Jul 28 19:59:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
3: Thu Jul 28 19:59:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
4: Thu Jul 28 19:59:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
5: Thu Jul 28 19:59:57 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
6: Thu Jul 28 19:59:58 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
7: Thu Jul 28 20:00:05 2005 => Entry "HKCR\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
8: Thu Jul 28 20:00:05 2005 => Entry "HKCR\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
9: Thu Jul 28 20:00:08 2005 => Entry "HKCR\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
10: Thu Jul 28 20:00:10 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
11: Thu Jul 28 20:00:11 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
12: Thu Jul 28 20:00:18 2005 => Entry "HKCR\CLSID\{E0283B34-6037-49EE-B7CA-E61E83E9206D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
13: Thu Jul 28 20:00:20 2005 => Entry "HKCR\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95E38D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
14: Thu Jul 28 20:00:20 2005 => Entry "HKCR\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95F38D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
15: Thu Jul 28 20:00:24 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
16: Thu Jul 28 20:00:24 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
17: Thu Jul 28 20:00:27 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
18: Thu Jul 28 20:00:27 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
19: Thu Jul 28 20:00:29 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
20: Thu Jul 28 20:00:29 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
21: Thu Jul 28 20:00:31 2005 => Entry "HKCR\instafink.INSTAFINK" refers to invalid object "{4E7BD74F-2B8D-469E-90F0-F66AB581A933}". Action Taken: No Action Taken.
22: Thu Jul 28 20:00:36 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
23: Thu Jul 28 20:00:36 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
24: Thu Jul 28 20:00:37 2005 => Entry "HKCR\ROXIO.CD.Project" refers to invalid object "{AC62F6B2-9EB0-4A3C-BFC2-75946685FCFB}". Action Taken: No Action Taken.
25: Thu Jul 28 20:00:38 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
26: Thu Jul 28 20:00:38 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
27: Thu Jul 28 20:00:39 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
28: Thu Jul 28 20:00:40 2005 => Entry "HKCR\System.ISScopeAdm" refers to invalid object "{A757E26B-AECC-4D70-AC32-2B8FC9392838}". Action Taken: No Action Taken.
29: Thu Jul 28 20:00:42 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
30: Thu Jul 28 20:00:42 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
31: Thu Jul 28 23:49:13 2005 => Result: ERROR!!! File C:\Programme\INSTAFINK\InstaFinderK_inst.exe: Scanning Failure!!!
32: Fri Jul 29 00:02:40 2005 => Result: ERROR!!! File C:\System Volume Information\_restore{8955D563-09BE-41D4-B12A-B7BC509EB07C}\RP1\A0000064.exe: Scanning Failure!!!
33: Fri Jul 29 00:02:40 2005 => ERROR!!! ScanFile fails for C:\System Volume Information\_restore{8955D563-09BE-41D4-B12A-B7BC509EB07C}\RP1\A0000064.exe
34: Fri Jul 29 00:21:01 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe: Scanning Failure!!!
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\Programme\INSTAFINK\InstaFinderK_inst.exe => BkCln.Unknown
2: C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe => BkCln.Unknown
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Fri Jul 29 00:21:19 2005 => Total Objects Scanned: 148403
Fri Jul 29 00:21:19 2005 => Total Virus(es) Found: 70
Fri Jul 29 00:21:19 2005 => Total Errors: 35
Fri Jul 29 00:21:19 2005 => Virus Database Date: 2005/07/28
Fri Jul 29 00:21:19 2005 => Virus Database Count: 140424
ok, hoffe ich hab alles richtig gemacht???? :-/
geh jetz schlafen! sagst du mir, was ich als nächstes amchen soll? will die scheiße weg haben! gute nacht
--------------------------------------------------
-------------------- INFECTED --------------------
--------------------------------------------------
1: Thu Jul 28 19:58:31 2005 => System found infected with Gator Spyware/Adware ({21FFB6C0-0DA1-11D5-A9D5-00500413153C})! Action taken: No Action Taken.
2: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({014da6c9-189f-421a-88cd-07cfe51cff10})! Action taken: No Action Taken.
3: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({3646C2BD-3554-49CA-8125-44DEEFB881DE})! Action taken: No Action Taken.
4: Thu Jul 28 19:58:34 2005 => System found infected with MyBar Spyware/Adware ({3f4d4f88-0198-4921-b630-957f3eb814e0})! Action taken: No Action Taken.
5: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({8b0fef15-54dc-49f5-8377-8172de975f75})! Action taken: No Action Taken.
6: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({9bbcf06c-dcd7-495d-80df-cdd5399d0ff8})! Action taken: No Action Taken.
7: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({e813099d-5529-47f4-9b37-4afafcb00a43})! Action taken: No Action Taken.
8: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware ({ad5bc1f0-72d8-44b3-8e3d-8e8fecce43fb})! Action taken: No Action Taken.
9: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware (adm4.adm4)! Action taken: No Action Taken.
10: Thu Jul 28 19:58:34 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.adm25)! Action taken: No Action Taken.
11: Thu Jul 28 19:58:36 2005 => System found infected with altnet Spyware/Adware (smdat32a.sys)! Action taken: No Action Taken.
12: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (altnet signing module.exe)! Action taken: No Action Taken.
13: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (adm.exe)! Action taken: No Action Taken.
14: Thu Jul 28 19:59:41 2005 => System found infected with AltnetBDE Spyware/Adware (adm25.dll)! Action taken: No Action Taken.
15: Thu Jul 28 19:59:41 2005 => System found infected with CWS.therealsearch Spyware/Adware (waol.exe)! Action taken: No Action Taken.
16: Thu Jul 28 20:07:14 2005 => Scanning File C:\DOKUME~1\Annika\LOKALE~1\TEMPOR~1\Content.IE5\61F0DKF2\infected6xz[1].gif [**]
17: Thu Jul 28 20:30:50 2005 => Scanning File C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temporary Internet Files\Content.IE5\61F0DKF2\infected6xz[1].gif [**]
18: Thu Jul 28 20:53:23 2005 => Scanning Folder: C:\Programme\AVPersonal\INFECTED\*.*
19: Thu Jul 28 20:53:23 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR
20: Thu Jul 28 20:53:23 2005 => File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
21: Thu Jul 28 23:49:13 2005 => C:\Programme\INSTAFINK\InstaFinderK_inst.exe possibly infected and removed by background antivirus package!
22: Thu Jul 28 23:49:13 2005 => File C:\Programme\INSTAFINK\InstaFinderK_inst.exe infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
23: Fri Jul 29 00:21:01 2005 => C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe possibly infected and removed by background antivirus package!
24: Fri Jul 29 00:21:01 2005 => File C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
--------------------------------------------------
--------------------- TAGGED ---------------------
--------------------------------------------------
1: Thu Jul 28 20:03:56 2005 => File C:\DOKUME~1\Annika\LOKALE~1\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
2: Thu Jul 28 20:27:35 2005 => File C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temp\asmfiles.cab tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
3: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
4: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
5: Thu Jul 28 20:42:28 2005 => File C:\Program Files\Altnet\Download Manager\adm4005.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
6: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
7: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
8: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
9: Thu Jul 28 20:42:29 2005 => File C:\Program Files\Altnet\Download Manager\altnetuninstall.exe tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
10: Thu Jul 28 20:42:30 2005 => File C:\Program Files\Altnet\Download Manager\asm.exe tagged as "not-a-virus:AdWare.Altnet.l". Action Taken: No Action Taken.
11: Thu Jul 28 20:42:31 2005 => File C:\Program Files\Altnet\Download Manager\asmps.dll tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
12: Thu Jul 28 20:42:34 2005 => File C:\Program Files\Altnet\Points Manager\Points Manager.exe tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
13: Thu Jul 28 20:42:35 2005 => File C:\Program Files\Altnet\Points Manager\sysdetect.dll tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
14: Thu Jul 28 20:53:23 2005 => File C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
15: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
16: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe tagged as "not-a-virus:AdWare.Gator.6034". Action Taken: No Action Taken.
17: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
18: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
19: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll tagged as "not-a-virus:AdWare.Gator.3124". Action Taken: No Action Taken.
20: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
21: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
22: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
23: Thu Jul 28 20:57:09 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
24: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
25: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
26: Thu Jul 28 20:57:10 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
27: Thu Jul 28 20:57:57 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
28: Thu Jul 28 20:57:57 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
29: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll tagged as "not-a-virus:AdWare.Gator.5017". Action Taken: No Action Taken.
30: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll tagged as "not-a-virus:AdWare.Gator.6041". Action Taken: No Action Taken.
31: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe tagged as "not-a-virus:AdWare.Gator.6034". Action Taken: No Action Taken.
32: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe tagged as "not-a-virus:AdWare.Gator.6051". Action Taken: No Action Taken.
33: Thu Jul 28 20:57:58 2005 => File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil tagged as "not-a-virus:AdWare.Gator.a". Action Taken: No Action Taken.
34: Thu Jul 28 23:54:08 2005 => File C:\Programme\Kazaa\TopSearch.dll tagged as "not-a-virus:AdWare.Altnet.d". Action Taken: No Action Taken.
35: Thu Jul 28 23:56:07 2005 => File C:\Programme\Need2Find\bar\1.bin\N2PLUGIN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
36: Thu Jul 28 23:56:07 2005 => File C:\Programme\Need2Find\bar\1.bin\NPND2FN.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
37: Thu Jul 28 23:57:45 2005 => File C:\Programme\RXToolBar\RXToolBar.dll tagged as "not-a-virus:AdWare.ToolBar.RXBar.b". Action Taken: No Action Taken.
38: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Adware\RXToolbar.exe tagged as "not-a-virus:AdWare.ToolBar.RXBar.b". Action Taken: No Action Taken.
39: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm.exe tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
40: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm25.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
41: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\adm4.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
42: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admdloader.dll tagged as "not-a-virus:AdWare.BrilliantDigital.3039". Action Taken: No Action Taken.
43: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admfdi.dll tagged as "not-a-virus:AdWare.Altnet.j". Action Taken: No Action Taken.
44: Fri Jul 29 00:21:02 2005 => File C:\WINDOWS\Temp\Altnet\admprog.dll tagged as "not-a-virus:AdWare.Altnet.a". Action Taken: No Action Taken.
45: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\dmfiles.cab tagged as "not-a-virus:AdWare.Altnet.g". Action Taken: No Action Taken.
46: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\mysearch.cab tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.o". Action Taken: No Action Taken.
47: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\pmexe.cab tagged as "not-a-virus:AdWare.Altnet.h". Action Taken: No Action Taken.
48: Fri Jul 29 00:21:03 2005 => File C:\WINDOWS\Temp\Altnet\pmfiles.cab tagged as "not-a-virus:AdWare.BrilliantDigital.1007". Action Taken: No Action Taken.
49: Fri Jul 29 00:21:04 2005 => File C:\WINDOWS\Temp\Altnet\Setup.exe tagged as "not-a-virus:AdWare.Altnet.b". Action Taken: No Action Taken.
--------------------------------------------------
--------------------- ERRORS ---------------------
--------------------------------------------------
1: Thu Jul 28 19:58:18 2005 => ERROR!!! Invalid Entry \??\E:\INSTALL\GMSIPCI.SYS in SYSTEM\CurrentControlSet\Services\GMSIPCI...
2: Thu Jul 28 19:59:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
3: Thu Jul 28 19:59:43 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
4: Thu Jul 28 19:59:45 2005 => Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.
5: Thu Jul 28 19:59:57 2005 => Entry "HKCR\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
6: Thu Jul 28 19:59:58 2005 => Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
7: Thu Jul 28 20:00:05 2005 => Entry "HKCR\CLSID\{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
8: Thu Jul 28 20:00:05 2005 => Entry "HKCR\CLSID\{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
9: Thu Jul 28 20:00:08 2005 => Entry "HKCR\CLSID\{630D6140-04C5-4db0-B27A-020D766FF09B}" refers to invalid object "C:\Programme\Need2Find\bar\1.bin\ND2FNBAR.DLL". Action Taken: No Action Taken.
10: Thu Jul 28 20:00:10 2005 => Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
11: Thu Jul 28 20:00:11 2005 => Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
12: Thu Jul 28 20:00:18 2005 => Entry "HKCR\CLSID\{E0283B34-6037-49EE-B7CA-E61E83E9206D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
13: Thu Jul 28 20:00:20 2005 => Entry "HKCR\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95E38D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
14: Thu Jul 28 20:00:20 2005 => Entry "HKCR\CLSID\{FC2493D6-A673-49FE-A2EE-EFE03E95F38D}" refers to invalid object "C:\Programme\woerterbuch.info\woerte_12000_tb.dll". Action Taken: No Action Taken.
15: Thu Jul 28 20:00:24 2005 => Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
16: Thu Jul 28 20:00:24 2005 => Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
17: Thu Jul 28 20:00:27 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
18: Thu Jul 28 20:00:27 2005 => Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
19: Thu Jul 28 20:00:29 2005 => Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
20: Thu Jul 28 20:00:29 2005 => Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
21: Thu Jul 28 20:00:31 2005 => Entry "HKCR\instafink.INSTAFINK" refers to invalid object "{4E7BD74F-2B8D-469E-90F0-F66AB581A933}". Action Taken: No Action Taken.
22: Thu Jul 28 20:00:36 2005 => Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
23: Thu Jul 28 20:00:36 2005 => Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
24: Thu Jul 28 20:00:37 2005 => Entry "HKCR\ROXIO.CD.Project" refers to invalid object "{AC62F6B2-9EB0-4A3C-BFC2-75946685FCFB}". Action Taken: No Action Taken.
25: Thu Jul 28 20:00:38 2005 => Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
26: Thu Jul 28 20:00:38 2005 => Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
27: Thu Jul 28 20:00:39 2005 => Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
28: Thu Jul 28 20:00:40 2005 => Entry "HKCR\System.ISScopeAdm" refers to invalid object "{A757E26B-AECC-4D70-AC32-2B8FC9392838}". Action Taken: No Action Taken.
29: Thu Jul 28 20:00:42 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
30: Thu Jul 28 20:00:42 2005 => Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
31: Thu Jul 28 23:49:13 2005 => Result: ERROR!!! File C:\Programme\INSTAFINK\InstaFinderK_inst.exe: Scanning Failure!!!
32: Fri Jul 29 00:02:40 2005 => Result: ERROR!!! File C:\System Volume Information\_restore{8955D563-09BE-41D4-B12A-B7BC509EB07C}\RP1\A0000064.exe: Scanning Failure!!!
33: Fri Jul 29 00:02:40 2005 => ERROR!!! ScanFile fails for C:\System Volume Information\_restore{8955D563-09BE-41D4-B12A-B7BC509EB07C}\RP1\A0000064.exe
34: Fri Jul 29 00:21:01 2005 => Result: ERROR!!! File C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe: Scanning Failure!!!
--------------------------------------------------
-------- DATEIEN ZUM LÖSCHEN HINZUGEFÜGT ---------
--------------------------------------------------
1: C:\Programme\INSTAFINK\InstaFinderK_inst.exe => BkCln.Unknown
2: C:\WINDOWS\Temp\Adware\InstaFinderK_inst.exe => BkCln.Unknown
--------------------------------------------------
-------------------- Statistik -------------------
--------------------------------------------------
Fri Jul 29 00:21:19 2005 => Total Objects Scanned: 148403
Fri Jul 29 00:21:19 2005 => Total Virus(es) Found: 70
Fri Jul 29 00:21:19 2005 => Total Errors: 35
Fri Jul 29 00:21:19 2005 => Virus Database Date: 2005/07/28
Fri Jul 29 00:21:19 2005 => Virus Database Count: 140424
ok, hoffe ich hab alles richtig gemacht???? :-/
geh jetz schlafen! sagst du mir, was ich als nächstes amchen soll? will die scheiße weg haben! gute nacht
- annibannanni
- Beiträge: 9
- Registriert: 27.07.2005, 22:15
- Wohnort: Berlin
von Yourhighness am 29.07.2005, 06:59
Morgen!
#Deinstalliere:
Gator
Altnet
MGT
CME
Über Systemprogramme -> Software
Dann lösche mit der Killbox löschen was davon npch übrig geblieben ist:
#Lade Dir CCleaner und Clearprog und lösche ALLE Temp Verzeichnisse
#Installiere NIE WIEDER KAZAA!!!
#Schaue hier für saubere alternativen:
http://www.spywareinfo.com/articles/p2p/
#Lade dir CWShredder und lasse es laufen
MfG,
#Deinstalliere:
Gator
Altnet
MGT
CME
Über Systemprogramme -> Software
Dann lösche mit der Killbox löschen was davon npch übrig geblieben ist:
- Code: Alles auswählen
#C:\DOKUME~1\Annika\LOKALE~1\Temp\asmfiles.cab
#C:\Dokumente und Einstellungen\Annika\Lokale Einstellungen\Temp\asmfiles.cab
#C:\Program Files\Altnet\Download Manager\adm25.dll
#C:\Program Files\Altnet\Download Manager\adm4.dll
#C:\Program Files\Altnet\Download Manager\adm4005.exe
#C:\Program Files\Altnet\Download Manager\admdloader.dll
#C:\Program Files\Altnet\Download Manager\admfdi.dll
#C:\Program Files\Altnet\Download Manager\admprog.dll
#C:\Program Files\Altnet\Download Manager\altnetuninstall.exe
#C:\Program Files\Altnet\Download Manager\asm.exe
#C:\Program Files\Altnet\Download Manager\asmps.dll
#C:\Program Files\Altnet\Points Manager\Points Manager.exe
#C:\Program Files\Altnet\Points Manager\sysdetect.dll
#C:\Programme\AVPersonal\INFECTED\QDBNDTRFO.EXE.VIR
#C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll
#C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
#C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
#C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
#C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
#C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll
#C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
#C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
#C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll
#C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
#C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
#C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
#C:\Programme\Kazaa\TopSearch.dll
#C:\Programme\Need2Find\bar\1.bin\N2PLUGIN.DLL
#C:\Programme\Need2Find\bar\1.bin\NPND2FN.DLL
#C:\Programme\RXToolBar\RXToolBar.dll
#C:\Programme\INSTAFINK\InstaFinderK_inst.exe
#Lade Dir CCleaner und Clearprog und lösche ALLE Temp Verzeichnisse
#Installiere NIE WIEDER KAZAA!!!
#Schaue hier für saubere alternativen:
http://www.spywareinfo.com/articles/p2p/
#Lade dir CWShredder und lasse es laufen
MfG,
- Yourhighness
10 Beiträge • Seite 1 von 1
Zurück zu Online- und PC-Sicherheit
Wer ist online?
Mitglieder in diesem Forum: 0 Mitglieder und 0 Gäste