Trojaner-Board - gator und co

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - gator und co (https://www.trojaner-board.de/14134-gator-co.html)

bitte helft mir, die Viren zu entfernen!!

herzlichen dank

escan:

Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL
Sat Feb 19 16:05:08 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\GCONTR~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll
Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll
Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll
Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll
Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL
Sat Feb 19 16:05:08 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GIOCLC~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL
Sat Feb 19 16:05:08 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\GSTORE~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll
Sat Feb 19 16:05:08 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gdwldeng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll
Sat Feb 19 16:05:08 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gmtproxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:08 2005 => Scanning File c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll
Sat Feb 19 16:05:09 2005 => File c:\PROGRA~1\GEMEIN~1\cmeii\gappmgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:09 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll
Sat Feb 19 16:05:09 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:14 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:14 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL
Sat Feb 19 16:05:15 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGNSEN~1.DLL infected by "not-a-virus:AdWare.Gator.5017" Virus.

Sat Feb 19 16:05:15 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL
Sat Feb 19 16:05:15 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGIEPR~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:15 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL
Sat Feb 19 16:05:15 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGGCEN~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:15 2005 => Scanning File C:\WINDOWS\System32\oledlg.dll
Sat Feb 19 16:05:15 2005 => Scanning File C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll
Sat Feb 19 16:05:15 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:18 2005 => File C:\PROGRA~1\GEMEIN~1\GMT\EGIEEN~1.DLL infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 16:05:30 2005 => File C:\PROGRA~1\GEMEIN~1\CMEII\CMESys.exe infected by "not-a-virus:AdWare.Gator.6034" Virus.

Sat Feb 19 17:25:42 2005 => File C:\Programme\AVPersonal\INFECTED\MESSAGE.SCR.VIR infected by "Email-Worm.Win32.NetSky.q" Virus.

Sat Feb 19 17:25:42 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.001
Sat Feb 19 17:25:42 2005 => File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.001 infected by "Worm.Win32.Lovesan.a" Virus.

Sat Feb 19 17:25:42 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.002
Sat Feb 19 17:25:42 2005 => File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.002 infected by "Worm.Win32.Lovesan.a" Virus.

Sat Feb 19 17:25:42 2005 => Scanning File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.VIR
Sat Feb 19 17:25:43 2005 => File C:\Programme\AVPersonal\INFECTED\MSLAUGH.EXE.VIR infected by "Worm.Win32.Lovesan.a" Virus.

Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\CMEIIAPI.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GAppMgr.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GatorSupportInfo.txt
Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GController.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GDwldEng.dll infected by "not-a-virus:AdWare.Gator.3124" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIocl.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GIoclClient.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll
Sat Feb 19 17:27:21 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GMTProxy.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:21 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll
Sat Feb 19 17:27:22 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GObjs.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:22 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll
Sat Feb 19 17:27:22 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStore.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:22 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll
Sat Feb 19 17:27:22 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\GStoreServer.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:22 2005 => Scanning File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll
Sat Feb 19 17:27:22 2005 => File C:\Programme\Gemeinsame Dateien\CMEII\Gtools.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:22 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGGCEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:22 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll
Sat Feb 19 17:27:23 2005 => File C:\Programme\Gemeinsame Dateien\GMT\egIEEngine.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:23 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll
Sat Feb 19 17:27:23 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGIEProcess.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:23 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll
Sat Feb 19 17:27:23 2005 => File C:\Programme\Gemeinsame Dateien\GMT\EGNSEngine.dll infected by "not-a-virus:AdWare.Gator.5017" Virus.

Sat Feb 19 17:27:23 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorRes.dll infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:23 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe
Sat Feb 19 17:27:24 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GatorStubSetup.exe infected by "not-a-virus:AdWare.Gator.6034" Virus.

Sat Feb 19 17:27:24 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
Sat Feb 19 17:27:24 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe infected by "not-a-virus:AdWare.Gator.6041" Virus.

Sat Feb 19 17:27:24 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\GMT.exe.manifest
Sat Feb 19 17:27:24 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil
Sat Feb 19 17:27:24 2005 => File C:\Programme\Gemeinsame Dateien\GMT\gtrawbm.fil infected by "not-a-virus:AdWare.Gator.a" Virus.

Sat Feb 19 17:27:24 2005 => Scanning File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe
Sat Feb 19 17:27:24 2005 => File C:\Programme\Gemeinsame Dateien\GMT\GUninstaller.exe infected by "not-a-virus:AdWare.Gator.6041" Virus.

Logfile of HijackThis v1.99.1
Scan saved at 19:50:51, on 19.02.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\programme\MATLAB6p1\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\nutsrv4.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\ACTNSTA.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programme\Real\RealPlayer\RealPlay.exe
C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe
C:\Programme\AVPersonal\AVSched32.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programme\ICQLite\ICQLite.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Hardcopy\hardcopy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Dokumente und Einstellungen\Lokale Einstellungen\Temp\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ACTNSTA.EXE] ACTNSTA.EXE START
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [system] C:\WINDOWS\System32\hlp16.exe
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\RATIONAL\RATION~1\NUTCROOT\bin\ncoeenv.exe
O4 - HKLM\..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [AVSCHED32] C:\Programme\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [system] C:\WINDOWS\System32\hlp16.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Programme\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programme\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Programme\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tbh.fh-konstanz.de
O17 - HKLM\Software\..\Telephony: DomainName
O17 - HKLM\System\CS1\Services\Tcpip\Parameters:O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: FLEXlm License Manager - Unknown owner - C:\Programme\Rational\common\lmgrd.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\programme\MATLAB6p1\webserver\bin\win32\matlabserver.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\System32\nutsrv4.exe
O23 - Service: RT Service 3S KM (RTService) - 3S-Smart Software Solutions GmbH - C:\Programme\3S Software\CoDeSys SP RTE\RTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

AFAIK kannst Du Gator einfach über Systemsteuerung deinstallieren.

Siehe auch http://www.free-web-browsers.com/remove-gator.shtml und http://www.pchell.com/support/gator.shtml

Außerdem solltest Du das Programm deinstallieren, was Dir Gator eingebrockt hat. Z.B. der DiVX-Player bringt sowas mit.

Evtl. solltest Du Dein HJT-Log editieren, wenn Du nicht möchtest, dass Dein Real-Name hier im Forum auftaucht. ;)

Gruß :daumenhoc
Yopie

*realname schnell rauseditiert*

ich hab bei systemsteuerung --> software nachgeschaut und da kein programm in dem gator oder claria drin vorkommt gefunden :(

gibts vielleicht noch eine ander möglichkeit gator zu entfernen? das angegebene programm findet zwar die gator dateien, doch ich möchte nicht unbedingt so viel geld zum entfernen bezahlen...

danke schon mal für die infos!

Hallo enca,

lösche diese Ordner manuell:
C:\PROGRA~1\GEMEIN~1\CMEII
C:\PROGRA~1\GEMEIN~1\GMT

Danach scannst du mit Ad-Aware und Spybot S&D dein System im abgesicherten Modus.

Diese Einträge noch fixen:
O4 - HKLM\..\Run: [CMESys] "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe"
O4 - HKCU\..\Run: [system] C:\WINDOWS\System32\hlp16.exe
O4 - Global Startup: GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

Danach dies ausführen:
- dein System updaten http://v5.windowsupdate.microsoft.co...r/default.aspx
- IE sicherer konfigurieren und nur noch für das Windows Update benutzen http://www.datenschutzzentrum.de/sel...sie/config.htm
- Sichere und komfortablere Browser wie z.B. Mozilla oder Firefox verwenden http://www.mozilla.org
- neues Log-File von HiJackThis posten