LOOK2ME (url.cpvfeed.com)

#1 Hallo,

ich habe jetzt seit einem knappen monat dieses problem mit dem look2me "virus".
anfangs dachte ich mi8r gar nicht, dass irgendetwas nicht stimmt, doch jetzt habe ich erfahren, dass durch das öffnen des internet explorers mit der url : url.cpvfeed.com immer mehr spyware auf meinen pc installiert wird. IE startet immer von alleine und zeigt mir diese url an.

ich habe mit nod32, adaware schon "alles" versucht, ich finde auch immer irgendwelche befallenen dateien, doch dieses virus lässt sich nicht beseitigen.

gibt es da einen weg für einen laien, dieses virus sicher zu entfernen???

ich wäre für eine hilfe auf ewig dankbar.
grüsse.

#2 http://board.protecus.de/t23188.htm

abarbeiten und posten

#3 http://virus-protect.org/l2mfix.html

#4 alles klar,
dies ist mal das log von l2mfix:
L2MFIX find log 051206
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
"EulaAccepted"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,34,d5,8e,23,5a,41,25,4c,af,bf,74,15,84,63,b3,8e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,41,b9,fb,73,e4,87,d8,79,\
18,53,b5,2e,72,4e,22,85,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,5a,\
7a,81,44,3f,41,17,a4,44,7f,df,5e,5e,95,41,49,b0,01,00,00,b8,8a,8d,e3,59,a6,\
b5,a8,0f,ea,4a,42,42,d5,d5,4a,7f,c9,e0,f9,da,95,f2,ca,11,7a,8d,ed,39,45,d7,\
66,14,5f,72,56,69,dd,b2,a3,2c,c4,b7,34,3b,f9,8d,24,38,c3,1d,1f,3c,0c,4b,ad,\
0f,af,06,c6,b8,be,9e,f0,0c,54,78,8d,54,31,8d,6d,45,35,35,d5,0b,57,5c,77,fd,\
99,1a,e3,22,7d,b9,41,1c,af,a6,99,dc,30,8c,3d,7c,ed,a0,87,c5,82,23,44,7d,b9,\
9b,c5,16,28,99,a7,ce,64,b1,0d,f7,1c,11,67,e8,d5,69,f8,bd,1e,f3,8f,97,fa,35,\
95,02,59,9e,28,08,a2,86,ab,3b,ab,d5,13,b1,4f,d1,24,e1,07,c1,20,c7,96,ba,65,\
09,1d,66,73,4d,ab,22,01,b0,55,8d,ac,30,16,1b,6b,1f,f4,87,7a,4a,d0,4e,ed,c0,\
3b,43,9e,74,e7,3d,2b,72,6f,d9,6b,65,e8,f6,a4,15,d4,01,2b,fa,23,ad,6e,be,af,\
e5,18,8d,bb,73,8c,9b,8b,df,ea,7f,92,2d,3f,e7,ba,3e,e0,fa,d6,3a,f4,bc,49,75,\
24,ea,e2,a7,e3,11,f3,00,2b,36,b5,f7,52,c9,7f,95,b8,aa,cd,73,54,91,e4,b0,fc,\
bd,41,90,ec,17,0b,42,9f,d9,61,15,42,c3,61,cd,dc,bd,42,85,30,da,ee,11,b3,d8,\
a9,c8,c6,5b,b6,31,48,b4,db,42,37,53,5f,4e,9b,d1,89,55,a8,80,38,bc,24,dd,41,\
8f,68,42,f0,91,35,e1,fb,c1,f6,c0,db,03,b0,81,17,f8,46,3c,05,67,27,69,9e,dd,\
07,45,1e,bf,cb,0e,98,37,8e,1a,ba,5e,3e,b3,a5,3c,2b,fb,e8,ec,53,c1,3e,55,b6,\
62,20,99,b9,7a,61,bd,d9,9f,46,0b,b2,7f,f1,c8,d1,0a,5a,fa,f4,b8,50,ce,dc,a7,\
d9,91,02,02,45,08,fb,3f,b1,6a,a6,4c,0e,9d,82,ca,d2,c8,c5,4e,96,89,e8,53,cd,\
e3,27,6d,19,fa,73,f6,4c,3b,b6,06,3c,9d,9d,81,de,c8,05,4d,71,a2,84,23,79,8f,\
0d,14,00,00,00,a3,ec,47,74,cc,36,74,02,86,3c,99,9c,9d,1b,2b,ac,00,d1,c7,ca

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"sv1"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Eigenschaften f�r Multimediadatei"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM-Scannerverwaltung"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS-Sicherheit"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE-Eigenschaftenseite f�r Dokumente"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Grafikkarten"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Bildschirme"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="CPL-Erweiterung f�r Anzeigeverschiebung"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS-Sicherheit"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Kompatibilit„tsseite"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell-Datenauszughandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Erweiterung f�r Datentr„gerkopien"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shellerweiterungen f�r Microsoft Windows-Netzwerkobjekte"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM-Monitorverwaltung"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM-Druckerverwaltung"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shellerweiterungen f�r die Dateikomprimierung"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Shellerweiterung f�r Webdrucker"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Kontextmen� f�r die Verschl�sselung"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Aktenkoffer"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="Erweiterung f�r HyperTerminal-Icons"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Schriftarten"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC-Profil"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Druckersicherheit"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shellerweiterungen f�r Freigaben"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-PKO-Erweiterung"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Krypto-Sign-Erweiterung"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Netzwerkverbindungen"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Netzwerkverbindungen"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanner und Kameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanner und Kameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanner und Kameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanner und Kameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanner und Kameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shellerweiterungen f�r Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Datenverkn�pfung"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Geplante Tasks"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskleiste und Startmen�"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Suchen"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Hilfe und Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Ausf�hren..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-Mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Schriftarten"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Verwaltung"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Eigenschaftenseite f�r vorherige Versionen"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Vorherige Versionen"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Adresse"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft URL-Verlauf-Dienst"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="Verlauf"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Sucheingriff"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite-Begr�áungsbildschirm"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer-Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX-Cacheordner"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{00E7B358-F65B-4dcf-83DF-CD026B94BFD4}"="Autoplay for SlideShow"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ Dateiminiaturansicht-Extrahierungsprogramm"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Zusammenfassungs-Miniaturansichthandler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML-Extrahierungsprogramm"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Webpublishing-Assistent"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Bestellung von Abz�gen �ber das Internet"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shellobjekt des Webpublishing-Assistenten"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Passport-Assistent"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="Benutzerkonten"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channeldatei"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channelverkn�pfung"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channelhandlerobjekt"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Ordner 'Offlinedateien'"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="&Nach Personen..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Play as Playlist Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{21569614-B795-46b1-85F4-E737A8DC09AD}"="Shell Search Band"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{35786D3C-B075-49b9-88DD-029876E11C01}"="Portable Devices"
"{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}"="Portable Devices Menu"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}"="Messenger Sharing Folders"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"
"{B089FE88-FB52-11D3-BDF1-0050DA34150D}"="NOD32 Context Menu Shell Extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
cdm.dll Mon 16 Apr 2007 22:45:28 A.... 92.504 90,34 K
gdi32.dll Thu 8 Mar 2007 17:36:30 A.... 281.600 275,00 K
imon.dll Mon 4 Jun 2007 19:13:58 A.... 298.104 291,12 K
mf3216.dll Thu 8 Mar 2007 17:36:30 A.... 40.960 40,00 K
msi.dll Wed 18 Apr 2007 18:13:24 A.... 2.854.400 2,72 M
mucltui.dll Mon 16 Apr 2007 22:44:20 A.... 271.224 264,87 K
muweb.dll Mon 16 Apr 2007 22:44:18 A.... 208.248 203,37 K
user32.dll Thu 8 Mar 2007 17:36:30 A.... 579.072 565,50 K
vbzip10.dll Sat 19 May 2007 22:28:26 A.... 147.456 144,00 K
winsrv.dll Sat 17 Mar 2007 15:44:26 A.... 293.376 286,50 K
wuapi.dll Mon 16 Apr 2007 22:45:48 A.... 549.720 536,84 K
wuaueng.dll Mon 16 Apr 2007 22:45:54 A.... 1.710.936 1,63 M
wucltui.dll Mon 16 Apr 2007 22:45:42 A.... 325.976 318,34 K
wups.dll Mon 16 Apr 2007 22:47:36 A.... 33.624 32,84 K
wups2.dll Mon 16 Apr 2007 22:45:20 A.... 43.352 42,34 K
wuweb.dll Mon 16 Apr 2007 22:45:36 A.... 203.096 198,34 K
xpsp3res.dll Fri 9 Mar 2007 13:51:22 A.... 270.336 264,00 K

17 items found: 17 files, 0 directories.
Total of file sizes: 8.203.984 bytes 7,82 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Datentr„ger in Laufwerk C: ist ACER
Volumeseriennummer: 3C27-D820

Verzeichnis von C:\WINDOWS\System32

24.05.2007 07:16 <DIR> dllcache
22.06.2006 22:44 <DIR> Microsoft
0 Datei(en) 0 Bytes
2 Verzeichnis(se), 111.497.961.472 Bytes frei


dies ist der 2. log von l2mfix:

L2mfix 051206
Creating Account.
Der Befehl wurde erfolgreich ausgef�hrt.

Adding Administrative privleges.
Checking for L2MFix account(0=no 1=yes):
1
Granting SeDebugPrivilege to L2MFIX ... successful

Running From:
C:\WINDOWS\system32

Killing Processes!
Killing 'smss.exe'
\SystemRoot\System32\smss.exe (620)
Killing 'winlogon.exe'
winlogon.exe (872)
Killing 'explorer.exe'
C:\WINDOWS\Explorer.EXE (756)
Killing 'rundll32.exe'
Restoring Sedebugprivilege:
Granting SeDebugPrivilege to Administratoren ... successful

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!



Restoring Windows Update Certificates.:

The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"StartScreenSaver"="WLEventStartScreenSaver"
"StopScreenSaver"="WLEventStopScreenSaver"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"
"StartShell"="WLEventStartShell"
"PostShell"="WLEventPostShell"
"Disconnect"="WLEventDisconnect"
"Reconnect"="WLEventReconnect"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000000
"SafeMode"=dword:00000001
"MaxWait"=dword:ffffffff
"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Event"=dword:00000001
"EulaAccepted"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]
"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\
00,00,34,d5,8e,23,5a,41,25,4c,af,bf,74,15,84,63,b3,8e,04,00,00,00,04,00,00,\
00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,41,b9,fb,73,e4,87,d8,79,\
18,53,b5,2e,72,4e,22,85,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,5a,\
7a,81,44,3f,41,17,a4,44,7f,df,5e,5e,95,41,49,b0,01,00,00,b8,8a,8d,e3,59,a6,\
b5,a8,0f,ea,4a,42,42,d5,d5,4a,7f,c9,e0,f9,da,95,f2,ca,11,7a,8d,ed,39,45,d7,\
66,14,5f,72,56,69,dd,b2,a3,2c,c4,b7,34,3b,f9,8d,24,38,c3,1d,1f,3c,0c,4b,ad,\
0f,af,06,c6,b8,be,9e,f0,0c,54,78,8d,54,31,8d,6d,45,35,35,d5,0b,57,5c,77,fd,\
99,1a,e3,22,7d,b9,41,1c,af,a6,99,dc,30,8c,3d,7c,ed,a0,87,c5,82,23,44,7d,b9,\
9b,c5,16,28,99,a7,ce,64,b1,0d,f7,1c,11,67,e8,d5,69,f8,bd,1e,f3,8f,97,fa,35,\
95,02,59,9e,28,08,a2,86,ab,3b,ab,d5,13,b1,4f,d1,24,e1,07,c1,20,c7,96,ba,65,\
09,1d,66,73,4d,ab,22,01,b0,55,8d,ac,30,16,1b,6b,1f,f4,87,7a,4a,d0,4e,ed,c0,\
3b,43,9e,74,e7,3d,2b,72,6f,d9,6b,65,e8,f6,a4,15,d4,01,2b,fa,23,ad,6e,be,af,\
e5,18,8d,bb,73,8c,9b,8b,df,ea,7f,92,2d,3f,e7,ba,3e,e0,fa,d6,3a,f4,bc,49,75,\
24,ea,e2,a7,e3,11,f3,00,2b,36,b5,f7,52,c9,7f,95,b8,aa,cd,73,54,91,e4,b0,fc,\
bd,41,90,ec,17,0b,42,9f,d9,61,15,42,c3,61,cd,dc,bd,42,85,30,da,ee,11,b3,d8,\
a9,c8,c6,5b,b6,31,48,b4,db,42,37,53,5f,4e,9b,d1,89,55,a8,80,38,bc,24,dd,41,\
8f,68,42,f0,91,35,e1,fb,c1,f6,c0,db,03,b0,81,17,f8,46,3c,05,67,27,69,9e,dd,\
07,45,1e,bf,cb,0e,98,37,8e,1a,ba,5e,3e,b3,a5,3c,2b,fb,e8,ec,53,c1,3e,55,b6,\
62,20,99,b9,7a,61,bd,d9,9f,46,0b,b2,7f,f1,c8,d1,0a,5a,fa,f4,b8,50,ce,dc,a7,\
d9,91,02,02,45,08,fb,3f,b1,6a,a6,4c,0e,9d,82,ca,d2,c8,c5,4e,96,89,e8,53,cd,\
e3,27,6d,19,fa,73,f6,4c,3b,b6,06,3c,9d,9d,81,de,c8,05,4d,71,a2,84,23,79,8f,\
0d,14,00,00,00,a3,ec,47,74,cc,36,74,02,86,3c,99,9c,9d,1b,2b,ac,00,d1,c7,ca

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************

****************************************************************************
Checking for L2MFix account(0=no 1=yes):
0
Zipping up files for submission:
zip warning: name not matched: dlls\*.*

zip error: Nothing to do! (backup.zip)
adding: backregs/notibac.reg (deflated 83%)
adding: backregs/shell.reg (deflated 73%)



UND DIES ist der hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:34, on 05.06.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
E:\Eigene Programme\Antivirus\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\Acer\Acer eMode Management\AspireService.exe
C:\Programme\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Acer TV-FM\PCMService.exe
C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Eigene Programme\HP All in One Series\HP Software Update\HPWuSchd2.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
E:\Eigene Programme\Antivirus\nod32kui.exe
C:\Programme\Gemeinsame Dateien\{3C27D820-0BB0-1031-0602-06033006002b}\Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
E:\Eigene Programme\HP All in One Series\Digital Imaging\bin\hpqtra08.exe
E:\Eigene Programme\HiJackThis\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.at/0SEDEAT/SAOS01?FORM=TOOLBR
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {65B4D532-38F5-3F74-A74C-6EE34FE3AAE9} - C:\WINDOWS\system32\hrdgckzt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B30B684D-D889-895D-DF0B-8AADABE522E6} - C:\WINDOWS\system32\smqlm.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AspireService] C:\Programme\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Programme\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer TV-FM\PCMService.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programme\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [RasXp] C:\WINDOWS\system32\RasXp.exe
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [HP Software Update] "E:\Eigene Programme\HP All in One Series\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu.exe
O4 - HKLM\..\Run: [nod32kui] "E:\Eigene Programme\Antivirus\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Eigene Programme\HP All in One Series\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Schnellstart.lnk = E:\Eigene Programme\HP All in One Series\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programme\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/229?0810287c78664a469a81613313ac3cc6
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - res://C:\Programme\Windows Live Toolbar\Components\de-at\msntabres.dll.mui/230?0810287c78664a469a81613313ac3cc6
O9 - Extra button: Recherche-Assistent - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161244917312
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{34D7CD57-BB76-4468-9585-6FB8B9CF33EA}: NameServer = 195.34.133.21 195.34.133.22
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Programme\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatisches LiveUpdate - Scheduler - Unknown owner - C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer TV-FM\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer TV-FM\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Eigene Programme\Antivirus\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

#5 Lass nochmal das Combofix laufen und poste danach einen neune Antivir-Report.

#6 ok ich habe combofix laufen lassen: hier ist der report:

"Orkan" - 2007-06-05 10:46:00 Service Pack 2 NTFS
ComboFix 07-06-3 - Running from: "C:\Programme\Mozilla Firefox\"


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



-- Purity Folders:
C:\DOKUME~1\Orkan\ANWEND~1\YSTEM3~1
C:\Programme\Gemeinsame Dateien\{3C27D~1
C:\Programme\Gemeinsame Dateien\{3C27D~1\Update.exe
C:\Programme\Gemeinsame Dateien\{3C27D~2
C:\Programme\Gemeinsame Dateien\{3C27D~2\Update.exe
C:\WINDOWS\b136.exe
C:\WINDOWS\DOBE~1
C:\WINDOWS\RACLE~1
C:\WINDOWS\retadpu.exe
C:\WINDOWS\system32\CROSOF~1.NET
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\PPATCH~1
C:\WINDOWS\system32\smpi1
C:\WINDOWS\system32\smpi1\lb13.exe
C:\WINDOWS\system32\TSKS~1
C:\WINDOWS\system32\unsvchosts.exe
C:\WINDOWS\system32\wnscpisv.exe
C:\WINDOWS\wr.txt


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CLIENT_IP-IPX
-------\LEGACY_CORE
-------\core


((((((((((((((((((((((((( Files Created from 2007-05-05 to 2007-06-05 )))))))))))))))))))))))))))))))


2007-06-05 10:22 73,728 --a------ C:\WINDOWS\system32\pv.exe
2007-06-05 10:22 39,184 --a------ C:\WINDOWS\system32\Ntrights.exe
2007-06-05 10:22 175,616 --a------ C:\WINDOWS\system32\strings.exe
2007-06-05 10:22 16,384 --a------ C:\WINDOWS\system32\restart.exe
2007-06-05 10:22 126,976 --a------ C:\WINDOWS\system32\zip.exe
2007-06-05 10:22 11,254 --a------ C:\WINDOWS\system32\locate.com
2007-06-05 10:15 786,432 --ah----- C:\DOKUME~1\L2MFIX\NTUSER.DAT
2007-06-05 10:15 <DIR> dr-h----- C:\DOKUME~1\L2MFIX\Anwendungsdaten
2007-06-05 10:15 <DIR> dr------- C:\DOKUME~1\L2MFIX\Startmen�
2007-06-05 10:15 <DIR> dr------- C:\DOKUME~1\L2MFIX\Favoriten
2007-06-05 10:15 <DIR> dr------- C:\DOKUME~1\L2MFIX\Eigene Dateien
2007-06-05 10:15 <DIR> d--h----- C:\DOKUME~1\L2MFIX\Vorlagen
2007-06-05 10:15 <DIR> d--h----- C:\DOKUME~1\L2MFIX\Netzwerkumgebung
2007-06-05 10:15 <DIR> d--h----- C:\DOKUME~1\L2MFIX\Lokale Einstellungen
2007-06-05 10:15 <DIR> d--h----- C:\DOKUME~1\L2MFIX\Druckumgebung
2007-06-05 10:15 <DIR> d-------- C:\DOKUME~1\L2MFIX\ANWEND~1\Symantec
2007-06-05 07:17 <DIR> d-------- C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cyberlink
2007-06-04 21:12 <DIR> d-------- C:\DOKUME~1\Orkan\ANWEND~1\Lavasoft
2007-06-04 21:11 <DIR> d-------- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
2007-06-04 19:14 298,104 --a------ C:\WINDOWS\system32\imon.dll
2007-06-04 18:58 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2007-06-04 18:58 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2007-05-19 22:30 167 --a------ C:\WINDOWS\system32\4082.bat
2007-05-19 22:28 90,112 --a------ C:\WINDOWS\system32\st.exe
2007-05-19 22:28 32,768 --a------ C:\WINDOWS\system32\setup9x.exe
2007-05-19 22:28 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-05-19 22:28 11,057 --a------ C:\WINDOWS\system32\x.dat
2007-05-19 22:28 109,359 --a------ C:\WINDOWS\system32\app.exe
2007-05-19 22:28 0 --a------ C:\WINDOWS\system32\taskkill.exe
2007-05-19 22:28 <DIR> d-------- C:\WINDOWS\system32\SBO


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-05 08:47:44 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000012-00001102-00000004-20021102}.dat
2007-06-05 08:47:44 384 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000012-00001102-00000004-20021102}.dat
2007-06-02 21:22:58 -------- d-----w C:\Programme\Windows Live Toolbar
2007-05-26 21:04:29 384 ----a-w C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-00000012-00001102-00000004-10001102}.dat
2007-05-26 21:04:29 384 ----a-w C:\WINDOWS\system32\DVCState-{00000002-00000000-00000012-00001102-00000004-10001102}.dat
2007-05-25 14:04:50 -------- d--h--w C:\Programme\InstallShield Installation Information
2007-05-25 10:37:32 49,028 ----a-w C:\WINDOWS\system32\perfc007.dat
2007-05-25 10:37:32 318,106 ----a-w C:\WINDOWS\system32\perfh007.dat
2007-05-25 10:37:20 -------- d-----w C:\Programme\Windows NT
2007-05-20 12:27:50 1,264 ----a-w C:\DOKUME~1\Orkan\ANWEND~1\wklnhst.dat
2007-04-18 16:13:24 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:44:20 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-04-16 20:44:18 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-03-17 13:44:25 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:36:30 579,072 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:30 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:30 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:32:24 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}=c:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 02:56]
{65B4D532-38F5-3F74-A74C-6EE34FE3AAE9}=C:\WINDOWS\system32\hrdgckzt.dll []
{B30B684D-D889-895D-DF0B-8AADABE522E6}=C:\WINDOWS\system32\smqlm.dll []
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Programme\Windows Live Toolbar\msntb.dll [2007-02-12 15:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 C:\WINDOWS\RTHDCPL.exe]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 19:43 C:\WINDOWS\Alcmtr.exe]
"ntiMUI"="c:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 19:15]
"@"="" []
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 19:14]
"RemoteControl"="C:\Programme\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]
"AspireService"="C:\Programme\Acer\Acer eMode Management\AspireService.exe" [2006-06-09 12:24]
"MediaSync"="C:\Programme\Acer\Acer eConsole\MediaSync.exe" [2006-05-04 14:55]
"PCMService"="C:\Program Files\Acer TV-FM\PCMService.exe" [2006-03-29 21:50]
"CTSysVol"="C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-07-02 10:03]
"CTHelper"="CTHELPER.EXE" [2003-06-20 05:55 C:\WINDOWS\system32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 06:00 C:\WINDOWS\system32\regsvr32.exe]
"SBDrvDet"="C:\Programme\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06]
"AME_CSA"="amecsa.cpl" []
"HP Software Update"="E:\Eigene Programme\HP All in One Series\HP Software Update\HPWuSchd2.exe" [2004-09-13 15:49]
"TkBellExe"="C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" [2007-02-03 22:46]
"nod32kui"="E:\Eigene Programme\Antivirus\nod32kui.exe" [2007-06-04 19:13]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"RemoteCenter"="C:\Programme\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-06-12 09:47]
"Steam"="" []

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


Contents of the 'Scheduled Tasks' folder
2007-06-05 08:36:16 C:\WINDOWS\tasks\At1.job
2007-06-05 05:54:00 C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
2007-06-04 18:00:00 C:\WINDOWS\tasks\HPpromotions journeysoftware.job

**************************************************************************

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-05 10:49:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-06-05 10:51:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-06-05 10:51

--- E O F ---



anscheinend hat combofix irgendetwas angestellt, dass die url : url.cpwfeed.com nicht mehr erscheint!
zeitgleich hat mein antivirprogramm die datei core.sys.vir endlich als trojaner enttarnt (hat er vorher nicht gefunden!?)

vielen dank für die hilfe! (ich hoffe nicht fürs erste)
beste grüsse!

#7 LAss bitte noch CCleaner drüber laufen und dann den Antivir-Report, wenn er fertig ist...

#8 hier ist noch die CCleaner-analyse:

ANALYSE komplett - (9,185 Sek)
------------------------------------------------------------------------------------------
14,7MB zu entfernen. (Ungefähre Größe)
------------------------------------------------------------------------------------------
-----------------------------------------------------------

#9 UNd der ANtivir-Report ???

#10 du meinst sicher den report von nod32, oder?
lass ich gleich laufen.

#11 ja, den Report deines laufenden VIrenscanners halt...

#12 Time Module Object Name Thread Action User Information
05.06.2007 10:47:31 AMON file C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir Win32/Rootkit.Agent.EQ trojan quarantined - deleted Event occurred on a modified file. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:04 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\34D328\Setup.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:04 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\33DD7F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:04 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1304BF\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:04 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\182FCA\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:03 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\E4D46\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:03 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\270FFD\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:02 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\23077F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:02 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3A780F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:02 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2C9245\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:01 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1A0F73\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:01 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1E43C8\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:01 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\5B89D\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:01 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\35E416\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:00 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\245854\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:00 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\325973\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:00 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\33C8AD\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:25:00 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\30D346\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:59 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\19CEA3\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:59 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1B6AD4\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:59 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\967F6\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:58 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\207604\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:58 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\33CC7F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:58 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\6449C\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:58 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1970D5\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:57 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\266ECD\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:57 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1D4ED5\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:57 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3D7663\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:56 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\DE034\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:56 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\10B271\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:56 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3B51C\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:55 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\409AE1\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:55 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\122069\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:55 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\26620C\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:54 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1507BB\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:54 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\A9D19\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:54 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3AF73E\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:53 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\261015\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:49 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\19A16F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:49 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1DB9E2\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:49 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2780D2\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:49 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3C5DAE\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:48 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1FE89D\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:48 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1BFF11\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:48 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1CD4C1\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:48 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3EBF34\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:47 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\221236\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:47 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\301B74\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:47 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3F926B\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:47 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\83013\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:46 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\866B\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:46 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3CEAB5\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:45 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1616E5\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:45 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\41B0FB\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:45 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\31B327\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:44 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2E6B4C\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:44 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\98C70\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:44 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\14550F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:43 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\36C819\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:43 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\286C31\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:42 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2B58D2\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:42 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\8DD4F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:42 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\67E78\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:42 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\27BDDF\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:41 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2B4FE8\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:41 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\32A367\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:40 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\F097D\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:40 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\869C3\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:40 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\F4C2F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:39 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\38D782\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:39 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2FFB86\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:38 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2C43C6\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:38 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\65CF\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:37 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\135989\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:36 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\327A14\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:36 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\31134E\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:36 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2CC8BC\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:35 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1E80C5\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:35 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2CF405\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:34 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3CC3D6\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:34 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3E2465\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:33 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1A284\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:33 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\180B4D\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:31 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\18A502\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:23 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\A3DB3\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:23 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1E9DB6\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:22 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\428E7A\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:21 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3E3F02\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:21 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1478C0\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:20 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\35E602\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:20 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\39379C\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:19 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\30118D\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:19 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\29D34\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:18 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\21162E\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:18 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\64250\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:17 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\345AF2\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:17 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\3E4B0F\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:15 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\AF396\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:12 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\31CC8E\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:09 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\1B41C1\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:24:05 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\150C91\Track_03.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:16:40 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\2F029C\Track_03.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 21:16:28 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\AAWTMP\C5252593\147AD8\Video.exe Win32/VB.NJQ worm quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: E:\Eigene Programme\Ad-Aware\LavasoftAdaware\Ad-Aware SE Personal\Ad-Aware.exe. The file was moved to quarantine. You may close this window.
04.06.2007 20:47:08 AMON file C:\DOKUME~1\Orkan\LOKALE~1\Temp\UE.exe probably a variant of Win32/Adware.MediaTickets application quarantined - deleted ORKANPC\Orkan Event occurred on a new file created by the application: C:\Programme\Outerinfo\OiUninstaller.exe. The file was moved to quarantine. You may close this window.
04.06.2007 20:42:45 AMON file C:\Dokumente und Einstellungen\Orkan\stt.exe Win32/TrojanDownloader.PurityScan.NAH trojan quarantined - deleted ORKANPC\Orkan Event occurred on a file modified by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
04.06.2007 19:43:10 Kernel file C:\WINDOWS\system32\??pPatch\w?nlogon.exe a variant of Win32/Adware.PurityScan application
04.06.2007 19:43:08 Kernel file C:\Programme\Ipwindows\ipwins.dll Win32/Adware.Toolbar.888Bar application Alert was generated during the system startup file check.
04.06.2007 19:43:08 Kernel file C:\Programme\Ipwindows\ipwins.exe Win32/Adware.Toolbar.888Bar application Alert was generated during the system startup file check.
04.06.2007 19:43:07 Kernel file C:\WINDOWS\system32\svchosts.exe a variant of Win32/Adware.Toolbar.888Bar application
04.06.2007 19:43:05 Kernel file c:\windows\system32\smqlm.dll probably a variant of Win32/Adware.PurityScan application
04.06.2007 19:42:59 Kernel file c:\windows\system32\svchosts.exe a variant of Win32/Adware.Toolbar.888Bar application
04.06.2007 19:19:21 AMON file C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\dllhost.exe Win32/VB.NJQ worm deleted ORKANPC\Orkan Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
04.06.2007 19:18:40 Kernel file C:\WINDOWS\system32\??pPatch\w?nlogon.exe a variant of Win32/Adware.PurityScan application
04.06.2007 19:18:38 Kernel file C:\DOKUME~1\Orkan\EIGENE~1\STEM~1\userinit.exe a variant of Win32/TrojanDownloader.PurityScan trojan
04.06.2007 19:18:30 AMON file C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\dllhost.exe Win32/VB.NJQ worm ORKANPC\Orkan Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.
04.06.2007 19:18:29 Kernel file c:\windows\system32\??ppatch\w?nlogon.exe a variant of Win32/Adware.PurityScan application
04.06.2007 19:18:27 Kernel file c:\dokume~1\orkan\eigene~1\stem~1\userinit.exe a variant of Win32/TrojanDownloader.PurityScan trojan
04.06.2007 19:18:26 Kernel file C:\WINDOWS\system32\p2pnetworking.exe Win32/VB.NJQ worm Alert was generated during the system startup file check.
04.06.2007 19:18:17 AMON file C:\WINDOWS\system32\p2pnetworking.exe Win32/VB.NJQ worm ORKANPC\Orkan Event occurred at an attempt to access the file by the application: C:\WINDOWS\Explorer.EXE.

#13 gott, ein bisschen unübersichtlich. Hast du kein Antivir laufn ?

#14 ich weiss nicht was du meinst, dass is doch ein antivir log, oder nciht?

Time Module Object Name Thread Action User Information
05.06.2007 10:47:31 AMON file C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\core.sys.vir Win32/Rootkit.Agent.EQ trojan quarantined - deleted Event occurred on a modified file. The file was moved to quarantine. You may close this window.

#15 ja, ok. Ist in Ordnung. Ich bruach aber ein ganz neues. Jetzt starten und dann posten