Seite 1 von 2 12 LetzteLetzte
Ergebnis 1 bis 10 von 11

Thema: Brauche Hilfe beim Hijackthis Logfile

  1. 03.06.2005, 10:34 #1
    Unregistriert
    Gast

    Brauche Hilfe beim Hijackthis Logfile

    Hallo,
    ich würde mich über Hilfe bei der Auswertung freuen.
    Schon mal Danke!

    Code:
    Logfile of HijackThis v1.99.1
Scan saved at 11:24:07, on 03.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Brenn Progs\Nero\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\sony\vaio power management\SPMgr.exe
C:\Programme\sony\isb utility\ISBMgr.exe
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
D:\Programme\Audio\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Apoint\Apntex.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Programme\Internet Explorer\iexplore.exe
D:\Programme\System\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\System\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\sony\isb utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Audio\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4474/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programme\Grafik\Adobe\Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\Brenn Progs\Nero\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
  2. 03.06.2005, 10:46 #2
    Speedy
    Speedy ist offline
    Moderator (global) Team-Mitglied Avatar von Speedy
    Registriert seit
    07.08.2004
    Ort
    Linz
    Beiträge
    23.541

    AW: Brauche Hilfe beim Hijackthis Logfile

    hi, du hast sehr viele einträge von sony auf deinem system, die in unserer datenbank fehlen.

    kannst du mit escan dein system überprüfen ?

    1) download das programm von Microworld
    2) entpacke die datei mwav.exe oder mwav.zip in den ordner c:\bases
    sollte das zip-programm dies nicht in einem schritt zulassen, so muss der ordner c:\bases manuell genau so angelegt werden.
    3) nun wird der windows-explorer geöffnet und mit einem doppelklick auf die datei kavupd.exe
    wird das update gestartet. auf meinem system (windowsxpsp2) wird sofort ein ordner C:\Download erstellt, der nach dem update
    ca. 110 datein und ca. 5 MB groß ist, ein weiterer ordner c:\Bases_X wurde ebefalls erstellt, inhalt 105 datein und ebefalls 5 MB groß
    im ordner c:\bases sind 133 datein mit ca. 7,4 MB
    4) wechsle in den abgesicherten modus von windows
    5) öffne nun wieder den explorer, gehe zum ordner c:\bases und starte die datei mwavscan.com, schließe den explorer.
    6) überprüfe die einstellungen, unter scan option-->memory, startup folders, registry, system folders und services (auswahl) und scan all files sollte aktiviert sein, dann den button *SCAN* drücken.

    7) wenn der scan beendet ist (dauert ca. 1 Stunde), wechselst du zurück in den normalen modus.
    8) nun öffnest du mit dem editor, die mwav.txt oder mwav.log und wählst unter bearbeiten -> suchen, hier gibst du infected ein



    jene zeile in der infected steht, markieren, und hier einfügen, weitersuchen usw.
    und ganz unten steht die zusammenfassung, diese auch hier posten
    Wed Oct 06 03:19:24 2004 => Total Number of Files Scanned: 54651
    Wed Oct 06 03:19:24 2004 => Total Number of Virus(es) Found: 0
    Wed Oct 06 03:19:24 2004 => Total Number of Disinfected Files: 0
    Wed Oct 06 03:19:24 2004 => Total Number of Files Renamed: 0
    Wed Oct 06 03:19:24 2004 => Total Number of Deleted Files: 0
    Wed Oct 06 03:19:24 2004 => Total Number of Errors: 0
    Wed Oct 06 03:19:24 2004 => Time Elapsed: 01:13:32
    Wed Oct 06 03:19:24 2004 => Virus Database Date: 2004/10/05
    Wed Oct 06 03:19:24 2004 => Virus Database Count: 105164

    Wed Oct 06 03:19:24 2004 => Scan Completed.
    und dann die unbekannten einträge (hier das logfile überprüfen lassen) HijackThis Automatische Logfileauswertung, mit dem link zu diesem beitrag hier eintragen und hochladen ? HijackThis unbekannte prozesse

    thx
    lg
    www.Speedyweb.at.tf
    Die Durchführung meiner Tipps erfolgt auf eigene Verantwortung!
    HijackThis (Downloads und Anleitungen z.B. was ist fixen usw.)
    HijackThis-Chat oder willst du hier mitmachen Stellenausschreibung
    hilfestellung zur systembereinigung nur über das öffentliche forum und keinesfalls über privatnachrichten oder email !!
  3. 03.06.2005, 11:17 #3
    Arne
    Arne ist offline
    Einsteiger
    Registriert seit
    03.06.2005
    Beiträge
    6

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo!
    Danke für die schnelle antwort.
    Ich mach das jetzt sofort so wie beschrieben.
    Falls Angaben zum System helfen poste ich diese eben.
    Es handelt sich um ein Notebook.
    Ein Sony Vaio VGN-A197XP
    Pentium M 1,8GHz
    1 GB RAM
    ATI Mobility Radeon 9700 64MB VRAM
    WIN XP Pro mit SP2
    +++
    Neben der Auswertung des Hijack Files sei vlt noch angemerkt das mein System in letzter Zeit langsamer meiner Meinung nach ist. Liegt das vlt an den vielen laufenden Prozessen?? manchmal bis zu 60....
    Z.B. dauert das öffnen von fotos zb mit der windows foto vorschau extrem lange (30 sek) früher ging das schneller....
    vlt. sind ja prozesse oder dienste dabei die unnötig sind?!
    Ich würde mich über Hilfe freuen!
    Schon einmal Danke!
    Mfg, Arne
  4. 03.06.2005, 11:25 #4
    Arne
    Arne ist offline
    Einsteiger
    Registriert seit
    03.06.2005
    Beiträge
    6

    AW: Brauche Hilfe beim Hijackthis Logfile

    Bei mir liegen die dateien alle im Temp Ordner nachdem ich mwav.exe ausgeführt habe...was soll ich nun tun?
    Habe lose im Temp Ordner viele Dateien nun und einen Ordner Bases_X auch dort.

    nach ausführen vom kavup habe ich einen ordner auf c mit downloads und einen bases_x ordner aber kein bases ordner.
    ist das so ok?

    die datei mwavscan.com liegt im ordner
    C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp
    Geändert von Arne (03.06.2005 um 11:29 Uhr)
  5. 03.06.2005, 15:16 #5
    Arne
    Arne ist offline
    Einsteiger
    Registriert seit
    03.06.2005
    Beiträge
    6

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo!
    Hier poste ich nun die zeilen mit infected.
    ein problem hate ich allerding nach fast 3 std hatte er beide platten durch und fing dann wieder bei c:/ an....genau die gleichen ordner zu durchsuchen.
    nach einiger zeit hab ich dann abgebrochen. woran kann das liegen??
    +++
    Code:
    C:\DOKUME~1\Admin\LOKALE~1\TEMPOR~1\Content.IE5\E5KBI1WB\infected6xz[1].gif
Einstellungen\Temporary Internet Files\Content.IE5\E5KBI1WB\infected6xz[1].gif
Fri Jun 03 13:16:18 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01AC0D6F.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01C33356.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01D05B48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01DA593D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DB80838.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DC5302A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DD82C14.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DF37BF7.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E034DE5.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E2471C2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E416BA1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E581188.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E620F7D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:19 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E8F5B4B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EA35735.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EBA7D1C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EC47B11.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0ECA4F0A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EF146DF.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D31CDF.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D970D8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:20 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37DD1AD4.cla infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3D296849.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\40DA6FF2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433973CC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433C1DC8.zip
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433C1DC8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\467B53BE.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\467B53BE.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46AC4988.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46AC4988.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46BD1B76.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46BD1B76.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46C7196C.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46C7196C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46D76B5A.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46D76B5A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46E73D48.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46E73D48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46F13B3D.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46F13B3D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46FB3932.tmp
Fri Jun 03 13:16:21 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46FB3932.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:21 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\470B0B20.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\470B0B20.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47150915.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47150915.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\471F070B.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\471F070B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47280500.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47280500.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\473C00EA.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\473C00EA.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\474354E3.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\474354E3.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475D24C6.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475D24C6.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\476A4CB8.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\476A4CB8.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58AF7321.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58AF7321.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58E068EB.tmp
Fri Jun 03 13:16:22 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58E068EB.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:22 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58EA66E1.tmp
Fri Jun 03 13:16:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58EA66E1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 13:16:23 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58F70ED2.tmp
Fri Jun 03 13:16:23 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58F70ED2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:11:26 2005 => Scanning File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\E5KBI1WB\infected6xz[1].gif
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01AC0D6F.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01C33356.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01C33356.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01D05B48.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01D05B48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01DA593D.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01DA593D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DB80838.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DB80838.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DC5302A.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DC5302A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DD82C14.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DD82C14.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DF37BF7.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DF37BF7.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E034DE5.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E034DE5.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E2471C2.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E2471C2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E416BA1.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E416BA1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E581188.tmp
Fri Jun 03 15:42:02 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E581188.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:02 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E620F7D.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E620F7D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E8F5B4B.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E8F5B4B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EA35735.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EA35735.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EBA7D1C.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EBA7D1C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EC47B11.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EC47B11.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0ECA4F0A.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0ECA4F0A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EF146DF.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EF146DF.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\34345F6A.exe
Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D31CDF.zip
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D31CDF.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D970D8.zip
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D970D8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37DD1AD4.cla
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37DD1AD4.cla infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3D296849.tmp
Fri Jun 03 15:42:03 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3D296849.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:03 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\40DA6FF2.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\40DA6FF2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433973CC.zip
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433973CC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433C1DC8.zip
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433C1DC8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\467B53BE.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\467B53BE.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46AC4988.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46AC4988.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46BD1B76.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46BD1B76.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46C7196C.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46C7196C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46D76B5A.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46D76B5A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46E73D48.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46E73D48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46F13B3D.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46F13B3D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46FB3932.tmp
Fri Jun 03 15:42:04 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46FB3932.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:04 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\470B0B20.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\470B0B20.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47150915.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47150915.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\471F070B.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\471F070B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47280500.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47280500.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\473C00EA.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\473C00EA.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\474354E3.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\474354E3.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475D24C6.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475D24C6.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\476A4CB8.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\476A4CB8.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58AF7321.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58AF7321.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58E068EB.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58E068EB.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58EA66E1.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58EA66E1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 15:42:05 2005 => Scanning File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58F70ED2.tmp
Fri Jun 03 15:42:05 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58F70ED2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.



Fri Jun 03 15:58:47 2005 => Total Objects Scanned: 178266
Fri Jun 03 15:58:47 2005 => Total Virus(es) Found: 94
Fri Jun 03 15:58:47 2005 => Total Disinfected Files: 0
Fri Jun 03 15:58:47 2005 => Total Files Renamed: 0
Fri Jun 03 15:58:47 2005 => Total Deleted Objects: 0
Fri Jun 03 15:58:47 2005 => Total Errors: 201
Fri Jun 03 15:58:47 2005 => Time Elapsed: 03:19:16
 
Fri Jun 03 15:58:47 2005 => ***** Scanning complete. *****
Fri Jun 03 15:58:47 2005 => Virus Database Date: 2005/05/29
Fri Jun 03 15:58:47 2005 => Virus Database Count: 132253
 
Fri Jun 03 15:58:47 2005 => Scan Completed.
 
Fri Jun 03 15:59:29 2005 => Virus Database Date: 2005/05/29
Fri Jun 03 15:59:29 2005 => Virus Database Count: 132253
Fri Jun 03 15:59:33 2005 => AV Library Unloaded (3)...
  6. 03.06.2005, 18:19 #6
    Ruby
    Ruby ist offline
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.041

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo Arne,

    fang nochmal an, mit einer anderen Anleitung und einem anderen Scan, um die Sache zu vereinfachen. Deinen Temp-Ordner leeren wir dann. Lies bitte genau, dass du dies Mal den richtigen Ordner selbst erstellst, bevor du den Scan runterlädst. Halte dich an diese Anleitung, der Scan ist nicht derselbe wie vorher!

    Bitte die Systemwiederherstellung im Wechsel aktivieren, deaktivieren, dazwischen jedes mal neu booten. Nimm dir Zeit dafür, das System ist nicht so schnell. 5-10 Minuten zwischen den einzelnen Durchgängen. Zum Schluss muss die Systemwiederherstellung deaktiviert, also ausgestellt sein.

    Vergewissere dich, dass du auf deinem Rechner alles siehst: In den Ordneroptionen das Häkchen entfernen bei "geschützte Systemdateien ausblenden" und etwas weiter unten wählt man bei "Versteckte Ordner und Verzeichnisse" den Punkt "Alle Dateien und Ordner anzeigen".

    Führe einen mwavscan durch

    1) Lege einen Ordner c:\bases an (Einführung in Windows)
    2) Download der mwav.exe
    3) Entpacke die Datei (mit einem Zip-Programm SIMPLYZIP) !!! Die Datei mwav.exe MUSS in diesen Ordner c:\bases entpackt werden. wenn der Pfad nicht genau so angegeben wird, funktioniert der scanner/updater nicht!
    4) Doppelklick auf die Datei kavupd.exe, damit wird der update gestartet.
    5) Wechsle in den abgesicherten Modus von Windows
    6) Öffne den Explorer, navigiere zum Ordner c:\bases, starte mwavscan.com, schließe den Explorer.
    7) Überprüfe die Einstellungen, unter scan option-->memory, startup folders, registry, system folders und services sowie drive (auswahl) und scan all files sollten aktiviert sein, dann den Button *SCAN/CLEAN* drücken. Angehakt werden soll alles, was auf dieser Abbildung zu sehen ist:


    8) Wenn der Scan beendet ist (dauert ca. 1 Stunde), wechselst du zurück in den normalen Modus.
    9) Nun öffnest du mit einem Editor die mwav.log und wählst unter bearbeiten -> suchen, hier gibst du "tagged as" ein


    -> jede Zeile in der "tagged as" bzw. "infected" steht, markieren, und hier einfügen, weitersuchen usw.

    (Beispiel: file C:\WINDOWS\sssasasb32.exe infected by "Trojan-Downloader.Win32.Agent.ig" Virus. Action: Action Taken)

    Ganz unten steht die Zusammenfassung, diese auch hier posten :

    =>Total Number of Files Scanned:
    =>Total Number of Virus(es) Found:
    =>Total Number of Disinfected Files:
    =>Total Number of Files Renamed:
    =>Total Number of Deleted Files:
    =>Total Number of Errors:
    ***** Scanning complete. *****

    Poste das Ergebnis des Scan und ein neues HJT-Logfile.
  7. 04.06.2005, 03:48 #7
    Arne
    Arne ist offline
    Einsteiger
    Registriert seit
    03.06.2005
    Beiträge
    6

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo!
    Wie beschrieben habe ich den scan gemacht.
    Hier die Zeilen mit tagged as bzw infected und die zusammenfassung:

    Code:
    Fri Jun 03 21:26:29 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
Fri Jun 03 22:45:58 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

Fri Jun 03 21:29:09 2005 => Scanning File C:\DOKUME~1\Admin\LOKALE~1\TEMPOR~1\Content.IE5\KPMF0D6J\infected6xz[1].gif
Fri Jun 03 21:31:01 2005 => Scanning File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KPMF0D6J\infected6xz[1].gif
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01AC0D6F.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01C33356.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01D05B48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\01DA593D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DB80838.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DC5302A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DD82C14.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:24 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0DF37BF7.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E034DE5.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E2471C2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E416BA1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E620F7D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0E8F5B4B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EA35735.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EBA7D1C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EC47B11.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0ECA4F0A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:25 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\0EF146DF.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D31CDF.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37D970D8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\37DD1AD4.cla infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\3D296849.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\40DA6FF2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433973CC.zip infected by "Trojan.Java.ClassLoader.c" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\433C1DC8.zip infected by "Exploit.Java.ByteVerify" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\467B53BE.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46AC4988.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46BD1B76.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46C7196C.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:26 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46D76B5A.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46E73D48.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46F13B3D.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\46FB3932.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\470B0B20.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47150915.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\471F070B.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\47280500.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\473C00EA.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:27 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\474354E3.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\475D24C6.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\476A4CB8.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58AF7321.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58E068EB.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58EA66E1.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.
Fri Jun 03 22:00:28 2005 => File C:\Programme\Norton Internet Security\Norton AntiVirus\Quarantine\58F70ED2.tmp infected by "Email-Worm.Win32.Sober.p" Virus! Action Taken: No Action Taken.

Fri Jun 03 23:53:18 2005 => ***** Scanning complete. *****
 
Fri Jun 03 23:53:18 2005 => Total Objects Scanned: 138640
Fri Jun 03 23:53:18 2005 => Total Virus(es) Found: 49
Fri Jun 03 23:53:18 2005 => Total Disinfected Files: 0
Fri Jun 03 23:53:18 2005 => Total Files Renamed: 0
Fri Jun 03 23:53:18 2005 => Total Deleted Objects: 0
Fri Jun 03 23:53:18 2005 => Total Errors: 200
Fri Jun 03 23:53:18 2005 => Time Elapsed: 02:29:01
Fri Jun 03 23:53:18 2005 => Virus Database Date: 2005/05/29
Fri Jun 03 23:53:19 2005 => Virus Database Count: 132253
 
Fri Jun 03 23:53:19 2005 => Scan Completed.
 
Sat Jun 04 04:25:00 2005 => Virus Database Date: 2005/05/29
Sat Jun 04 04:25:00 2005 => Virus Database Count: 132253
Sat Jun 04 04:25:03 2005 => AV Library Unloaded (3)...
    Hier ein neues HJT-Logfile:

    Code:
    Logfile of HijackThis v1.99.1
Scan saved at 04:46:57, on 04.06.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programme\Brenn Progs\Nero\InCD\InCDsrv.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
C:\Programme\Norton Internet Security\ISSVC.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Apoint\Apoint.exe
C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Programme\Sony\HotKey Utility\HKserv.exe
C:\Programme\sony\vaio power management\SPMgr.exe
C:\Programme\sony\isb utility\ISBMgr.exe
C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe
C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
D:\Programme\Audio\Winamp\winampa.exe
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Apoint\Apntex.exe
C:\Programme\Sony\HotKey Utility\HKWnd.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\system32\notepad.exe
D:\Programme\System\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\System\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programme\Gemeinsame Dateien\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Grafik\Adobe\Acrobat 6.0 Professional\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Programme\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programme\sony\vaio power management\SPMgr.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programme\sony\isb utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Programme\drag'n drop cd+dvd\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [ccApp] "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programme\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [WinampAgent] D:\Programme\Audio\Winamp\winampa.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4474/mcfscan.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programme\Grafik\Adobe\Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programme\Brenn Progs\Nero\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programme\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programme\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\GEMEIN~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Programme\sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Unknown owner - C:\Programme\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP (file missing)
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Programme\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Unknown owner - C:\Programme\sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server (file missing)
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    Mfg, Arne
    Und danke für die Hilfe!
  8. 04.06.2005, 04:02 #8
    Ruby
    Ruby ist offline
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.041

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo Arne,

    schreib bitte nicht, dass du "wie oben beschrieben" den Scan gemacht hast, wenn du den eScan von einem anderen Download-Mirror gewählt hast. Es ist nicht der gleiche Scan. Die von mir verlinkte Version löscht Viren. Deine Version zeichnet sie auf.
  9. 04.06.2005, 08:00 #9
    Arne
    Arne ist offline
    Einsteiger
    Registriert seit
    03.06.2005
    Beiträge
    6

    AW: Brauche Hilfe beim Hijackthis Logfile

    Ach...ja hab ich gerade auch gemerktich hab ne neuere version von dem programm benutzt....da war auch nur der scan knopf und nicht scan und clean...
    kann man denn aus dem aufgezeichneten nichts ablesen?
    und nun was löschen?
    meiner meinung nach sind nen groß teil der sachen nur e mail anhänge die norton internet security geblockt hat und dann "in einen ordner wegpackt" weil es die sachen ja nicht entfernt falls doch was wichtiges dabei ist sondern sie nur isoliert oder??
    wäre um hilfe nun dankbar wie ich weiter vorgehen soll...
    und was ist mit meinem hijack logfile...sind die ganzen prozesse nötig die da laufen??
    und wie entferne ich das andere scan programm wieder? einfach die ordner bases, bases_x und download manuel löschen?
    Gruß, Arne

    +++
    Edit:
    So nun habe ich über Norton Internet Security die ganzen archivierten Dateien aus dem Quarantine Ordner gelöscht.
    Bleibt noch:
    ++
    Fri Jun 03 21:26:29 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    Fri Jun 03 22:45:58 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

    Fri Jun 03 21:29:09 2005 => Scanning File C:\DOKUME~1\Admin\LOKALE~1\TEMPOR~1\Content.IE5\KP MF0D6J\infected6xz[1].gif
    Fri Jun 03 21:31:01 2005 => Scanning File C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\KPMF0D6J\infected6xz[1].gif
    ++
    Temporary Internetfiles manuel gelöscht und den Temp Ordner und Cookies auch. Was ist mit der "ml-cleanup.exe" dort oben steht sie zwei mal?
    Was muss ich noch machen??
    Danke!
    Gruß, Arne
    Geändert von Arne (04.06.2005 um 08:20 Uhr)
  10. 04.06.2005, 08:44 #10
    Ruby
    Ruby ist offline
    Supermod a.D. Avatar von Ruby
    Registriert seit
    25.01.2005
    Ort
    The Netherlands
    Beiträge
    20.041

    AW: Brauche Hilfe beim Hijackthis Logfile

    Hallo Arne,

    mit diesen beiden Einträgen braucht nichts zu geschehen.

    Fri Jun 03 21:26:29 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
    Fri Jun 03 22:45:58 2005 => File C:\WINDOWS\ml-cleanup.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

    Ich möchte aber noch diese Dateien überprüfen lassen:

    C:\Programme\sony\isb utility\ISBMgr.exe
    C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe

    bei Virustotal and Jotti

    Teile uns alle Ergebnisse mittels copy&paste mit.
Seite 1 von 2 12 LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Brauche Hilfe bei der Logfile
    Von rainman im Forum Archiv
    Antworten: 6
    Letzter Beitrag: 09.05.2005, 04:34
  2. Logfile Brauche Hilfe !!!
    Von Unregistriert im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 31.03.2005, 21:40
  3. Logfile Auswertung: Brauche Hilfe!
    Von Unregistriert im Forum Archiv
    Antworten: 2
    Letzter Beitrag: 09.03.2005, 21:50
  4. Hilfe! Spyware? habe HiJackThis Logfile!
    Von saufich im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 24.02.2005, 20:03
  5. Dummi bittet um Hilfe
    Von 47jopi im Forum Archiv
    Antworten: 1
    Letzter Beitrag: 06.02.2005, 16:32

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln