![]() |
|
Log-Analyse und Auswertung: Mein LogfileWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Mein Logfile Hallo Leutz. Ich hoffe ihr könnt mir helfen. Mein I-explorer funktioniert nimma. Wollt gestern neue updates saugen und dann hats einfach nicht mehr funktioniert. hier mein Startup-log Code:
ATTFilter StartupList report, 27.09.2004, 22:32:52 StartupList version: 1.52.2 Started from : C:\DOKUME~1\Robert\LOKALE~1\Temp\Rar$EX00.907\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe C:\Programme\Norton Internet Security\NISUM.EXE C:\Programme\Norton Internet Security\ccPxySvc.exe C:\Programme\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Programme\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programme\Analog Devices\SoundMAX\SMTray.exe C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe C:\Programme\Logitech\iTouch\iTouch.exe C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\QuickTime\qttask.exe C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe C:\Programme\Common files\updater\wupdater.exe C:\WINDOWS\System32\SahAgent.exe C:\Programme\Gemeinsame Dateien\GMT\GMT.exe C:\Programme\ZMatrix\matrix.exe C:\WINDOWS\system32\ntvdm.exe C:\T-ONLINE\BSW4\ToDuCAlC.EXE C:\Programme\ICQLite\ICQLite.exe G:\Tools\Teamspeak\TeamSpeak.exe C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE C:\Programme\WinRAR\WinRAR.exe C:\DOKUME~1\Robert\LOKALE~1\Temp\Rar$EX00.907\HijackThis.exe C:\Programme\Messenger\msmsgs.exe C:\WINDOWS\system32\NOTEPAD.EXE -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Dokumente und Einstellungen\Robert\Startmenü\Programme\Autostart] ZMatrix.lnk = C:\Programme\ZMatrix\matrix.exe Shell folders Common Startup: [C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart] GStartup.lnk = C:\Programme\Gemeinsame Dateien\GMT\GMT.exe Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup nwiz = nwiz.exe /install NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit SoundMan = SOUNDMAN.EXE Smapp = C:\Programme\Analog Devices\SoundMAX\SMTray.exe NeroCheck = C:\WINDOWS\System32\\NeroCheck.exe ccApp = "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe" ccRegVfy = "C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe" zBrowser Launcher = C:\Programme\Logitech\iTouch\iTouch.exe SunJavaUpdateSched = C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe QuickTime Task = "C:\Programme\QuickTime\qttask.exe" -atboottime CMESys = "C:\Programme\Gemeinsame Dateien\CMEII\CMESys.exe" EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE updater = C:\Programme\Common files\updater\wupdater.exe SAHAgent = C:\WINDOWS\System32\SahAgent.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = C:\Programme\ICQLite\ICQLite.exe -trayboot -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= G:\LOL\ICONS95.EXE Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NavErrRedir Class - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL - {5D60FF48-95BE-4956-B4C6-6BB168A70310} NAV Helper - C:\Programme\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton AntiVirus - Meinen Computer prüfen.job Symantec NetDetect.job -------------------------------------------------- Enumerating Download Program Files: [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/downlo...22/wmv9VCM.CAB [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://v5.windowsupdate.microsoft.co...?1095956636015 [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.co...206.7052314815 -------------------------------------------------- Enumerating Winsock LSP files: Protocol #16: xfire_lsp_8742.dll (file MISSING) Protocol #17: xfire_lsp_8742.dll (file MISSING) Protocol #18: xfire_lsp_8742.dll (file MISSING) Protocol #19: xfire_lsp_8742.dll (file MISSING) Protocol #20: xfire_lsp_8742.dll (file MISSING) Protocol #36: xfire_lsp_8742.dll (file MISSING) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\Programme\Xfire\23.exe||C:\Programme\Xfire\xfire_conure_9028.dll|||r -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 8.304 bytes Report generated in 0,047 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only |
Themen zu Mein Logfile |
acroiehelper.dll, adobe, antivirus, appinit_dlls, bho, computer, dll, einstellungen, file missing, helper, hijack, internet, internet explorer, internet security, logfile, monitor, nvcpl.dll, programme, registry, registry key, registry value, rundll, saver, screensaver, security, software, symantec, system, t-online, teamspeak, temp, updates, ups, userinit.exe, windows, windows xp, wininit.ini |