![]() |
|
Log-Analyse und Auswertung: Kann einen Eintrag nicht fixen!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() Kann einen Eintrag nicht fixen! Hallo Ihr Guten! Habe ein Logfile erstellt und gemerkt das ich folgenden Eintrag darin habe: O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp. Den kann ich aber nicht fixen. Es wäre wirklich Klasse wenn mir einer weiterhelfen könnte! Hier zur Sicherheit der ganze Log. Wie gesagt eigentlich müßte er soweit OK sein. Danke für jeden der sich die Mühe macht zu helfen. Weiter so! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:35:18, on 07.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe e:\Program Files\Sandboxie\SbieSvc.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe e:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe C:\Windows\system32\Dwm.exe E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe C:\Windows\Explorer.EXE E:\Program Files\OO Software\CleverCache\ooccctrl.exe E:\Program Files\Process Lasso\ProcessLasso.exe E:\Program Files\Process Lasso\ProcessGovernor.exe E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe E:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe E:\Program Files\Unlocker\UnlockerAssistant.exe E:\Program Files\ThreatFire\TFTray.exe E:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe E:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe E:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe E:\Program Files\LOADSTREET\Perfect Tools für Vista\RAMTuner.exe E:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe E:\Program Files\SlySoft\AnyDVD\AnyDVD.exe E:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe E:\Program Files\Translate Client\translateclient.exe E:\Program Files\Browser-Anonymisierer\BrowserMaulkorb.exe E:\Program Files\MOette\ExtClipbrd\ExtClip.exe C:\Windows\system32\svchost.exe e:\Program Files\Hotspot Shield\bin\openvpnas.exe e:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe e:\Program Files\Hotspot Shield\bin\hsswd.exe E:\Program Files\OO Software\CleverCache\ooccag.exe C:\Users\Uwe Plesotzky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PNotes.exe e:\Program Files\ThreatFire\TFService.exe E:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe e:\Program Files\LOADSTREET\WinSpeedUp 3\CleanRAMService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe e:\Program Files\Hotspot Shield\bin\HssTrayService.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe C:\Program Files\Opera 11.00 beta\opera.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe E:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Windows\System32\svchost.exe C:\Users\Name\Desktop\HiJackThis204.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp. O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - e:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ievkbd.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - e:\Program Files\Hotspot Shield\HssIE\HssIE.dll O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\Program Files\Copernic Agent\CopernicAgentExt.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - e:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll O3 - Toolbar: Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - e:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll O4 - HKLM\..\Run: [ooccctrl.exe] E:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray O4 - HKLM\..\Run: [ProcessLassoManagementConsole] e:\Program Files\Process Lasso\processlasso.exe O4 - HKLM\..\Run: [ProcessGovernor] e:\Program Files\Process Lasso\processgovernor.exe O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe" O4 - HKLM\..\Run: [vspdfprsrv.exe] E:\Program Files\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [ThreatFire] e:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [SSS2009 HotKeys] "e:\Program Files\Steganos Privacy Suite 11\SteganosHotKeyService.exe" O4 - HKLM\..\Run: [SSS2009 File Redirection Starter] "e:\Program Files\Steganos Privacy Suite 11\fredirstarter.exe" O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe" O4 - HKCU\..\Run: [AshSnap] e:\Program Files\Ashampoo\Ashampoo Snap 3\ashsnap.exe O4 - HKCU\..\Run: [RAM Tuner] "E:\Program Files\LOADSTREET\Perfect Tools für Vista\RAMTuner.exe" /start O4 - HKCU\..\Run: [SSS2009 Browser Monitor] "e:\Program Files\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Browser-Anonymisierer.lnk = E:\Program Files\Browser-Anonymisierer\BrowserMaulkorb.exe O4 - Startup: data O4 - Startup: Extended Clipboard.lnk = E:\Program Files\MOette\ExtClipbrd\ExtClip.exe O4 - Startup: notes.ini O4 - Startup: PNotes.exe O4 - Global Startup: Ashampoo Magical Defrag.lnk = E:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragCtrl.exe O4 - Global Startup: Translate Client.lnk = E:\Program Files\Translate Client\translateclient.exe O8 - Extra context menu item: &Download by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\ie_banner_deny.htm O8 - Extra context menu item: Suchen mit Copernic Agent - E:\Program Files\Copernic Agent\Web\SearchExt.htm O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll O9 - Extra button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - e:\Program Files\Steganos Privacy Suite 11\SPMIEToolbar.dll O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\Copernic Agent\COPERN~1.EXE O9 - Extra 'Tools' menuitem: Starten von Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\Copernic Agent\COPERN~1.EXE O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\Copernic Agent\COPERN~1.EXE O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\klwtbbho.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - AppInit_DLLs: C:\PROGRA~2\AVP9\mzvkbd3.dll,C:\PROGRA~2\AVP9\kloehk.dll O23 - Service: Ashampoo Defrag Service (AshampooDefragService) - - e:\Program Files\Ashampoo\Ashampoo Magical Defrag\bin\aDefragService.exe O23 - Service: Kaspersky Security Suite CBE 10 (AVP) - Kaspersky Lab - E:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 10\avp.exe O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - e:\Program Files\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - e:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - e:\Program Files\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - e:\Program Files\Hotspot Shield\bin\hsswd.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - E:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - e:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - E:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: ThreatFire - PC Tools - e:\Program Files\ThreatFire\TFService.exe O23 - Service: VMLiteService - VMLite, Inc. - E:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe O23 - Service: WinLube memory clean up scheduler (WLCleanRAM) - Script Soft eK - e:\Program Files\LOADSTREET\WinSpeedUp 3\CleanRAMService.exe -- End of file - 13235 bytes |
Themen zu Kann einen Eintrag nicht fixen! |
bho, desktop, downloader, expert pdf, explorer, hijack, hijackthis, hotspot, hotspot shield, internet, internet explorer, kaspersky, locker, logfile, microsoft, nvidia, opera, pdf, plug-in, realtek, safer networking, security, sicherheit, software, start menu, starten, suche, system, tastatur, vista, windows, wmp |