Hilfe - seit 2 Wochen spiele Internet Explorer und Firefox verrückt!

Patb · 06.01.2006, 12:05

Liebe Board Member,

seit zwei Wochen versuche ich - bis jetzt vergebens - folgendes Problem zu lösen:

- meine Browser öffnen selbständig diverse Seiten (englischsprachig und deutsch)
- Zum Teil sind es nur Werbeseiten
- Oft werden aber auch Seiten geöffnet, die offiziell nach Microsoft aussehen und Meldungen wie "Attention! Security Center has detected spyware on your PC... one of processes (Win32res.exe) has just sent this information. Dann werden meine IP-Adresse etc. angezeigt und ne Angabe, dass ca. 15 MB meiner Daten schon entwendet worden sind. Diese Meldungen sehen aber immer gleich aus.
- Oft werde ich auch auf eine Seite verlinkt, auf der mir WinAntiVirus Pro 2006, Win AntiSpyware 2006 und WinFixer 2006 als Lösung für mein Problem angeboten werden.

- Gleichzeitig werden über Flasch (oder Java) schön gestaltete Werbeobjekte geöffnet, die auch auf irgendwelche Seiten mit Angeboten von A-Z linken

- Spybot und Adware habe ich unzählige Male durchlaufen lassen. Spybot hat Double Click, Mediaplex und Winfixer gefunden und behoben.
- MacAffee hat Exploit-CodeBase.gen, Exploit-ANIfile, Exploit-Byteverify und Adware-Look2Me gefunden und behoben.
- Auch habe ich mit online Scannern alle Laufwerke durchsucht und nichts gefunden. Panda hat nicht funktioniert.

- Ein weiteres Symptom ist, dass mein run.dll beim herunterfahren immer blockiert. Das habe ich vorher nie gehabt, da ich das system erst vor einem Monat aufgesetzt habe

Und - sobald ich mich wieder mit dem Netzwerk verbinden (bin hinter einem Router) geht der ganze Spass wieder aufs Neue los.

Kann mir irgend jemand bitte helfen?

Habe mein System jetzt im abgesicherten Modul mit escan und HiJack this gescannt anbei die 2 Logs:

1. Log von Escan

Object "cws.loadadv.400 Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "searchexe Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\***\LOKALE~1\Temp\enableirsocketutil.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HYDRAVISION" refers to invalid object "C:\Programme\ATI Technologies\ATI HYDRAVISION\HYDRAVISION". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\PCI_FR_40" refers to invalid object "C:\Programme\PC Inspector File Recovery\PCI_FR_40". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ch/mirror/knoppix/DVD/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".E". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sle". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ToolbarICQToolbar.ICQToolbarObjectIEToolbar". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WebNexus". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{27F03709-B91F-4EF9-9C19-18F6CCF5FAE1}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{48691011-BF12-407D-9A7E-8772485CDAA2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{508749FF-27A9-473A-8A2C-B800CD8BF8E0}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{536F7C74-844B-4683-B0C5-EA39E19A6FE3}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{607EC8AE-B5AD-4240-A267-E8BA50AA16A4}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{82B5B5C9-A363-45A2-A2FA-65448C2B1751}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000702}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000703}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-0000-7EC8-7489-000000000704}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B1916B99-23C0-49FE-A473-95425695655A}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B2C2AEA4-F1FE-4709-A64F-083D6ED09396}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{B6F867E8-F092-4C5E-7D72-AC7057DBEF45}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{C6F1E87D-F3E1-4874-97EC-F87DAB6D6878}". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0254F2B0-7116-40FC-8551-A2ED8C0C5872}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{038E9840-12DD-40E8-82BE-DA826423886E}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0BB66938-FC89-4658-A365-7CD7F60E87E7}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0CA55C77-CC60-408B-94C6-EC772FD104A9}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1CA68D9F-3A22-4EE6-8DD3-9F4BA554625A}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FAE3754-F46B-45DA-B4CF-9EBF92E950EA}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1FE7C365-F6A9-4AD2-A075-D61F9AD59236}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{20351880-1EF9-4879-A646-9FAF6D9FC87D}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{23AF82A5-E704-4EBC-BFE8-DF33EA467512}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2AFC1A12-65EC-433A-BF9B-7AD381F1EF10}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2D0DE198-0296-4A84-AC3B-0DB11C7F62F2}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3A5AC3A7-CC29-47F8-A0FF-AB82F3D2D9F5}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3C4E3B8D-98C8-4701-92D6-64702D6A9EEF}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{70A4E5E9-D350-4AF0-8298-98E8BB30ADB7}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7FE5F35D-99A1-4DD4-80C3-BFBC71DAF24B}" refers to invalid object "C:\WINDOWS\system32\wonmm.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8D2E6C05-A032-4B23-8287-C3ACF30703B0}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\***\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9E0B8886-3014-4617-91AA-DF4B8D50E77C}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A7371B3E-46D1-48B0-890D-CC9E7E531EDD}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9141FB9-7A4F-4047-94A2-0A0B1DEF5EBB}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9F238AC-FAFB-4393-A45C-7DD80BE20137}" refers to invalid object "C:\WINDOWS\system32\wiw32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B29DEB73-0511-4372-95E2-0EB539D929C9}" refers to invalid object "C:\PROGRA~1\ICQLite\ICQLIT~2.EXE". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B50EB9E2-FC6D-4E25-9492-B5D77F373EE2}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B7800816-BCE4-4228-BD55-2E7A2B0B230A}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F708D841-35FE-4AD6-A313-A7F5F1037A8A}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FBA89159-6A08-4004-B269-D34588429A88}" refers to invalid object "C:\Programme\Microsoft AntiSpyware\gcasDtServ.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{9869EFA6-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOKUME~1\***\LOKALE~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E9CB7286-E720-4605-A81A-C20F9B7DB17C}" refers to invalid object "C:\DOKUME~1\***\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{F286359C-8AFA-4A92-AC21-2C5A6893C855}" refers to invalid object "C:\DOKUME~1\***\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\Context.test" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\Context.test.1" refers to invalid object "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\msbackupfile\shell\open\command" refers to invalid object "%SystemRoot%\system32\ntbackup.exe". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File D:\Eigene Dateien\Export für CD Brenner\DVB - FreeTV for Cable TV and Premiere Decoder + Crack.zip infected by "Backdoor.Win32.Katien.a" Virus! Action Taken: No Action Taken.

2. Poste das Log von HijackThis in einem Folge-Thread

Patb · 06.01.2006, 12:06

2. Log von HiJackthis

Logfile of HijackThis v1.99.1
Scan saved at 22:03:24, on 05.01.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
c:\programme\mcafee.com\agent\mcagent.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.web.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.web.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w*w.web.de
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://w*w.google.ch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.web.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://w*w.web.de
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://w*w.web.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programme\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CU2] C:\Programme\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [CU1] C:\Programme\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [SSS6_SPM] "C:\Programme\Steganos Security Suite 6\spm.exe" /booting
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Google Search - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programme\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://w*w.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,96/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1127506895717
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127507079326
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://w*w.bitdefender.de/scan/Msie/bitdefender.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/de/1,0,0,23/mcgdmgr.cab
O16 - DPF: {DF6504AC-3EFE-4287-B259-FB299B069C95} (WEBDE Fotoalbum Upload Control) - https://img.web.de/v/mail/activex/fa_os_mms/upload_1132.cab
O18 - Protocol: bw+0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {9B4993F7-343F-4243-BFA8-D366832CE86C} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ThemeManager - C:\WINDOWS\system32\en0sl1d71.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programme\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\programme\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\pavprsrv.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programme\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Steganos Live Encryption Engine (Version 401) [Service] (SLEE_401_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE401.exe (file missing)
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - C:\WINDOWS\system32\SLEE503.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Haui45 · 16.01.2006, 20:38

Hallo,

führe davon die erste Option aus und poste das Log (bitte Schriftfarbe schwarz wählen

). Ansonsten noch nichts machen.
Poste außerdem die eScan-Ergebnisse, wie hier beschrieben (Fußnote [5])

Doktor M@buse · 27.01.2007, 23:22

Du hast irgendwie ein generelles Problem mit Deinem Rechner.
Du hast Teile von Nvidia + ATI Software drauf, denke mal nicht, dass Du zwei Grafikkarten verschiedener Hersteller im Rechner hast (Evt. mal Karte getauscht und System mit einer Recovery CD wiederhergestellt? Dann musst Du die alten Treiber natürlich de-installieren!).
Du hast den Steganos Safe einmal in Version 4, einmal in Version 5 drauf.
Das waren nur zwei Beispiele.
Würde Dir dringend empfehlen, die Kiste komplett neu zu machen, dann aber richtig.

felix1 · 27.01.2007, 23:30

@Doktor M@buse
Was bewegt Dich, einen Thread wieder aufzuwärmen, der über ein Jahr kalt ist?

27.01.2007, 23:30	#5
felix1 /// Helfer-Team	Hilfe - seit 2 Wochen spiele Internet Explorer und Firefox verrückt! @Doktor M@buse Was bewegt Dich, einen Thread wieder aufzuwärmen, der über ein Jahr kalt ist? __________________ LG Der Felix Keine Hilfe per PN und E-Mail

Hilfe - seit 2 Wochen spiele Internet Explorer und Firefox verrückt!

Log-Analyse und Auswertung: Hilfe - seit 2 Wochen spiele Internet Explorer und Firefox verrückt!