Trojaner-Board - Wieder mal ein lahmer Rechner...HILFE ;-)

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Wieder mal ein lahmer Rechner...HILFE ;-) (https://www.trojaner-board.de/16567-mal-lahmer-rechner-hilfe.html)

Wieder mal ein lahmer Rechner...HILFE ;-)

Hallo Ihr Profis...Mein Rechner wird immerlangsamer, braucht ewig beim Booten, Prozessorauslastung dauernd enorm hoch...friert öfter mal ein...und die Krönung: im Abgesicherter Modus zu starten funzt irgendwie auch nicht mehr..... Kann mir irgendjemand hier weiterhelfen und ein paar Tipps geben, wie ich den PC wieder flott bekomm???

Hier mein HiJack-Logfile::

Logfile of HijackThis v1.99.1
Scan saved at 18:19:25, on 12.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\Programme\Logitech\MouseWare\system\em_exec.exe
d:\Programme\CPUCooL\CooLSrv.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\Programme\SlimBrowser\sbrowser.exe
C:\Programme\totalcmd\TOTALCMD.EXE
D:\Sicherheit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = h**p://www.google.de

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 219.148.151.179:8080
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1031
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteclr32.exe
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\tuofinw.tui
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und Einstellungen\Tobias\Anwendungsdaten\TuneUp Software\TuneUp Utilities\Web\gsearch.tui
O8 - Extra context menu item: Shorten URL - h**p://www.cjb.net/menuext.html
O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Search - {0DB86BD3-CC1E-4908-9920-FB50C33E0BD1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: concept/design's onlineTV - {30292B18-41B8-413B-B622-17C3656AF8E8} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\MSMSGS.EXE
O13 - WWW. Prefix: hxxp://
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.medion.com/
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: 206.161.125.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - h**p://static.windupdates.com/cab/6247971CanadaInc/ie/bridge-c337.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - h**p://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - h**p://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - h**p://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - h**p://www.cult3d.com/download/cult.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - h**p://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094283485234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - h**p://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - h**p://usaroom.taxback.com/activex/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - h**p://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - h**p://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - h**p://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) - h**p://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - h**p://www.eingang69.de/EroticAccess/exe/access_special.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - h**p://213.200.210.10/dl/101/DE648_1020.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F873CD2D-43FB-4AE6-89F0-A00373451335}: NameServer = 217.237.150.225 217.237.150.141
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - d:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Ganz üblen Ärger macht mir auch eine Datei Namens eliteclr32.exe...Falls jemand weiß wie man die wegbekommt.....Ist irgendwie immerwieder da

Danke schonmal!

[edit]
links entfernt
[/edit]

@todymelody

dein problem fängt hier schon an,
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
system und IE updaten.

die O15 einträge bekommst du hiermit weg
http://www.trojaner-board.de/10379-i...d-hilfe-4.html
(das posting von Lutz)

wechsle danach in den abgesicherten modus und fixe mit HJT
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\eliteclr32.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O13 - WWW. Prefix: http://
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6...bridge-c337.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://usaroom.taxback.com/activex/AxisCamControl.ocx
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} - http://advnt01.com/dialer/internazionale_ver4.CAB
O16 - DPF: {AD0B8220-7DA4-4C0A-8532-B25A9F631D3D} (VacPro.internazionale_ver10) - http://advnt01.com/dialer/internazionale_ver10.CAB
O16 - DPF: {D909E944-3A96-4280-9983-9D00001973A4} (Access Control) - http://www.eingang69.de/EroticAcces...ess_special.ocx
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} - http://213.200.210.10/dl/101/DE648_1020.exe

lösche danach manuell
C:\windows\system32\eliteclr32.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\DAP

benütze lieber getright oder LeechGet
neu booten, neues HJT logfile posten
chaosman

Danke für die ersten Tipps...bin Debei, es abzuarbeiten.

Wie schon gesagt, kann ich aber nicht den abgesicherten Modus starten.

Ich erhalte kurz nach dem start die Mitteilung, daß ich mit "Esc" die Möglichkeit habe, das Laden der Datei "d347bus.sys" abzubrechen.

Mach ich das....bekomm ich einen Blackscreen mit blinkendem Cursor....da bleibt der Rechner stehen.
Mach ich es nicht....bekomm ich nur einen Blackscreen..Ohne Cursor...aber auch Rechner fest! Uiii Toll! ;-)=

@todymelody
guckst du hier
http.//www.computerhilfen.de/hilfen-5-59488-0.html

es könnte mit diesen programm zusammen hängen
C:\Programme\D-Tools\daemon.exe
versuche es mal mit google
chaosman

Mann man man...Bist Du schnelle. DANKE!

der Link hat auch nicht viel neues gebracht...aber ich arbeite daran.. ;-)

Mit der daemon.exe kanns eigentlich nix zu tun haben. Das ist ja nur ein virtuelles Laufwerk und schon seit jahren im einsatz bei mir. Naja, ich guck mal, was ich machen kann und poste dann das nächste HiJack-File

So...hier das nächste LogFile...

Logfile of HijackThis v1.99.1
Scan saved at 21:09:31, on 12.04.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\T-DSL SpeedManager\SpeedMgr.exe
C:\Programme\Logitech\iTouch\iTouch.exe
C:\Programme\D-Tools\daemon.exe
C:\Programme\Logitech\MouseWare\system\em_exec.exe
C:\Programme\FSI\F-Prot\F-Sched.exe
C:\Programme\FSI\F-Prot\F-StopW.EXE
C:\Programme\AVPersonal\AVGNT.EXE
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
d:\Programme\CPUCooL\CooLSrv.exe
C:\Programme\FSI\F-Prot\fpavupdm.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programme\T-DSL SpeedManager\tsmsvc.exe
C:\WINDOWS\System32\ZoneLabs\isafe.exe
D:\Sicherheit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = hxxp://www.google.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

hxxp://www.***.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = *** &

***
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer

= 219.148.151.179:8080
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [T-DSL SpeedMgr] "C:\Programme\T-DSL SpeedManager\SpeedMgr.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programme\D-Tools\daemon.exe" -lang 1031
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Programme\FSI\F-Prot\F-Sched.exe STARTUP
O4 - HKLM\..\Run: [F-StopW] C:\Programme\FSI\F-Prot\F-StopW.EXE
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programme\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Programme\Microsoft

Works\WkDetect.exe
O8 - Extra context menu item: In &neuem Fenster öffnen - C:\Dokumente und

Einstellungen\Tobias\Anwendungsdaten\TuneUp Software\TuneUp

Utilities\Web\tuofinw.tui
O8 - Extra context menu item: Mit &Google suchen - C:\Dokumente und

Einstellungen\Tobias\Anwendungsdaten\TuneUp Software\TuneUp

Utilities\Web\gsearch.tui
O8 - Extra context menu item: Shorten URL - hxxp://www.cjb.net/menuext.html
O9 - Extra button: Search - {00000000-0000-0000-0000-000000000000} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Search - {0DB86BD3-CC1E-4908-9920-FB50C33E0BD1} -

C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: concept/design's onlineTV -

{30292B18-41B8-413B-B622-17C3656AF8E8} - C:\Programme\onlineTV\onlineTV.exe
O9 - Extra button: Preispiraten 2.1.2 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} -

C:\Programme\Preispiraten\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programme\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=hxxp://www.medion.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -

hxxp://download.ebay.com/turbo_lister/DE/install.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -

hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -

hxxp://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_si

te.cab?1094283485234
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -

hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

hxxp://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -

hxxp://www.berkeley.edu/webcams/camera.cab
O16 - DPF: {FFCEABDA-C04E-7F4A-E9B6-DFA72B2F49FB} -

hxxp://213.200.210.10/dl/101/DE648_1020.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F873CD2D-43FB-4AE6-89F0-A00373451335}:

NameServer = 217.237.150.225 217.237.150.141
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH -

C:\Programme\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany -

C:\Programme\AVPersonal\AVWUPSRV.EXE
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. -

C:\WINDOWS\System32\ZoneLabs\isafe.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner -

d:\Programme\CPUCooL\CooLSrv.exe
O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software -

C:\Programme\FSI\F-Prot\fpavupdm.exe
O23 - Service: Macromedia Licensing Service - Unknown owner -

C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TSMService - T-Systems Nova, Berkom - C:\Programme\T-DSL

SpeedManager\tsmsvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp

Software GmbH - C:\Programme\TuneUp Utilities 2004\WinStylerThemeSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Hab mir siw Updates von der Microsoftseite gezogen...okay, ohne SP2.

@todymelody
lade escan
download

EscanErgebnis
Teile uns das Ergebnis des eScan mit: "öffne die mwav.log -> Bearbeiten -> Suchen -> infected oder tagged eingeben -> Weitersuchen -> Treffer markieren/kopieren und ins Forum übertragen."

würde dir trotzdem raten sp2 zu besorgen
chaosman

Gut, dann werd ich eScan mal laufen lassen und SP2 draufspielen. Ergebnis und eScan -Log stell ich dann morgen früh hier rein.

DANKE!

So hier mal mein (umfangreiches) Ergebnis von eScan...(wie lange scant der eigentlich? Hab nach mehr als 10Std. jetzt mal abgebrochen.)

Tue Apr 12 22:59:33 2005 => System found infected with SideFind Spyware/Adware ({8cba1b49-8144-4721-a7b1-64c578c9eed7})! Action taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:33 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => System found infected with SideFind Spyware/Adware ({339d8aff-0b42-4260-ad82-78ce605a9543})! Action taken: No Action Taken.

Tue Apr 12 22:59:33 2005 => System found infected with SideFind Spyware/Adware ({a36a5936-cfd9-4b41-86bd-319a1931887f})! Action taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:33 2005 => System found infected with SideFind Spyware/Adware ({10e42047-deb9-4535-a118-b3f6ec39b807})! Action taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => File System Found infected by "SideFind Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:33 2005 => System found infected with Hijack Spyware/Adware ({771A1334-6B08-4A6B-AEDC-CF994BA2CEBE})! Action taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => File System Found infected by "Hijack Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:33 2005 => Offending value found in HKLM\Software\powerscan !!!
Tue Apr 12 22:59:33 2005 => System found infected with powerscan Spyware/Adware! Action taken: No Action Taken.
Tue Apr 12 22:59:33 2005 => File System Found infected by "powerscan Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:34 2005 => Offending Folder C:\WINDOWS\ELITET~1 present...
Tue Apr 12 22:59:34 2005 => System found infected with elitetoolbar Spyware/Adware! Action taken: No Action Taken.
Tue Apr 12 22:59:34 2005 => File System Found infected by "elitetoolbar Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 22:59:34 2005 => Offending value found in HKCU\Software\lq !!!
Tue Apr 12 22:59:34 2005 => System found infected with lq Spyware/Adware! Action taken: No Action Taken.
Tue Apr 12 22:59:34 2005 => File System Found infected by "lq Spyware/Adware" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:00:00 2005 => C:\WINDOWS\kick01.EXE possibly infected and removed by background antivirus package!
Tue Apr 12 23:00:00 2005 => File C:\WINDOWS\kick01.EXE infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:00:27 2005 => C:\WINDOWS\System32\ctadl3.dll possibly infected and removed by background antivirus package!
Tue Apr 12 23:00:27 2005 => File C:\WINDOWS\System32\ctadl3.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:00:55 2005 => C:\WINDOWS\System32\elitejvb32.exe possibly infected and removed by background antivirus package!
Tue Apr 12 23:00:55 2005 => File C:\WINDOWS\System32\elitejvb32.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:03:36 2005 => File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy\Recovery\DyFuCAInternetOptimizer1.zip infected by "Password-protected-EXE" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:07:41 2005 => File C:\Dokumente und Einstellungen\Feemke\Lokale Einstellungen\Temporary Internet Files\Content.IE5\K16NK127\30758[1].exe infected by "Trojan-Clicker.Win32.Small.ck" Virus. Action Taken: No Action Taken.

Tue Apr 12 23:14:09 2005 => File C:\Dokumente und Einstellungen\Tobias.MONSTER\Eigene Dateien\Sicherungsdateien\System\svchost.exe infected by "Trojan-Spy.Win32.SpyAnyTime.d" Virus. Action Taken: No Action Taken.

Wed Apr 13 03:05:00 2005 => C:\Programme\SearchRelevancy\SearchRelevancy.dll possibly infected and removed by background antivirus package!
Wed Apr 13 03:05:00 2005 => File C:\Programme\SearchRelevancy\SearchRelevancy.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Wed Apr 13 03:05:02 2005 => C:\Programme\SearchRelevancy\SearchRelevancy1.dll possibly infected and removed by background antivirus package!
Wed Apr 13 03:05:02 2005 => File C:\Programme\SearchRelevancy\SearchRelevancy1.dll infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Wed Apr 13 03:07:07 2005 => File C:\Programme\SlimBrowser\vv.dat infected by "Trojan-Dropper.Win32.Small.pb" Virus. Action Taken: No Action Taken.

Wed Apr 13 03:10:38 2005 => File C:\System Volume Information\_restore{E1E95E54-CD8B-431D-A87C-E9DC2FDC23E7}\RP408\A0099949.vxd infected by "not-a-virus:AdWare.BargainBuddy.q" Virus. Action Taken: No Action Taken.

Wed Apr 13 03:24:44 2005 => Scanning File C:\System Volume Information\_restore{E1E95E54-CD8B-431D-A87C-E9DC2FDC23E7}\RP437\A0127999.exe
Wed Apr 13 03:24:44 2005 => File C:\System Volume Information\_restore{E1E95E54-CD8B-431D-A87C-E9DC2FDC23E7}\RP437\A0127999.exe infected by "Trojan-Clicker.Win32.Small.ck" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:27 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AdStatServX.dll infected by "not-a-virus:AdWare.WinAD.p" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:27 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\AdToolsX.dll infected by "not-a-virus:AdWare.WinAD.x" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:27 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\axload.dll infected by "Trojan.Win32.Dialer.ep" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:27 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\germania.exe infected by "Trojan.Win32.Dialer.q" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:28 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1100.dll infected by "not-a-virus:AdWare.Gator.1101" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:28 2005 => File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING2.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:48 2005 => File C:\WINDOWS\Downloaded Program Files\f3Setup1.exe infected by "not-a-virus:AdWare.ToolBar.Perez.b" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:49 2005 => File C:\WINDOWS\Downloaded Program Files\germania.exe infected by "Trojan.Win32.Dialer.q" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:49 2005 => File C:\WINDOWS\Downloaded Program Files\installer_MARKETING2.exe infected by "Trojan-Downloader.Win32.Adload.e" Virus. Action Taken: No Action Taken.

Wed Apr 13 08:58:49 2005 => File C:\WINDOWS\Downloaded Program Files\installer_MEDIAWHIZ5.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus. Action Taken: No Action Taken.

Wed Apr 13 09:15:20 2005 => C:\WINDOWS\java\mysysinf.exe possibly infected and removed by background antivirus package!
Wed Apr 13 09:15:20 2005 => File C:\WINDOWS\java\mysysinf.exe infected by "BkCln.Unknown" Virus. Action Taken: No Action Taken.

Wed Apr 13 09:15:43 2005 => Total Objects Scanned: 113817
Wed Apr 13 09:15:43 2005 => Total Virus(es) Found: 81
Wed Apr 13 09:15:43 2005 => Total Disinfected Files: 0
Wed Apr 13 09:15:43 2005 => Total Files Renamed: 0
Wed Apr 13 09:15:43 2005 => Total Deleted Objects: 0
Wed Apr 13 09:15:43 2005 => Total Errors: 106
Wed Apr 13 09:15:43 2005 => Time Elapsed: 10:17:11

Wed Apr 13 09:15:43 2005 => ***** Scanning complete. *****
Wed Apr 13 09:15:43 2005 => Virus Database Date: 2005/04/10
Wed Apr 13 09:15:43 2005 => Virus Database Count: 125361

Wed Apr 13 09:15:43 2005 => Scan Completed.