Pc sehr langsam,systemauslastung dauernd bei 100%

#1 joo ich habe seit ca 2-3 tagen das problem das mein gesamter pc sehr langsam arbeitet und die systemauslastung dauerhaft bei 95-100% liegt obwohl ich eigentlich nix am laufen hab.Ich hoffe ihr könnt mir helfen
schon mal danke im vorraus

Logfile of HijackThis v1.99.1
Scan saved at 17:35:14, on 15.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Dokumente und Einstellungen\tobey\Stuff\ICQLite\ICQLite\ICQLite.exe
C:\Programme\Hamachi\hamachi.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Tobeyy\Bericht\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Dokumente und Einstellungen\tobey\Stuff\ICQLite\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Dokumente und Einstellungen\tobey\Stuff\ICQLite\ICQToolbar\toolbaru.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\tobey\Stuff\ICQLite\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Dokumente und Einstellungen\tobey\Stuff\ICQLite\ICQLite\ICQLite.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126097807781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126097797750
O16 - DPF: {8FA9D107-547B-4DBC-9D88-FABD891EDB0A} (shizmoo Class) - http://playroom.icq.com/odyssey_web8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: runner.dll MsgPlusLoader.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Unknown owner - C:\WINDOWS\System32\PSSDNSVC.EXE

#2 hallo und willkommen,
lad dir combofix:
www.virus-protect.org/artikel/tools/combofix.html - 10k -
log posten
filelist.zip auf dem desktop entpacken, filelist.bat anklicken und von jedem verzeichniss die jeweils letzten 30 tage kopieren
http://members.linzag.net/680262/filelist.zip

#3 hier schon mal combofix,mit dem andern hab ich n bissl probleme was genau soll ich aus dem txt file rauskopiern?
tobey - 06-11-15 17:44:06.14 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Programme\Mozilla Firefox"

((((((((((((((((((((((((((((((( Files Created from 2006-10-15 to 2006-11-15 ))))))))))))))))))))))))))))))))))


2006-11-14 18:08 271,360 --a------ C:\WINDOWS\system32\drivers\atksgt.sys
2006-11-14 18:08 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys
2006-11-13 19:37 2,829 --a------ C:\WINDOWS\War3Unin.pif
2006-11-13 19:37 139,264 --a------ C:\WINDOWS\War3Unin.exe
2006-11-05 21:33 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-10-19 13:42 129,784 --------- C:\WINDOWS\system32\pxafs.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-15 17:44 -------- d-------- C:\Programme\Mozilla Firefox
2006-11-15 17:31 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\Skype
2006-11-15 15:49 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\Azureus
2006-11-14 19:02 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\temp
2006-11-14 19:01 -------- d--h----- C:\Programme\InstallShield Installation Information
2006-11-14 19:01 -------- d-------- C:\Programme\Electronic Arts
2006-11-13 19:40 -------- d-------- C:\Programme\ANNO 1503
2006-11-07 18:38 -------- d-------- C:\Programme\PeerGuardian2
2006-11-06 17:54 -------- d-------- C:\Programme\Windows Media Player
2006-11-06 17:54 -------- d-------- C:\Programme\Winamp
2006-11-06 17:53 -------- d-------- C:\Programme\Last.fm
2006-11-05 19:44 -------- d-------- C:\Programme\Valve
2006-11-04 21:33 -------- d-------- C:\Programme\MessengerPlus! 3
2006-10-25 18:12 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-10-24 17:24 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\vlc
2006-10-24 17:24 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\dvdcss
2006-10-18 17:33 -------- d-------- C:\Programme\PartyGaming.Net
2006-10-05 12:53 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\My Games
2006-09-28 13:55 -------- d-------- C:\Dokumente und Einstellungen\tobey\Anwendungsdaten\teamspeak2
2006-09-27 17:57 -------- d-------- C:\Programme\PortTrigger
2006-09-26 19:29 -------- d-------- C:\Programme\Azureus
2006-08-25 04:47 115880 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-08-23 03:11 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-08-23 02:53 260096 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-08-23 02:47 114688 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-08-23 02:46 86016 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-08-23 02:46 77824 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-08-23 02:46 41984 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-08-23 02:46 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-08-23 02:45 413696 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-08-23 02:44 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-08-23 02:38 2401984 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-08-23 02:33 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-08-23 02:33 2510752 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-08-23 02:27 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-08-23 02:24 5140480 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-08-23 02:21 221184 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-08-23 02:19 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-08-23 02:14 290816 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-08-22 20:05 520192 --------- C:\WINDOWS\system32\ati2sgag.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"ICQ Lite"="C:\\Dokumente und Einstellungen\\tobey\\Stuff\\ICQLite\\ICQLite\\ICQLite.exe -trayboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"ATIPTA"="\"C:\\Programme\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"SunJavaUpdateSched"="C:\\Programme\\Java\\jre1.5.0_02\\bin\\jusched.exe"
"avgnt"="\"C:\\Programme\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min"
"WinampAgent"="C:\\Programme\\Winamp\\winampa.exe"
"ATICCC"="\"C:\\Programme\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
@="winlog.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Die derzeitige Homepage"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c4,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000001
"legalnoticecaption"=""
"legalnoticetext"=""
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Dokumente und Einstellungen^tobey^Startmenü^Programme^Autostart^Xfire.lnk]
"path"="C:\\Dokumente und Einstellungen\\tobey\\Startmenü\\Programme\\Autostart\\Xfire.lnk"
"backup"="C:\\WINDOWS\\pss\\Xfire.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\Xfire\\Xfire.exe "
"item"="Xfire"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="BearShare"
"hkey"="HKLM"
"command"="\"C:\\Programme\\BearShare\\BearShare.exe\" /pause"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Programme\\DAEMON Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ICQLite"
"hkey"="HKLM"
"command"="\"C:\\Dokumente und Einstellungen\\tobey\\Stuff\\ICQLite\\ICQLite\\ICQLite.exe\" -minimize"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Programme\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsgPlus"
"hkey"="HKLM"
"command"="\"C:\\Programme\\MessengerPlus! 3\\MsgPlus.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Programme\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Programme\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Dokumente und Einstellungen\\tobey\\Stuff\\Skype\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="steam"
"hkey"="HKCU"
"command"="\"c:\\dokume~1\\tobey\\games\\cs\\steam.exe\" -silent"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=dword:00000002
"iPodService"=dword:00000003
"ewido security suite control"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Klick-Wartung.job

Completion time: 06-11-15 17:46:06.59
C:\ComboFix.txt ... 06-11-15 17:46
C:\ComboFix2.txt ... 06-11-15 17:42

#4 1. deinstaliere den mesenger plus und instaliere ihn nie wieder!
2. lad dir das bfu runter geh nach dieser anleitung for:
http://forum.hijackthis.de/showthread.php?t=10478
bitte ein log posten.
weiteres folgt

#5 weiterhin brauch ich noch die filelist.

#6 die file list
----- Root -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7832-9126

Verzeichnis von C:\

15.11.2006 18:03 43 filelist.txt
15.11.2006 17:46 10.886 ComboFix.txt
15.11.2006 17:42 146 ComboFix2.txt
15.11.2006 15:43 240 crashAddress.txt
15.11.2006 15:29 805.306.368 pagefile.sys
09.11.2006 08:54 211 boot.ini
21.12.2005 20:56 192 TO_InstallLog.txt
29.09.2005 14:07 1.012 sys.txt
29.09.2005 14:07 5.891 system.txt
29.09.2005 14:07 1.816 systemtemp.txt
29.09.2005 14:07 99.425 system32.txt
28.09.2005 16:10 0 IO.SYS
28.09.2005 16:10 0 MSDOS.SYS
01.07.2005 14:44 1.257 sti.log
09.09.2004 13:15 47.564 NTDETECT.COM
09.09.2004 13:15 251.184 ntldr
22.05.2004 18:13 1.786 Diablo II - Lord of Destruction.lnk
18.08.2001 20:00 4.952 bootfont.bin
18 Datei(en) 805.732.973 Bytes
0 Verzeichnis(se), 30.854.967.296 Bytes frei

----- Windows --------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7832-9126

Verzeichnis von C:\WINDOWS

15.11.2006 17:43 604 setupapi.log
15.11.2006 15:30 50 wiaservc.log
15.11.2006 15:30 159 wiadebug.log
15.11.2006 15:30 1.164.711 WindowsUpdate.log
15.11.2006 15:29 2.048 bootstat.dat
14.11.2006 22:00 32.604 SchedLgU.Txt
13.11.2006 20:07 65.851 War3Unin.dat
13.11.2006 19:45 2.829 War3Unin.pif
13.11.2006 19:45 139.264 War3Unin.exe
13.11.2006 19:38 799 cdplayer.ini
10.11.2006 13:46 54.156 QTFont.qfn
09.11.2006 08:54 277 system.ini
09.11.2006 08:54 717 win.ini
04.11.2006 21:17 1.409 QTFont.for
Verzeichnis von C:\WINDOWS\system

04.08.2004 08:58 146.944 winspool.drv
04.08.2004 08:37 69.632 mmsystem.dll
21.11.2002 08:07 765.952 crlds3d.dll
18.08.2001 20:00 2.000 KEYBOARD.DRV
18.08.2001 20:00 109.504 AVIFILE.DLL
18.08.2001 20:00 73.760 MCIAVI.DRV
18.08.2001 20:00 25.296 MCISEQ.DRV
18.08.2001 20:00 28.160 MCIWAVE.DRV
18.08.2001 20:00 9.936 LZEXPAND.DLL
18.08.2001 20:00 33.744 COMMDLG.DLL
18.08.2001 20:00 1.152 MMTASK.TSK
18.08.2001 20:00 2.032 MOUSE.DRV
18.08.2001 20:00 127.104 MSVIDEO.DLL
18.08.2001 20:00 82.944 OLECLI.DLL
18.08.2001 20:00 24.064 OLESVR.DLL
18.08.2001 20:00 59.167 setup.inf
18.08.2001 20:00 5.120 SHELL.DLL
18.08.2001 20:00 1.744 SOUND.DRV
18.08.2001 20:00 5.532 stdole.tlb
18.08.2001 20:00 3.360 SYSTEM.DRV
18.08.2001 20:00 19.200 TAPI.DLL
18.08.2001 20:00 4.048 TIMER.DRV
18.08.2001 20:00 9.200 VER.DLL
18.08.2001 20:00 2.176 VGA.DRV
18.08.2001 20:00 13.600 WFWNET.DRV
18.08.2001 20:00 70.368 AVICAP.DLL
26 Datei(en) 1.695.739 Bytes
0 Verzeichnis(se), 30.854.959.104 Bytes frei

Verzeichnis von C:\WINDOWS\system32

14.11.2006 17:50 2.206 wpa.dbl
04.11.2006 21:32 58.952 MsgPlusLoader.dll
04.11.2006 20:42 4.096 crash
30.10.2006 14:44 62.344 perfc009.dat
30.10.2006 14:44 401.064 perfh009.dat
30.10.2006 14:44 415.470 perfh007.dat
30.10.2006 14:44 74.996 perfc007.dat
30.10.2006 14:44 966.250 PerfStringBackup.INI
25.10.2006 18:12 98.304 CmdLineExt.dll
25.08.2006 04:47 62.632 pxinsa64.exe
25.08.2006 04:47 183.032 pxmas.dll
25.08.2006 04:47 1.309.432 pxsfs.dll

----- Prefetch -------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7832-9126

Verzeichnis von C:\WINDOWS\Prefetch

15.11.2006 18:03 17.240 CMD.EXE-087B4001.pf
15.11.2006 18:03 93.810 RUNDLL32.EXE-13404D23.pf
15.11.2006 18:03 45.018 EXPLORER.EXE-082F38A9.pf
15.11.2006 17:56 58.626 FIREFOX.EXE-1D57670A.pf
15.11.2006 17:49 76.270 WINAMP.EXE-08C38ED9.pf
15.11.2006 17:49 95.340 ICQLITE.EXE-3762A158.pf
15.11.2006 17:46 55.468 NOTEPAD.EXE-336351A9.pf
15.11.2006 17:44 30.264 REGEDIT.EXE-1B606482.pf
15.11.2006 17:43 15.544 FLASHGOT.EXE-00B2B648.pf
15.11.2006 17:43 39.300 NICMGR.EXE-11AAB534.pf
15.11.2006 17:42 27.724 TASKMGR.EXE-20256C55.pf
15.11.2006 17:32 61.774 CCleaner.EXE-065E2F3F.pf
15.11.2006 17:29 64.236 CLI.EXE-02B0DB56.pf
15.11.2006 17:28 26.016 WMIPRVSE.EXE-28F301A9.pf
15.11.2006 17:01 83.642 SKYPE.EXE-10AB5D7F.pf
15.11.2006 16:56 19.636 WMIAPSRV.EXE-1E2270A5.pf
15.11.2006 16:56 62.762 MSNMSGR.EXE-091111D0.pf
15.11.2006 16:56 12.228 OSA9.EXE-07EC1F61.pf
15.11.2006 16:56 69.564 AVGNT.EXE-36CA4640.pf
15.11.2006 16:56 10.618 JUSCHED.EXE-21FFF0DE.pf
15.11.2006 16:56 11.514 SOUNDMAN.EXE-19745A34.pf
15.11.2006 16:56 9.070 WINAMPA.EXE-2BDF6A16.pf
15.11.2006 16:56 33.744 KPF4GUI.EXE-2AB51B6A.pf
15.11.2006 16:56 41.948 USERINIT.EXE-30B18140.pf
15.11.2006 16:56 12.164 DUMPREP.EXE-1B46F901.pf
15.11.2006 16:56 8.866 ATIPTAXX.EXE-12B5048A.pf
15.11.2006 16:55 17.662 LOGONUI.EXE-0AF22957.pf
15.11.2006 15:39 69.658 AZUREUS.EXE-018E10AA.pf
15.11.2006 15:31 21.840 WUAUCLT.EXE-399A8E72.pf
15.11.2006 15:31 1.457.070 NTOSBOOT-B00DFAAD.pf
14.11.2006 21:56 58.768 SCHED.EXE-236A886F.pf
14.11.2006 21:56 74.470 AVGUARD.EXE-3490B18B.pf
14.11.2006 21:56 60.166 AVNOTIFY.EXE-22AE9451.pf
14.11.2006 21:55 77.902 UPDATE.EXE-13D57D76.pf
14.11.2006 21:55 30.710 PREUPD.EXE-358AA1C1.pf
14.11.2006 19:53 45.568 MSCONFIG.EXE-35E4DAE9.pf
14.11.2006 19:44 39.866 AD-AWARE.EXE-308139F4.pf
14.11.2006 19:00 10.926 IDRIVERT.EXE-2DE35293.pf
14.11.2006 19:00 53.444 MSIEXEC.EXE-2F8A8CAE.pf
14.11.2006 19:00 71.574 IDRIVER.EXE-13ABF1A8.pf
14.11.2006 18:58 19.122 RUNDLL32.EXE-188DF14E.pf
14.11.2006 18:53 24.150 REGSVR32.EXE-25EEFE2F.pf
14.11.2006 18:42 19.262 RUNDLL32.EXE-451FC2C0.pf
14.11.2006 17:56 57.570 DAEMON.EXE-28AD7272.pf
14.11.2006 17:51 28.632 AGENTSVR.EXE-002E45AB.pf
13.11.2006 21:52 21.428 REGCLEANR.EXE-10DDC304.pf
13.11.2006 21:46 46.384 STEAM.EXE-36846D59.pf
13.11.2006 20:12 72.830 ACRORD32.EXE-0BE2C5CE.pf
13.11.2006 19:49 33.368 RUNDLL32.EXE-2576181F.pf
13.11.2006 19:40 19.252 WAR3_INSTALL.EXE-359EA32E.pf
13.11.2006 19:39 10.544 AUTOPLAY.EXE-328AAB68.pf
13.11.2006 19:39 56.094 IKERNEL.EXE-2B93D17C.pf
13.11.2006 19:31 29.944 DRWTSN32.EXE-2B4B52AC.pf
13.11.2006 19:30 73.312 DWWIN.EXE-30875ADC.pf
13.11.2006 16:58 77.244 RELICCOH.EXE-279FAA56.pf
13.11.2006 16:50 42.492 WINRAR.EXE-2F4B0018.pf
10.11.2006 09:01 87.336 IEXPLORE.EXE-2CA9778D.pf
09.11.2006 17:59 59.942 WOW.EXE-007B34EC.pf
09.11.2006 17:40 111.186 PARTYGAMINGNET.EXE-2D0D17D3.pf
09.11.2006 13:51 26.910 BINKPLAY.EXE-13DAED70.pf
09.11.2006 13:51 72.308 HOI2.EXE-21EBACF4.pf
05.11.2006 19:33 77.018 HL.EXE-14955E13.pf
05.11.2006 18:16 13.800 FROZEN THRONE.EXE-249970C1.pf
05.11.2006 18:16 17.082 WAR3.EXE-15CF2ACF.pf
05.11.2006 13:53 7.874 ~E5D141.TMP-3228352D.pf
05.11.2006 13:53 59.148 BFVIETNAM.EXE-2C428194.pf
04.11.2006 22:10 16.736 RCT2.EXE-1804FABD.pf
04.11.2006 21:58 13.182 RUNDLL32.EXE-2FA45FB4.pf
04.11.2006 21:49 81.794 MSIMN.EXE-0B61806C.pf
04.11.2006 21:35 11.128 MESSENGERAMP.EXE-3A395307.pf
04.11.2006 21:33 11.504 MSGPLUS.EXE-01AB9FFF.pf
04.11.2006 21:32 12.546 MPLUSSETUP.EXE-27092EDB.pf
04.11.2006 21:32 23.668 MSGPL_5969.EXE-0E610B3E.pf
04.11.2006 21:31 14.414 MSGPLUSLIVE-401.EXE-087B181D.pf
04.11.2006 21:17 36.942 SETUP_WM.EXE-19AC5A9B.pf
04.11.2006 21:17 43.258 WMPLAYER.EXE-09969333.pf
04.11.2006 20:48 26.082 JUCHECK.EXE-10BDC47E.pf
04.11.2006 17:53 25.146 ICQLRUN.EXE-0454E3A2.pf
04.11.2006 15:26 8.890 QTTASK.EXE-2D7EEF34.pf
04.11.2006 15:26 15.742 RUNDLL32.EXE-23CC6E33.pf
02.11.2006 18:04 14.260 RUNDLL32.EXE-15AB4F72.pf
02.11.2006 17:59 12.748 SET3.TMP-04CD98D1.pf
02.11.2006 17:59 23.874 RUNDLL32.EXE-30119FE8.pf
02.11.2006 12:03 44.304 MSHTA.EXE-331DF029.pf
02.11.2006 12:03 15.146 RUNDLL32.EXE-19F507BE.pf
02.11.2006 12:01 30.272 RUNDLL32.EXE-356B24C5.pf
02.11.2006 11:57 16.690 GUARDGUI.EXE-1BD45C30.pf
02.11.2006 11:54 62.080 PREVIEW.EXE-235F1F8E.pf
02.11.2006 11:50 74.668 ITUNES.EXE-15E88941.pf
02.11.2006 11:50 11.222 IPODSERVICE.EXE-233792DA.pf
02.11.2006 11:49 11.774 CCSETUP134.EXE-09FA603A.pf
02.11.2006 11:47 10.740 _IU14D2N.TMP-20CB18D8.pf
02.11.2006 11:47 15.338 UNINS000.EXE-1F1DADC3.pf
02.11.2006 11:46 12.096 A~NSISU_.EXE-2DBF54CE.pf
02.11.2006 11:45 11.168 UNINSTALL.EXE-27D68452.pf
02.11.2006 11:44 9.688 UNINSTALL.EXE-07945EDC.pf
01.11.2006 16:32 14.518 RUNDLL32.EXE-2EA3146D.pf
01.11.2006 16:12 6.514 LOGON.SCR-151EFAEA.pf
31.10.2006 17:04 466.810 Layout.ini
99 Datei(en) 5.541.184 Bytes
0 Verzeichnis(se), 30.854.848.512 Bytes frei

Verzeichnis von C:\WINDOWS\tasks

15.11.2006 15:29 6 SA.DAT
20.10.2006 16:15 396 1-Klick-Wartung.job
18.08.2001 20:00 65 desktop.ini
3 Datei(en) 467 Bytes
0 Verzeichnis(se), 30.854.852.608 Bytes frei

----- Windows/Temp -----------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7832-9126

Verzeichnis von C:\WINDOWS\Temp


----- Temp -----------------------------
Volume in Laufwerk C: hat keine Bezeichnung.
Volumeseriennummer: 7832-9126

Verzeichnis von C:\DOKUME~1\tobey\LOKALE~1\Temp

15.11.2006 18:03 978 TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}15740.html
15.11.2006 18:03 549 filelist.zip
15.11.2006 17:50 512 ~DF3E43.tmp
15.11.2006 17:50 16.384 ~DF3E57.tmp
15.11.2006 17:50 512 ~DF3E68.tmp
15.11.2006 17:50 16.384 ~DF3E32.tmp
15.11.2006 17:50 16.384 ~DF3E0D.tmp
15.11.2006 17:50 512 ~DF3DF9.tmp
15.11.2006 17:50 16.384 ~DF3DE3.tmp
15.11.2006 17:50 512 ~DF3E1E.tmp
15.11.2006 17:50 512 ~DF2E17.tmp
15.11.2006 17:50 512 ~DF2DF2.tmp
15.11.2006 17:50 16.384 ~DF2E06.tmp
15.11.2006 17:50 512 ~DF2DCD.tmp
15.11.2006 17:50 16.384 ~DF2DBC.tmp
15.11.2006 17:50 512 ~DF2DA8.tmp
15.11.2006 17:50 16.384 ~DF2D97.tmp
15.11.2006 17:50 16.384 ~DF2DE1.tmp
15.11.2006 17:49 983 TmpICQMagic_{EC202595-1DFD-4301-A1EA-13C1E331B505}1956.html
15.11.2006 17:49 16.384 ~DFBBB9.tmp
15.11.2006 17:49 16.384 ~DF93DE.tmp
15.11.2006 17:49 512 ~DF93EF.tmp
15.11.2006 16:57 16.384 Perflib_Perfdata_7c4.dat
15.11.2006 16:57 16.384 Perflib_Perfdata_974.dat
15.11.2006 16:56 16.384 Perflib_Perfdata_d40.dat
25 Datei(en) 220.110 Bytes
0 Verzeichnis(se), 30.854.852.608 Bytes frei

#7 hallo, nunh das bfu, mit log bitte!

#8 kommt sofort


BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 18:13:00, on 15.11.2006

Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Programme\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Programme\MsConfigs (folder not found)
Failed: FolderDelete C:\Programme\winupdates (folder not found)
Failed: FolderDelete C:\Programme\winupdate (folder not found)
Failed: FolderDelete C:\Programme\winsupdater (folder not found)
Failed: FolderDelete C:\Programme\MsUpdate (folder not found)
Failed: FolderDelete C:\Programme\MsMovies (folder not found)
Failed: FolderDelete C:\Programme\wmplayer (folder not found)
Failed: FolderDelete C:\Programme\outlook (folder not found)
Failed: FileDelete C:\Programme\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Programme\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Programme\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Programme\toolbar888 (folder not found)
Failed: FolderDelete C:\Programme\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Programme\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Programme\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Programme\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Programme\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Programme\slownik ling (folder not found)
Failed: FolderDelete C:\Programme\MediaPipe (folder not found)
Failed: FolderDelete C:\Programme\p2pnetworks (folder not found)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Perflib_Perfdata_7c4.dat (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Perflib_Perfdata_974.dat (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Perflib_Perfdata_d40.dat (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 1 für bfu.zip (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 2 für bfu.zip (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 3 für bfu.zip (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 4 für bfu.zip (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 5 für bfu.zip (operation failed)
Failed: FolderDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\Temporäres Verzeichnis 6 für bfu.zip (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2095.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2D97.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2DA8.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2DBC.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2DCD.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2DE1.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2DF2.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2E06.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF2E17.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF69BC.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF93DE.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DF93EF.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFB789.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFBBB9.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFC032.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE294.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE2AE.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE2C3.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE2D8.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE303.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE49D.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE5DF.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFE71B.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFEFF2.tmp (operation failed)
Failed: FileDelete C:\DOKUME~1\tobey\LOKALE~1\Temp\~DFFFE0.tmp (operation failed)
Failed: FolderDelete C:\Programme\Maxifiles (folder not found)
Failed: FolderDelete C:\Programme\DNS (folder not found)
Failed: FolderDelete C:\Programme\EQAdvice (folder not found)
Failed: FolderDelete C:\Programme\FCAdvice (folder not found)
Failed: FolderDelete C:\Programme\PSCastor (folder not found)
Failed: FolderDelete C:\Programme\CMIntex (folder not found)
Failed: FolderDelete C:\Programme\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Programme\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Programme\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Programme\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Programme\InetGet2 (folder not found)
Failed: FolderDelete C:\Programme\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Programme\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Programme\Update06 (folder not found)
Failed: FolderDelete C:\Programme\Update03 (folder not found)
Failed: FolderDelete C:\Programme\Update04 (folder not found)
Failed: FolderDelete C:\Programme\Update08 (folder not found)
Failed: FolderDelete C:\Programme\W-Update (folder not found)
Failed: FolderDelete C:\Programme\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Programme\Cas (folder not found)
Failed: FolderDelete C:\Programme\CasStub (folder not found)
Failed: FolderDelete C:\Programme\Cas2Stub (folder not found)
Failed: FolderDelete C:\Programme\ipwins (folder not found)
Failed: FolderDelete C:\Programme\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Programme\folder.js (folder not found)
Failed: FolderDelete C:\Programme\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\crunner (folder not found)
Failed: FolderDelete C:\Programme\PECarlin (folder not found)
Failed: FolderDelete C:\Programme\AXVenore (folder not found)
Failed: FolderDelete C:\Programme\SDVita (folder not found)
Failed: FolderDelete C:\Programme\EQBranch (folder not found)
Failed: FolderDelete C:\Programme\EQArticle (folder not found)
Failed: FolderDelete C:\Programme\PSHope (folder not found)
Failed: FolderDelete C:\Programme\Batty (folder not found)
Failed: FolderDelete C:\Programme\Batty2 (folder not found)
Failed: FolderDelete C:\Programme\AXFibula (folder not found)
Failed: FolderDelete C:\Programme\CMFibula (folder not found)
Failed: FolderDelete C:\Programme\PSLister (folder not found)
Failed: FolderDelete C:\Programme\PSCloner (folder not found)
Failed: FolderDelete C:\Programme\PSDream (folder not found)
Failed: FolderDelete C:\Programme\cmapp (folder not found)
Failed: FolderDelete C:\Programme\cmman (folder not found)
Failed: FolderDelete C:\Programme\cmsystem (folder not found)
Failed: FolderDelete C:\Programme\fcengine (folder not found)
Failed: FolderDelete C:\Programme\wincmapp (folder not found)
Failed: FolderDelete C:\Programme\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Programme\popupwithcast (folder not found)
Failed: FolderDelete C:\Programme\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Programme\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.

#9 hallo, fixe dies:
O4 - HKLM\..\RunServices: [] winlog.exe
hast du den messenger plus gelöscht?

#10 habs gefixt und messenger plus is gelöscht was is an dem denn so schlimm *dumm frag*?

#11 hallo, wende den escan an.
www.hijackthis-forum.de/showthread.php?t=15337 - 49k -
woher hattest du den messenger plus?
partypocker sollte auch runter.

#12 ich hab mal escan durchlaufen lassen,leider hat sich mein pc nach 45 minuten irgentwie aufgehängt und ich msuste abbrechen,ich poste mal den log von dem nicht komplettten scan
starting as "C:\bases\findmwav.bat"

---------- C:\RESULTS.TXT



Wed Nov 15 18:59:07 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 18:59:23 2006 => System found infected with zlob Trojan-Downloader (found.wav)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 18:59:23 2006 => System found infected with xtractor plus Spyware/Adware (xp.exe)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 18:59:36 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:03 2006 => System found infected with cws.loadadv.400 Browser Hijacker ({5e2121ee-0300-11d4-8d3b-444553540000})! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:07 2006 => System found infected with whenu.savenow Spyware/Adware (war3_install.exe)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:21 2006 => System found infected with zlob Trojan-Downloader (found.wav)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:21 2006 => System found infected with xtractor plus Spyware/Adware (xp.exe)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:32 2006 => System found infected with whenu.savenow Spyware/Adware (war3_install.exe)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 19:23:34 2006 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: Keine Aktion vorgenommen.
Wed Nov 15 18:59:08 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webhancer agent !!!
Wed Nov 15 18:59:08 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg !!!
Wed Nov 15 18:59:23 2006 => Offending file found: C:\Dokumente und Einstellungen\tobey\Desktop\tobeyy\gamez\valve\sound\vox\found.wav
Wed Nov 15 18:59:23 2006 => Offending file found: C:\Dokumente und Einstellungen\tobey\Desktop\xp.exe
Wed Nov 15 18:59:36 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Desktop\internet.lnk
Wed Nov 15 19:23:05 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\webhancer agent !!!
Wed Nov 15 19:23:05 2006 => Offending Key found: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\whenusavemsg !!!
Wed Nov 15 19:23:07 2006 => Offending file found: C:\DOKUME~1\tobey\LOKALE~1\Temp\war3_install.exe
Wed Nov 15 19:23:21 2006 => Offending file found: C:\Dokumente und Einstellungen\tobey\Desktop\tobeyy\gamez\valve\sound\vox\found.wav
Wed Nov 15 19:23:21 2006 => Offending file found: C:\Dokumente und Einstellungen\tobey\Desktop\xp.exe
Wed Nov 15 19:23:32 2006 => Offending file found: C:\Dokumente und Einstellungen\tobey\Lokale Einstellungen\temp\war3_install.exe
Wed Nov 15 19:23:34 2006 => Offending file found: C:\Dokumente und Einstellungen\All Users\Desktop\internet.lnk