vorhin konnte ich nichts mehr öffnen und es kam die Meldung: z.b. C:\Programme\Internet Explorer\inet.exe (glaub so hieß es) wurde viell. verschoben oder unbenannt;


und wenn ich einfach nur so meinen mauszeiger wo stehen hab, blinkt immer wieder die sanduhr auf, ist so ein sekundentakt

Tritt das Problem auch im abgesicherten Modus auf?
Poste bitte die eScan-Ergebnisse.

File C:\WINDOWS\system32\drpwrite.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "rapidblaster Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "redv Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "cydoor.topicks.a Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.

Object "powerreg scheduler Spyware/Adware" found in File System! Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\MSXML3A.DLL". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\InterVideo\Common\Bin\IVIPromotion.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\Pez\LOKALE~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\FileGrp\Msvcrt10.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\NeroCoverDesigner_fra.chm". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\CoverDesigner\covered-jpn.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\NeroBackItUp_Fra.chm". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_fra.chm". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart_jpn.chm". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Programme\Ahead\Nero BackItUp\BackItUp-Jpn.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxwma.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxsfs.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsa64.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxinsi64.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpya64.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\pxcpyi64.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\Attune\bin\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\Attune\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\Attune\Data\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\Attune\Data\comaveo-attune\". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Programme\Aveo\Attune\Setup\". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".BUP". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pak". Action Taken: No Action Taken.

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rm". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "INSTAFINK". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Internet Optimizer". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "P2P Networking". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}" refers to invalid object "C:\PROGRA~1\RXTOOL~1\sfcont.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{05563F82-69A7-40A6-8670-153B635A7EF6}" refers to invalid object "C:\Programme\RXToolBar\sfcont.dll". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{3DF37983-53D0-4D82-8F97-9DF1DDE84959}" refers to invalid object "C:\DOKUME~1\Pez\LOKALE~1\Temp\VBE\RefEdit.exd". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{6F3AD346-09CB-4C6D-ACD8-07E68E23019F}" refers to invalid object "C:\DOKUME~1\Pez\LOKALE~1\Temp\VBE\MSForms.exd". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{917623C2-D8E5-11D2-BE8B-00104B06BDE3}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx". Action Taken: No Action Taken.

Entry "HKCR\TypeLib\{FBF4300F-D921-11D1-B806-00A0C90646A9}" refers to invalid object "C:\Programme\Corel\Graphics10\Programs\CorelDrw100.tlb". Action Taken: No Action Taken.

Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\BmpFXServices" refers to invalid object "{E1E1BDF0-2B5F-11D4-B6BC-00902766C0E3}". Action Taken: No Action Taken.

Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.

Entry "HKCR\CorelDRAW.Color" refers to invalid object "{19330129-1F48-11d3-B198-00A0C9E8A79C}". Action Taken: No Action Taken.

Entry "HKCR\CorelDRAW.StructPaletteOptions" refers to invalid object "{19330308-1F48-11d3-B198-00A0C9E8A79C}". Action Taken: No Action Taken.

Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.

Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.

Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.

Entry "HKCR\pdf_auto_file\shell\open\command" refers to invalid object ""C:\Dokumente und Einstellungen\Pez\Desktop\Acrobat Reader.lnk" %1". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\RXResult.RXResultTracker" refers to invalid object "{59879FA4-4790-461c-A1CC-4EC4DE4CA483}". Action Taken: No Action Taken.

Entry "HKCR\RXResult.RXResultTracker.1" refers to invalid object "{59879FA4-4790-461c-A1CC-4EC4DE4CA483}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

File C:\WINDOWS\system32\dpwmtapi.exe infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\drpwrite.dll infected by "Trojan.Win32.Crypt.t" Virus! Action Taken: No Action Taken.

File C:\DOKUME~1\Pez\LOKALE~1\TEMPOR~1\Content.IE5\893KOCY4\activate_crack[1].exe tagged as "not-a-virus:AdWare.Win32.Softomate.e". Action Taken: No Action Taken.

File C:\DOKUME~1\Pez\LOKALE~1\TEMPOR~1\Content.IE5\LWS355CH\m[1].htm infected by "Exploit.Win32.MS05-013.gen" Virus! Action Taken: No Action Taken.

File C:\DOKUME~1\Pez\LOKALE~1\TEMPOR~1\Content.IE5\ODQB4PEV\prompt[1].htm infected by "Trojan-Downloader.JS.IstBar.j" Virus! Action Taken: No Action Taken.

das problem mit der blinkenden sanduhr besteht immer noch

Du solltes die Temp-Files des IE löschen. ZUsätzlich noch diese beiden Dateien:

Zitat:

C:\WINDOWS\system32\dpwmtapi.exe
C:\WINDOWS\system32\drpwrite.dll

Zitat:

das problem mit der blinkenden sanduhr besteht immer noch

Das kann verschiedene Ursachen haben, z.B.
2 verschiedene Virenwächter.
unzureichende Entfernung einer AV-Anwendung.
die vorhandene Malware hat sehr tief ins System eingegriffen und dessen Funktionsweise beeinträchtigt.

die zwei dateien können nicht gelöscht werden

Auch nicht im abgesicherten Modus?
Hast du Killbox (s. eScan-Anleitung) probiert?

hilft nix, hab jetzt die dateien im abgesicherten modus gelöscht

Welchen Virenscanner hast du denn entfernt? Es wäre, wie schon erwähnt, durch aus eine Möglichkeit.