Hallo jungs ich kanns nicht glauben aber mein pc ist schon wieder am spinnen und zwar hängt er sich jetzt jedes mal auf wenn ich winrar,mediaplayer öffne! why? Ich habe Windoof xp prof.
amd 1200Mhz, 256mb Ram
er lief doich vorher auch immer einwandfrei auf xp! das problem ist aufeinmal gekommen!


ogfile of HijackThis v1.99.1
Scan saved at 11:17:30, on 18.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\INSTALIERTE SOFTWARE\WICHTIG\ANTIVIR\AVGUARD.EXE
D:\instalierte software\wichtig\antivir\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
D:\instalierte software\wichtig\antivir\AVGNT.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\instalierte software\wichtig\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Internet Explorer\iexplore.exe
D:\instalierte software\wichtig\winrar\WinRAR.exe
C:\DOKUME~1\petra\LOKALE~1\Temp\Rar$EX11.2865\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\instalierte software\wichtig\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] D:\instalierte software\wichtig\antivir\AVGNT.EXE /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\instalierte software\wichtig\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RauchFrei] "C:\Programme\RauchFrei\RauchFrei.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF252FF2-6D65-41A4-93FF-F0969260E582}: NameServer = 213.168.112.60 194.8.194.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\INSTALIERTE SOFTWARE\WICHTIG\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\instalierte software\wichtig\antivir\AVWUPSRV.EXE

Hallo,

du hast/hattest einiges an Spy- bzw. Adware auf dem System. Es ist durchaus möglich, dass diese für Instabilität deines Systems verantwortlich ist.

Zitat:

RauchFrei.exe

Kennst du das? Hast du es absichtlich installiert? Ich kann es mir nicht vorstellen...
-> Überprüfe diese Datei auf http://virusscan.jotti.org/de und www.virustotal.com und poste das jeweilige Ergebnis.

Lade dir zur Sicherheit LSP-Fix herunter. Solltest du nach der Entfernung von New.Net keine Internetverbindung mehr aufbauen können, musst du die New.Net-Einträge damit entfernen. Wird aber wohl nicht nötig sein.

Deinstalliere dann, falls möglich, die folgenden Anwendungen über Systemsteuerung-> Software

Zitat:

New.Net bzw. NewDotNet
RauchFrei
WhenUSave, SaveNow o.ä
WeatherCast

Starte den PC im abgesicherten Modus.
Scanne mit einem aktualisierten Spybot S&D und Ad-Aware und lass alle Probleme beheben.

Achte darauf, dass der TeaTimer von Spybot S&D deaktiviert ist!

Fixe mit HijackThis:

Zitat:

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [RauchFrei] "C:\Programme\RauchFrei\RauchFrei.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q

Lösche diese Verzeichnisse im Windows-Explorer:

Zitat:

C:\Programme\NewDotNet
C:\Programme\RauchFrei
C:\Programme\Save\
C:\Programme\WeatherCast

Lösche die temporären Dateien von Windows und vom Internet Explorer mit ClearProg.

Scanne wie beschrieben mit eScan.

Poste die Ergebnisse von eScan (-> Find.bat) und ein neues HijackThis-Logfile. Außderdem bitte noch das jeweils mehrzeilige Ergebnis des Datei-Scans.

so da bin ich wieder ich hoffe du bzw. ihr könnt mir jetzt weiter helfen!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\INSTALIERTE SOFTWARE\WICHTIG\ANTIVIR\AVGUARD.EXE
D:\instalierte software\wichtig\antivir\AVWUPSRV.EXE
C:\WINDOWS\Explorer.EXE
D:\instalierte software\wichtig\antivir\AVGNT.EXE
C:\WINDOWS\Mixer.exe
C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programme\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\instalierte software\wichtig\Spybot - Search & Destroy\TeaTimer.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Internet Explorer\iexplore.exe
D:\instalierte software\wichtig\winrar\WinRAR.exe
C:\DOKUME~1\petra\LOKALE~1\Temp\Rar$EX11.2865\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.de/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\instalierte software\wichtig\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [AVGCtrl] D:\instalierte software\wichtig\antivir\AVGNT.EXE /min
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\instalierte software\wichtig\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RauchFrei] "C:\Programme\RauchFrei\RauchFrei.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Programme\Save\Save.exe"
O4 - HKCU\..\Run: [WeatherCast] "C:\Programme\WeatherCast\Weather.exe" /q
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF252FF2-6D65-41A4-93FF-F0969260E582}: NameServer = 213.168.112.60 194.8.194.60
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\INSTALIERTE SOFTWARE\WICHTIG\ANTIVIR\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\instalierte software\wichtig\antivir\AVWUPSRV.EXE



hier der escan!

System found infected with bearshare Spyware/Adware ({558ec983-bedb-9168-b2de-31dbf0ee543e})! Action taken: No Action Taken.
Sun Dec 18 14:22:25 2005 => System found infected with bearshare Spyware/Adware ({9f95f736-0f62-4214-a4b4-caa6738d4c07})! Action taken: No Action Taken.
Sun Dec 18 14:22:25 2005 => System found infected with bearshare Spyware/Adware ({5f95e1af-2620-4f15-bdf9-7fdce4607e17})! Action taken: No Action Taken.
Offending file found: C:\WINDOWS\iun6002.exe
Sun Dec 18 14:32:49 2005 => System found infected with zipitpro Spyware/Adware (iun6002.exe)! Action taken: No Action Taken


Offending file found: C:\WINDOWS\TEMP\_istmp2.dir\mydll.dll
Sun Dec 18 14:32:51 2005 => System found infected with advsearch Spyware/Adware (mydll.dll)! Action taken: No Action Taken.

Sun Dec 18 14:32:51 2005 => Offending Folder found: C:\Programme\Gemeinsame Dateien\whenu
Sun Dec 18 14:32:51 2005 => Object "whenu/savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.

Sun Dec 18 14:32:55 2005 => Offending file found: C:\Dokumente und Einstellungen\petra\Desktop\bearshare.lnk
Sun Dec 18 14:32:55 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.

Sun Dec 18 14:32:55 2005 => Offending file found: C:\Dokumente und Einstellungen\petra\Desktop\internet.lnk
Sun Dec 18 14:32:55 2005 => System found infected with ezula Spyware/Adware (internet.lnk)! Action taken: No Action Taken.

Sun Dec 18 14:32:56 2005 => Offending file found: C:\Dokumente und Einstellungen\petra\Lokale Einstellungen\temporary internet files\content.ie5\4hab6n05\show_ads[2].js
Sun Dec 18 14:32:56 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Sun Dec 18 14:32:56 2005 => Offending file found: C:\Dokumente und Einstellungen\petra\Lokale Einstellungen\Temporary Internet Files\content.ie5\4hab6n05\show_ads[2].js
Sun Dec 18 14:32:56 2005 => System found infected with whenu.savenow Spyware/Adware (show_ads[2].js)! Action taken: No Action Taken.

Sun Dec 18 14:32:57 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\bearshare.lnk
Sun Dec 18 14:32:57 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.

Sun Dec 18 14:32:57 2005 => Offending file found: C:\Dokumente und Einstellungen\All Users\Startmenü\programme\bearshare.lnk
Sun Dec 18 14:32:57 2005 => System found infected with bearshare Spyware/Adware (bearshare.lnk)! Action taken: No Action Taken.

Sun Dec 18 14:32:58 2005 => Offending file found: C:\WINDOWS\iun6002.exe
Sun Dec 18 14:32:58 2005 => System found infected with zipitpro Spyware/Adware (C:\WINDOWS\iun6002.exe)! Action taken: No Action Taken.

File D:\instalierte software\wichtig\email\GcMail\Mails\gelöschte Mails.ms1 infected by "Trojan-Spy.HTML.Paylap.gl" Virus! Action Taken: No Action Taken.

Sun Dec 18 15:39:11 2005 => File D:\instalierte software\wichtig\email\GcMail\Mails\Posteingang.ms1 infected by "Trojan-Spy.HTML.Paylap.gl" Virus! Action Taken: No Action Taken.

File D:\software\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.

File D:\software\GDiVX1.9.9.5.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.

File D:\instalierte software\bearshare\Installer\saveinstwm.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.


File D:\instalierte software\bearshare\Installer\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.

ile C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bi". Action Taken: No Action Taken.

so ist das jetzt gut oder schlecht der hat ja jede menge gefunden!

ich hatte glaub ich einen kleinen fehler gemacht , hier noch mal der log:







Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu/savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.weathercast Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "advsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "advsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu/savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bearshare Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "zipitpro Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\DOKUME~1\petra\LOKALE~1\Temp\enableirsocketutil.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe" refers to invalid object "C:\WINDOWS\System32\cmmgr32.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe" refers to invalid object "C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Rar$EX00.637\hijackthis.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".B5I". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".B5T". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".jad". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".met". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".MIX". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mp4". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "New.net". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "WhenUSaveMsg". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1ADD57B8-A7A9-4518-B9B5-862590FF9EB4}" refers to invalid object "C:\WINDOWS\system32\divxdec.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{2DE89781-DBF6-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{30355649-0000-0010-8000-00AA00389B71}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38BE3000-DBF4-11D0-860E-00A024CFEF6D}" refers to invalid object "C:\WINDOWS\System32\l3codecx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38BE3001-DBF4-11D0-860E-00A024CFEF6D}" refers to invalid object "C:\WINDOWS\System32\l3codecx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{38BE3002-DBF4-11D0-860E-00A024CFEF6D}" refers to invalid object "C:\WINDOWS\System32\l3codecx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{665A4443-D905-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{665A4444-D905-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{665A4445-D905-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{665A4448-D905-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{665A444A-D905-11D0-A30E-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{78766964-0000-0010-8000-00AA00389B71}" refers to invalid object "C:\WINDOWS\system32\divxdec.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7D8EA000-731E-11d0-AC50-00AA00BF35C4}" refers to invalid object "C:\WINDOWS\System32\l3codeca.acm". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{84725EA1-2FBC-11D1-BC86-00A0C969FC67}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{85516702-9C45-4A9C-861B-BC4492D355DC}" refers to invalid object "C:\WINDOWS\system32\DivXMedia.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8DD6C641-98CB-11D1-9846-00A024CFEF6D}" refers to invalid object "C:\WINDOWS\System32\l3codecx.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A0717E52-8AC8-4dd9-8682-0B76775125E6}" refers to invalid object "C:\WINDOWS\system32\divxsm.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{A9AAE1AB-9688-42C5-86F5-C12F6B9015AD}" refers to invalid object "C:\Programme\Save\ACM.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB1D8565-40E9-4616-984D-98465687E82C}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B69003B3-C55E-4b48-836C-BC5946FC3B28}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BA11F969-397A-4146-AC96-236C3D76711D}" refers to invalid object "C:\WINDOWS\system32\DivXMedia.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C1C0FE00-F3C2-11D0-91D4-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C55A1680-CD5A-11CF-8D29-444553540000}" refers to invalid object "D:\instalierte software\GDiVX Player\regobj.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C69E8F40-D5C8-11D0-A520-145405C10000}" refers to invalid object "C:\WINDOWS\System32\ivfsrc.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C69E8F41-D5C8-11D0-A520-145405C10000}" refers to invalid object "C:\WINDOWS\System32\ivfsrc.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C69E8F42-D5C8-11D0-A520-145405C10000}" refers to invalid object "C:\WINDOWS\System32\ivfsrc.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C69E8F43-D5C8-11D0-A520-145405C10000}" refers to invalid object "C:\WINDOWS\System32\ivfsrc.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E0B8F398-BB08-4298-87F0-34502693902E}" refers to invalid object ""C:\Programme\Messenger\msmsgs.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E369A160-F3C2-11D0-91D4-444553540000}" refers to invalid object "C:\WINDOWS\System32\ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{E3A3B1D9-5675-43c0-BF04-37BE11939FB7}" refers to invalid object ""C:\Programme\Messenger\msmsgs.exe"". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{FB7199AB-79BF-11d2-8D94-0000F875C541}" refers to invalid object "C:\Programme\Messenger\msgsc.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{53CED51D-432B-45B2-A3E0-0CE2C24235D4}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{665A4446-D905-11D0-A30E-444553540000}" refers to invalid object "ir50_32.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{957BF83F-EE5A-42EB-8CE5-6267011F0EF9}" refers to invalid object "C:\WINDOWS\system32\divxsm.tlb". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DE10C540-810E-11CF-BBE7-444553540000}" refers to invalid object "D:\instalierte software\GDiVX Player\regobj.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{DF901432-1B9F-4F5B-9E56-301C553F9095}" refers to invalid object "C:\Programme\Save\ACM.dll". Action Taken: No Action Taken.
Entry "HKCR\TypeLib\{E02AD29E-80F5-46C6-B416-9B3EBDDF057E}" refers to invalid object "C:\Programme\Messenger\msmsgs.exe". Action Taken: No Action Taken.
Entry "HKCR\.sll" refers to invalid object "SSLFile". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Connection Manager Profile\shell\open\command" refers to invalid object "C:\WINDOWS\System32\CMMGR32.EXE "%1"". Action Taken: No Action Taken.
Entry "HKCR\divFile\shell\open\command" refers to invalid object ""D:\instalierte software\divx\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\divxFile\shell\open\command" refers to invalid object ""D:\instalierte software\divx\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\divxTicketFile\shell\open\command" refers to invalid object ""D:\instalierte software\divx\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\dpsFile\shell\open\command" refers to invalid object ""D:\instalierte software\divx\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\dxuFile\shell\open\command" refers to invalid object ""D:\instalierte software\divx\DivX Player\DivX Player.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\ed2k\shell\open\command" refers to invalid object ""D:\instalierte software\eMule.de\emule.exe" "%1"". Action Taken: No Action Taken.
Entry "HKCR\FlashGet.Document\shell\open\command" refers to invalid object "D:\INSTAL~1\FlashGet\flashget.exe "%1"". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\ppifile\shell\open\command" refers to invalid object "%SystemRoot%\System32\msppcnfg.exe /Config %1". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object "{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.
File C:\Programme\DAEMON Tools\SetupDTSB.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.bi". Action Taken: No Action Taken.
File D:\instalierte software\bearshare\Installer\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File D:\instalierte software\bearshare\Installer\saveinstwm.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File D:\instalierte software\wichtig\email\GcMail\Mails\gelöschte Mails.ms1 infected by "Trojan-Spy.HTML.Paylap.gl" Virus! Action Taken: No Action Taken.
File D:\instalierte software\wichtig\email\GcMail\Mails\Posteingang.ms1 infected by "Trojan-Spy.HTML.Paylap.gl" Virus! Action Taken: No Action Taken.
File D:\software\BSINSTALLDE.exe tagged as "not-a-virus:AdWare.Win32.SaveNow.z". Action Taken: No Action Taken.
File D:\software\GDiVX1.9.9.5.exe tagged as "not-a-virus:AdWare.Win32.NewDotNet". Action Taken: No Action Taken.

Bitte mach alles so wie ich es geschrieben habe!
Wo sind die Ergebnisse der Online-Scans?
Wieso postest du das eScan-Ergebnis nicht mit der Find.bat?
Hast du die Software überhaupt deinstalliert, bzw. die Einträge mit HijackThis gefixt? Es schaut jedenfalls nich so aus...

hallo haui klar hab ich das so gemacht wie du geschrieben hast, in der beschreibung steht doch ich soll mir die target etc einträge raussuchen und hier reinkopieren! die scan´s von adaware und s&D haben nix mehr gefunden!