Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O4 - HKU\Hans-Peter_ON_C..\Run: [320D180E] C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe) - C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe ()
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/15 05:47:50 | 000,000,150 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2008/12/24 20:50:46 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe
[2012/05/27 05:49:24 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/05/22 05:46:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Durchgeführt. Die Datei mit dem Namen "05302012_044646" (nach dem Neustart automatisch geöffnet worden) enthält folgenden Text:

Code: Alles auswählenAufklappen

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\Hans-Peter_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\320D180E deleted successfully.
C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\Hans-Peter_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe deleted successfully.
File C:\WINDOWS\system32\BE4C77A5320D180E0B3C.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTORUN.INF moved successfully.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a0f77aa-5640-11dd-a068-00038a000015}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a0f77aa-5640-11dd-a068-00038a000015}\ not found.
File F:\InstallTomTomHOME.exe not found.
C:\FOUND.001 folder moved successfully.
C:\Dokumente und Einstellungen\Hans-Peter\Anwendungsdaten\Pvyflpkjhgc folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34706 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 17276966 bytes
 
User: Hans-Peter
->Temp folder emptied: 72673112 bytes
->Temporary Internet Files folder emptied: 11169492 bytes
->FireFox cache emptied: 315003821 bytes
->Flash cache emptied: 41661 bytes
 
User: Besitzer
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 927204 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 59005489 bytes
 
Total Files Cleaned = 454.00 mb
 
 
[EMPTYFLASH]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Hans-Peter
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Besitzer
 
Total Flash Files Cleaned = 0.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 05302012_044646

Files\Folders moved on Reboot...
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\&special=rectangle&adsize=310x120&params[1].styles=hp_promobox_html%2Chp_promobox_img&pageview=ng_outer&pageview=vi_first_time&tile=17202187384382628012345678910a not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\AKWS2FXCAQGIK4PCAXD2DGTCAYXE6SLCAUD2NSVCA5LF1D8CA5JGY3KCA5NO9YSCAB0G8MFCA11H7WJCAXIII98CA8ALBA9CAMNKVOGCAVSK2RACAWVYYHGCALM1LC8CAGJTB23CA4DBLZKCAXXZIW0[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\ODO8NPKN.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\3PWDSK31.SH!\NCAGA32WICAQ7FOU3CAJ0LIMGCAO3UU32CA600YKTCA9O85BWCAHT3PHQCARWFGEOCAI8VGOICAIGS3C0CAM1QK06CAOZNLT8CA3TXBOGCAC42AOWCAB69ZN9CANW1UNPCA0GTINRCA74UW71CASF0HAQ[1].jpg not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=homepage&site=freemail&special=rectangle&category=homepage&adsize=300x250&adsize=310x170&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=D__95671&Params[1].htm not found!
File\Folder C:\Dokumente und Einstellungen\Hans-Peter\Lokale Einstellungen\Temp\TEMPOR~1.SH!\Content.SH!\HTP8EAVA.SH!\section=content&site=freemail&category=content&special=top&adsize=468x60&content=webde&pageview=ng_outer&adsize=728x90&pageview=loggedin&pageview=no_tprof&pg=m&pa=39&pp=[1] not found!

Registry entries deleted on Reboot...