Dann lass die eine Zeile weg also nimm diesen Text für den OTL Fix:

Code: Alles auswählenAufklappen

ATTFilter

:OTL
PRC - C:\programme\quicktime\qtsystem\quicktimeeffects.resources\sv.lproj\quicktimequicktimeresources.exe File not found
PRC - C:\programme\gemeinsame dateien\microsoft shared\msorun\msorunoffice.exe File not found
PRC - C:\programme\installshield installation information\{beefc4f8-2909-48b3-afaa-55d3533fdedd}\installshieldsetup7.exe File not found
PRC - C:\programme\nero\nero 9\nero burning rom\coveredctrl\coveredctrlmanifcovered.exe File not found
PRC - C:\programme\avid\utilities\avid storage manager\avidtechnology.exe File not found
FF - prefs.js..browser.startup.homepage: "http://wxwxw.google.de/"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_PrintPreview = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 2
O33 - MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\Shell\AutoRun\command - "" = J:\pushinst.exe -- File not found
O33 - MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\Shell\AutoRun\command - "" = K:\.\Kassettenrecorder.exe -- File not found
[2010.05.04 12:23:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP
[2010.05.08 15:50:19 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\coqof.sys
:Commands
[purity]
[resethosts]
[emptytemp]
         

nach weglassen der ersten 5 Zeilen lief der scan. hier das logfile:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\SpecifyDefaultButtons deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Search deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Folders deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_PrintPreview deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Encoding deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Paste deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Copy deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Cut deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Discussions deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Edit deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Size deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_MailNews deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Tools deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Fullscreen deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_History deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Media deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Print deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\Btn_Favorites deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29b71186-56ec-11dc-8ccc-b6b6e5ec0739}\ not found.
File J:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9212d9c0-cc56-11de-8f72-0019d11b3f94}\ not found.
File K:\.\Kassettenrecorder.exe not found.
C:\WINDOWS\61D3AAE1D5214CD7939B37813DE8F955.TMP folder moved successfully.
File C:\WINDOWS\System32\drivers\coqof.sys not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: xxx
->Temp folder emptied: 3239256 bytes
->Temporary Internet Files folder emptied: 181246 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 29756201 bytes
->Apple Safari cache emptied: 108336 bytes
->Flash cache emptied: 3317 bytes

User: Default User
->Temp folder emptied: 59964 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1370464 bytes
->Flash cache emptied: 1301 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19593 bytes
%systemroot%\System32 .tmp files removed: 4986759 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 505 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05152010_122707

Files\Folders moved on Reboot...
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\clclean.0001.dir.0002\~df394b.tmp moved successfully.
C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temp\clclean.0001.dir.0002\~efe2.tmp moved successfully.

Registry entries deleted on Reboot...

MfG
Silverjew