Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell - "" = AutoRun
O33 - MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\Shell\AutoRun\command - "" = F:\preinst.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\QsSetup.exe -- File not found
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Hi,

danke für die Ratschläge..anbei die neue log file von otl..hab es genauso durchgeführt wie von dir beschrieben..anschließend hat er nen neustart gemacht um dateien zu löschen...was haben wir jetzt eigentlich da genau gelöscht? war das ein gefährlicher virus? reicht avira anti vir für diese art von bedrohungen?

vielen dank





All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f66630f-efb6-11de-8671-001e33fa83ec}\ not found.
File F:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{df1f39f2-efc9-11de-8e94-001e33fa83ec}\ not found.
File F:\preinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\QsSetup.exe not found.
ADS C:\ProgramData\TEMP:55F44B88 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41044 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ich

User: ich
->Temp folder emptied: 137719233 bytes
->Temporary Internet Files folder emptied: 1043375 bytes
->Java cache emptied: 3277211 bytes
->FireFox cache emptied: 72790175 bytes
->Google Chrome cache emptied: 6233075 bytes
->Flash cache emptied: 11571 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 150983 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 211,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07132010_210529

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...