Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
O32 - AutoRun File - [2001.04.18 10:23:00 | 000,000,041 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\Shell\AutoRun\command - "" = K:\SETUP.EXE -- [2001.04.30 12:33:00 | 000,032,768 | R--- | M] ()
[2010.07.31 01:26:50 | 000,152,904 | ---- | M] () -- C:\Windows\System32\vghd.scr
@Alternate Data Stream - 380 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
File move failed. K:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{354af7a4-f33f-11db-ae29-806e6f6e6963}\ not found.
File move failed. K:\SETUP.EXE scheduled to be moved on reboot.
C:\Windows\System32\vghd.scr moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMPFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\TEMP1B5B4F1 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 186120 bytes
->Java cache emptied: 14182633 bytes
->FireFox cache emptied: 58793997 bytes
->Flash cache emptied: 38710 bytes

User: Kev
->Temp folder emptied: 29730677 bytes
->Temporary Internet Files folder emptied: 2729442 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1148 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6980 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 101,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08102010_134834

Files\Folders moved on Reboot...
File move failed. K:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. K:\SETUP.EXE scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...