Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:7631EA83
[2011.03.11 14:00:19 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{E073ECBA-0F2F-4DDD-9B2C-FB38303BE447}
O4 - HKLM..\RunOnce: [SpybotDeletingA1016]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA1387]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA1902]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA5663]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA58]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA6241]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA8140]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA8930]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA965]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingA980]  File not found
O4 - HKLM..\RunOnce: [SpybotDeletingC2653] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC272] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC3125] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5151] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5162] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC5675] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC6213] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8040] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9412] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9787] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB1587]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB173]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB1866]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB6733]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB7161]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB7299]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8134]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8267]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB8623]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingB9327]  File not found
O4 - HKCU..\RunOnce: [SpybotDeletingD1070] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD191] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD2142] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3923] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD4645] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD5550] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6416] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD649] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8695] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD972] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

OTL hat was gefixed, danach kam der Neustart, aber keine Logfiles.

Gerade jetzt danach nochmal OTL gestartet, dann wurde sofort die Logfile angezeigt die du wohl benötigst:

Zitat:

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:7631EA83 deleted successfully.
C:\Windows\SysWOW64\ANIWZCS{E073ECBA-0F2F-4DDD-9B2C-FB38303BE447} moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA1016 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA1387 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA1902 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA5663 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA58 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA6241 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA8140 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA8930 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA965 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingA980 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC2653 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC272 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC3125 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC5151 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC5162 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC5675 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC6213 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC8040 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC9412 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingC9787 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1587 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB173 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB1866 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6733 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7161 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7299 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8134 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8267 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8623 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9327 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD1070 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD191 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2142 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD3923 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4645 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5550 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6416 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD649 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD8695 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD972 deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 589000 bytes
->Temporary Internet Files folder emptied: 45027533 bytes
->Java cache emptied: 587615 bytes
->Opera cache emptied: 7307928 bytes
->Flash cache emptied: 484 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tommy
->Temp folder emptied: 3779 bytes
->Temporary Internet Files folder emptied: 4089033 bytes
->Java cache emptied: 21577876 bytes
->FireFox cache emptied: 47669014 bytes
->Opera cache emptied: 1324604 bytes
->Flash cache emptied: 2447 bytes

%systemdrive% .tmp files removed: 605560181 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 80682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 2373 bytes

Total Files Cleaned = 700,00 mb


OTL by OldTimer - Version 3.2.21.0 log created on 03112011_171745

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
File move failed. C:\Users\Tommy\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

war/ist mein rechner kontaminiert? soll ich meine passwörter ändern?