Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [ASRockXTU]  File not found
O4 - HKU\S-1-5-21-2620911757-4132591521-1881684151-1000..\Run: [Windows Defender] C:\install\WinDef.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell - "" = AutoRun
O33 - MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\Shell\AutoRun\command - "" = G:\Windows/AutoRun.exe
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8EFFFE8D
:Files
C:\Users\Nashoa\AppData\Local\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2620911757-4132591521-1881684151-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Defender deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5125faf5-4cf4-11e1-a965-00158315a310}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be817f03-8d6b-11e1-8785-00158315a310}\ not found.
File G:\Windows/AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0c31c40-3098-11e1-929b-806e6f6e6963}\ not found.
File F:\setup.exe not found.
ADS C:\ProgramData\TEMP:8EFFFE8D deleted successfully.
========== FILES ==========
C:\Users\Nashoa\AppData\Local\{00D083E6-3588-4B08-A69B-76E883579151} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{01748A35-07B5-444B-8F43-F648AA0B4B66} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{02F4F5F7-2456-429F-A847-0A856BD5EE6B} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{030CBA3A-1A6D-4963-9B18-306E9F17E618} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{09E5B697-2F3E-4A46-9805-0FBEEDBD2A63} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{0AEE6789-AD5F-4FD6-AF8E-7F985A18A82E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1180998A-0556-48C2-82AC-1E4599D3DFF6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1366CBE1-E73E-411B-8B07-DD6014493C67} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{168FB229-D84E-4667-8131-BFD3771874D6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{1775AD0B-BAA4-4A1D-83B7-BB485E7858E8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{203CD813-3A37-492A-8013-50A27C6097D2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{2A939276-B038-4B3F-A5A7-F54F304D2F3E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{2CA8E5CE-7A16-453C-88B7-C1DF4A954F00} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{31D0C21B-B56F-4E76-BD46-963347D7EEB7} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{3376C839-CDF0-45C1-AF1C-E68B75917CB6} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{361C3BBA-26A3-494E-B88F-18ECEAE98B7A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{3F784BEE-7169-4CF1-A59A-F3BBA0EF34B4} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{42F1D99E-9797-4D05-8F03-AFD446C2348A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{48B84F60-DA9E-4DC4-AF4E-F97BF99D1FAE} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{57356A4E-5FB1-444D-B7B2-989592F00B50} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{580D24E8-3BB3-4E18-82DD-8EFC951BFEB2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{5BFDCB1B-6E16-4AD4-8387-0F2A459B8F63} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{616E2762-30F6-401E-ABBC-BEDB9EA5B0F4} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{631F9B3C-FDBB-4D73-972E-BE897B4FBC59} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{690620B4-4150-4D87-9B4E-07FD617D7449} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{699FA53D-E711-4A6E-8533-3A0A3F87C622} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{69FCEF1C-501A-4C8C-B0CE-708BEF0AA5E8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{6DBF7F1A-8397-4D3D-ACD0-6A451DCE3868} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{737C21C2-24C3-4932-87EB-872CD2961EC8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75C10315-B04C-4132-A8C0-288B91D0844B} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75E446A8-33AD-4E49-BE4A-C0FCA7809200} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{75F5FCD0-BBAA-4E6C-A32A-CBF149325CEF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{7DD3980E-CD60-4634-864D-2486F5C1310D} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{7FC91AB2-253A-44FC-9D46-AE9F6DEC51FC} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{80A8989D-D9BC-42E7-89C5-1F61785F2AB5} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8148D7E9-2628-45FB-B0D1-153F7D1F5E67} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{85AD4FA8-5ECD-4C2C-B617-4BC372B669BF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{86EF7B80-CD66-49CA-AD8A-C0E328972AF8} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8793B1F9-5F60-4DAB-B71A-84DF04812938} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{882ADEE8-06D3-4EEC-89D8-04AD53A11724} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{8C6623A8-0830-40CF-93B9-031612423625} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{906B42A3-A9BB-430A-8793-858E52C57480} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{91A1DEB2-566B-4004-ACA3-3BBE4152830A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{93237FB7-E63B-4C06-BC84-FEED92AC03F9} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{977A6765-B749-4A6D-9639-10FF18A5494C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{A21B239E-70D2-498D-89D6-7D8F71971D06} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{A41127B6-A3EF-44B9-9350-7C23CFDA0CD2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{AAE28F2A-8510-4F37-A789-9B9C36343B74} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{B2E8E41F-4EE4-4FA3-AD9A-F81F1EEB28E2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{BC897E61-F2C6-4EE3-96AD-6ECC011D00FF} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{BC8E4553-C3EF-4098-8C44-90FFE40BAAD3} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{C32A968C-872D-462C-9340-562FFE88C12A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{CC847E5D-3C34-4894-967F-7F3773F2157A} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{CCC1998B-B135-44D6-A130-75BDC0C77AA9} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D430FFAC-823E-41C3-BB85-2A5EA4FEBEDB} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D47F823B-F583-4F97-B793-7612EE9F499C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D4A56044-2C4D-40FA-AD8B-A7F58B486572} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{D5AC7D94-0545-478C-8FD2-16C28D77EA19} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E73718E0-99BF-40DB-A3AA-4200FE9A44A3} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E7DE9558-3E78-48BF-BD93-0E3089E29EB2} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E8648034-B4A0-42F3-AB06-6C639BD1DA2C} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{E929BC25-DACB-4D6E-ADE3-07759836B167} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{ED04AB0F-BE08-4D3C-9B6C-37FD8AE6C04E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{F3D06C3E-F1CC-4B51-9033-AFB2514B6E81} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{F9FC680E-74A9-4FB7-BE4B-A07BB67F4E55} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FA37C46A-409F-4CA8-B308-FBC64A9BD48E} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FAC7FAFE-125E-4630-8CDC-407918A47DD0} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FB0CF929-A924-4E52-BB52-573411CFE524} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FC50ADAA-B761-44FE-BF86-8AF25628F81D} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FCECFD9E-DF40-4A92-98A6-1502E2BAFCC5} folder moved successfully.
C:\Users\Nashoa\AppData\Local\{FFDAF80C-22CD-43D4-A6A6-87F092A84D73} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Nashoa\Desktop\cmd.bat deleted successfully.
C:\Users\Nashoa\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Nashoa
->Temp folder emptied: 95740012 bytes
->Temporary Internet Files folder emptied: 242883834 bytes
->Java cache emptied: 1816200 bytes
->FireFox cache emptied: 201884349 bytes
->Opera cache emptied: 12541686 bytes
->Flash cache emptied: 24146 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 127411 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 529,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.3 log created on 09102012_234215

Files\Folders moved on Reboot...
C:\Users\Nashoa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2968.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...