Zitat:

O4 - HKCU..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)

Bitte mal überdenken, ob Du wirklich dieses Spielzeug brauchst und nicht lieber ein vernünftiges Mailprogramm verwendest. Incredimail ist Spyware!


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code: Alles auswählenAufklappen

ATTFilter

:OTL
O32 - Unable to obtain root file information for disk M:\
O33 - MountPoints2\{dca3fb98-cb97-11de-832c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dca3fb98-cb97-11de-832c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe -- File not found
[2010.07.19 17:49:57 | 000,170,496 | ---- | C] (u4YnTdjIoZHQ3vWEv) -- C:\Windows\SysWow64\dgqVAWqCDUA0hfqScCPi1m1d.exe
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:302A9871
:Commands
[purity]
[resethosts]
[emptytemp]
         

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Okay, code reinkopiert, mit :OTL, dann nach 5 min hats den rechner neugestartet. Beim hochfahren blieb er 10 minuten hängen. Normal?

Hier das gewünschte logfile:

Code: Alles auswählenAufklappen

ATTFilter

All processes killed
========== OTL ==========
File  not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca3fb98-cb97-11de-832c-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca3fb98-cb97-11de-832c-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca3fb98-cb97-11de-832c-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca3fb98-cb97-11de-832c-806e6f6e6963}\ not found.
File E:\Run.exe not found.
C:\Windows\SysWOW64\dgqVAWqCDUA0hfqScCPi1m1d.exe moved successfully.
ADS C:\ProgramData\TEMP:302A9871 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Christian
->Temp folder emptied: 194879 bytes
->Temporary Internet Files folder emptied: 403163 bytes
 
User: ***
->Temp folder emptied: 124434033 bytes
->Temporary Internet Files folder emptied: 167473918 bytes
->Java cache emptied: 627529 bytes
->Google Chrome cache emptied: 383245784 bytes
->Flash cache emptied: 8026 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 5394059 bytes
->Temporary Internet Files folder emptied: 69969510 bytes
->Java cache emptied: 10928486 bytes
->Google Chrome cache emptied: 82838189 bytes
->Flash cache emptied: 4284 bytes
 
User: Gast
->Temp folder emptied: 55224 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 41 bytes
%systemroot%\System32 .tmp files removed: 183808 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 553848 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 338181 bytes
 
Total Files Cleaned = 808.00 mb
 
 
OTL by OldTimer - Version 3.2.1.2 log created on 07222010_191305

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\etilqs_uCQ2hYO4P1zOpJyIebTs not found!
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

Registry entries deleted on Reboot...
         

PS: Auf deinen Hinweis hin incredimail wech, thunderbird rauf. Ist der besser?