Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ständig öffnen sich werbeseiten und Popups! (https://www.trojaner-board.de/164253-staendig-oeffnen-werbeseiten-popups.html)

cosinus 27.02.2015 23:12
Alter....was ist da denn noch alles :eek:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Kampffisch 01.03.2015 14:33
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Andi at 2015-03-01 14:28:57 Run:1
Running from C:\Users\Andi\Desktop
Loaded Profiles: Andi (Available profiles: Andi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:
       
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
EsgScanner => Service deleted successfully.
lhOYKYn => Unable to stop service
lhOYKYn => Service deleted successfully.
cae99edb => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\MPNIT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MPNIT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC-Mechanic Subscription => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Subscription" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
C:\Windows\System32\Tasks\KKZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KKZ" => Key deleted successfully.
C:\Windows\Tasks\KKZ.job => Moved successfully.
C:\Windows\Tasks\MPNIT.job => Moved successfully.
"C:\Windows\Tasks\MPNIT.job" => File/Directory not found.
"C:\Windows\Tasks\KKZ.job" => File/Directory not found.
"C:\Program Files (x86)\SuperPlusRadio v2.1V25.02" => File/Directory not found.
C:\Users\Andi\AppData\Roaming\MPNIT.exe => Moved successfully.
C:\Users\Andi\AppData\Roaming\KKZ.exe => Moved successfully.
"C:\Windows\System32\Tasks\MPNIT" => File/Directory not found.
"C:\Windows\System32\Tasks\KKZ" => File/Directory not found.
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965 => Moved successfully.
C:\Program Files (x86)\PlusBrowSRAps2.5 => Moved successfully.
"C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
C:\Windows\system32\Drivers\EsgScanner.sys => Moved successfully.
C:\sh4ldr => Moved successfully.
"C:\Program Files (x86)\Uniblue" => File/Directory not found.

"C:\ProgramData\rJDRDPLhi" directory move:

Could not move "C:\ProgramData\rJDRDPLhi\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\lhOYKYn.dat" => Scheduled to move on reboot.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe => Moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe.config => Moved successfully.
Could not move "C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi" directory. => Scheduled to move on reboot.

C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl => Moved successfully.
C:\Users\Andi\AppData\Roaming\MPNIT => Moved successfully.
"C:\Users\Andi\AppData\Roaming\MPNIT.exe" => File/Directory not found.
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part => Moved successfully.
C:\Program Files (x86)\buuYandbrowwSSE => Moved successfully.
C:\Program Files (x86)\buyyandbirrowaSe => Moved successfully.
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02 => Moved successfully.
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71 => Moved successfully.
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4} => Moved successfully.
"C:\Users\Andi\AppData\Roaming\KKZ.exe" => File/Directory not found.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Program Files (x86)\MedPlayV3.1 => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
"c:\Program Files (x86)\Super Optimizer" => File/Directory not found.
C:\Users\Andi\AppData\Local\ZombieInvasion => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1006.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 14:30:32)<=

C:\ProgramData\rJDRDPLhi\info.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi => Is moved successfully.

==== End of Fixlog 14:30:33 ====

cosinus 01.03.2015 23:40
Ok...und auf ein neues. Windows bitte neustarten, dann wiederholen:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 15:08 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131