Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ständig öffnen sich werbeseiten und Popups! (https://www.trojaner-board.de/164253-staendig-oeffnen-werbeseiten-popups.html)

cosinus 27.02.2015 23:12
Alter....was ist da denn noch alles :eek:

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Kampffisch 01.03.2015 14:33
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Andi at 2015-03-01 14:28:57 Run:1
Running from C:\Users\Andi\Desktop
Loaded Profiles: Andi (Available profiles: Andi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:
       
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
EsgScanner => Service deleted successfully.
lhOYKYn => Unable to stop service
lhOYKYn => Service deleted successfully.
cae99edb => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\MPNIT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MPNIT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC-Mechanic Subscription => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Subscription" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
C:\Windows\System32\Tasks\KKZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KKZ" => Key deleted successfully.
C:\Windows\Tasks\KKZ.job => Moved successfully.
C:\Windows\Tasks\MPNIT.job => Moved successfully.
"C:\Windows\Tasks\MPNIT.job" => File/Directory not found.
"C:\Windows\Tasks\KKZ.job" => File/Directory not found.
"C:\Program Files (x86)\SuperPlusRadio v2.1V25.02" => File/Directory not found.
C:\Users\Andi\AppData\Roaming\MPNIT.exe => Moved successfully.
C:\Users\Andi\AppData\Roaming\KKZ.exe => Moved successfully.
"C:\Windows\System32\Tasks\MPNIT" => File/Directory not found.
"C:\Windows\System32\Tasks\KKZ" => File/Directory not found.
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965 => Moved successfully.
C:\Program Files (x86)\PlusBrowSRAps2.5 => Moved successfully.
"C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
C:\Windows\system32\Drivers\EsgScanner.sys => Moved successfully.
C:\sh4ldr => Moved successfully.
"C:\Program Files (x86)\Uniblue" => File/Directory not found.

"C:\ProgramData\rJDRDPLhi" directory move:

Could not move "C:\ProgramData\rJDRDPLhi\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\lhOYKYn.dat" => Scheduled to move on reboot.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe => Moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe.config => Moved successfully.
Could not move "C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi" directory. => Scheduled to move on reboot.

C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl => Moved successfully.
C:\Users\Andi\AppData\Roaming\MPNIT => Moved successfully.
"C:\Users\Andi\AppData\Roaming\MPNIT.exe" => File/Directory not found.
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part => Moved successfully.
C:\Program Files (x86)\buuYandbrowwSSE => Moved successfully.
C:\Program Files (x86)\buyyandbirrowaSe => Moved successfully.
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02 => Moved successfully.
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71 => Moved successfully.
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4} => Moved successfully.
"C:\Users\Andi\AppData\Roaming\KKZ.exe" => File/Directory not found.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Program Files (x86)\MedPlayV3.1 => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
"c:\Program Files (x86)\Super Optimizer" => File/Directory not found.
C:\Users\Andi\AppData\Local\ZombieInvasion => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1006.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 14:30:32)<=

C:\ProgramData\rJDRDPLhi\info.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi => Is moved successfully.

==== End of Fixlog 14:30:33 ====

cosinus 01.03.2015 23:40
Ok...und auf ein neues. Windows bitte neustarten, dann wiederholen:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Alle Zeitangaben in WEZ +1. Es ist jetzt 09:29 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129