Alter....was ist da denn noch alles

FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code: Alles auswählenAufklappen

ATTFilter

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

• Starte nun FRST erneut und klicke den Entfernen Button.
• Das Tool erstellt eine Fixlog.txt.
• Poste mir deren Inhalt.

Code: Alles auswählenAufklappen

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Andi at 2015-03-01 14:28:57 Run:1
Running from C:\Users\Andi\Desktop
Loaded Profiles: Andi (Available profiles: Andi)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Extension: MediaPlayersvideos  1.1 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com [2015-02-21]
FF Extension: buuYandbrowwSSE - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net [2015-02-02]
FF Extension: c151d79ee61b4a90a8875a46d38fba99 - C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} [2015-02-19]
CHR HomePage: Default -> hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX
CHR StartupUrls: Default -> "hxxp://www.istartsurf.com/?type=hppp&ts=1424032548&from=tugs&uid=HGSTXHTS725050A7E630_RC250ACB0D8S9J0D8S9JX"
CHR DefaultSearchKeyword: Default -> istartsurf
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-02-13] ()
R2 lhOYKYn; C:\ProgramData\rJDRDPLhi\lhOYKYn.exe [2733544 2015-02-15] (Time Lapse Solutions)
S2 cae99edb; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\Super Optimizer\SupOptCrash.dll",ENT
Task: {5C9944EA-E447-4204-918D-27A756562761} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Task: {6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3} - \avaxvyyvyf No Task File <==== ATTENTION
Task: {961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD} - System32\Tasks\MPNIT => C:\Users\Andi\AppData\Roaming\MPNIT.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: {A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33} - System32\Tasks\PC-Mechanic Subscription => C:\Program Files (x86)\Uniblue\PC-Mechanic\pc-mechanic.exe
Task: {A5C88AD9-278C-4961-BB27-B6F43AC2DD36} - System32\Tasks\KKZ => C:\Users\Andi\AppData\Roaming\KKZ.exe [2015-02-25] (RadioCanyonv2V25.02) <==== ATTENTION
Task: C:\Windows\Tasks\KKZ.job => C:\Users\Andi\AppData\Roaming\KKZ.exe <==== ATTENTION
Task: C:\Windows\Tasks\MPNIT.job => C:\Users\Andi\AppData\Roaming\MPNIT.exe <==== ATTENTION
C:\Windows\Tasks\MPNIT.job
C:\Windows\Tasks\KKZ.job
C:\Program Files (x86)\SuperPlusRadio v2.1V25.02
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Windows\System32\Tasks\MPNIT
C:\Windows\System32\Tasks\KKZ
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965
C:\Program Files (x86)\PlusBrowSRAps2.5
C:\Windows\System32\Tasks\SpyHunter4Startup
C:\Windows\system32\Drivers\EsgScanner.sys
C:\sh4ldr
C:\Program Files (x86)\Uniblue
C:\ProgramData\rJDRDPLhi
C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl
C:\Users\Andi\AppData\Roaming\MPNIT
C:\Users\Andi\AppData\Roaming\MPNIT.exe
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part
C:\Program Files (x86)\buuYandbrowwSSE
C:\Program Files (x86)\buyyandbirrowaSe
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4}
C:\Users\Andi\AppData\Roaming\KKZ.exe
C:\Program Files\Enigma Software Group
C:\Program Files (x86)\MedPlayV3.1
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
c:\Program Files (x86)\Super Optimizer
C:\Users\Andi\AppData\Local\ZombieInvasion
EmptyTemp:
Hosts:
         
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully.
HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\b6e4f54065ff48dd97db30ca@c9b45f807bf54a45a4669e51c.com => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\yuR@D.net => Moved successfully.
C:\Users\Andi\AppData\Roaming\Mozilla\Firefox\Profiles\y8szgoz2.default\Extensions\{c151d79e-e61b-4a90-a887-5a46d38fba99} => Moved successfully.
Chrome HomePage deleted successfully.
Chrome StartupUrls deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
EsgScanner => Service deleted successfully.
lhOYKYn => Unable to stop service
lhOYKYn => Service deleted successfully.
cae99edb => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9944EA-E447-4204-918D-27A756562761}" => Key deleted successfully.
C:\Windows\System32\Tasks\SpyHunter4Startup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DE1B0F0-4A78-4BAD-8E35-0291BF5300D3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaxvyyvyf" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{961C6AB4-CFBF-4FFF-BB96-DD8B6E3FD9FD}" => Key deleted successfully.
C:\Windows\System32\Tasks\MPNIT => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MPNIT" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1ADADA1-DF9A-41CE-BE00-1D1438BFCA33}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC-Mechanic Subscription => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC-Mechanic Subscription" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5C88AD9-278C-4961-BB27-B6F43AC2DD36}" => Key deleted successfully.
C:\Windows\System32\Tasks\KKZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\KKZ" => Key deleted successfully.
C:\Windows\Tasks\KKZ.job => Moved successfully.
C:\Windows\Tasks\MPNIT.job => Moved successfully.
"C:\Windows\Tasks\MPNIT.job" => File/Directory not found.
"C:\Windows\Tasks\KKZ.job" => File/Directory not found.
"C:\Program Files (x86)\SuperPlusRadio v2.1V25.02" => File/Directory not found.
C:\Users\Andi\AppData\Roaming\MPNIT.exe => Moved successfully.
C:\Users\Andi\AppData\Roaming\KKZ.exe => Moved successfully.
"C:\Windows\System32\Tasks\MPNIT" => File/Directory not found.
"C:\Windows\System32\Tasks\KKZ" => File/Directory not found.
C:\Program Files (x86)\1498dc0a-f4d9-4408-be95-19affbd6d965 => Moved successfully.
C:\Program Files (x86)\PlusBrowSRAps2.5 => Moved successfully.
"C:\Windows\System32\Tasks\SpyHunter4Startup" => File/Directory not found.
C:\Windows\system32\Drivers\EsgScanner.sys => Moved successfully.
C:\sh4ldr => Moved successfully.
"C:\Program Files (x86)\Uniblue" => File/Directory not found.

"C:\ProgramData\rJDRDPLhi" directory move:

Could not move "C:\ProgramData\rJDRDPLhi\info.dat" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\lhOYKYn.dat" => Scheduled to move on reboot.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe => Moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.exe.config => Moved successfully.
Could not move "C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config" => Scheduled to move on reboot.
Could not move "C:\ProgramData\rJDRDPLhi" directory. => Scheduled to move on reboot.

C:\Users\Andi\Downloads\Microsoft.Windows.XP.7in1.German.inkl.SP3-Lidl => Moved successfully.
C:\Users\Andi\AppData\Roaming\MPNIT => Moved successfully.
"C:\Users\Andi\AppData\Roaming\MPNIT.exe" => File/Directory not found.
C:\Users\Andi\Downloads\XP.Home.Edition.OEM.SP3.GER-RHB.rar.part => Moved successfully.
C:\Program Files (x86)\buuYandbrowwSSE => Moved successfully.
C:\Program Files (x86)\buyyandbirrowaSe => Moved successfully.
C:\Program Files (x86)\Cinemax Plus 1.9cV15.02 => Moved successfully.
C:\Program Files (x86)\4bf237b8-803c-4cad-8ece-2db7514c4a71 => Moved successfully.
C:\ProgramData\{8841397d-393c-30ac-8841-1397d393e5f4} => Moved successfully.
"C:\Users\Andi\AppData\Roaming\KKZ.exe" => File/Directory not found.
C:\Program Files\Enigma Software Group => Moved successfully.
C:\Program Files (x86)\MedPlayV3.1 => Moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
"c:\Program Files (x86)\Super Optimizer" => File/Directory not found.
C:\Users\Andi\AppData\Local\ZombieInvasion => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 1006.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-01 14:30:32)<=

C:\ProgramData\rJDRDPLhi\info.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\lhOYKYn.dat => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\AiygjJ.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\dnOATRz.dll => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\LIuAGEpwx.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe => Is moved successfully.
C:\ProgramData\rJDRDPLhi\dat\YsTVQXZ.exe.config => Is moved successfully.
C:\ProgramData\rJDRDPLhi => Is moved successfully.

==== End of Fixlog 14:30:33 ====
         

Ok...und auf ein neues. Windows bitte neustarten, dann wiederholen:

Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

• Starte jetzt FRST.
• Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
• Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
• Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)