Hallo "Gurus",
ja, so muss ich euch nennen :-)

Habe mir bei einem Download aus sonst sehr zuverlässiger Quelle (Schriftfonts) nicht nur die Incredibar sondern auch gleich den Win32/Somoto.A Virus gezogen.

Den Virus bin ich relativ schnell wieder los geworden, aber die sch**ss Incredibar hat mich Nerven gekostet.

"In der Ruhe liegt die Kraft" - nach dem (Lebens-)Motto bin ich vorgegangen und habe zum Glück dieses Forum gefunden. Habe mich durch die diversen Threads gelesen und bin dann eurer Anleitung gefolgt.

GMER: Nichts.
ESET: Nichts mehr (Virus erkannt und in die ewigen Jagdgründe geschickt).
MS Security Essentials (ja,ja, ich weiß): Nichts.

Nach der Analyse durch "AdwCleaner" hat's mir dann aber den Draht aus der Mütze gehauen. Ich schwöre, ich habe noch nie irgendwas bei dieser Drecksschleuder "Softtonic" runtergeladen; keine Ahnung wie der Mist auf meinen Rechner kam.
Muss mal meinen Neffen fragen...

Jedenfalls ist mein Rechner jetzt wieder sauber und die "Anti-Malware" werde ich mir dauerhaft zulegen.

Falls es interessiert, hier der Auszug von der "Müllabfuhr":

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/13/2012 at 00:04:56
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Vatta - VATTAS-NOTEBOOK
# Running from : C:\Users\Vatta\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Vatta\AppData\Local\Babylon
Folder Deleted : C:\Users\Vatta\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Vatta\AppData\Roaming\kikin
Folder Deleted : C:\Users\Vatta\AppData\Roaming\pdfforge
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\kikin
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb167?a=6R8yEIXxuE&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Vatta\AppData\Roaming\Mozilla\Firefox\Profiles\xjjaowou.default\prefs.js

C:\Users\Vatta\AppData\Roaming\Mozilla\Firefox\Profiles\xjjaowou.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb167?a=6R8yEIXxuE&loc=FF_NT");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=111304&tt=100512_2_");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 25);
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15470");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 25);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "12.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 76512167);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=100512_2_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "96ab6573000000000000e4115bfbc61e");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15470");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1715:25:09");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1342013619294");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "EN");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.dfltlng", "EN");
Deleted : user_pref("extensions.incredibar.dfltsrch", "false");
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0F2A58ECF8E1E4F7A6A3CE016DCA496A");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.hrdid", "0");
Deleted : user_pref("extensions.incredibar.id", "96ab65730000000000009439e532c544");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15532");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.instlday", "15532");
Deleted : user_pref("extensions.incredibar.instlref", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);
Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Deleted : user_pref("extensions.incredibar.keywordurl", "");
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.newtab", "false");
Deleted : user_pref("extensions.incredibar.newtaburl", "");
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.smplgrp", "none");
Deleted : user_pref("extensions.incredibar.srch", "");
Deleted : user_pref("extensions.incredibar.srchprvdr", "");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.tlbrid", "base");
Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8yEIXxuE");
Deleted : user_pref("extensions.incredibar.upn2n", "92824686308102488");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "96ab65730000000000009439e532c544");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15532");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8yEIXxuE&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8yEIXxuE");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824686308102488");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:26:27");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v20.0.1132.57

File : C:\Users\Vatta\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted :       "icon_url": "hxxp://mystart.incredibar.com/mb167/favicon.ico",
Deleted :       "keyword": "mystart.incredibar.com/mb167",
Deleted :       "search_url": "hxxp://mystart.incredibar.com/mb167/?loc=IB_DS&search={searchTerms}&a=6R8yEIXxu[...]

*************************

AdwCleaner[R1].txt - [11894 octets] - [12/07/2012 23:55:05]
AdwCleaner[R2].txt - [11955 octets] - [13/07/2012 00:04:00]
AdwCleaner[S1].txt - [11452 octets] - [13/07/2012 00:04:56]

########## EOF - C:\AdwCleaner[S1].txt - [11581 octets] ##########
         

Nachdem der Sch**ss endlich runter war, habe ich noch den CCleaner laufen lassen und den restlichen Dreck aus der Registry entfernt.

Nochmals ganz lieben Dank an euch!

Zitat:

Zitat von Mark M.

sonst sehr zuverlässiger Quelle (Schriftfonts)

Halte ich für schwer vereinbar.
Du sprichst von einer dir bekannten illegalen Raubkopien-Quelle?

Ich muss hier mal was klar stellen:

1.) Als Betroffener (Website-Designklau) kenne ich mich doch recht gut mit dem hierzulande gültigen Urheberrecht aus und weiss, dass das alles andere als eine unverbindliche, freundschaftliche Empfehlung ist.

2.) Hat der Betreiber der Seite (".de"-Domain, Standort in D, Impressum, etc.) sofort reagiert und (offensichtlich nicht nur) den Font-Satz entfernt, der mir diesen Ärger einbrachte.

3.) Weist der Betreiber ausdrücklich darauf hin, wie und was zu machen ist, wenn die Fonts publik (Inet, Druck, etc.) gemacht werden. Und daran halte ich mich.

4.) Gibt's auf meinen Rechnern keine Raubkopien! Nur Free- und Shareware sowie Opensource.

5.) Hat der ganze Sch**ss auch sein Gutes, denn ich kannte Malwarebytes bisher nicht und bin davon überzeugt (kein Klicki-Bunti, fairer Preis, faire Konditionen).

6.) Trotzdem Danke dafür, dass ihr Teile eurer Freizeit für dieses Projekt aufbringt.

7.) Es sind nicht immer alle Schäfchen der Herde schwarz :-) (Kann manchmal auch an der Brille liegen, die man trägt).

Zu guter letzt: Wahrscheinlich würde ich ähnlich reagieren, wenn ich immer hören müsste "keine Ahnung...", "nichts gemacht...", "nichts gedownloadet...", "sichere Quelle..." etc.