Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
incredibar my start blockiert firefox tab

incredibar my start blockiert firefox tab


Plagegeister aller Art und deren Bekämpfung: incredibar my start blockiert firefox tab

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 18.07.2012, 15:36   #1
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Hallo, erst mal danke das sich hier jemand dieses problems annimmt. nun zum problem. nachdem ich meinen pc aus dem ruhezustand hochgefahren hab und firefox öffne, wird mir der zuletzt aktive tab angezeigt aber anstatt die seite neu zu laden wird incredibar mystart angezeigt. ja ok kein so krasses problem aber es nervt. danke für jede hilfe

Alt 18.07.2012, 16:13   #2
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:


Code:
ATTFilter
:OTL
PRC - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe 
PRC - [2000.05.04 14:21:46 | 000,193,024 | ---- | M] () -- C:\Programme\Wheel Mouse\scw64.exe 
SRV - [2012.05.08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC 
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} 
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found 
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=107763&mntrId=4857faeb00000000000000ffe29a58f0 
IE - HKCU\..\SearchScopes\{761E7D7B-1663-43E5-A686-D44B57DCC141}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=3c5a8907-1016-45b3-8a90-c3d1f6e77e1c&apn_sauid=9AF4A479-9B55-4981-A79E-547A05BB1A5A 
IE - HKCU\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=101&q={searchTerms} 
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6PQD2hSPFE&i=26 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.defaultengine: "Ask.com" 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search" 
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search" 
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" 
FF - prefs.js..browser.search.order.1: "Ask.com" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.search.useDBForOrder: true 
FF - prefs.js..browser.startup.homepage: "spin.de" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 
FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 
FF - prefs.js..extensions.enabledItems: uss-button@uploadscreenshot.com:1.9.1 
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..extensions.enabledItems: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 
FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQD2hSPFE&&i=26&search=" 
FF - prefs.js..network.proxy.type: 0 
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.searchqu.com/web?src=ffb&systemid=101&q=" 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.10 13:31:29 | 000,000,000 | ---D | M] 
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () 
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. 
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL Inc.) 
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Silvercrest OM1008 driver\StartAutorun.exe KMConfig.exe File not found 
O4 - HKCU..\Run: [Facebook Update] C:\Users\Dommä\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) 
O4 - HKCU..\Run: [MediaGet2] C:\Users\Dommä\AppData\Local\MediaGet2\mediaget.exe --minimized File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\Shell - "" = AutoRun 
O33 - MountPoints2\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\Shell\AutoRun\command - "" = E:\pcgo.exe 
O33 - MountPoints2\{b435eab1-2343-11e0-9f71-00306724cd5b}\Shell - "" = AutoRun 
O33 - MountPoints2\{b435eab1-2343-11e0-9f71-00306724cd5b}\Shell\AutoRun\command - "" = O:\pushinst.exe 
@Alternate Data Stream - 168 bytes -> C:\Users\Dommä\Documents\Sande.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 168 bytes -> C:\Users\Dommä\Documents\Fahrzeugschein PA-TS 421.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 168 bytes -> C:\Users\Dommä\Documents\Ausweis.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 168 bytes -> C:\Users\Dommä\Desktop\mömax fia dsande.jpeg:3or4kl4x13tuuug3Byamue2s4b 
@Alternate Data Stream - 168 bytes -> C:\Users\Dommä\Desktop\2.scan fia dsande.jpeg:3or4kl4x13tuuug3Byamue2s4b 
[2012.01.27 16:20:24 | 000,000,933 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\11-suche.xml 
[2012.01.27 16:20:24 | 000,002,419 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\englische-ergebnisse.xml 
[2012.01.27 16:20:24 | 000,010,525 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\gmx-suche.xml 
[2012.01.27 16:20:24 | 000,002,457 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\lastminute.xml 
[2012.01.27 16:20:24 | 000,005,508 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\webde-suche.xml 
[2011.07.17 11:46:32 | 000,002,354 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\aol-web-search.xml 
[2012.01.03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\askcom.xml 
[2012.04.24 21:31:10 | 000,000,931 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\conduit.xml 
[2012.07.10 13:31:13 | 000,002,203 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\MyStart Search.xml 
[2012.07.10 13:31:29 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 
[2012.07.10 13:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant 
[2012.07.10 13:31:49 | 000,000,453 | ---- | M] () -- C:\user.js 
[2012.07.10 13:31:48 | 000,000,453 | ---- | C] () -- C:\user.js 
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\SearchquWebSearch.xml 
[2010.08.12 13:12:24 | 000,005,529 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchquWebSearch.xml 
[2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml 
[2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml 
[2011.09.29 15:59:25 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml 
[2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml 
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml 
[2012.07.18 10:59:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job 
[2012.07.18 10:58:11 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job 
[2012.07.18 10:44:45 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634633967-1130292789-1268958577-1000Core.job 
[2012.07.18 10:43:09 | 000,001,138 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1634633967-1130292789-1268958577-1000UA.job 
[2012.07.18 10:43:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job 
[2012.07.18 10:43:01 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\lvuvc.hs 
:Files

E:\pcgo.exe
O:\pushinst.exe
C:\Program Files\Web Assistant

ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________

__________________
Alt 18.07.2012, 16:43   #3
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Boah super, geht wieder danke dir t'john nur wo ich das logfile ghinladen soll kapier ich grad nicht sorry
__________________
Alt 18.07.2012, 16:49   #4
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Kopieren und hier ins Forum einfuegen oder mit dem Bueroklammer-symbol an den Beitrag anhaengen.
__________________
Mfg, t'john
Das TB unterstützen

Alt 18.07.2012, 16:58   #5
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


ahso alles klar danke
All processes killed
========== OTL ==========
Process ExtensionUpdaterService.exe killed successfully!
No active process named scw64.exe was found!
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Programme\Web Assistant\ExtensionUpdaterService.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{761E7D7B-1663-43E5-A686-D44B57DCC141}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761E7D7B-1663-43E5-A686-D44B57DCC141}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA74C8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "spin.de" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 removed from extensions.enabledItems
Prefs.js: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 removed from extensions.enabledItems
Prefs.js: uss-button@uploadscreenshot.com:1.9.1 removed from extensions.enabledItems
Prefs.js: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {D9ADB0A8-7BFB-498D-9880-EE78A81CCFA0}:1.0 removed from extensions.enabledItems
Prefs.js: ShopperReports@ShopperReports.com:3.0.517.0 removed from extensions.enabledItems
Prefs.js: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1 removed from extensions.enabledItems
Prefs.js: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6PQD2hSPFE&&i=26&search=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&systemid=101&q=" removed from sweetim.toolbar.previous.keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Programme\Web Assistant\Extension32.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}\ deleted successfully.
C:\Programme\Winamp Toolbar\winamptb.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KMCONFIG deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Dommä\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MediaGet2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2ca01fe9-2342-11e0-a235-806e6f6e6963}\ not found.
File E:\pcgo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b435eab1-2343-11e0-9f71-00306724cd5b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b435eab1-2343-11e0-9f71-00306724cd5b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b435eab1-2343-11e0-9f71-00306724cd5b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b435eab1-2343-11e0-9f71-00306724cd5b}\ not found.
File O:\pushinst.exe not found.
ADS C:\Users\Dommä\Documents\Sande.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Dommä\Documents\Fahrzeugschein PA-TS 421.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Dommä\Documents\Ausweis.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
Unable to delete ADS C:\Users\Dommä\Desktop\mömax fia dsande.jpeg:3or4kl4x13tuuug3Byamue2s4b .
Unable to delete ADS C:\Users\Dommä\Desktop\2.scan fia dsande.jpeg:3or4kl4x13tuuug3Byamue2s4b .
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\11-suche.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\englische-ergebnisse.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\gmx-suche.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\lastminute.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\webde-suche.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\aol-web-search.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\askcom.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\conduit.xml moved successfully.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\MyStart Search.xml moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults\preferences folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\defaults folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\skin folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\locale folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\resources folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content\libraries folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome\content folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX\chrome folder moved successfully.
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX folder moved successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\user.js moved successfully.
File C:\user.js not found.
C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\SearchquWebSearch.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634633967-1130292789-1268958577-1000Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1634633967-1130292789-1268958577-1000UA.job moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\System32\drivers\lvuvc.hs moved successfully.
========== FILES ==========
File\Folder E:\pcgo.exe not found.
File\Folder O:\pushinst.exe not found.
File\Folder C:\Program Files\Web Assistant not found.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Dommä\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dommä
->Temp folder emptied: 1524334992 bytes
->Temporary Internet Files folder emptied: 77663880 bytes
->Java cache emptied: 2812255 bytes
->FireFox cache emptied: 806585675 bytes
->Apple Safari cache emptied: 1901568 bytes
->Flash cache emptied: 2882998 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91518534 bytes
RecycleBin emptied: 39526594724 bytes

Total Files Cleaned = 40.087,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Dommä
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07182012_172502

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.07.18 17:31:45 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...


Alt 18.07.2012, 17:04   #6
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Sehr gut!

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
--> incredibar my start blockiert firefox tab

Alt 19.07.2012, 13:53   #7
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Malwarebytes Anti-Malware (Test) 1.62.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2012.07.19.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Dommä :: DOMMÄ-PC [Administrator]

Schutz: Aktiviert

19.07.2012 12:24:37
mbam-log-2012-07-19 (12-24-37).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 431974
Laufzeit: 1 Stunde(n), 32 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
# AdwCleaner v1.702 - Logfile created 07/19/2012 at 14:52:37
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dommä - DOMMÄ-PC
# Running from : C:\Users\Dommä\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\Dommä\AppData\Local\APN
Folder Found : C:\Users\Dommä\AppData\Local\Babylon
Folder Found : C:\Users\Dommä\AppData\Local\Conduit
Folder Found : C:\Users\Dommä\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Dommä\AppData\LocalLow\Conduit
Folder Found : C:\Users\Dommä\AppData\LocalLow\Incredibar.com
Folder Found : C:\Users\Dommä\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Dommä\AppData\Roaming\Babylon
Folder Found : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\SearchquTB
Folder Found : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\SweetIMToolbarData
Folder Found : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\WinampToolbarData
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Program Files\Winamp Toolbar

***** [Registry] *****
[*] Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\searchqutb
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\bandoo
Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\SOFTWARE\Conduit
Key Found : HKLM\SOFTWARE\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKLM\SOFTWARE\Winamp Toolbar
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Alt 19.07.2012, 14:54   #8
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Sehr gut!

  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.



dann:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 19.07.2012, 21:58   #9
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


# AdwCleaner v1.702 - Logfile created 07/19/2012 at 22:53:56
# Updated 13/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Dommä - DOMMÄ-PC
# Running from : C:\Users\Dommä\Desktop\malewarebytes\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\Dommä\AppData\Local\APN
Folder Deleted : C:\Users\Dommä\AppData\Local\Babylon
Folder Deleted : C:\Users\Dommä\AppData\Local\Conduit
Folder Deleted : C:\Users\Dommä\AppData\Local\Winamp Toolbar
Folder Deleted : C:\Users\Dommä\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dommä\AppData\LocalLow\Incredibar.com
Folder Deleted : C:\Users\Dommä\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dommä\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\SearchquTB
Folder Deleted : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\SweetIMToolbarData
Folder Deleted : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\WinampToolbarData
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Winamp Toolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\DVDVideoSoftTB
Folder Deleted : C:\Program Files\Winamp Toolbar

***** [Registry] *****
[*] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutb
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\bandoo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DVDVideoSoftTB
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\SOFTWARE\Web Assistant
Key Deleted : HKLM\SOFTWARE\Winamp Toolbar
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FF99715-3016-4381-84CE-E4E4C9673020}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7FF99715-3016-4381-84CE-E4E4C9673020}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb139?a=6PQD2hSPFE&i=26 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?babsrc=NT_ss&affID=107763&mntrId=4857faeb00000000000000ffe29a58f0 --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\prefs.js

C:\Users\Dommä\AppData\Roaming\Mozilla\Firefox\Profiles\f9fuc64i.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.surf.date", "590");
Deleted : user_pref("aol_toolbar.surf.lastDate", "14");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "0");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2012");
Deleted : user_pref("aol_toolbar.surf.month", "1995");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "8653");
Deleted : user_pref("aol_toolbar.surf.total", "69644");
Deleted : user_pref("aol_toolbar.surf.week", "1223");
Deleted : user_pref("aol_toolbar.surf.year", "1995");
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=107763");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 7);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "4857faeb00000000000000ffe29a58f0");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15246");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_ss&q={search[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 7);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1016:00:01");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "7.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 59249859);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1016:00:01");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10650");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "4857faeb00000000000000ffe29a58f0");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15531");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "88%5F2");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQD2hSPFE&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQD2hSPFE");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92543205927653314");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:31:47");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R1].txt - [14339 octets] - [19/07/2012 14:52:37]
AdwCleaner[S1].txt - [14815 octets] - [19/07/2012 22:53:56]

########## EOF - C:\AdwCleaner[S1].txt - [14944 octets] ##########

Alt 19.07.2012, 22:48   #10
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Bitte Emsisoft noch...
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 00:43   #11
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Emsisoft Anti-Malware - Version 6.6
Letztes Update: 20.07.2012 00:25:34

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
Archiv Scan: An
ADS Scan: An

Scan Beginn: 20.07.2012 00:26:38

Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> monitor gefunden: Trace.Registry.cmjspy!E1
C:\Users\Dommä\Downloads\41-conv-342a.rar -> VSO ConvertXToDVD v.4.1.6.342a Final\Keygen\moded-Keygen.exe gefunden: Trojan-Spy.Win32.Banker.JU!E2

Gescannt 690118
Gefunden 2

Scan Ende: 20.07.2012 01:42:05
Scan Zeit: 1:15:27

C:\Users\Dommä\Downloads\41-conv-342a.rar -> VSO ConvertXToDVD v.4.1.6.342a Final\Keygen\moded-Keygen.exe Quarantäne Trojan-Spy.Win32.Banker.JU!E2
Value: hkey_local_machine\software\microsoft\windows\currentversion\run --> monitor Quarantäne Trace.Registry.cmjspy!E1

Quarantäne 2

Alt 20.07.2012, 10:01   #12
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
__________________
Mfg, t'john
Das TB unterstützen

Alt 20.07.2012, 23:35   #13
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3ac4c0e618bdd4784d5e7cb7ab11ca6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 10:33:51
# local_time=2012-07-21 12:33:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 47402408 47402408 0 0
# compatibility_mode=5893 16776573 100 94 10253 94421349 0 0
# compatibility_mode=8192 67108863 100 0 509 509 0 0
# scanned=394069
# found=40
# cleaned=40
# scan_time=33472
C:\Users\Dommä\Downloads\installer_free_video_downloader_1_2_1_Deutsch.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Anwendungsdaten\Mozilla\Firefox\Profiles\padslk5e.default\extensions\firefox@bandoo.com\components\FFPlugin.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\FFSetup220.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\MsgPlusLive-490(2).exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\MsgPlusLive-490.exe a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Filme\Overboard\BandooV6.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Filme\Overboard\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\Bandoo.exe a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\BandooGo.exe a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\BandooUI.exe a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\BndCore.exe a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\ExtensionsManager.exe a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\InstallerHelper.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\Plugins\AIM\AIMPlugin.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\Plugins\IE\ieplugin.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\Plugins\MSN\msnplugin.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Windows.old\Program Files\Bandoo\Plugins\Yahoo\YahooPlugin.dll a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 2.zip a variant of Win32/Adware.Bandoo.AA application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 6.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 85.zip Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-10-10 222738\Backup files 1.zip a variant of Win32/SoftonicDownloader.A application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-10-10 222738\Backup files 2.zip a variant of Win32/SoftonicDownloader.A application (deleted - quarantined) 00000000000000000000000000000000 C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-11-14 190001\Backup files 2.zip a variant of Win32/MessengerPlus application (deleted - quarantined) 00000000000000000000000000000000 C
O:\Alben\Musik\Akrea\SweetImSetup.exe a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
O:\My Music\Musi\SoftonicDownloader_fuer_audiocon.exe a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Internet_TV_Setup.exe Win32/Adware.ADON application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-7.10.1.0_deu_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-8.1.1.0b_deu_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-8.2.8.0_deu_update.exe Win32/Toolbar.AskSBar application (deleted - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter(2).exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter35.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Win-Spy Eval Setup.exe a variant of Win32/Spy.Agent.NTP trojan (deleted - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\installer_anydvd_6_5_9_5_Deutsch_Deutsch.exe Win32/Toggle application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\Setup_672FreeFlvConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\Setup_FreeFlvConverter.exe Win32/Toolbar.Widgi application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-05 194902\Backup files 2.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-05 194902\Backup files 4.zip multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-12 193855\Backup files 1.zip a variant of Java/TrojanDownloader.OpenConnection.DT trojan (deleted - quarantined) 00000000000000000000000000000000 C

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=b3ac4c0e618bdd4784d5e7cb7ab11ca6
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-20 10:33:51
# local_time=2012-07-21 12:33:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 47402408 47402408 0 0
# compatibility_mode=5893 16776573 100 94 10253 94421349 0 0
# compatibility_mode=8192 67108863 100 0 509 509 0 0
# scanned=394069
# found=40
# cleaned=40
# scan_time=33472
C:\Users\Dommä\Downloads\installer_free_video_downloader_1_2_1_Deutsch.exe	Win32/Toggle application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Anwendungsdaten\Mozilla\Firefox\Profiles\padslk5e.default\extensions\firefox@bandoo.com\components\FFPlugin.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\FFSetup220.zip	Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\MsgPlusLive-490(2).exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Download\MsgPlusLive-490.exe	a variant of Win32/MessengerPlus application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Filme\Overboard\BandooV6.exe	multiple threats (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Documents and Settings\Dommä\Desktop\Filme\Overboard\registrybooster.exe	a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\Bandoo.exe	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\BandooGo.exe	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\BandooUI.exe	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\BndCore.exe	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\ExtensionsManager.exe	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\InstallerHelper.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\Plugins\AIM\AIMPlugin.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\Plugins\IE\ieplugin.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\Plugins\MSN\msnplugin.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Windows.old\Program Files\Bandoo\Plugins\Yahoo\YahooPlugin.dll	a variant of Win32/Adware.Bandoo.AA application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 2.zip	a variant of Win32/Adware.Bandoo.AA application (deleted - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 6.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-07-25 233321\Backup files 85.zip	Win32/Adware.ADON application (deleted - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-10-10 222738\Backup files 1.zip	a variant of Win32/SoftonicDownloader.A application (deleted - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-10-10 222738\Backup files 2.zip	a variant of Win32/SoftonicDownloader.A application (deleted - quarantined)	00000000000000000000000000000000	C
D:\HEIMDESKTOP\Backup Set 2010-07-25 233321\Backup Files 2010-11-14 190001\Backup files 2.zip	a variant of Win32/MessengerPlus application (deleted - quarantined)	00000000000000000000000000000000	C
O:\Alben\Musik\Akrea\SweetImSetup.exe	a variant of Win32/SweetIM.B application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
O:\My Music\Musi\SoftonicDownloader_fuer_audiocon.exe	a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Internet_TV_Setup.exe	Win32/Adware.ADON application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-7.10.1.0_deu_update.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-8.1.1.0b_deu_update.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Nero-8.2.8.0_deu_update.exe	Win32/Toolbar.AskSBar application (deleted - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeConverter.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter(2).exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Setup_FreeFlvConverter35.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download\Win-Spy Eval Setup.exe	a variant of Win32/Spy.Agent.NTP trojan (deleted - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\installer_anydvd_6_5_9_5_Deutsch_Deutsch.exe	Win32/Toggle application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\Setup_672FreeFlvConverter.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\codes für kaufprogs und sonstige wichtige sachen\Download 1\Setup_FreeFlvConverter.exe	Win32/Toolbar.Widgi application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-05 194902\Backup files 2.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-05 194902\Backup files 4.zip	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
P:\DOMMÄ-PC\Backup Set 2011-06-05 194902\Backup Files 2011-06-12 193855\Backup files 1.zip	a variant of Java/TrojanDownloader.OpenConnection.DT trojan (deleted - quarantined)	00000000000000000000000000000000	C

Alt 21.07.2012, 13:09   #14
t'john
/// Helfer-Team
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 5 ) herunter laden.
  • Wenn die Installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.
__________________
Mfg, t'john
Das TB unterstützen

Alt 21.07.2012, 16:38   #15
daimerlein
 
incredibar my start blockiert firefox tab - Standard

incredibar my start blockiert firefox tab


So alles erledigt, wars das jetzt? Falls ja dann vielen dank noch mal für deine hilfe und geduld und ich hoffe ich werd deine hilfe nicht mehr so schnell brauchen.

Antwort
Seite 1 von 2 1 2

Themen zu incredibar my start blockiert firefox tab
aktive, angezeigt, blockiert, firefox, firefox 13.0.1, hochgefahren, incredibar, java/trojandownloader.openconnection.dt, laden, my start, mystart, problems, ruhezustand, tab, trojan-spy.win32.banker.ju!e2, win32/adware.adon, win32/adware.bandoo.aa, win32/softonicdownloader.a, win32/spy.agent.ntp, win32/sweetim.b, win32/toolbar.asksbar, win32/toolbar.widgi, zuletzt


« rechter mausklick funktioniert nicht | Dringend 80 Viren »


Ähnliche Themen: incredibar my start blockiert firefox tab


  1. Malwarebytes blockiert beim Start von Firefox eine bösartige Website
    Plagegeister aller Art und deren Bekämpfung - 31.03.2015 (64)
  2. My start Incredibar Problem
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (2)
  3. my start by incredibar bei neuem Tap in Chrome
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (3)
  4. My start von Incredibar eingefangen-wie löschen?
    Log-Analyse und Auswertung - 18.02.2013 (14)
  5. My start Incredibar Problem
    Log-Analyse und Auswertung - 03.02.2013 (9)
  6. MY start Incredibar auf google chrome
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (27)
  7. my start by incredibar komplett entfernt?
    Plagegeister aller Art und deren Bekämpfung - 24.01.2013 (5)
  8. My start by incredibar
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (14)
  9. my start by incredibar
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (26)
  10. My Start incredibar deaktivieren
    Log-Analyse und Auswertung - 26.09.2012 (23)
  11. My start incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (2)
  12. tabs im Firefox öffnen immer my start.incredibar
    Log-Analyse und Auswertung - 10.08.2012 (21)
  13. trojaner my start by incredibar
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (1)
  14. My Start incredibar ... noch ein Opfer
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (28)
  15. My Start Incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.07.2012 (2)
  16. My Start by Incredibar
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (1)
  17. my start incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema incredibar my start blockiert firefox tab - Hallo, erst mal danke das sich hier jemand dieses problems annimmt. nun zum problem. nachdem ich meinen pc aus dem ruhezustand hochgefahren hab und firefox öffne, wird mir der zuletzt - incredibar my start blockiert firefox tab...
Archiv
Du betrachtest: incredibar my start blockiert firefox tab auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55