Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MyStart Incredibar Toolbar

MyStart Incredibar Toolbar


Plagegeister aller Art und deren Bekämpfung: MyStart Incredibar Toolbar

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 16.08.2012, 18:41   #1
Steffen99
 
MyStart Incredibar Toolbar - Standard

MyStart Incredibar Toolbar


Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-16 19:39:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8025GAS rev.KA023A
Running: ln4mqum9.exe; Driver: C:\DOKUME~1\PSCHEL~1\LOKALE~1\Temp\fxkiqaob.sys


---- Kernel code sections - GMER 1.0.15 ----

init            C:\WINDOWS\system32\drivers\tifm21.sys                                                                              entry point in "init" section [0xF7065DBF]
.text           C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            section is writeable [0xF06B9000, 0x30A4A, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            entry point in ".pklstb" section [0xF06FB000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV05.sys                                                                            unknown last section [0xF0716000, 0x8E, 0x42000040]
.text           C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                            section is writeable [0xF0659000, 0x319AA, 0xE8000020]
.pklstb         C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                            entry point in ".pklstb" section [0xF069C000]
.relo2          C:\WINDOWS\system32\drivers\ACEDRV06.sys                                                                            unknown last section [0xF06B7000, 0x8E, 0x42000040]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                              PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume2                                                                              PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume3                                                                              PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                            PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b  0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b  0x71 0x3B 0x04 0x66 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016  0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48  0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472  0xF5 0x1D 0x4D 0x73 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d  0xB0 0x18 0xED 0xA7 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b  0x31 0x77 0xE1 0xBA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d  0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3  0x51 0xFA 0x6E 0x91 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b  0x37 0xA4 0xAA 0xC3 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6  0xF8 0x31 0x0F 0xA9 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                   
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                    Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                  C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2  0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----
GMER

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:01:13 on 16.08.2012
OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Mozilla Corporation Firefox 14.0.1

Scanner Settings
Rootkits detection (hidden registry)
Rootkits detection (hidden files)
Retrieve files information
Check Microsoft signatures

Filters
Trusted entries
Empty entries
Hidden registry entries (rootkit activity)
Exclusively opened files
Not found files
Files without detailed information
Existing files
Non-startable services
Non-startable drivers
Active entries
Disabled entries

  	Risk 	Name 	Publisher 	Full Path 	Status
Common
%SystemRoot%\Tasks
	||||   	"AppleSoftwareUpdate.job" 	"Apple Inc." 	C:\Programme\Apple Software Update\SoftwareUpdate.exe 	File exists
	|||||| 	"Adobe Flash Player Updater.job" 	"Adobe Systems Incorporated" 	C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 	File exists
Control Panel Objects
%SystemRoot%\system32
	|||||| 	"ALSNDMGR.CPL" 		C:\WINDOWS\system32\ALSNDMGR.CPL 	File signed by Microsoft | File found, but it contains no detailed information
	|||||| 	"FlashPlayerCPLApp.cpl" 	"Adobe Systems Incorporated" 	C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 	File exists
	|||||| 	"infocardcpl.cpl" 	"Microsoft Corporation" 	C:\WINDOWS\system32\infocardcpl.cpl 	File exists
	|||||| 	"javacpl.cpl" 	"Sun Microsystems, Inc." 	C:\WINDOWS\system32\javacpl.cpl 	File exists
	|||||| 	"PhysX.cpl" 	"NVIDIA Corporation" 	C:\WINDOWS\system32\PhysX.cpl 	File exists
	|||||| 	"QuickTime.cpl" 	"Apple Computer, Inc." 	C:\WINDOWS\system32\QuickTime.cpl 	File exists
Drivers
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	"ACEDRV05" (ACEDRV05) 	"Protect Software GmbH" 	C:\WINDOWS\system32\drivers\ACEDRV05.sys 	File exists
	|||||| 	"ACEDRV06" (ACEDRV06) 	"Protect Software GmbH" 	C:\WINDOWS\system32\drivers\ACEDRV06.sys 	File exists
	       	"catchme" (catchme) 		C:\DOKUME~1\PSCHEL~1\LOKALE~1\Temp\catchme.sys 	File not found
	       	"Changer" (Changer) 		C:\WINDOWS\system32\drivers\Changer.sys 	File not found
	       	"EagleNT" (EagleNT) 		C:\WINDOWS\system32\drivers\EagleNT.sys 	File not found
	       	"fxkiqaob" (fxkiqaob) 		C:\DOKUME~1\PSCHEL~1\LOKALE~1\Temp\fxkiqaob.sys 	Hidden registry entry, rootkit activity | File not found
	       	"i2omgmt" (i2omgmt) 		C:\WINDOWS\system32\drivers\i2omgmt.sys 	File not found
	       	"lbrtfdc" (lbrtfdc) 		C:\WINDOWS\system32\drivers\lbrtfdc.sys 	File not found
	|||||| 	"MBAMSwissArmy" (MBAMSwissArmy) 	"Malwarebytes Corporation" 	C:\WINDOWS\system32\drivers\mbamswissarmy.sys 	File exists
	       	"PCIDump" (PCIDump) 		C:\WINDOWS\system32\drivers\PCIDump.sys 	File not found
	       	"PDCOMP" (PDCOMP) 		C:\WINDOWS\system32\drivers\PDCOMP.sys 	File not found
	       	"PDFRAME" (PDFRAME) 		C:\WINDOWS\system32\drivers\PDFRAME.sys 	File not found
	       	"PDRELI" (PDRELI) 		C:\WINDOWS\system32\drivers\PDRELI.sys 	File not found
	       	"PDRFRAME" (PDRFRAME) 		C:\WINDOWS\system32\drivers\PDRFRAME.sys 	File not found
	|||||| 	"PPdus ASPI Shell" (Afc) 	"Arcsoft, Inc." 	C:\WINDOWS\System32\drivers\Afc.sys 	File exists
	|||||| 	"PQIMount" (PQIMount) 	"PowerQuest Corporation" 	C:\WINDOWS\system32\drivers\PQIMount.sys 	File exists
	|||||| 	"PQV2i" (PQV2i) 	"StorageCraft" 	C:\WINDOWS\system32\drivers\PQV2i.sys 	File exists
	|||||| 	"StarOpen" (StarOpen) 		C:\WINDOWS\system32\drivers\StarOpen.sys 	File found, but it contains no detailed information
	       	"WDICA" (WDICA) 		C:\WINDOWS\system32\drivers\WDICA.sys 	File not found
	|||||| 	"WINIO" (WINIO) 		C:\Programme\Power Manager\winio.sys 	File found, but it contains no detailed information
Explorer
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
	|||||| 	{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" 	"Microsoft Corporation" 	C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install 	File exists
HKLM\Software\Classes\Folder\shellex\ColumnHandlers
	|||||| 	{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" 	"Adobe Systems, Inc." 	C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 	File exists
HKLM\Software\Classes\Protocols\Filter
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	|||||| 	{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	|||||| 	{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" 	"Microsoft Corporation" 	C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL 	File exists
HKLM\Software\Classes\Protocols\Handler
	|||||| 	{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" 	"Microsoft Corporation" 	C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll 	File exists
	|||||| 	{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" 	"Skype Technologies" 	C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL 	File exists
	||||   	{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" 	"Skype Technologies S.A." 	C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
	|||||| 	{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" 	"Igor Pavlov" 	C:\Programme\7-Zip\7-zip.dll 	File exists
	       	{79BC0345-1015-11D2-A299-006008312725} "blue.shell" 			File not found | COM-object registry key not found
	       	{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" 			File not found | COM-object registry key not found
	|||||| 	{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" 	"Microsoft Corporation" 	C:\WINDOWS\system32\mscoree.dll 	File exists
	       	{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" 			File not found | COM-object registry key not found
	       	{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" 			File not found | COM-object registry key not found
	|||||| 	{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" 	"Apple Inc." 	C:\Programme\iTunes\iTunesMiniPlayer.dll 	File exists
	       	{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" 			File not found | COM-object registry key not found
	|||||| 	{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" 	"Microsoft Corporation" 	C:\Programme\Microsoft Office\Office12\msohevi.dll 	File exists
	|||||| 	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" 	"Microsoft Corporation" 	C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll 	File exists
	|||||| 	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" 	"Microsoft Corporation" 	C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL 	File exists
	|||||| 	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" 	"Microsoft Corporation" 	C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll 	File exists
	|||||| 	{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" 	"Microsoft Corporation" 	C:\WINDOWS\system32\dfshim.dll 	File exists
	       	{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" 			File not found | COM-object registry key not found
	|||||| 	{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" 	"Microsoft Corporation" 	C:\WINDOWS\system32\dfshim.dll 	File exists
	|||||| 	{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" 	"Microsoft Corporation" 	C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL 	File exists
Internet Explorer
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
	       	ITBar7Height "ITBar7Height" 			File not found | COM-object registry key not found
	       	"ITBar7Layout" 			File not found | COM-object registry key not found
	       	"ITBarLayout" 			File not found | COM-object registry key not found
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units
	||||   	{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_30.dll 	File exists
	||||   	{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_30.dll 	File exists
	||||   	{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30"
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\npjpi160_30.dll 	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
	||||   	{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" 	"Microsoft Corporation" 	C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll 	File exists
	||||   	{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" 	"Microsoft Corporation" 	C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL 	File exists
	||||   	{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" 	"Skype Technologies S.A." 	C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 	File exists
HKLM\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension
	||||   	"QuickTime Plug-in 5.0.2" 	"Apple Computer, Inc." 	C:\Programme\Internet Explorer\PLUGINS\npqtplugin3.dll 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
	|||||| 	{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "AcroIEHlprObj Class" 	"Adobe Systems Incorporated" 	C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 	File exists
	||||   	{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\jp2ssv.dll 	File exists
	||||   	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\ssv.dll 	File exists
	||||   	{E7E6F031-17CE-4C07-BC86-EABFE594F69C} "JQSIEStartDetectorImpl Class" 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 	File exists
	||||   	{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" 	"Skype Technologies S.A." 	C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll 	File exists
Logon
%AllUsersProfile%\Startmenü\Programme\Autostart
	|||||| 	"desktop.ini" 		C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini 	File exists
%UserProfile%\Startmenü\Programme\Autostart
	|||||| 	"desktop.ini" 		C:\Dokumente und Einstellungen\Pöschel\Startmenü\Programme\Autostart\desktop.ini 	File exists
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
	       	"APSDaemon" 	"Apple Inc." 	"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" 	File exists
	||||   	"ArcSoft Connection Service" 	"ArcSoft Inc." 	C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe 	File exists
	||||   	"AVMWlanClient" 	"AVM Berlin GmbH" 	C:\Programme\avmwlanstick\FRITZWLANMini.exe 	File exists
	||||   	"iTunesHelper" 	"Apple Inc." 	"C:\Programme\iTunes\iTunesHelper.exe" 	File exists
	||||   	"PowerManager" 		C:\Programme\Power Manager\PM.exe 	File exists
	||||   	"SunJavaUpdateSched" 	"Sun Microsystems, Inc." 	"C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" 	File exists
	||||   	"UCam_Menu" 	"CyberLink Corp." 	"C:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Programme\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.1" 	File exists
Print Monitors
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
	|||||| 	"Send To Microsoft OneNote Monitor" 	"Microsoft Corporation" 	C:\WINDOWS\system32\msonpmon.dll 	File exists
Services
HKLM\SYSTEM\CurrentControlSet\Services
	|||||| 	".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 	File exists
	|||||| 	"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) 	"Adobe Systems Incorporated" 	C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 	File exists
	       	"Anwendungsverwaltung" (AppMgmt) 		C:\WINDOWS\System32\appmgmts.dll 	File not found
	       	"Apple Mobile Device" (Apple Mobile Device) 	"Apple Inc." 	C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 	File exists
	|||||| 	"ArcSoft Connect Daemon" (ACDaemon) 	"ArcSoft Inc." 	C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe 	File exists
	|||||| 	"ASP.NET-Zustandsdienst" (aspnet_state) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 	File exists
	|||||| 	"Dienst "Bonjour"" (Bonjour Service) 	"Apple Inc." 	C:\Programme\Bonjour\mDNSResponder.exe 	File exists
	|||||| 	"GEARSecurity" (GEARSecurity) 	"GEAR Software" 	C:\WINDOWS\System32\GEARSec.exe 	File exists
	       	"iPod-Dienst" (iPod Service) 	"Apple Inc." 	C:\Programme\iPod\bin\iPodService.exe 	File exists
	|||||| 	"Java Quick Starter" (JavaQuickStarterService) 	"Sun Microsystems, Inc." 	C:\Programme\Java\jre6\bin\jqs.exe 	File exists
	||||   	"Machine Debug Manager" (MDM) 	"Microsoft Corporation" 	C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE 	File exists
	|||||| 	"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 	File exists
	|||||| 	"Microsoft Office Diagnostics Service" (odserv) 	"Microsoft Corporation" 	C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE 	File exists
	||     	"Mozilla Maintenance Service" (MozillaMaintenance) 	"Mozilla Foundation" 	C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe 	File exists
	|||||| 	"NMSAccess" (NMSAccess) 		C:\Programme\CDBurnerXP\NMSAccessU.exe 	File found, but it contains no detailed information
	|||||| 	"Office Source Engine" (ose) 	"Microsoft Corporation" 	C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE 	File exists
	|||||| 	"Skype Updater" (SkypeUpdate) 	"Skype Technologies" 	C:\Programme\Skype\Updater\Updater.exe 	File exists
	|||||| 	"V2i Protector" (V2i Protector) 	"PowerQuest Corporation" 	C:\Programme\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe 	File exists
	|||||| 	"Windows CardSpace" (idsvc) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 	File exists
	|||||| 	"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 	File exists
	|||||| 	"Windows Presentation Foundation Font Cache 4.0.0.0" (WPFFontCache_v0400) 	"Microsoft Corporation" 	C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 	File exists
Winlogon
HKCU\Control Panel\IOProcs
	       	"MVB" 		mvfs32.dll 	File not found
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
	       	{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" 		appmgmts.dll 	File not found
Winsock Providers
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
	|||||| 	"mdnsNSP" 	"Apple Inc." 	C:\Programme\Bonjour\mdnsNSP.dll 	File exists

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-16 20:05:09
-----------------------------
20:05:09.482    OS Version: Windows 5.1.2600 Service Pack 3
20:05:09.482    Number of processors: 1 586 0xD08
20:05:09.482    ComputerName: NAME-04467660DF  UserName: Pöschel
20:05:10.591    Initialize success
20:13:44.545    AVAST engine defs: 12081600
20:14:48.685    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:14:48.685    Disk 0 Vendor: TOSHIBA_MK8025GAS KA023A Size: 76319MB BusType: 3
20:14:48.763    Disk 0 MBR read successfully
20:14:48.763    Disk 0 MBR scan
20:14:49.373    Disk 0 Windows XP default MBR code
20:14:49.404    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        34875 MB offset 63
20:14:49.404    Disk 0 Partition - 00     0F Extended LBA             41441 MB offset 71424990
20:14:49.498    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        30004 MB offset 71425053
20:14:49.498    Disk 0 Partition - 00     05     Extended             11436 MB offset 132873615
20:14:49.545    Disk 0 Partition 3 00     0B        FAT32 MSWIN4.1    11436 MB offset 132873678
20:14:49.545    Disk 0 scanning sectors +156296385
20:14:49.841    Disk 0 scanning C:\WINDOWS\system32\drivers
20:15:28.310    Service scanning
20:15:52.295    Modules scanning
20:16:41.857    Disk 0 trace - called modules:
20:16:41.904    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 
20:16:41.904    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x843929c0]
20:16:41.904    3 CLASSPNP.SYS[f75c0fd7] -> nt!IofCallDriver -> \Device\00000077[0x84393e98]
20:16:41.904    5 ACPI.sys[f7506620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x843224e8]
20:16:42.623    AVAST engine scan C:\WINDOWS
20:17:01.966    Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Pöschel\Desktop\MBR.dat"
20:17:01.966    The log file has been saved successfully to "C:\Dokumente und Einstellungen\Pöschel\Desktop\aswMBR.txt"

Antwort

Themen zu MyStart Incredibar Toolbar
about, als startseite, config, erklären, firefox, frage, fragen, gelegt, google, incredibar, incredibar toolbar, mystart, mystart incredibar, neue, neuen, rückgängig, sache, sachen, seite, spiel, startseite, tab, toolbar, versuch, versucht, windows, windows xp


« TR/Matsnu.EB.69 Windows Explorer Abstürze | iexplorer prozess »


Ähnliche Themen: MyStart Incredibar Toolbar


  1. MyStart/Incredibar
    Plagegeister aller Art und deren Bekämpfung - 05.10.2013 (9)
  2. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (24)
  3. MyStart by IncrediBar - Toolbar lässt sich nicht mehr entfernen
    Log-Analyse und Auswertung - 30.12.2012 (7)
  4. MyStart by IncrediBar.com
    Plagegeister aller Art und deren Bekämpfung - 21.12.2012 (9)
  5. MyStart by IncrediBar.com
    Log-Analyse und Auswertung - 18.10.2012 (1)
  6. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (37)
  7. MyStart incredibar
    Log-Analyse und Auswertung - 14.10.2012 (25)
  8. MyStart Incredibar Toolbar - Firefox
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (6)
  9. Mystart.Incredibar
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (3)
  10. mystart incredibar
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  11. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. MyStart Incredibar Toolbar
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (5)
  13. Wie entferne ich Mystart / "Incredibar" Toolbar?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (25)
  14. MyStart incredibar
    Log-Analyse und Auswertung - 23.07.2012 (1)
  15. Mystart Incredibar
    Log-Analyse und Auswertung - 16.07.2012 (7)
  16. MyStart.incredibar Toolbar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (13)
  17. Mystart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MyStart Incredibar Toolbar - Code: Alles auswählen Aufklappen ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-08-16 19:39:07 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8025GAS rev.KA023A Running: ln4mqum9.exe; Driver: C:\DOKUME~1\PSCHEL~1\LOKALE~1\Temp\fxkiqaob.sys ---- Kernel code - MyStart Incredibar Toolbar...
Archiv
Du betrachtest: MyStart Incredibar Toolbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131