| undertaker12 | 15.10.2012 21:09 |
Incredibar infiziert
Hallo,
bin schon länger mit Incredibar infiziert und wollte das Problem selbst lösen > leider ohne Erfolg :( Dann bin ich auf dieses Forum gestoßen.
Ich poste jetzt im Anhang einfach alle bisherigen Logs von Malwarebytes Anti Malware und hoffe, dass mir noch jemand helfen kann :heulen:
Die Incredibar äußert sich nur noch beim Öffnen eines neuen Tabs im Browser! Also wirklich nur beim Öffnen eines neuen Tabs, beim Start vom Browser ist die normale Startseite zu sehen.
Vielen Dank schon mal!
/Edit
Ein weiteres Problem ist dass ALLE Browser plötzlich keine Verbindung mehr ins Internet herstellen können, Spotify z.B. funktioniert aber noch im Online Modus (ca. 2 mal am Tag)
Malwarebytes Quarantäne wurde noch nicht gelöscht, jedoch weiß ichs nicht von anderen Scannern die bereits deinstalliert sind. Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.24.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tobi :: TOBI-ACER4820 [administrator]
25.09.2012 00:08:30
mbam-log-2012-09-25 (00-08-30).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198128
Time elapsed: 4 minute(s), 44 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Tobi\Downloads\Emmett_downloader_by_Fonts101.exe (PUP.BundleInstaller.BI) -> Quarantined and deleted successfully.
(end)
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.09.24.10
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tobi :: TOBI-ACER4820 [administrator]
06.10.2012 02:21:37
mbam-log-2012-10-06 (02-21-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197259
Time elapsed: 4 minute(s), 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Database version: v2012.10.09.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Tobi :: TOBI-ACER4820 [administrator]
09.10.2012 23:47:48
mbam-log-2012-10-09 (23-47-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199964
Time elapsed: 5 minute(s), 52 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Tobi\Downloads\dimmer_keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Tobi\Downloads\page2d_keygen (1).exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
C:\Users\Tobi\Downloads\page2d_keygen.exe (Riskware.Tool.CK) -> Quarantined and deleted successfully.
(end)
Weitere Logs: Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 10/10/2012 at 02:01 AM
Application Version : 5.6.1008
Core Rules Database Version : 9372
Trace Rules Database Version: 7184
Scan type : Complete Scan
Total Scan Time : 01:44:33
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 735
Memory threats detected : 0
Registry items scanned : 73512
Registry threats detected : 0
File items scanned : 212123
File threats detected : 27
Adware.Tracking Cookie
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\NVQ1KYRS.txt [ /adbrite.com ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\72ECGEAY.txt [ /ad.yieldmanager.com ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\49M7S8UT.txt [ /banner.connectify.me ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\EWGBE004.txt [ /adform.net ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\YKV0KBXD.txt [ /toplist.cz ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\296KT0G4.txt [ /doubleclick.net ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\ICT64W7W.txt [ /track.adform.net ]
C:\Users\Tobi\AppData\Roaming\Microsoft\Windows\Cookies\34D7C4DK.txt [ /adfarm1.adition.com ]
C:\USERS\TOBI\Cookies\NVQ1KYRS.txt [ Cookie:tobi@adbrite.com/ ]
C:\USERS\TOBI\Cookies\72ECGEAY.txt [ Cookie:tobi@ad.yieldmanager.com/ ]
C:\USERS\TOBI\Cookies\49M7S8UT.txt [ Cookie:tobi@banner.connectify.me/ ]
C:\USERS\TOBI\Cookies\YKV0KBXD.txt [ Cookie:tobi@toplist.cz/ ]
C:\USERS\TOBI\Cookies\296KT0G4.txt [ Cookie:tobi@doubleclick.net/ ]
C:\USERS\TOBI\Cookies\34D7C4DK.txt [ Cookie:tobi@adfarm1.adition.com/ ]
accounts.google.com [ C:\USERS\TOBI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
accounts.google.com [ C:\USERS\TOBI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
.imrworldwide.com [ C:\USERS\TOBI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
.imrworldwide.com [ C:\USERS\TOBI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
statse.webtrendslive.com [ C:\USERS\TOBI\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\COOKIES ]
Heur.Agent/Gen-Whitebox
D:\DESKTOP\ICQ INCOMING ORDNER\ICQ\436183459\RECEIVEDFILES\227377496 T O B I\JDOWNLOADER095SETUP.EXE
NotAThreat.EICAR[TestFile]
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\QUARANTINE\2C954539-6FDB-4A95-B390-C26FFDF50DB7.DATA
C:\PROGRAM FILES\COMODO\COMODO INTERNET SECURITY\QUARANTINE\6A9F3994-6577-438D-A382-5DAC72D5CDD3.DATA
Adware.Somoto
ZIP ARCHIVE( C:\USERS\TOBI\DOWNLOADS\RPC412 (1).ZIP )/RPC412_SETUP.EXE
C:\USERS\TOBI\DOWNLOADS\RPC412 (1).ZIP
ZIP ARCHIVE( C:\USERS\TOBI\DOWNLOADS\RPC412.ZIP )/RPC412_SETUP.EXE
C:\USERS\TOBI\DOWNLOADS\RPC412.ZIP
Adware.SoftonicDownloader
C:\USERS\TOBI\DOWNLOADS\SOFTONICDOWNLOADER_FUER_PDF-XCHANGE-VIEWER.EXE
Code:
COMODO Internet Security Premium - Protokollanzeige Einträge
Tabelle
:
Antivirus
Erstellungsdatum
:
2012-10-15 23:40:35
Anzahl der Einträge
:
12
Datum Ort Name der Malware Aktion Status
2012-09-21 18:45:17 C:\Users\Tobi\AppData\Local\Temp\IMInstaller\IncrediMail\IncredibarToolbar.exe Suspicious@2p4rjyo2l9db5 Erkennen Erfolgreich
2012-09-21 18:45:19 C:\Users\Tobi\AppData\Local\Temp\IMInstaller\IncrediMail\IncredibarToolbar.exe Suspicious@#2p4rjyo2l9db5 Quarantäne Erfolgreich
2012-09-23 23:57:18 C:\Users\Tobi\Downloads\eicar.com.txt.crdownload ApplicUnwnt@2975xfk8s2pq1 Erkennen Erfolgreich
2012-09-23 23:57:21 C:\Users\Tobi\Downloads\eicar.com.txt.crdownload ApplicUnwnt@#2975xfk8s2pq1 Quarantäne Erfolgreich
2012-09-23 23:57:45 C:\Users\Tobi\Downloads\35DA.tmp ApplicUnwnt@2975xfk8s2pq1 Erkennen Erfolgreich
2012-09-23 23:57:47 C:\Users\Tobi\Downloads\35DA.tmp ApplicUnwnt@#2975xfk8s2pq1 Quarantäne Erfolgreich
2012-09-24 00:56:25 C:\Users\Tobi\Downloads\eicar.com.txt ApplicUnwnt@2975xfk8s2pq1 Erkennen Erfolgreich
2012-09-24 00:56:35 C:\Users\Tobi\Downloads\eicar.com.txt ApplicUnwnt@#2975xfk8s2pq1 Quarantäne Erfolgreich
2012-09-25 00:11:24 C:\USERS\TOBI\downloads\eicar.com (1).txt ApplicUnwnt@2975xfk8s2pq1 Erkennen Erfolgreich
2012-09-25 00:11:25 C:\Users\Tobi\downloads\eicar.com (1).txt ApplicUnwnt@#2975xfk8s2pq1 Quarantäne Erfolgreich
2012-10-06 01:38:59 C:\Users\Tobi\AppData\Local\Temp\Rar$EX19.824\Core.dat TrojWare.Win32.Trojan.Agent.Gen@1 Erkennen Erfolgreich
2012-10-06 01:39:00 C:\Users\Tobi\AppData\Local\Temp\Rar$EX19.824\Core.dat TrojWare.Win32.Trojan.Agent.Gen@1 Quarantäne Erfolgreich
| 