Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Log-Analyse und Auswertung: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 26.08.2012, 07:15   #1
tantan
 
Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Icon24

Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


Hallo t'john,

danke sehr!

OTL hat es geschafft. Den Bericht finden Sie unten meine Nachricht.

Ich sehe, dass der Compi erstmal normal schnell funktioniert.
Aber
1.als Startseite habe ich folgendes:
hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc=
2.Ich habe auf der Festplastte noch
C:\Program Files\Softonic\Softonic\1.6.7.4
3.Irgendwelche Fensterchen in blau mit Werbung zeigen sich immer noch.
4. Wenn ich einen Tab öffne, habe ich eine Leiste mit "incredibar" mit Suchmöglichkeit sowie irgendwelche Werrbebuttons.

Gibt es Möglichkeit diese auch zu löschen?

Vielmals Danke !!!!


Die Ergebnisse von OTL:

All processes killed
========== OTL ==========
Service Web Assistant Updater stopped successfully!
Service Web Assistant Updater deleted successfully!
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
File File not found not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
File File not found not found.
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
File File not found not found.
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
File File not found not found.
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
File File not found not found.
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
File File not found not found.
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
File File not found not found.
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
File File not found not found.
Service Changer stopped successfully!
Service Changer deleted successfully!
File File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27E9840D-D155-4819-BE9F-B4FD3FB68DF6}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0C4CFAA-90B7-4E4D-92F4-61FFC22D746A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
HKU\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Search the web (Softonic)" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q=" removed from keyword.URL
Prefs.js: 0 removed from network.proxy.type
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
C:\Program Files\Web Assistant\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Web Assistant\Firefox\defaults folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome\content folder moved successfully.
C:\Program Files\Web Assistant\Firefox\chrome folder moved successfully.
C:\Program Files\Web Assistant\Firefox folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\resources folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0\libraries folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.467_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
C:\Program Files\Web Assistant\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}\ deleted successfully.
C:\Program Files\Softonic\Softonic\1.6.7.4\bh\Softonic.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}\ deleted successfully.
C:\Program Files\Softonic\Softonic\1.6.7.4\SoftonicTlbr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F9639E4A-801B-4843-AEE3-03D9DA199E77} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}\ deleted successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer not found.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3402263254-3905192389-2916328827-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
C:\Program Files\SoftonicDownloader_for_winx-dvd-player.exe moved successfully.
C:\Program Files\SoftonicDownloader_fuer_avs-media-player.exe moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\MediaBA folder moved successfully.
C:\Program Files\BetterAds folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Incredibar.com\incredibar folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Incredibar.com folder moved successfully.
C:\Program Files\Perion\NewTab folder moved successfully.
C:\Program Files\Perion folder moved successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh folder moved successfully.
C:\Program Files\Incredibar.com\incredibar\1.5.11.14 folder moved successfully.
C:\Program Files\Incredibar.com\incredibar folder moved successfully.
C:\Program Files\Incredibar.com folder moved successfully.
C:\Program Files\Web Assistant\resources folder moved successfully.
C:\Program Files\Web Assistant\libraries folder moved successfully.
C:\Program Files\Web Assistant folder moved successfully.
C:\user.js moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe\Acrobat\10.0 folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe\Acrobat folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp\Adobe folder moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
An internal error occurred: The request is not supported.

Please contact Microsoft Product Support Services for further help.
Additional information: Unable to query host name.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 173321930 bytes
->Temporary Internet Files folder emptied: 44006134 bytes
->FireFox cache emptied: 459976934 bytes
->Google Chrome cache emptied: 7581174 bytes
->Flash cache emptied: 59310 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 56478 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33043 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Photohop

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12541725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 144597176 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 970338927 bytes

Total Files Cleaned = 1.729,00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08262012_073518

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90DC.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF90E9.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9143.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9150.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9256.tmp not found!
File\Folder C:\Documents and Settings\Administrator\Local Settings\Temp\~DF9263.tmp not found!
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Antwort

Themen zu Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)
"my start incredibar" entfernen, avira, bericht, browser, folge, gruppe, infizierte, installiert, klicke, komplett, kopieren, laptop, lüfter, malwarebytes, mozilla, neue, neue seite, neuen, neues, nichts, problem, scan, schnell, seite, softronic, start, tab, virus, win


« Problem mit Snap.do | Taskmgr.exe und Regedit.exe wurden vom Administrator deaktiviert. »


Ähnliche Themen: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)


  1. Windows 8.1 Kaspersky Warnungen "Programm möchte verbindung zu Computer XXX erstellen"
    Log-Analyse und Auswertung - 17.01.2015 (10)
  2. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  3. Widows Vista 32bit. "Softwareupdater.UI.exe" möchte sich bei jedem Start öffnen
    Log-Analyse und Auswertung - 02.09.2014 (15)
  4. Vielen Dank an Mitglied "deeprybka"
    Lob, Kritik und Wünsche - 06.05.2014 (1)
  5. Browser: Suchmaschine und "Start" / "Neuer Tab" - Seite und kurze Hintergrundprogramme
    Log-Analyse und Auswertung - 05.01.2014 (11)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  8. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  9. Nach Start kommt Meldung : "Es besteht noch keine Internetverbindung" Bitte warten
    Log-Analyse und Auswertung - 23.01.2012 (6)
  10. Win XP Start " Net Reactor 10 Fenster"danach "Firefox Problem 2 Fenster" danach "Blue Screen"
    Log-Analyse und Auswertung - 09.07.2011 (3)
  11. ICQ spamt: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 22.06.2010 (27)
  12. ICQ Virus: "Wie findest du mein neues Foto denn so ;D "
    Plagegeister aller Art und deren Bekämpfung - 10.06.2010 (3)
  13. "TR/Dropper.Gen" wütet im "Eigene Dateien"-Ordner, Hijackthis bitte auswerten!
    Log-Analyse und Auswertung - 10.09.2009 (9)
  14. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  15. Suche Mitglied "Trojanboard"
    Mülltonne - 17.12.2005 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) - Hallo t'john, danke sehr! OTL hat es geschafft. Den Bericht finden Sie unten meine Nachricht. Ich sehe, dass der Compi erstmal normal schnell funktioniert. Aber 1.als Startseite habe ich folgendes: - Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-)...
Archiv
Du betrachtest: Neues Mitglied der Gruppe "my start incredibar" - Ich möchte bitte weg :-) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131