Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MyStart by IncrediBar entfernen/deinstallieren

MyStart by IncrediBar entfernen/deinstallieren


Plagegeister aller Art und deren Bekämpfung: MyStart by IncrediBar entfernen/deinstallieren

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 3 von 4 12 3 4
Alt 31.08.2012, 13:14   #31
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Hier die Logdatei des AdwCleaners:
Code:
ATTFilter
 # AdwCleaner v1.801 - Logfile created 08/31/2012 at 11:53:19
# Updated 14/08/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Martina - MARTINA-VAIO
# Boot Mode : Normal
# Running from : C:\Users\Martina\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default 
File : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");

*************************

AdwCleaner[R1].txt - [1050 octets] - [30/08/2012 10:52:26]
AdwCleaner[S1].txt - [881 octets] - [31/08/2012 11:53:19]

########## EOF - C:\AdwCleaner[S1].txt - [1008 octets] ##########
Und hier die des SuperAntiSpyware:
Code:
ATTFilter
 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 08/31/2012 at 02:09 PM

Application Version : 5.5.1012

Core Rules Database Version : 9158
Trace Rules Database Version: 6970

Scan type       : Complete Scan
Total Scan Time : 01:30:33

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 1033
Memory threats detected   : 0
Registry items scanned    : 67995
Registry threats detected : 0
File items scanned        : 147288
File threats detected     : 43

Adware.Tracking Cookie
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\3A217FEZ.txt [ /ru4.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\8SEZBNFD.txt [ /invitemedia.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\WQ7QG5S9.txt [ /lucidmedia.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\HLOUTIOE.txt [ /media6degrees.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\T6ND7HCG.txt [ /advertising.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\IWVK5X26.txt [ /bs.serving-sys.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\MD3PWMEM.txt [ /c.atdmt.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\JCFXAZ53.txt [ /doubleclick.net ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\2BXMQ3IL.txt [ /adfarm1.adition.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\I7NH1K84.txt [ /serving-sys.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\4VA04DOR.txt [ /pointroll.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\K6PZAZ2Z.txt [ /ads.pointroll.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\B1BNL4M1.txt [ /ad3.adfarm1.adition.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\E0N4HZLB.txt [ /ad.yieldmanager.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\UUXNDBVB.txt [ /adbrite.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\HML8TBQ1.txt [ /atdmt.com ]
	C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Cookies\8COIUEG5.txt [ /track.adform.net ]
	C:\USERS\MARTINA\Cookies\3A217FEZ.txt [ Cookie:martina@ru4.com/ ]
	C:\USERS\MARTINA\Cookies\8SEZBNFD.txt [ Cookie:martina@invitemedia.com/ ]
	C:\USERS\MARTINA\Cookies\WQ7QG5S9.txt [ Cookie:martina@lucidmedia.com/ ]
	C:\USERS\MARTINA\Cookies\T6ND7HCG.txt [ Cookie:martina@advertising.com/ ]
	C:\USERS\MARTINA\Cookies\IWVK5X26.txt [ Cookie:martina@bs.serving-sys.com/ ]
	C:\USERS\MARTINA\Cookies\MD3PWMEM.txt [ Cookie:martina@c.atdmt.com/ ]
	C:\USERS\MARTINA\Cookies\JCFXAZ53.txt [ Cookie:martina@doubleclick.net/ ]
	C:\USERS\MARTINA\Cookies\K6PZAZ2Z.txt [ Cookie:martina@ads.pointroll.com/ ]
	C:\USERS\MARTINA\Cookies\B1BNL4M1.txt [ Cookie:martina@ad3.adfarm1.adition.com/ ]
	C:\USERS\MARTINA\Cookies\UUXNDBVB.txt [ Cookie:martina@adbrite.com/ ]
	C:\USERS\MARTINA\Cookies\HML8TBQ1.txt [ Cookie:martina@atdmt.com/ ]
	C:\USERS\MARTINA\Cookies\8COIUEG5.txt [ Cookie:martina@track.adform.net/ ]
	.imrworldwide.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.serving-sys.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.myaccount.turbine.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.myaccount.turbine.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.myaccount.turbine.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	statse.webtrendslive.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.msnportal.112.2o7.net [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.tracker.vinsight.de [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	tracking.tchibo.de [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]
	.statcounter.com [ C:\USERS\MARTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\QVQ1DWSX.DEFAULT\COOKIES.SQLITE ]

Alt 31.08.2012, 20:06   #32
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________

__________________
Alt 31.08.2012, 21:52   #33
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Alles gemacht wie beschrieben, der Inhalt aus OTL.txt ist im Anhang.
__________________
Alt 31.08.2012, 23:02   #34
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Ist incredi noch irgendwo?
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 09:22   #35
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Immer noch dasselbe Problem wie letztes Mal: IncrediBar ist überall weg außer was die Umleitung beim Öffnen eines neuen Tabs angeht. Ich hab zwar den Wert bei about:config zurückgesetzt, aber sobald ich den Browser schließe und wieder öffne steht da wieder die Incredibar Seite. Aber ansonsten ist Incredibar überall gelöscht.
Oh, und wenn ich z.B. einstelle, dass als neue Tabseite eine leere Seite geöffnet werden soll bleibt das so eingestellt. Nur wenn ich als neue Tabseite die about:newtab Seite einstelle kommt beim nächsten Öffnen des Browsers die Incredibar Seite.
Also total komisch...


Alt 02.09.2012, 08:00   #36
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
MOD - [2012.08.19 16:31:58 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-2402768580-1041760407-3041693355-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2402768580-1041760407-3041693355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.selectedEngine: "" 
FF - prefs.js..browser.startup.homepage: "http://de.yahoo.com/" 
FF - user.js - File not found 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 
O32 - HKLM CDRom: AutoRun - 1 
 

[2012.08.19 16:32:02 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files 


[2012.08.27 21:24:24 | 001,007,680 | ---- | M] (WildTangent) -- C:\Users\Martina\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe 
[2012.08.27 21:24:16 | 000,000,179 | ---- | M] () -- C:\Users\Martina\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata 
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml 
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml 
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml 
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml 
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml 

[2012.08.19 14:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP 

[2012.08.08 13:58:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp 

[2012.08.08 14:36:36 | 000,000,000 | ---D | C] -- C:\Temp 

:Files

C:\Users\Martina\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Martina\AppData\Local\Temp\*.exe
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
--> MyStart by IncrediBar entfernen/deinstallieren

Alt 02.09.2012, 11:18   #37
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Hier der Inhalt des Logfiles nach dem Fixen mit OTL:
Code:
ATTFilter
 All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-21-2402768580-1041760407-3041693355-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-2402768580-1041760407-3041693355-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "hxxp://de.yahoo.com/" removed from browser.startup.homepage
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\ProgramData\PMB Files folder moved successfully.
C:\Users\Martina\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe moved successfully.
C:\Users\Martina\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
C:\Windows\SysWow64\URTTEMP folder moved successfully.
C:\Program Files (x86)\Temp folder moved successfully.
C:\Temp folder moved successfully.
========== FILES ==========
C:\Users\Martina\AppData\Local\{3FBE2D17-8ACF-4157-8FA0-D961084AC009} folder moved successfully.
C:\Users\Martina\AppData\Local\{8D254923-6A4E-4ECC-82EE-2D6742C94804} folder moved successfully.
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\TEMP not found.
C:\Users\Martina\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Martina\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Martina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Martina\Desktop\cmd.bat deleted successfully.
C:\Users\Martina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Martina
->Temp folder emptied: 2827628 bytes
->Temporary Internet Files folder emptied: 69421057 bytes
->FireFox cache emptied: 898162750 bytes
->Flash cache emptied: 3017 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10203638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 53367 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 76301577 bytes
 
Total Files Cleaned = 1.008,00 mb
 
 
OTL by OldTimer - Version 3.2.59.1 log created on 09022012_120714

Files\Folders moved on Reboot...
C:\Users\Martina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Martina\AppData\Local\Temp\~DF5EF23BFE0C8BEFC4.TMP not found!
File\Folder C:\Users\Martina\AppData\Local\Temp\~DF753288B318F87F60.TMP not found!
File\Folder C:\Users\Martina\AppData\Local\Temp\~DFBB97B81D138C160B.TMP not found!
File\Folder C:\Users\Martina\AppData\Local\Temp\~DFC8B2CB765B758E0D.TMP not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Alt 02.09.2012, 14:26   #38
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.




dann


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.
__________________
Mfg, t'john
Das TB unterstützen

Alt 02.09.2012, 20:36   #39
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Alles klar, hier ist die Search bzw. R1 Datei:
Code:
ATTFilter
 # AdwCleaner v2.000 - Datei am 09/02/2012 um 21:27:07 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martina - MARTINA-VAIO
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Martina\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js

Gefunden : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");

*************************

AdwCleaner[R1].txt - [838 octets] - [02/09/2012 21:27:07]

########## EOF - C:\AdwCleaner[R1].txt - [897 octets] ##########
Und hier die Delete bzw. S1 Datei:
Code:
ATTFilter
 # AdwCleaner v2.000 - Datei am 09/02/2012 um 21:29:52 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Martina - MARTINA-VAIO
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Martina\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei : C:\Users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\prefs.js

Gelöscht : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb155?a=6OyLl4HLRG&loc=FF_NT");

*************************

AdwCleaner[R1].txt - [965 octets] - [02/09/2012 21:27:07]
AdwCleaner[S1].txt - [1556 octets] - [02/09/2012 21:29:52]

########## EOF - C:\AdwCleaner[S1].txt - [1616 octets] ##########

Alt 03.09.2012, 19:08   #40
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Incredi weg?

Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 04.09.2012, 17:50   #41
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Nein, gleich wie vorher, alles ist weg außer die Umleitung

Logfile von Emisoft Anti-Malware:
Code:
ATTFilter
 Emsisoft Anti-Malware - Version 6.6
Letztes Update: 04.09.2012 18:00:54

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\
Archiv Scan: An
ADS Scan: An

Scan Beginn:	04.09.2012 18:01:39


Gescannt	600721
Gefunden	0

Scan Ende:	04.09.2012 18:28:58
Scan Zeit:	0:27:19

Alt 04.09.2012, 20:04   #42
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Malware mit Combofix beseitigen

Lade Combofix von einem der folgenden Download-Spiegel herunter:

BleepingComputer.com - ForoSpyware.com

und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig!
Beachte die ausführliche Original-Anleitung.

Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
  • Windows XP (nur 32-bit)
  • Windows Vista (32-bit/64-bit)
  • Windows 7 (32-bit/64-bit)


Vorbereitung und wichtige Hinweise

  • Bitte während des Scans mit Combofix Antiviren- sowie Antispy-Programme, die Firewall und evtl. vorhandenes Skript-Blocking (Norton) deaktivieren.
  • Liste der zu deaktivierenden Programme.
    Bei Unklarheiten bitte fragen.


  • ComboFix wird Deine Einstellungen in Bezug auf den Bildschirmschoner zurücksetzen.
  • Diese Einstellungen kannst Du nach Beendigung unserer Bereinigung wieder ändern.
  • Mache nichts anderes, wenn es Dir nicht gelungen ist, Combofix laufen zu lassen.
  • Teile uns das mit und warte auf unsere Anweisungen.


  • Starte die Combofix.exe mit Rechtsklick => Als Administrator ausführen und folge den Anweisungen.
  • Während des Laufs von Combofix nichts anderes am Computer machen!
  • Akzeptiere die Bedingungen (Disclaimer) mit "Ja".


  • Sollte Combofix eine aktuellere Version anbieten, Downlaod erlauben.
  • Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.
  • Es erscheint eine blaue Eingabeaufforderung, Combofix wird für den Suchlauf vorbereitet.
  • Bitte nicht in dieses Combofix-Fenster klicken.
  • Das könnte Dein System einfrieren oder hängen bleiben lassen.
  • Es wird ein Backup Deiner Registry erstellt.
  • Nun werden die einzelnen Stufen des Programms abgearbeitet, das kann eine Weile dauern.


  • Wenn ComboFix fertig ist, wird es ein Log erstellen (bitte warten, das dauert einen Moment).
  • Unbedingt warten, bis sich das Combofix-Fenster geschlossen hat und das Logfile im Editor erscheint.
  • Bitte poste die Log-Dateien C:\ComboFix.txt und C:\Qoobox\Add-Remove Programs.txt in Code-Tags hier in den Thread.


  • Hinweis: Combofix macht aus verschiedenen Gründen den Internet Explorer zum Standard-Browser und erstellt ein IE-Icon auf dem Desktop.
  • Das IE-Desktop-Icon kannst Du nach der Bereinigung wieder löschen und Deinen bevorzugten Browser wieder als Standard-Browser einstellen.



Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.09.2012, 12:48   #43
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Okay, habe Combofix jetzt nach der Anleitung laufen lassen. Hier die Combofix.txt Datei:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-09-04.03 - Martina 05.09.2012  13:30:52.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6114.4166 [GMT 2:00]
ausgeführt von:: c:\users\Martina\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-08-05 bis 2012-09-05  ))))))))))))))))))))))))))))))
.
.
2012-09-05 11:36 . 2012-09-05 11:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-09-04 20:34 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-09-04 20:34 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-09-04 15:58 . 2012-09-05 09:50	--------	d-----w-	c:\program files (x86)\Emsisoft Anti-Malware
2012-09-04 15:40 . 2012-09-04 15:40	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9936CA91-0395-42D6-A95C-C39152D7860B}\offreg.dll
2012-09-04 14:01 . 2012-08-23 08:26	9310152	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{9936CA91-0395-42D6-A95C-C39152D7860B}\mpengine.dll
2012-09-03 14:01 . 2012-09-03 14:01	--------	d-----w-	c:\program files (x86)\Turbine
2012-09-03 12:28 . 2012-09-03 12:29	--------	d-----w-	c:\programdata\PMB Files
2012-09-01 14:53 . 2012-09-01 14:54	--------	d-----w-	c:\program files\GIMP 2
2012-09-01 08:45 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-08-31 11:12 . 2012-08-31 11:12	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-20 13:57 . 2012-08-20 13:57	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-08-20 13:57 . 2012-08-20 13:57	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-08-20 12:11 . 2012-08-20 12:11	--------	d-----w-	c:\program files\VideoLAN
2012-08-20 11:51 . 2011-11-28 12:51	33872	----a-w-	c:\windows\system32\drivers\anvsnddrv.sys
2012-08-20 11:20 . 2012-08-20 11:20	--------	d-----w-	c:\program files\WinRAR
2012-08-20 10:58 . 2012-08-20 10:58	--------	d-----w-	c:\program files (x86)\7-Zip
2012-08-19 18:51 . 2012-08-19 18:51	--------	d-----w-	c:\programdata\Malwarebytes
2012-08-19 18:37 . 2012-08-19 19:31	--------	d-----w-	c:\program files (x86)\PC Tools
2012-08-19 18:04 . 2012-08-19 19:31	--------	d-----w-	c:\program files (x86)\Common Files\PC Tools
2012-08-19 18:04 . 2012-06-22 13:35	251560	----a-w-	c:\windows\system32\drivers\PCTSD64.sys
2012-08-19 18:03 . 2012-08-19 18:50	--------	d-----w-	c:\programdata\PC Tools
2012-08-19 17:57 . 2012-08-19 17:57	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2012-08-19 14:30 . 2012-08-19 14:30	--------	d-----w-	c:\program files (x86)\Pando Networks
2012-08-19 12:49 . 2007-03-12 14:42	3495784	----a-w-	c:\windows\SysWow64\d3dx9_33.dll
2012-08-19 11:11 . 2012-02-15 12:51	360448	----a-w-	c:\windows\SysWow64\TubeFinder.exe
2012-08-19 11:11 . 2012-08-19 11:13	--------	d-----w-	c:\program files (x86)\Free FLV Converter
2012-08-19 11:11 . 2011-09-28 07:18	9728	----a-w-	c:\windows\SysWow64\PCCLPFR.DLL
2012-08-19 11:11 . 2011-09-28 07:18	84512	----a-w-	c:\windows\SysWow64\PICCLP32.OCX
2012-08-19 11:11 . 2011-09-28 07:18	364544	----a-w-	c:\windows\SysWow64\PropertyGrid.ocx
2012-08-19 11:11 . 2011-09-28 07:18	32768	----a-w-	c:\windows\SysWow64\CMDLGFR.DLL
2012-08-19 11:11 . 2011-09-28 07:18	24576	----a-w-	c:\windows\SysWow64\ControlSubX.ocx
2012-08-19 11:11 . 2011-09-28 07:18	152848	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2012-08-19 11:11 . 2011-09-28 07:18	141312	----a-w-	c:\windows\SysWow64\MSCMCFR.DLL
2012-08-19 11:11 . 2011-09-28 07:18	119568	----a-w-	c:\windows\SysWow64\VB6FR.DLL
2012-08-19 11:11 . 2011-09-28 07:18	101888	----a-w-	c:\windows\SysWow64\VB6STKIT.DLL
2012-08-19 10:44 . 2012-08-03 02:27	62134624	----a-w-	c:\windows\system32\MRT.exe
2012-08-17 22:05 . 2012-07-06 20:07	552960	----a-w-	c:\windows\system32\drivers\bthport.sys
2012-08-17 21:58 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-08-17 21:48 . 2012-06-29 03:40	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-17 21:48 . 2012-06-29 03:39	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-17 21:48 . 2012-06-29 00:00	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-08-17 21:44 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-08-17 21:44 . 2012-03-01 06:38	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-08-17 21:44 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-08-17 21:44 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-08-17 21:44 . 2012-03-01 05:37	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-08-17 21:44 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-08-17 21:44 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-08-17 19:03 . 2012-09-01 07:55	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-08-17 18:30 . 2012-03-03 06:35	1544704	----a-w-	c:\windows\system32\DWrite.dll
2012-08-17 18:30 . 2012-03-03 05:31	1077248	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-08-17 18:30 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-08-17 18:30 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-08-17 18:30 . 2011-10-01 05:45	886784	----a-w-	c:\program files\Common Files\System\wab32.dll
2012-08-17 18:30 . 2011-10-01 04:37	708608	----a-w-	c:\program files (x86)\Common Files\System\wab32.dll
2012-08-17 18:30 . 2011-04-09 06:58	142336	----a-w-	c:\windows\system32\poqexec.exe
2012-08-17 18:30 . 2011-04-09 05:56	123904	----a-w-	c:\windows\SysWow64\poqexec.exe
2012-08-17 18:30 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-08-17 18:30 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-08-17 18:26 . 2012-05-04 11:06	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-08-17 18:26 . 2012-05-04 10:03	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-08-17 18:26 . 2012-05-04 10:03	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-08-17 17:38 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-08-17 17:38 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-08-17 17:38 . 2012-07-18 18:15	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-08-17 17:38 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-08-17 17:38 . 2012-03-30 11:35	1918320	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-17 17:38 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-08-17 17:38 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-08-17 17:38 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-08-17 17:38 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-08-17 17:38 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-08-16 14:08 . 2012-08-16 14:08	--------	d-----w-	c:\users\Default\AppData\Local\Sony Corporation
2012-08-16 13:16 . 2009-05-18 11:17	34152	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-16 13:16 . 2008-04-17 10:12	126312	----a-w-	c:\windows\system32\GEARAspi64.dll
2012-08-16 13:16 . 2008-04-17 10:12	107368	----a-w-	c:\windows\SysWow64\GEARAspi.dll
2012-08-16 13:15 . 2012-08-16 13:16	--------	d-----w-	c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-16 13:15 . 2012-08-16 13:16	--------	d-----w-	c:\program files\iTunes
2012-08-16 13:15 . 2012-08-16 13:16	--------	d-----w-	c:\program files (x86)\iTunes
2012-08-16 13:15 . 2012-08-16 13:15	--------	d-----w-	c:\programdata\Apple Computer
2012-08-16 13:15 . 2012-08-16 13:15	--------	d-----w-	c:\program files\iPod
2012-08-16 13:14 . 2012-08-16 13:14	--------	d-----w-	c:\program files (x86)\Apple Software Update
2012-08-16 13:14 . 2012-08-16 13:14	--------	d-----w-	c:\program files\Common Files\Apple
2012-08-16 13:14 . 2012-08-16 13:14	--------	d-----w-	c:\program files\Bonjour
2012-08-16 13:14 . 2012-08-16 13:14	--------	d-----w-	c:\program files (x86)\Bonjour
2012-08-16 13:14 . 2012-08-16 13:15	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2012-08-16 13:14 . 2012-08-16 13:14	--------	d-----w-	c:\programdata\Apple
2012-08-16 12:18 . 2012-09-05 10:07	--------	d-----w-	c:\programdata\Kaspersky Lab
2012-08-16 12:18 . 2012-08-16 12:18	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2012-08-16 12:17 . 2012-08-16 12:17	615728	----a-w-	c:\windows\system32\drivers\klif.sys
2012-08-16 12:06 . 2012-08-16 14:12	--------	d-----w-	C:\VAIO Entertainment
2012-08-15 19:02 . 2012-08-15 19:02	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-08-15 12:51 . 2012-08-15 12:51	--------	d-----w-	c:\program files\Microsoft Office
2012-08-15 12:51 . 2012-08-15 12:51	--------	d-----w-	c:\program files (x86)\Microsoft Analysis Services
2012-08-15 12:50 . 2012-08-19 21:37	--------	d-----w-	c:\programdata\Microsoft Help
2012-08-15 12:50 . 2012-08-15 12:50	--------	d-----r-	C:\MSOCache
2012-08-15 12:32 . 2012-08-19 10:39	--------	d-----w-	C:\Update
2012-08-15 12:04 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-08-15 12:04 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-08-15 12:04 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-08-15 11:59 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-08-15 11:59 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-08-15 11:59 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-08-15 11:59 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-08-15 11:58 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-08-15 11:58 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-08-15 11:58 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-08-15 11:58 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-08-15 11:58 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-08-15 11:57 . 2012-08-15 11:57	--------	d-----w-	c:\windows\SysWow64\VAIO Startup Setting Tool
2012-08-08 21:00 . 2012-05-16 22:27	568600	----a-w-	c:\windows\system32\drivers\iaStor.sys
2012-08-08 13:58 . 2012-08-08 13:58	--------	d-----w-	c:\programdata\ATI
2012-08-08 13:57 . 2012-08-15 12:03	--------	d-----w-	c:\programdata\Atheros
2012-08-08 13:55 . 2012-08-08 13:55	--------	d-----w-	c:\program files (x86)\Evernote
2012-08-08 13:54 . 2012-08-08 13:54	--------	d-----w-	c:\programdata\Evernote
2012-08-08 13:51 . 2012-08-18 20:21	--------	d-----w-	c:\programdata\iolo
2012-08-08 13:51 . 2012-08-08 13:51	74703	----a-w-	c:\windows\SysWow64\mfc45.dll
2012-08-08 13:51 . 2012-01-18 21:40	21176	----a-w-	c:\windows\system32\iolorgdf64.exe
2012-08-08 13:51 . 2011-11-30 16:49	69000	----a-w-	c:\windows\system32\offreg.dll
2012-08-08 13:48 . 2012-08-08 13:48	--------	d-----w-	c:\windows\en
2012-08-08 13:47 . 2012-08-08 13:47	--------	d-----w-	c:\windows\uk
2012-08-08 13:47 . 2012-08-08 13:47	--------	d-----w-	c:\windows\tr
2012-08-08 13:45 . 2012-08-08 13:45	--------	d-----w-	c:\windows\cs
2012-08-08 13:45 . 2012-08-08 13:45	--------	d-----w-	c:\windows\bg
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 11:57 . 2011-03-28 16:36	19720	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-08 12:47 . 2003-02-21 02:42	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-08-08 12:38 . 2012-08-08 12:38	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-08-08 12:37 . 2012-08-08 12:37	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-08-08 12:37 . 2012-08-08 12:37	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-08-08 12:37 . 2012-08-08 12:37	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-08-08 12:37 . 2012-08-08 12:37	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-08-08 12:37 . 2012-08-08 12:37	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-07-27 20:51 . 2012-07-27 20:51	24984	----a-w-	c:\windows\system32\AdobePDFUI.dll
2012-07-27 20:51 . 2012-07-27 20:51	53656	----a-w-	c:\windows\system32\AdobePDF.dll
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-10 343168]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-22 291608]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2012-02-20 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-02-21 693608]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/08/08 14:48;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-01-19 248304]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-22 250568]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-02-23 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-02-23 339616]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-02-23 110752]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-02-23 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-02-23 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-02-23 280992]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys [2012-02-23 421664]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-02-23 550560]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2012-03-21 112256]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-31 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-01-06 74904]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2012-01-10 535688]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-22 16152]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-13 235520]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-02-23 106144]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-29 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-02-08 2429544]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-03-13 128280]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-13 161560]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-02-21 473960]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-01-06 138392]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-13 363800]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2012-03-26 978056]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-02-23 158880]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-03-13 10732032]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-03-13 328192]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-03-13 95248]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-02-23 30368]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-22 356120]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-22 787736]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2012-03-13 60184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-02-08 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-13 675432]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2012-01-16 14336]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-01 289952]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-05-28 54464]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-05-10 1259104]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2012-09-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-03-13 1156712]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-02-23 1020576]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-02-23 800416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
TCP: DhcpNameServer = 217.0.43.145 217.0.43.129
FF - ProfilePath - c:\users\Martina\AppData\Roaming\Mozilla\Firefox\Profiles\qvq1dwsx.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-09-05  13:37:58
ComboFix-quarantined-files.txt  2012-09-05 11:37
.
Vor Suchlauf: 12 Verzeichnis(se), 653.350.473.728 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 653.070.487.552 Bytes frei
.
- - End Of File - - 8DA6EF3DF85220DCE9A01403625E21C0
--- --- ---


Und hier die Add-Remove Programs.txt Datei:
Code:
ATTFilter
 
????? Windows Live
?????? Windows Live
??????? ????????? Windows Live Mesh ActiveX ??? ?????????? ??????????
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
???????????? Windows Live
7-Zip 9.20
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????
Adobe Acrobat X Standard - English, Français, Deutsch
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
Agatha Christie - Death on the Nile
Aloha TriPeaks
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Bejeweled 3
Bing Bar
Build-a-lot 2
Cake Mania
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Control ActiveX Windows Live Mesh pentru conexiuni la distan?a
Controlo ActiveX do Windows Live Mesh para Ligações Remotas
CyberLink PowerDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Der Herr der Ringe Online v03.07.00.8037
Evernote v. 4.5.2
FDUx86
Fishdom (TM) 2
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych
Fotogalerija Windows Live
Free FLV Converter V 7.4.0
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Insaniquarium Deluxe
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) USB 3.0 eXtensible Host Controller Driver
Java 7 Update 7
Java Auto Updater
JavaFX 2.1.1
Jewel Quest Solitaire 2
Junk Mail filter update
Kaspersky Internet Security 2012
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
KUx86
Mahjongg Artifacts
Media Go
Mesh Runtime
Microsoft .NET Framework 1.1
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (German) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 15.0 (x86 de)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
Mystery of Mortlake Mansion
Mystery P.I. - The London Caper
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia
Pando Media Booster
Plants vs. Zombies - Game of the Year
PlayMemories Home
PlayStation(R)Network Downloader
PlayStation(R)Store
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
PYV_x86
Qualcomm Atheros Direct Connect
Qualcomm Atheros WiFi Driver Installation
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation(R)3
S?????? f?t???af??? t?? Windows Live
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Skype Click to Call
Skype™ 5.10
SSLx86
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se??
The Hidden Object Game Show
TrackID(TM) with BRAVIA
TriDef 3D (Sony) 2.0.5
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi
V3DPx86
VAIO-Handbuch
VAIO-Support für Übertragungen
VAIO - Remote-Tastatur
VAIO - Remote-Tastatur mit PlayStation®3
VAIO - Remote Play mit PlayStation®3
VAIO - TrackID™ mit BRAVIA
VAIO 3D Portal
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Gate
VAIO Gate Default
VAIO Gesture Control
VAIO Improvement
VAIO Sample Contents
VAIO Smart Network
VAIO Update
VAIO*CPU-Lüfterdiagnose
VCCx86
VHD
Virtual Villagers 4 - The Tree of Life
VIx86
VMLx86
VSNx86
VSSTx86
VU5x86
VWSTx86
WildTangent-Spiele
WildTangent Games App
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
Windows Live Mesh ActiveX-objekt til fjernforbindelser
Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz
Windows Live Mesh ActiveX control for remote connections
Windows Live Meshin etäyhteyksien ActiveX-komponentti
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima

Alt 05.09.2012, 13:30   #44
t'john
/// Helfer-Team
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Wohin fuehren die Umleitungen?
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.09.2012, 14:42   #45
Naminée
 
MyStart by IncrediBar entfernen/deinstallieren - Standard

MyStart by IncrediBar entfernen/deinstallieren


Die Umleitung wenn ich einen neuen Tab öffne führt zu der Seite hier: MyStart by IncrediBar.com

Edit: Okay... eigentlich hab ich den Link kopiert, aber der hat sich selbst zu "MyStart by IncrediBar.com" geändert nachdem ich auf die Antwort gepostet hab. Ich probiers mal mit Leerzeichen dazwischen, vielleicht klappt es dann: hxxp:// mystart. incredibar. com / mb155?a=6OyLl4HLRG&loc=FF_NT

Antwort
Seite 3 von 4 12 3 4

Themen zu MyStart by IncrediBar entfernen/deinstallieren
autorun, bonjour, document, explorer, fehlermeldung, flash player, focus, format, google, incredibar toolbar, kaspersky, mozilla, mystart incredibar entfernen, mystart.incredibar trojaner toolbar, plug-in, programm, realtek, registry, security, senden, tastatur, usb, usb 3.0, wildtangent games, windows, windows xp, wlan, ändern, {336d0c35-8a85-403a-b9d2-65c292c39087}


« GVU Computer gesperrt | GVU-Trojaner erneut ! »


Ähnliche Themen: MyStart by IncrediBar entfernen/deinstallieren


  1. mystart incredibar von coogle chrom deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (2)
  2. Mystart incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.11.2012 (1)
  3. Mystart.incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.10.2012 (24)
  4. Mystart.incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 17.10.2012 (31)
  5. Mystart Incredibar Entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.10.2012 (26)
  6. MyStart by incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 05.10.2012 (2)
  7. MyStart Incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 21.09.2012 (5)
  8. (2x) mystart incredibar entfernen
    Mülltonne - 04.09.2012 (1)
  9. Mystart incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 25.08.2012 (14)
  10. Incredibar - MyStart entfernen
    Log-Analyse und Auswertung - 11.08.2012 (3)
  11. MyStart by Incredibar - entfernen!
    Log-Analyse und Auswertung - 05.08.2012 (11)
  12. mystart.incredibar.com entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (32)
  13. Mystart.incredibar entfernen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (40)
  14. MyStart IncrediBar entfernen
    Anleitungen, FAQs & Links - 30.07.2012 (0)
  15. Mystart incredibar entfernen
    Log-Analyse und Auswertung - 30.07.2012 (1)
  16. Incredibar MyStart entfernen
    Log-Analyse und Auswertung - 20.07.2012 (10)
  17. MyStart Incredibar entfernen
    Log-Analyse und Auswertung - 14.07.2012 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MyStart by IncrediBar entfernen/deinstallieren - Hier die Logdatei des AdwCleaners: Code: Alles auswählen Aufklappen ATTFilter # AdwCleaner v1.801 - Logfile created 08/31/2012 at 11:53:19 # Updated 14/08/2012 by Xplode # Operating system : Windows 7 - MyStart by IncrediBar entfernen/deinstallieren...
Archiv
Du betrachtest: MyStart by IncrediBar entfernen/deinstallieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132