|
Ich werde incredibar virus nicht los Hallo, liebe Board member, ich bin hier Neuling und habe ein Problem mit meinem Laptop. Ich habe mir beim runterladen eines Doublettenentferners von Softonic (jhttp://www.trojaner-board.de/images/.../kloppen.gifa, mittlerweile weiß ich auch, welche Läuse man sich dort in den Pelz setzt) eine echt nervige toolbar von incredibar eingefangen. In den anderen threads zu diesem Thema wurde regelhaft eine Entfernung mit Malwarebytes empfohlen. Ich habe einen vollständigen Scan laufen lassen und dabei keinerlei infizierte Dateien gefunden. Logfile siehe unten. Statrten im abgesicherten Modus und Quickscan brachten auch nix. Wie finde ich das Problem? Wer kann mir weiterhelfen? Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Datenbank Version: 912071011 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 10.07.2012 21:58:39 mbam-log-2012-07-10 (21-58-39).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 264702 Laufzeit: 15 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Ich habe noch die folgenden Logs nachzuliefern. Vielen Dank im voraus |
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein! http://cosgan.de/images/midi/boese/a040.gif Finger weg von Softonic!! :pfui: Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
Lieber Arne, herzlichen Dank für Deine Antwort. Ich habe den Scan durchgeführt und das folgende Log-File dabei erhalten: # AdwCleaner v1.702 - Logfile created 07/14/2012 at 00:28:41 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : XXX - XXX-ANIT # Running from : C:\Users\XXX\Downloads\adwcleaner0.exe # Option [Search] ***** [Services] ***** ***** [Files / Folders] ***** File Found : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hf8pieh6.default\searchplugins\MyStart Search.xml ***** [Registry] ***** Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Web Assistant Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Registre - GUID] ***** Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8ygaZiny&i=26 -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\hf8pieh6.default\prefs.js Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8ygaZiny&loc=FF_NT"); Found : user_pref("browser.search.defaultenginename", "MyStart Search"); Found : user_pref("browser.search.selectedEngine", "MyStart Search"); Found : user_pref("extensions.incredibar.admin", false); Found : user_pref("extensions.incredibar.aflt", "orgnl"); Found : user_pref("extensions.incredibar.cntry", "DE"); Found : user_pref("extensions.incredibar.dfltLng", ""); Found : user_pref("extensions.incredibar.dfltSrch", false); Found : user_pref("extensions.incredibar.did", "10665"); Found : user_pref("extensions.incredibar.envrmnt", "production"); Found : user_pref("extensions.incredibar.excTlbr", false); Found : user_pref("extensions.incredibar.hdrMd5", "98B6C088616243CC5FA35B9F4FE582E3"); Found : user_pref("extensions.incredibar.hmpg", false); Found : user_pref("extensions.incredibar.id", "b6c40ddd0000000000000022fa40abb1"); Found : user_pref("extensions.incredibar.installerproductid", "26"); Found : user_pref("extensions.incredibar.instlDay", "15528"); Found : user_pref("extensions.incredibar.instlRef", ""); Found : user_pref("extensions.incredibar.isDcmntCmplt", true); Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:06:25"); Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Found : user_pref("extensions.incredibar.newTab", false); Found : user_pref("extensions.incredibar.noFFXTlbr", false); Found : user_pref("extensions.incredibar.ppd", ""); Found : user_pref("extensions.incredibar.prdct", "incredibar"); Found : user_pref("extensions.incredibar.productid", "26"); Found : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar.sg", "none"); Found : user_pref("extensions.incredibar.smplGrp", "none"); Found : user_pref("extensions.incredibar.tlbrId", "base"); Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8ygaZiny&loc=IB_T[...] Found : user_pref("extensions.incredibar.upn2", "6R8ygaZiny"); Found : user_pref("extensions.incredibar.upn2n", "92824663818937652"); Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:06:25"); Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.aflt", "orgnl"); Found : user_pref("extensions.incredibar_i.dfltLng", ""); Found : user_pref("extensions.incredibar_i.did", "10665"); Found : user_pref("extensions.incredibar_i.excTlbr", false); Found : user_pref("extensions.incredibar_i.id", "b6c40ddd0000000000000022fa40abb1"); Found : user_pref("extensions.incredibar_i.installerproductid", "26"); Found : user_pref("extensions.incredibar_i.instlDay", "15528"); Found : user_pref("extensions.incredibar_i.instlRef", ""); Found : user_pref("extensions.incredibar_i.ms_url_id", ""); Found : user_pref("extensions.incredibar_i.newTab", false); Found : user_pref("extensions.incredibar_i.ppd", ""); Found : user_pref("extensions.incredibar_i.prdct", "incredibar"); Found : user_pref("extensions.incredibar_i.productid", "26"); Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Found : user_pref("extensions.incredibar_i.smplGrp", "none"); Found : user_pref("extensions.incredibar_i.tlbrId", "base"); Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8ygaZiny&loc=IB[...] Found : user_pref("extensions.incredibar_i.upn2", "6R8ygaZiny"); Found : user_pref("extensions.incredibar_i.upn2n", "92824663818937652"); Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:06:25"); Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8ygaZiny&&i=26&search="[...] Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [5568 octets] - [14/07/2012 00:28:41] ########## EOF - C:\AdwCleaner[R1].txt - [5696 octets] ########## Ich freue mich auf die nächste Antwort. Hendrik |
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
|
Hallo Arne! Das Log hängt an. Die Symptome sind weg ich um ein paar Erfahrungen reicher. Danke und tschüß. :party: Hendrik # AdwCleaner v1.702 - Logfile created 07/14/2012 at 20:17:24 # Updated 13/07/2012 by Xplode # Operating system : Windows 7 Ultimate Service Pack 1 (32 bits) # User : Hendrik - FREISE-ANIT # Running from : C:\Users\Hendrik\Downloads\adwcleaner0.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\hf8pieh6.default\searchplugins\MyStart Search.xml ***** [Registry] ***** Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Web Assistant Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [Registre - GUID] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb165?a=6R8ygaZiny&i=26 --> hxxp://www.google.com -\\ Mozilla Firefox v13.0.1 (de) Profile name : default File : C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\hf8pieh6.default\prefs.js C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\hf8pieh6.default\user.js ... Deleted ! Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb165?a=6R8ygaZiny&loc=FF_NT"); Deleted : user_pref("browser.search.defaultenginename", "MyStart Search"); Deleted : user_pref("browser.search.selectedEngine", "MyStart Search"); Deleted : user_pref("extensions.incredibar.admin", false); Deleted : user_pref("extensions.incredibar.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar.cntry", "DE"); Deleted : user_pref("extensions.incredibar.dfltLng", ""); Deleted : user_pref("extensions.incredibar.dfltSrch", false); Deleted : user_pref("extensions.incredibar.did", "10665"); Deleted : user_pref("extensions.incredibar.envrmnt", "production"); Deleted : user_pref("extensions.incredibar.excTlbr", false); Deleted : user_pref("extensions.incredibar.hdrMd5", "98B6C088616243CC5FA35B9F4FE582E3"); Deleted : user_pref("extensions.incredibar.hmpg", false); Deleted : user_pref("extensions.incredibar.id", "b6c40ddd0000000000000022fa40abb1"); Deleted : user_pref("extensions.incredibar.installerproductid", "26"); Deleted : user_pref("extensions.incredibar.instlDay", "15528"); Deleted : user_pref("extensions.incredibar.instlRef", ""); Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true); Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1413:06:25"); Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Deleted : user_pref("extensions.incredibar.newTab", false); Deleted : user_pref("extensions.incredibar.noFFXTlbr", false); Deleted : user_pref("extensions.incredibar.ppd", ""); Deleted : user_pref("extensions.incredibar.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar.productid", "26"); Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar.sg", "none"); Deleted : user_pref("extensions.incredibar.smplGrp", "none"); Deleted : user_pref("extensions.incredibar.tlbrId", "base"); Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8ygaZiny&loc=IB_T[...] Deleted : user_pref("extensions.incredibar.upn2", "6R8ygaZiny"); Deleted : user_pref("extensions.incredibar.upn2n", "92824663818937652"); Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1413:06:25"); Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl"); Deleted : user_pref("extensions.incredibar_i.dfltLng", ""); Deleted : user_pref("extensions.incredibar_i.did", "10665"); Deleted : user_pref("extensions.incredibar_i.excTlbr", false); Deleted : user_pref("extensions.incredibar_i.id", "b6c40ddd0000000000000022fa40abb1"); Deleted : user_pref("extensions.incredibar_i.installerproductid", "26"); Deleted : user_pref("extensions.incredibar_i.instlDay", "15528"); Deleted : user_pref("extensions.incredibar_i.instlRef", ""); Deleted : user_pref("extensions.incredibar_i.ms_url_id", ""); Deleted : user_pref("extensions.incredibar_i.newTab", false); Deleted : user_pref("extensions.incredibar_i.ppd", ""); Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar"); Deleted : user_pref("extensions.incredibar_i.productid", "26"); Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Deleted : user_pref("extensions.incredibar_i.smplGrp", "none"); Deleted : user_pref("extensions.incredibar_i.tlbrId", "base"); Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8ygaZiny&loc=IB[...] Deleted : user_pref("extensions.incredibar_i.upn2", "6R8ygaZiny"); Deleted : user_pref("extensions.incredibar_i.upn2n", "92824663818937652"); Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:06:25"); Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6R8ygaZiny&&i=26&search="[...] Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...] ************************* AdwCleaner[R1].txt - [5678 octets] - [14/07/2012 00:28:41] AdwCleaner[R2].txt - [5757 octets] - [14/07/2012 20:17:06] AdwCleaner[S1].txt - [5963 octets] - [14/07/2012 20:17:24] ########## EOF - C:\AdwCleaner[S1].txt - [6091 octets] ########## :party: |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 20:49 Uhr. |
Copyright ©2000-2024, Trojaner-Board