Trojaner-Board - MyStart Incredibar Toolbar

Hallo zusammen,

wie das Thema oben zeigt, habe ich seit geraumer Zeit das hier in vielen Threads angesprochene Problem mit "my Start".

Hier die ersten Logs:

Mailware:

Code:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org
 

Datenbank Version: v2012.08.05.06
 

Windows 7 x86 NTFS

Internet Explorer 9.0.8112.16421

Rashid :: PC [Administrator]
 

05.08.2012 14:56:21

mbam-log-2012-08-05 (15-28-15).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 254638

Laufzeit: 20 Minute(n), 5 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 3

C:\Users\Rashid\Downloads\SoftonicDownloader_fuer_eclipsecrossword.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

C:\Users\Rashid\Downloads\SoftonicDownloader_fuer_kreuzwortratsel-werkstatt.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.

C:\Users\Rashid\Downloads\SoftonicDownloader_fuer_windows-product-key-aktualisierungstool.exe (PUP.ToolbarDownloader) -> Keine Aktion durchgeführt.
 

(Ende)

Eset Online Scanner:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=cf3d96cd7494fa43941de13d25914bc8

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-05 03:03:06

# local_time=2012-08-05 05:03:06 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7600 NT 

# compatibility_mode=1792 16777215 100 0 12108308 12108308 0 0

# compatibility_mode=5893 16776573 100 94 9691771 95808446 0 0

# compatibility_mode=8192 67108863 100 0 119 119 0 0

# scanned=90514

# found=0

# cleaned=0

# scan_time=1731

Vielen Dank schonmal...

Hier noch die .txt. vom AdwCleaner:

Code:

# AdwCleaner v1.800 - Logfile created 08/06/2012 at 16:41:21

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Professional  (32 bits)

# User : Rashid - PC

# Running from : C:\Users\Rashid\Downloads\adwcleaner.exe

# Option [Search]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Found : C:\Users\Rashid\AppData\Roaming\pdfforge

Folder Found : C:\ProgramData\InstallMate

File Found : C:\Users\Rashid\AppData\Roaming\Mozilla\Firefox\Profiles\1xs9vj1i.default\searchplugins\MyStart Search.xml
 

***** [Registry] *****
 

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Softonic

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Web Assistant

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 

***** [Registre - GUID] *****
 

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Rashid\AppData\Roaming\Mozilla\Firefox\Profiles\1xs9vj1i.default\prefs.js
 

Found : user_pref("browser.search.defaultenginename", "MyStart Search");

Found : user_pref("browser.search.selectedEngine", "MyStart Search");

Found : user_pref("extensions.incredibar.actvtyRptTime", "1341584916769");

Found : user_pref("extensions.incredibar.admin", false);

Found : user_pref("extensions.incredibar.aflt", "orgnl");

Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Found : user_pref("extensions.incredibar.cntry", "DE");

Found : user_pref("extensions.incredibar.dfltLng", "EN");

Found : user_pref("extensions.incredibar.dfltSrch", false);

Found : user_pref("extensions.incredibar.dfltlng", "en");

Found : user_pref("extensions.incredibar.dfltsrch", "false");

Found : user_pref("extensions.incredibar.did", "10669");

Found : user_pref("extensions.incredibar.envrmnt", "production");

Found : user_pref("extensions.incredibar.excTlbr", false);

Found : user_pref("extensions.incredibar.hdrMd5", "E80F4EAA6087F08B0881BFA7F734C0C7");

Found : user_pref("extensions.incredibar.hmpg", false);

Found : user_pref("extensions.incredibar.hrdid", "0");

Found : user_pref("extensions.incredibar.id", "28bb52c5000000000000002275d8700e");

Found : user_pref("extensions.incredibar.installerproductid", "26");

Found : user_pref("extensions.incredibar.instlDay", "15525");

Found : user_pref("extensions.incredibar.instlRef", "");

Found : user_pref("extensions.incredibar.instlday", "15525");

Found : user_pref("extensions.incredibar.instlref", "");

Found : user_pref("extensions.incredibar.isDcmntCmplt", true);

Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Found : user_pref("extensions.incredibar.keywordurl", "");

Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:31:53");

Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Found : user_pref("extensions.incredibar.newTab", false);

Found : user_pref("extensions.incredibar.newtab", "false");

Found : user_pref("extensions.incredibar.newtaburl", "");

Found : user_pref("extensions.incredibar.noFFXTlbr", false);

Found : user_pref("extensions.incredibar.ppd", "123%5F1");

Found : user_pref("extensions.incredibar.prdct", "incredibar");

Found : user_pref("extensions.incredibar.productid", "26");

Found : user_pref("extensions.incredibar.propectorlck", 79989719);

Found : user_pref("extensions.incredibar.prtkHmpg", 1);

Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Found : user_pref("extensions.incredibar.sg", "none");

Found : user_pref("extensions.incredibar.smplGrp", "none");

Found : user_pref("extensions.incredibar.smplgrp", "none");

Found : user_pref("extensions.incredibar.srch", "");

Found : user_pref("extensions.incredibar.srchprvdr", "");

Found : user_pref("extensions.incredibar.tlbrId", "base");

Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB_T[...]

Found : user_pref("extensions.incredibar.tlbrid", "base");

Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB_T[...]

Found : user_pref("extensions.incredibar.upn2", "6OyGWtd3sO");

Found : user_pref("extensions.incredibar.upn2n", "92261698630661294");

Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:31:53");

Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:31:53");

Found : user_pref("extensions.incredibar_i.aflt", "orgnl");

Found : user_pref("extensions.incredibar_i.dfltLng", "");

Found : user_pref("extensions.incredibar_i.did", "10669");

Found : user_pref("extensions.incredibar_i.excTlbr", false);

Found : user_pref("extensions.incredibar_i.id", "28bb52c5000000000000002275d8700e");

Found : user_pref("extensions.incredibar_i.installerproductid", "26");

Found : user_pref("extensions.incredibar_i.instlDay", "15525");

Found : user_pref("extensions.incredibar_i.instlRef", "");

Found : user_pref("extensions.incredibar_i.ms_url_id", "");

Found : user_pref("extensions.incredibar_i.newTab", false);

Found : user_pref("extensions.incredibar_i.ppd", "123%5F1");

Found : user_pref("extensions.incredibar_i.prdct", "incredibar");

Found : user_pref("extensions.incredibar_i.productid", "26");

Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar_i.smplGrp", "none");

Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB[...]

Found : user_pref("extensions.incredibar_i.upn2", "6OyGWtd3sO");

Found : user_pref("extensions.incredibar_i.upn2n", "92261698630661294");

Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:31:53");

Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyGWtd3sO&&i=26&search="[...]

Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]

Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]

Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
 

*************************
 

AdwCleaner[R1].txt - [7720 octets] - [06/08/2012 16:41:21]
 

########## EOF - C:\AdwCleaner[R1].txt - [7848 octets] ##########

Fehlt Euch noch irgendetwas. Werde daraus leider nicht schlau.

Vielen Dank an alle helfenden Hände...

Code:

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 20:05:32

# Updated 01/08/2012 by Xplode

# Operating system : Windows 7 Professional  (32 bits)

# User : Rashid - PC

# Running from : C:\Users\Rashid\Downloads\adwcleaner.exe

# Option [Delete]
 
 

***** [Services] *****
 
 

***** [Files / Folders] *****
 

Folder Deleted : C:\Users\Rashid\AppData\Roaming\pdfforge

Folder Deleted : C:\ProgramData\InstallMate

File Deleted : C:\Users\Rashid\AppData\Roaming\Mozilla\Firefox\Profiles\1xs9vj1i.default\searchplugins\MyStart Search.xml
 

***** [Registry] *****
 

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Web Assistant

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 

***** [Registre - GUID] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
 

***** [Internet Browsers] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

[OK] Registry is clean.
 

-\\ Mozilla Firefox v14.0.1 (de)
 

Profile name : default 

File : C:\Users\Rashid\AppData\Roaming\Mozilla\Firefox\Profiles\1xs9vj1i.default\prefs.js
 

C:\Users\Rashid\AppData\Roaming\Mozilla\Firefox\Profiles\1xs9vj1i.default\user.js ... Deleted !
 

Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");

Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1341584916769");

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Deleted : user_pref("extensions.incredibar.cntry", "DE");

Deleted : user_pref("extensions.incredibar.dfltLng", "EN");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.dfltlng", "en");

Deleted : user_pref("extensions.incredibar.dfltsrch", "false");

Deleted : user_pref("extensions.incredibar.did", "10669");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "E80F4EAA6087F08B0881BFA7F734C0C7");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.hrdid", "0");

Deleted : user_pref("extensions.incredibar.id", "28bb52c5000000000000002275d8700e");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15525");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.instlday", "15525");

Deleted : user_pref("extensions.incredibar.instlref", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);

Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.incredibar.keywordurl", "");

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1420:31:53");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.newtab", "false");

Deleted : user_pref("extensions.incredibar.newtaburl", "");

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "123%5F1");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.propectorlck", 79989719);

Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.smplgrp", "none");

Deleted : user_pref("extensions.incredibar.srch", "");

Deleted : user_pref("extensions.incredibar.srchprvdr", "");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.tlbrid", "base");

Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.upn2", "6OyGWtd3sO");

Deleted : user_pref("extensions.incredibar.upn2n", "92261698630661294");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1420:31:53");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1420:31:53");

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10669");

Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Deleted : user_pref("extensions.incredibar_i.id", "28bb52c5000000000000002275d8700e");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15525");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "123%5F1");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyGWtd3sO&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6OyGWtd3sO");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92261698630661294");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1420:31:53");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6OyGWtd3sO&&i=26&search="[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
 

*************************
 

AdwCleaner[R1].txt - [7849 octets] - [06/08/2012 16:41:21]

AdwCleaner[S1].txt - [8004 octets] - [09/08/2012 20:05:32]
 

########## EOF - C:\AdwCleaner[S1].txt - [8132 octets] ##########

Danke...