Incredibar bei google chrome nicht löschbar
Liebe Trojanerboard Community,
Ich habe das Problem, dass beim öffnen eines neuen Tabs in chrome die folgende url geöffnet wird: hxxp://mystart.incredibar.com/?loc=CH_NT
Ich habe alle einträge zu incredibar gesucht, und einige einträge welche mit firefox und opera verknüft waren gefunden. Beide browser sind mittlerweile deinstalliert. Chrome habe ich ebenfalls deinstalliert und neu installiert. Das Problem besteht nach wie vor.
In Systemsteuerung/Programme kann ich auch keinen Eintrag finden den ich mit incredibar in Verbindung bringen würde.
Hier mein OTL file: Code:
allo,
bin neu hier und hoffe sehr, dass ihr mir helfen könnt. Mein Labtop mit Vista und Avira ist auf einmal total lahm und friert immer ein. Mbam hat auch drei Sachen gefunden (PUP.InstallBrain). Das ist, seit ich irgendwie Incredibar runtergeladen habe, das sich leider nicht löschen lässt. Habe echt alles versucht, aber die Toolbar erscheint immer wieder und es erscheint immer wieder beim Öffnen eines neuen Tabs. Und dann hängt alles.
Ich weiss echt nicht mehr weiter.
Liebe Grüße, Elisa
Code: Alles auswählenAufklappen
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Datenbank Version: v2013.01.02.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19393
Elisa :: ELISA-PC [Administrator]
05.01.2013 01:03:04
MBAM-log-2013-01-05 (01-16-17).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204775
Laufzeit: 11 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 3300 -> Keine Aktion durchgeführt.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt.
(Ende)
Extras vom OTL: Code:
OTL Extras logfile created on: 05.01.2013 02:41:21 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\fam\Desktop
64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,55% Memory free
4,00 Gb Paging File | 2,69 Gb Available in Paging File | 67,32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 326,16 Gb Free Space | 70,03% Space Free | Partition Type: NTFS
Computer Name: FAM-PC | User Name: fam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12C92E78-BE9D-4FC3-BC04-F114838BCE00}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{131AF977-C35B-44F2-8F30-9F45CC9344F7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{1E9ADD4A-D60E-43D5-B25E-6D5441341D3A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{36A2FF4C-5EA9-4210-9E07-BBEDEE3E71FA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{3851D97D-539E-4F70-919F-FB3E46E76F09}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{3CF6445D-C256-46D0-B517-B47D9EC8EE3F}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{494B2EB6-B302-4EC4-97FA-F13B08037A5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{4E400BA0-9E7C-4D87-B936-537B9296BD13}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4E5535CC-59B6-4B58-ACDA-9262EAFDF5B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{500E8D5F-2E2D-4A34-9C94-5B4BAD7D7D8F}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{55D7D3FD-7FAF-42CA-B9F3-F062E5786DB0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |
"{56D5976B-96ED-4DD8-A606-B50608B8BB91}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{588DDE1A-F81B-4A71-BE03-F29587CBDF8F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dxhrml\dxhrml.exe |
"{5A72D16F-E59C-4D6E-B955-61138AC9783C}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{60C750E5-45CD-4DDE-BB04-DA7905F26ECD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{66423110-BAB7-453C-983C-6FD74F7991C1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\runme.exe |
"{682404D6-F0A1-4596-B467-FE8CC5249CB7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7BC086A2-9986-4B2D-866C-2B976857216C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7E4A9FD1-8646-416C-A2E7-C790D697A864}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe |
"{8550072C-6F92-4250-BFEF-B09BD3EA3A2B}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{85C28E6C-035B-41C3-96B9-C15169BB0903}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8B8F5ED7-6822-4305-81B3-BC7516EE4C40}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{8EAE98DD-9F4C-43A3-87C4-B5E91060FD6F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\command and conquer red alert 3\support\ea help\electronic_arts_technical_support.htm |
"{921B0D61-D182-4333-B89F-D8E4D9E0AB9D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alice madness returns\binaries\win32\alicemadnessreturns.exe |
"{98FE94E9-9629-4747-A25E-E5D50CE83F95}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ACC919E3-ACDB-404C-A24D-BEF6319274FB}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BD1096B7-4DD2-48CE-AF49-DCA19DEE7DC0}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{BE528A5A-885D-4EF2-9473-18343D60DE35}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\osmos\osmos.exe |
"{C7ADC5F9-120F-42DD-9F86-4CF3CBAA831D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CC5D63CE-DCEE-4B82-B67E-3D52B2DCF8EB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\botanicula\botanicula.exe |
"{D39266FE-8930-4719-BF7D-29EC976654AD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D3ED6C4E-0D65-40F8-A289-F51A3AF4CED6}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{DDF5304C-102E-469C-8D99-8BD8EF126D4B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{E0F0843D-BFC5-44C3-AF44-3299E507325F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dear esther\dearesther.exe |
"{E3FBC526-83BC-4458-A79E-FE64264EB837}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EE229FCC-551A-4D7B-B031-D47BB0F3E826}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe |
"{F9407145-8EF9-4806-99DC-78D9CE6D17F7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{1E1AAF23-9F4A-4EA1-8288-F529AC19D72A}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{3E7F12E8-1BFA-4678-8F58-DB054F08AABE}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{954F97B1-5FF7-4DB0-9E02-4C74A33C7428}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{DEB3D3CA-CD76-4DFC-A063-614DD7016B50}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.557
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"EPSON AL-C1600" = EPSON AL-C1600
"WNLT" = IB Updater Service
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{10DD6128-A810-4A90-9523-475D573FBB37}" = PlayMemories Home
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9.6
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{3B345B4A-2E94-4346-A38F-17E1347A0DA7}" = HTC Sync
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battle for Wesnoth 1.10.3" = Battle for Wesnoth 1.10.3
"Google Chrome" = Google Chrome
"HartlauerFotoService3_is1" = Direkt Foto System 3.x
"ImRe_is1" = ImRe 2.1
"IrfanView" = IrfanView (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"RarZilla Free Unrar" = RarZilla Free Unrar
"Steam App 17410" = Mirror's Edge
"Steam App 17480" = Command and Conquer: Red Alert 3
"Steam App 19680" = Alice: Madness Returns
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 203810" = Dear Esther
"Steam App 207690" = Botanicula
"Steam App 29180" = Osmos
"Steam App 48000" = LIMBO
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Winamp Toolbar" = Winamp Toolbar
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.01.2013 16:30:48 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1014
Error - 04.01.2013 16:30:48 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1014
Error - 04.01.2013 16:30:49 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.01.2013 16:30:49 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2013
Error - 04.01.2013 16:30:49 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2013
Error - 04.01.2013 16:30:50 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 04.01.2013 16:30:50 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
Error - 04.01.2013 16:30:50 | Computer Name = fam-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
Error - 04.01.2013 19:57:34 | Computer Name = fam-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
Zeitstempel: 0x50b71a4b Name des fehlerhaften Moduls: xul.dll, Version: 17.0.1.4715,
Zeitstempel: 0x50b7198b Ausnahmecode: 0xc0000005 Fehleroffset: 0x00144ed8 ID des fehlerhaften
Prozesses: 0x104c Startzeit der fehlerhaften Anwendung: 0x01cdeabbc0d8b1c0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Mozilla Firefox\xul.dll Berichtskennung:
81851406-56ca-11e2-8e3a-001e8c299efe
Error - 04.01.2013 19:59:03 | Computer Name = fam-PC | Source = MsiInstaller | ID = 11316
Description =
[ System Events ]
Error - 11.11.2012 19:08:17 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 11.11.2012 20:12:16 | Computer Name = fam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 12.11.2012 18:12:25 | Computer Name = fam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 12.11.2012 18:25:15 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 12.11.2012 18:25:16 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 12.11.2012 18:25:16 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 12.11.2012 18:25:17 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 12.11.2012 18:25:17 | Computer Name = fam-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.
Error - 12.11.2012 19:28:52 | Computer Name = fam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
Error - 13.11.2012 22:01:05 | Computer Name = fam-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Skype 5.10 für Windows (KB2727727)
< End of report >
und hier das gmer log: Code:
GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-05 03:27:32
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD501LJ rev.CR100-12 465,76GB
Running: bvxt35zv.exe; Driver: C:\Users\fam\AppData\Local\Temp\uwldypow.sys
---- Threads - GMER 2.0 ----
Thread C:\Windows\System32\spoolsv.exe [1148:2736] 000007fef67d10c8
Thread C:\Windows\System32\spoolsv.exe [1148:2756] 000007fef7426144
Thread C:\Windows\System32\spoolsv.exe [1148:2768] 000007fef6f45fd0
Thread C:\Windows\System32\spoolsv.exe [1148:2780] 000007fef7453438
Thread C:\Windows\System32\spoolsv.exe [1148:2784] 000007fef6f463ec
Thread C:\Windows\System32\spoolsv.exe [1148:2792] 000007fef7aa5e5c
Thread C:\Windows\System32\spoolsv.exe [1148:2796] 000007fef7ca484c
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1556:1600] 000000007222184f
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1556:1604] 000000007222184f
Thread C:\Windows\system32\dmwu.exe [1696:416] 000007fef5981ebc
Thread C:\Windows\system32\svchost.exe [3280:3456] 000007fef6f45fd0
Thread C:\Windows\system32\svchost.exe [3280:3460] 000007fef6f463ec
Thread C:\Windows\system32\svchost.exe [3280:4880] 000007fef1965f00
Thread C:\Windows\System32\svchost.exe [5092:3464] 000007fef87b9688
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392:4396] 000000001000e2eb
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392:4080] 00000000014566e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392:4064] 00000000014566e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392:4004] 00000000014566e0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392:4076] 0000000001452560
Thread C:\Windows\system32\nvvsvc.exe [1812:860] 000007fefa58a000
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1580:2120] 0000000072da8f84
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1580:4292] 0000000072da925e
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1580:2188] 0000000072da8bd0
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Windows\system32\lsass.exe [484] 000007fefdd60000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [912] 000007fefd7d0000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1148] 000007fefbb00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [1312] 0000000075110000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1492] 0000000076620000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1556] 0000000075d60000
Library ? (*** suspicious ***) @ C:\Program Files\Bonjour\mDNSResponder.exe [1592] 000007fefeef0000
Library ? (*** suspicious ***) @ C:\Program Files\IB Updater\ExtensionUpdaterService.exe [1640] 0000000074ec0000
Library ? (*** suspicious ***) @ C:\Windows\system32\dmwu.exe [1696] 000007fefdd60000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [1824] 0000000076be0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [3280] 000007fefcdf0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [4928] 0000000071890000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [5092] 000007fefccc0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [3392] 0000000072a80000
Library ? (*** suspicious ***) @ C:\Windows\system32\nvvsvc.exe [1812] 000007fefc410000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [1580] 0000000070900000
---- EOF - GMER 2.0 ----
Ich hoffe ihr könnt mir sagen ob mein system nur von diesem seltsamen browser auswuchs befallen ist oder noch andere troubles nach sich gezogen hat. Und natürlich freue ich mich, zu erfahren wie ich incredibar los werde! :)
Vielen Dank schon mal, dass ihr euch die logs anschaut!
Liebe Grüße,
Raph |
