mozilla

ich habe es über ausführen-firefox.exe-ProfileManager bei geschlossenem browser versucht. wurde leider nicht gefunden. geht das auch anders?

thomas

hallo,

neues profil wurde erstellt, hat aber nix gebracht.

thomas

hallo,
ich habe firefox gelöscht und neu installiert, ohne erfolg. hier mal die fehlerkonsole in kopie:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de" id="facebook" class=" no_js">
<head>
<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-language" content="de" />
<script type="text/javascript">
//<![CDATA[
CavalryLogger=false;window._is_quickling_index="";if(window==window.top)window.Log=(function(){function g(){var n=Math.random();var o='';for(var m=0;m<4;m++){n=n*62;var p=Math.floor(n)%62;if(p>=10&&p<36){p=String.fromCharCode(p-10+65);}else if(p>=36&&p<62)p=String.fromCharCode(p-36+97);o+=p;}return o;}var k='_e_',l=(window.name||'').toString();l=(l.length==7&&k==l.substr(0,3))?l.substr(3):(window.name=k+g()).substr(3);var i=k+l+'_',f=new Date(+new Date()+604800000).toGMTString(),d=window.location.hostname.replace(/^.*(facebook\..*)$/i,'$1'),e='; expires='+f+';path=/; domain='+d,c=0,h=false,j=[];var b=function(m){return i+(c++)+'='+encodeURIComponent(m)+e;};var a=function(n){var o=(document.cookie.search(k)>=0);while(j.length>0){var p=b(j[0]);if(o&&((document.cookie.length+p.length)>3950||document.cookie.split(';').length>19))break;window.EagleEyeDev&&window.console&&console.log(j[0],'=>',p);document.cookie=p;o=true;j.shift();}if(!!n||!h&&o&&((document.cookie.length>2500||document.cookie.split(';').length>15))&&window.Arbiter&&window.OnloadEvent&&Arbiter.query(OnloadEvent.ONLOAD)){var m=new Image();h=true;m.onload=function(){h=false;a();};if(window.Env&&Env.tracking_domain){host=Env.tracking_domain;}else host='';m.src=host+'/ajax/nectar.php?asyncSignal='+(Math.floor(Math.random()*10000)+1)+'&'+(!n?'':'s=')+(+new Date());}};return function(q,m,o){var r=[l,+new Date(),q].concat(m);r.push(r.length);for(var n=0;n<r.length;n++)if(typeof r[n]=='string'){r[n]='"'+r[n].replace(/\"/g,'\\"').replace(/\n/g,'\\n')+'"';}else if(r[n]===null)r[n]='null';var p='['+r.join(',')+']';if(!o){j.push(p);}else document.cookie=b(p);a(o);};})();
//]]>
</script><noscript> <meta http-equiv=refresh content="0; URL=/plugins/activity.php?site=chip.de&width=336&height=260&header=false&colorscheme=light&font=verdana&border_color=%23ffffff&recommendations=false&_fb_noscript=1" /> </noscript>

<meta name="robots" content="noodp,noydir" />
<meta name="description" content=" Facebook ist ein soziales Netzwerk, das Menschen mit ihren Freunden, Arbeitskollegen, Kommilitonen und anderen Mitmenschen verbindet. Nutzer verwenden Facebook, um mit ihren Freunden in Verbindung zu bleiben, eine unbegrenzte Anzahl an Fotos hochzuladen, Links und Videos zu posten sowie mehr über die Personen zu erfahren, die sie kennenlernen." />
<link rel="alternate" media="handheld" href="http://www.facebook.com/plugins/activi…endations=false" />
<title>Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/zc/r/U2LuUZwou0V.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/zz/r/e_F_MPMsJmo.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/z3/r/zv7-gotvNDW.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/zA/r/m5vC-jWmTKp.js"></script>
</head><body class="transparent_widget ff3 win Locale_de_DE"><div id="FB_HiddenContainer" style="position:absolute; top:-10000px; width:0px; height:0px;" ></div><div id="u904795_1" class="fbConnectWidgetTopmost " style="height:258px; width:334px; border-color:#ffffff;font-family:"verdana", sans-serif;"><div class="mhs pvm phs ConnectActivityLogin uiBoxWhite"><a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=activity&extra_2=DE" target="_blank"><label class="mrm fbLoginButton uiButton uiButtonSpecial uiButtonLarge"><input value="Registrieren" type="submit" /></label></a><div class="ConnectActivityLoginMessage">Erstelle ein Konto oder <a onclick="ConnectSocialWidget.getInstance("u904795_1").login();"><b>melde dich an</b></a>, um herauszufinden, was deine Freunde machen.<img class="fbSocialWidgetTrackingPixel img" src="/campaign/impression.php?campaign_id=137675572948107&partner_id&placement=activity&extra_2=DE" /></div></div><div class="fbConnectWidgetContent phs pts"><div class="fbActivityWidgetContainer"><div class="mhs fbEmptyWidget fbWidgetTitle hidden_elem"><div class="mbs">Keine neueste Aktivität zum Anzeigen vorhanden.</div></div><div class="fbFriendsActivity fbSocial fbToggleLogin"></div></div><div id="u904795_2"><div class="fbSeparator hidden_elem fbRecommendationsSeparator"></div><div class="fbRecommendationWidgetContent"></div><img class="fbLoadImg img" src="http://static.ak.fbcdn.net/rsrc.php/z9/r/jKEcVPZFk-2.gif" width="32" height="32" /></div></div><div class="fbConnectWidgetFooter"><div class="fbFooterBorder"><div class="UIImageBlock clearfix"><a class="UIImageBlock_Image UIImageBlock_ICON_Image" target="_blank" href="http://developers.facebook.com/plugins/?footer=3" tabindex="-1"><i class="img spritemap_2pbdzb sx_289572"></i></a><div class="UIImageBlock_Content UIImageBlock_ICON_Content"><div class="uiTextMetadata"><span><a class="uiLinkSubtle" target="_blank" href="http://developers.facebook.com/plugins/?footer=3">Soziales Plug-in von Facebook</a></span></div></div></div></div></div></div><script type="text/javascript">
Env={user:0,locale:"de_DE",method:"GET",dev:0,start:(new Date()).getTime(),ps_limit:5,ps_ratio:4,svn_rev:314643,vip:"66.220.153.19",static_base:"http:\/\/static.ak.fbcdn.net\/",www_base:"http:\/\/http://www.facebook.com\/",tlds:["com"],rep_lag:20,pc:{"m":"1.0.4","l":"1.0.4","axi":true,"j":true,"bsz":16},fb_dtsg:"hmKip",lhsh:"33cff",tracking_domain:"http:\/\/pixel.facebook.com",silent_oops_errors:"1",ajax_threshold:"1",use_css_import_in_ie:"1",ajaxpipe_enabled:"1",chat_fe_rewrite:"1"};
</script>

<script type="text/javascript">Bootloader.setResourceMap({"JjMwq":{"name":"css\/ew5fdpag53sc484c.pkg.css","type":"css","permanent":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zc\/r\/U2LuUZwou0V.css"},"TZ\/br":{"name":"css\/4h2urodl9340ks8w.pkg.css","type":"css","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zz\/r\/e_F_MPMsJmo.css"},"gCDg8":{"name":"css\/sprite\/autogen\/2pbdzb.css","type":"css","nonblocking":1,"src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z3\/r\/zv7-gotvNDW.css"},"2ba9z":{"name":"css\/db8rqkhncp44ck40.pkg.css","type":"css","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z1\/r\/RfIYvZ69MrF.css"}});Bootloader.setResourceMap({"yokD9":{"name":"js\/4xuosto3egw000co.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zm\/p\/r\/wP8uoYw_2co.js"},"SN1QL":{"name":"js\/eqzx4see9o0s0ogs.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z9\/p\/r\/TbnTu29zdLN.js"},"dmecp":{"name":"js\/524oe6ry2ococ0g0.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zq\/p\/r\/i6ljkawYhm2.js"},"RpPeo":{"name":"js\/bmq929sp95w04swo.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zA\/r\/m5vC-jWmTKp.js"},"RffYz":{"name":"js\/photos\/inline_editor.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zi\/p\/r\/ps0nGykogRg.js"},"m96u2":{"name":"js\/photos\/PhotoTheater.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zJ\/p\/r\/M6fiRMaBO0R.js"},"MybL4":{"name":"js\/photos\/PhotoTagger.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zQ\/p\/r\/89_G2iK0LAe.js"},"LSVhT":{"name":"js\/8hmteb85xag40o4o.pkg.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zp\/p\/r\/EtxFGxR8s7N.js"},"w7NeV":{"name":"js\/photos\/TagToken.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/z3\/p\/r\/K26QZgVMD6F.js"},"+r4bX":{"name":"js\/photos\/TagTokenizer.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zm\/p\/r\/X3GaUlN71qz.js"},"sgZDr":{"name":"js\/detect_broken_proxy_cache.js","type":"js","src":"http:\/\/static.ak.fbcdn.net\/rsrc.php\/zK\/p\/r\/HWL11JhzW9w.js"}});
Bootloader.enableBootload({"async":["RpPeo","yokD9","JjMwq"],"dialog":["RpPeo","yokD9","JjMwq"],"dom-form":["RpPeo","yokD9","JjMwq"],"PhotoTheater":["RpPeo","yokD9","JjMwq","2ba9z","RffYz","m96u2"],"PhotoTagger":["RpPeo","yokD9","JjMwq","MybL4"],"TagToken":["RpPeo","yokD9","LSVhT","w7NeV"],"TagTokenizer":["RpPeo","yokD9","LSVhT","w7NeV","JjMwq","2ba9z","RffYz","m96u2","+r4bX"],"detect-broken-proxy-cache":["yokD9","RpPeo","sgZDr"]});Arbiter.registerCallback(InitialJSLoader.callback, ["BOOTLOAD\/ROADRUNNER_READY"]);Arbiter.registerCallback(function(){setTimeout(function() {InitialJSLoader.load(["yokD9","SN1QL","dmecp"]);Arbiter.inform("BOOTLOAD\/ROADRUNNER_READY", true, Arbiter.BEHAVIOR_STATE);}, 50)}, [OnloadEvent.ONLOAD_DOMCONTENT_CALLBACK]);</script><script type="text/javascript">
Bootloader.configurePage(["JjMwq","TZ\/br","gCDg8"]);
Bootloader.done(["js\/lib\/util\/log.js"]);

onloadRegister(function (){new ActivityWidget({"sOverflowContainerSelector":"#u904795_1","sStreamContainerSelector":"#u904795_1 .fbActivityWidgetContainer","sOverflowItemsSelector":"div.fbActivity","iNewestStoryTime":0,"bComboMode":false,"sRecommendationsChild":"u904795_2"}, "u904795_1");;});
onloadRegister(function (){new RecommendationsWidget({"sOverflowContainerSelector":"#u904795_1","sOverflowItemsSelector":"div.fbRecommendation","sStreamContainerSelector":"#u904795_1 div.fbRecommendationWidgetContent","sActivityParent":"u904795_1"}, "u904795_2");;});
onloadRegister(function (){window.intl_locale_rewrites = {"meta":{"\/_B\/":"^(.*[.,!?\\s]|)","\/_E\/":"([.,!?\\s].*|)$"},"patterns":{"\/(\u00df|s|z|x)\u0002?\u0001s_E\/":"$1\u0001$2","\/_\u0001([^\u0001]*)\u0001\/e":"mb_strtolower(\"\u0001$1\u0001\")","\/_\u0001([^\u0001]*)\u0001\/":"javascript"}};;});
onafterloadRegister(function (){Bootloader.loadComponents(["detect-broken-proxy-cache"], function(){ detect_broken_proxy_cache("0", "c_user") });;});

</script></body>
</html>
thomas

hallo,
hier das logfile:

hier das logfile von hijack:Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:12:52, on 16.11.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\WebWasher\wwasher.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Program Files\IncrediMail\bin\ImApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Users\Thomas\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
O1 - Hosts: # Copyright (c) 1993-2006 Microsoft Corp.
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - (no file)
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] "%ProgramFiles%\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKCU\..\Run: [WebWasher] C:\Program Files\WebWasher\wwasher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\http://EXCEL.EXE/3000
O8 - Extra context menu item: Zur Filterliste hinzufügen (WebWasher) - http://-Web.Washer-/ie_add
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/…ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: QSHJ - QLogic Corporation - (no file)
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe

--
End of file - 5607 bytes
thomas

hallo,
hier das logfile von malwasrebyte.
wie lösche ich die bei hijack gefundenen sachen?
thomas

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Datenbank Version: 5126

Windows 6.0.6000
Internet Explorer 8.0.6001.18882

16.11.2010 15:15:21
mbam-log-2010-11-16 (15-15-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166524
Laufzeit: 6 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
thomasInfizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)