Werbefenster bei Mozilla Lof-File inside
 

Hallo Forum.
Bei Mozilla gehen bei mir immer Werbefenster als neue Tabs auf. Was kann man machen?
Besten Dank im Voraus

Daniel

Hijackthis gibt folgendes File aus:

Logfile of HijackThis v1.99.1
Scan saved at 12:09:44, on 18.03.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\soundman.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\pxxvpprp\dYgDIcxN.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\paytime.exe
C:\mousepad3.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\ieredir.exe
C:\Programme\webHancer\Programs\whagent.exe
C:\PROGRA~1\pxxvpprp\NxcIDgYd.exe
C:\PROGRA~1\GEMEIN~1\kwom\kwomm.exe
C:\Programme\Internet Explorer\iexplore.exe
e:\fritzdsl\IGDCTRL.EXE
E:\AntiVir\AVWUPSRV.EXE
e:\Catia V5 R 11\intel_a\code\bin\CATSysDemon.exe
C:\PROGRA~1\GEMEIN~1\kwom\kwoma.exe
E:\Mathlab\webserver\bin\win32\matlabserver.exe
C:\Programme\Network Monitor\netmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
E:\Mozilla\firefox.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
E:\My Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = wwwcache.lboro.ac.uk:3128
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Adobe Acrobat\6.0 Professional\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Programme\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4a40.dll"
O4 - HKCU\..\Run: [PCShield] regsvr32 /s "C:\WINDOWS\System32\sfg_4a40.dll"
O4 - HKCU\..\Run: [Shell] "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\ibm00001.exe"
O8 - Extra context menu item: Add A Page Note - C:\Programme\CommonName\Toolbar\createnote.htm
O8 - Extra context menu item: Bookmark This Page - C:\Programme\CommonName\Toolbar\createbookmark.htm
O8 - Extra context menu item: Email This Link - C:\Programme\CommonName\Toolbar\emaillink.htm
O8 - Extra context menu item: Search using CommonName - C:\Programme\CommonName\Toolbar\navigate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Unknown file in Winsock LSP: e:\fritzdsl\sarah.dll
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Unknown file in Winsock LSP: e:\fritzdsl\sarah.dll
O10 - Unknown file in Winsock LSP: e:\fritzdsl\sarah.dll
O11 - Options group: [CommonName] CommonName
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - e:\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - e:\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: ShellCompatibility - C:\WINDOWS\system32\lv2409fqe.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - E:\\ANTIVIR\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVM IGD CTRL Service - AVM Berlin - e:\fritzdsl\IGDCTRL.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - E:\\AntiVir\AVWUPSRV.EXE
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - e:\Catia V5 R 11\intel_a\code\bin\CATSysDemon.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Programme\Gemeinsame Dateien\AVM\de_serv.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Unknown owner - C:\Programme\Groove Networks\Groove\Bin\GrooveInstallerService.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - E:\Mathlab\webserver\bin\win32\matlabserver.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: IrBridge User-Level Interface (USRBRIDG) - Extended Systems, Inc. - C:\WINDOWS\system32\usrbridg.exe

Hallo Daniel1214,

Dein System ist reichlich verseucht.
Mein Rat wäre ein sauberer Schnitt in Form einer Neuinstallation.

Empfohlene Anleitung zur Neuinstallation:
http://www.trojaner-board.de/showthread.php?t=12154

Thema Datensicherung
http://www.trojaner-board.de/showpos...8&postcount=11

dartus