____________________________________
Bitte immer einen Betreff eingeben,
Nope
Hallo,
habe seit gestern das Problem mit der Startseite about:blank . Ich habe schon fast alles auprobiert und bin fast am verzweifeln.
Hier das Logfile von Hijack:
Logfile of HijackThis v1.97.7
Scan saved at 10:08:25, on 11.05.2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\0190WA~1\w0svc.exe
C:\WINDOWS\System32\alg.exe
C:\Programme\AVPersonal\AVGUARD.EXE
C:\Programme\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
C:\Programme\AVPersonal\AVGNT.EXE
C:\ati-cpanel\atiptaxx.exe
C:\PROGRA~1\0190WA~1\WARN0190.EXE
C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programme\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Programme\DeTeMedien\Das Telefonbuch für Deutschland\OMAlarm.exe
C:\Programme\WinZip\WZQKPICK.EXE
C:\Programme\Internet Explorer\IEXPLORE.EXE
C:\Dokumente und Einstellungen\Raiba Bibertal eG\Eigene Dateien\Sauter\Treiber\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\System32\ondohea.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.portal.rbg.de/cgi-bin/proxy.pac
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {89AE5412-729C-442A-9156-A3D18FFC8052} - C:\WINDOWS\System32\ondohea.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SuperSpamKiller Pro] C:\PROGRA~1\SSKPRO\SSK.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [KAZAA] D:\KaZaA Lite\Kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [AVGCtrl] C:\Programme\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [ATIPTA] C:\ati-cpanel\atiptaxx.exe
O4 - HKLM\..\Run: [0190 Warner] C:\PROGRA~1\0190WA~1\WARN0190.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Programme\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeManager Terminerinnerung.lnk = ?
O4 - Global Startup: VR-NetWorld Auftragsprüfung.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programme\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: SYSTRAN: &Alle Rahmen übersetzen - C:\Programme\Systran\Premium\menuTranslateAll.html
O8 - Extra context menu item: SYSTRAN: &Nach Aktualisierungen durchsuchen - C:\Programme\Systran\Premium\menuUpdate.html
O8 - Extra context menu item: SYSTRAN: &Optionen - C:\Programme\Systran\Premium\menuConfigure.html
O8 - Extra context menu item: SYSTRAN: &Registrieren - C:\Programme\Systran\Premium\menuRegister.html
O8 - Extra context menu item: SYSTRAN: &Übersetzen - C:\Programme\Systran\Premium\menuTranslate.html
O8 - Extra context menu item: SYSTRAN: Übersetzungstemporärspeicher &leeren - C:\Programme\Systran\Premium\menuClearCache.html
O9 - Extra button: @sysiecom.dll,-2100 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102 (HKLM)
O9 - Extra button: @sysiecom.dll,-2103 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105 (HKLM)
O9 - Extra button: @sysiecom.dll,-2115 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111 (HKLM)
O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114 (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Loader Class) - http://connect.online-dialer.com/MaConnect.cab
O16 - DPF: {19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} (MSSecurityAdvisor Class) - http://download.microsoft.com/download/0/5/c/05c905f4-dd30-427d-a3de-373c3e5552fc/msSecAdv.cab?1071659439000
O16 - DPF: {67B15B0B-160C-4579-95AF-858169659092} (IELoaderCtl Class) - http://freeload.cc/secure/ieloader.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37930.1100462963
O16 - DPF: {BD11A280-2E73-11CF-B6CF-00AA00A74DAE} - file://C:\Info_sex4.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) - http://www.download-url.de/install/StarInstall.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/de/check/qdiagh.cab?312
Kann mir jemand weiterhelfen??
Danke
Gruß
Tobias
Tobias Gast |