tach,
besteht eine möglichkeit den dreck (winshost.exe) loszuwerden ohne die kiste plattzumachen?
bin leider a bloody fucking kombudaamadeur, hab aber mitbekommen, dass man mit
HijackThis eine logfile erstellen kann, die begabtere menschen lesen können.
hier is es:
Logfile of
HijackThis v1.99.1
Scan saved at 22:18:59, on 09.03.05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE
C:\PROGRAMME\FREEPDF\FREEPDFA.EXE
C:\WINDOWS\SYSTEM\WINSHOST.EXE
C:\PROGRAMME\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\WINDOWS\TWAIN_32\1200CU\WATCH.EXE
C:\LOGITECH\MOUSE\SYSTEM\KBDTRAY.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\MY DOWNLOAD FILES\DOWNLOADED FILES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.crooder.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://homepage.com�%00@www.efinder.cc/hp/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://homepage.com�%00@www.efinder.cc/search/ (obfuscated)
O1 - Hosts: 66.250.171.167 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMME\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMME\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [w32sup] C:\WINDOWS\SYSTEM\w32sup.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [AVSCHED32] C:\PROGRAMME\AVPERSONAL\AVSCHED32.EXE /min
O4 - HKLM\..\Run: [FreePDFAssistent] C:\PROGRA~1\FreePDF\FreePDFA.exe
O4 - HKLM\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programme\Babylon Translator\Babylon.exe
O4 - HKCU\..\Run: [winshost.exe] C:\WINDOWS\SYSTEM\winshost.exe
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Programme\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: Watch.lnk = C:\WINDOWS\TWAIN_32\1200CU\WATCH.exe
O13 - WWW. Prefix:
http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} (DataDesign DDBAC Plug-In) -
Linear-Darstellung
