hallo, leute das ist mein erster post - normalerweise hab ich keine troubles mit computer aber das ist der comp meiner Untermieterin und da siehts bös aus. hier mal das log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at ¿ÀÈÄ 10:24:07, on 2003-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
C:\Programme\CyberLink\PowerCinema\PCMService.exe
C:\Programme\QuickTime\qttask.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\PROGRA~2\myLinker\myLinker.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\WebSearchBar\WebSearchBar.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\nhvwind\nhvwind.exe
C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programme\WebSearchBar\WebSearchShop.exe
C:\WINDOWS\mgrs.exe
C:\Programme\MSN Messenger\MsnMsgr.Exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\NETGEAR\MA101 USB Adapter Configuration Utility\WlanMonitor.exe
C:\WINDOWS\system32\sistray.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\hosthost.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\agentserver.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\agentserver.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\agentserver.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\agentserver.exe
C:\DOKUME~1\SOYOUN~1\LOKALE~1\Temp\agentserver.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,
O3 - Toolbar: ³×À̹ö Åø¹Ù(&N) - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Programme\Naver\NaverToolbar\NaverTB_0_1_18.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar3.dll
O3 - Toolbar: Doumitoolbar - {D083EBAE-FA15-4941-856C-ED9B7565FDE4} - C:\Programme\doumitlb\dtlb.dll
O3 - Toolbar: ½ºÅ丮¹Ù(&D) - {2A92C47B-759F-4d42-8E4A-0F807C5BCDBF} - C:\WINDOWS\system32\storybar\storybar.dll
O3 - Toolbar: Joypump - {79C83803-4EA6-11D5-9C81-000102657B37} - c:\Program Files\JoyPump\jpbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programme\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programme\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [myLinker] C:\PROGRA~2\myLinker\myLinker.exe /B
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [DiskCheck] C:\WINDOWS\twainxp.exe
O4 - HKLM\..\Run: [vbmvc2] C:\WINDOWS\vbmvc2\vbmvc2.exe
O4 - HKLM\..\Run: [WebSearchBar.exe] C:\Programme\WebSearchBar\WebSearchBar.exe
O4 - HKLM\..\Run: [WebSearchshopUpdater] C:\Programme\WebSearchBar\WebSearchshopUpdater.exe
O4 - HKLM\..\Run: [bmDvr] C:\WINDOWS\bmDvrinit.exe
O4 - HKLM\..\Run: [plusup] C:\Programme\pointplus\plusup.exe
O4 - HKLM\..\Run: [ip4fw] C:\WINDOWS\system32\drivers\ip4fw.exe
O4 - HKLM\..\Run: [Esearch.exe] C:\Programme\Esearch\Esearch.exe
O4 - HKLM\..\Run: [doumitlb] C:\Programme\doumitlb\dojob.exe
O4 - HKLM\..\Run: [imgupt] C:\WINDOWS\system32\imgsrc.exe
O4 - HKLM\..\Run: [nhvwind] C:\Program Files\nhvwind\nhvinit.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dcooper] C:\WINDOWS\system32\dcooper\dcooper.exe
O4 - HKLM\..\Run: [monsysnt] c:\windows\java\monsysnt.exe
O4 - HKLM\..\Run: [ctfmon] c:\windows\inf\ctfmon.exe
O4 - HKLM\..\Run: [zlclient] c:\Program Files\Zone Labs\bin\zlclient.exe
O4 - HKLM\..\Run: [CTNotify] c:\Program Files\Creative\ShareDLL\bin\CTNotify.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu21.exe 61A847B5BBF72810338B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] "C:\Programme\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programme\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [dalgonaTVPlay] C:\Program Files\dalgonaTVPlay\dalgonaTVPlay.exe /WS
O4 - HKCU\..\Run: [ninza] C:\WINDOWS\system32\ninza.exe /WS
O4 - HKCU\..\Run: [w1] C:\windows\w1.exe
O4 - HKCU\..\Run: [ShopPoint] C:\Program Files\ShopPoint\ShopPoint.exe /WS
O4 - HKCU\..\Run: [netsurfing] C:\Program Files\netsurfing\netsurfing.exe /WS
O4 - HKCU\..\Run: [story] C:\WINDOWS\system32\storybar\dllload.exe
O4 - HKCU\..\Run: [WinPop] C:\Programme\WinPop\winpop.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [Rtbp] "C:\WINDOWS\system32\sŒmbols\ati2evxx.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: 4.exe
O4 - Global Startup: MA101 Configuration Utility .lnk = ?
O8 - Extra context menu item: ³×À̹ö °Ë»ö - res://C:\Programme\Naver\NaverToolbar\NaverTB_0_1_18.dll /SEARCH.HTML
O8 - Extra context menu item: ³×À̹ö »çÀü °Ë»ö - res://C:\Programme\Naver\NaverToolbar\NaverTB_0_1_18.dll /DIC.HTML
O8 - Extra context menu item: ³×À̹ö ÀÏÇÑ ¹ø¿ª - res://C:\Programme\Naver\NaverToolbar\NaverTB_0_1_18.dll /JKTRANS.HTML
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {E00FFFBF-EF6D-4eff-B9F7-98736BFBBFB3} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.inicis.com
O15 - Trusted Zone: http://*.vpay.co.kr
O16 - DPF: {04E7BADF-F3B9-420D-B82D-8D8CADEFE4F9} (CyImage2Ctl Class) - http://cyimg7.cyworld.com/ImageUpload/CyImageUpload_10212.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} (AllatPayREAtl Class) - https://tx.allatpay.com/component/AllatPayRE.cab
O16 - DPF: {447C981D-C4C8-41C7-9690-F8BD7BE1A978} (NADLUpdate Class) - http://www.nanet.go.kr/dl/NADL.3.0.0.17.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {55CE0824-B8F3-4E6A-9797-17FDA555A8E5} (KvpTopd Control) - http://www.vpay.co.kr/kvpfiles/KvpTPd20.cab
O16 - DPF: {7C956F87-2C33-4671-BB4E-AEF3E18AD086} (top0u Control) - http://www.top0u.com/newprogram/topweb.cab
O16 - DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} (XecureWeb 4.0 Client Control) - http://download.softforum.co.kr/Published/XecureWeb/v7.0.5.0/xw_install.cab
O16 - DPF: {A00B2A53-60D9-4477-ADA3-60490770C5E0} (Hanmail Upload Control) - http://mail.daum.net/hanmail-ax/hanmail.cab
O16 - DPF: {A1832535-5218-42F9-8959-19E2BCABFABF} (INIwallet50 Control) - http://plugin.inicis.com/wallet50/INIwallet50.cab
O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
O16 - DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} (Daum ActiveX manager Class) - http://cafeimg.hanmail.net/cto/xman.cab?ver=1,2,2,0
O16 - DPF: {C296DB5F-4B01-47E1-AB57-C590BE769111} (MOPlayerWnd Class) - http://www.melon.com/cab/P3Melon.cab
O16 - DPF: {C772574F-4D12-4427-B55A-DDA69AEFECDB} (jjang1 Control) - http://www.top0u.com/newprogram/maroo2.cab
O16 - DPF: {CEAF43B1-E8C1-426D-A63C-92C71212E6E5} (PlayerCue Control) - http://touch.imbc.com/ActiveX/iMBCOnlineService.cab
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://update.nprotect.net/nprotect/module/npx.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
O16 - DPF: {E831AA9C-C980-4F16-B252-09AAF40D0E9B} (Kdfense9 Control) - http://kings.cachenet.com/kdfx218/kbstar/kdfense9.cab
O16 - DPF: {FEE1002D-90A5-4A5D-AABE-01803FFBCF7A} (pCastPanel Class) - http://ps.itv.mop.com/dn/files/pCastCtl-1.0.0.94_signed.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL c:\windows\system32\ldcore.dll
O21 - SSODL: jxcuadbpx - {19D235B3-4341-4D9D-A225-02E71EA470EF} - C:\WINDOWS\system32\jxcuadbpx.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U295b3VuZyBQYXJr\command.exe (file missing)
O23 - Service: Error Event System (erevents) - Unknown owner - C:\WINDOWS\system32\drivers\syslgerr.exe (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Local Manager lagacy (LMlagacy) - Unknown owner - C:\WINDOWS\ctfmon.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programme\Network Monitor\netmon.exe (file missing)
O23 - Service: nvsvc32_ - Unknown owner - c:\Program Files\DivX\bin\nvsvc32.exe (file missing)
O23 - Service: System Spool Service (sspoolsrv) - Unknown owner - C:\WINDOWS\system32\wbem\spoolsv.exe (file missing)

--
End of file - 11118 bytes

auftauchen tut nicht die s2f.exe die auch noch drauf ist

und das auf einem intel celeron 1.3 ghz mit sage un schreibe 192 mb Ram

soll ich jetzt lieber gleich alles platt machen oder ist da nochwas zu retten?

danke für hilfe

setcookie

Zitat:

Zitat von setcookie

soll ich jetzt lieber gleich alles platt machen!

Da ist nichts mehr zu machen massige Backdoor Infektionen und anderes Gesocks.

ich hatte sowas befürchtet - na ja wird wohl das beste und schnellste sein format c: dauert ja nur 10 min