I have a problem with the jvaw.exe . I searched with S&D and fixed all problems, but still the jvaw.exe run in the taskmanager. When i closed it in taskmanager, it's appeared 2 seconds later. Then i tried to remove it with regclean, because it is in startup. Same promblem it appear 2 seconds later. In regclean there is a path of this jvaw.exe, but when i open the folder there is nothing.

I hope you could help me and you understand my problem and spelling.

Hi
Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Post the Hijackthis log here in this thread.
Someone will then take a look at the system and advise you.

I thought this forum is for solving problems. I discribed my problem 2 times. I don't get any help. Only a incomprehensible thread.

Thank you for nothing.

Sorry my mistake. I didn't read the whole post.

Here the log:

Logfile of HijackThis v1.99.1
Scan saved at 18:35:46, on 28.06.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\RUNDLL32.EXE
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\TCAUDIAG.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\MSN Messenger\msnmsgr.exe
D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\iPod\bin\iPodService.exe
D:\WINNT\system32\wuauclt.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\DOKUME~1\EIKE~1.ICE\LOKALE~1\Temp\!update.exe
D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe
D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
D:\Dokumente und Einstellungen\eike.ICET\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - Default URLSearchHook is missing
O1 - Hosts: 83.151.24.130 L2authd.lineage2.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Arcqkx] D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146681836781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - AppInit_DLLs: D:\WINNT\system32\svchost.dll
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe


Same problem with hijack: Fix Problem, next scan, same problem.

Please disable SpybotSD TeaTimer for now
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon and Uncheck the box next to Teatimer.
"resident tea timer"protection of all-over system settings) active"
Close SpyBot.
We will remind you to turn it on later


Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [Arcqkx] D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
====================================
Hit fix checked , scan again place a check next to
O20 - AppInit_DLLs: D:\WINNT\system32\svchost.dll
Click fix checked and close Hijackthis. (Not to worry about the error)
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download X-purity.zip to your desktop
http://downloads.subratam.org/Beta/X-purity.zip
extract/unzip the files inside also top the desktop,
open the X-purity folder and run the batch file X-purity.bat
A log will open when it is finished, post it back here in a reply.

Why dont we see an antivirus program in your logs ?

I had some porblem with x-purity. So i have to change ( delete one command) the batch file. So i hope one of this files are the log you want:
Set desktop=D:\DOKUME~1\EIKE~1.ICE\DESKTOP
Set favorites=D:\DOKUME~1\EIKE~1.ICE\FAVORI~1
Set startprg=D:\DOKUME~1\EIKE~1.ICE\STARTM~1\PROGRA~1
Set startm=D:\DOKUME~1\EIKE~1.ICE\STARTM~1
Set startup=D:\DOKUME~1\EIKE~1.ICE\STARTM~1\PROGRA~1\AUTOST~1
Set mydocs=D:\DOKUME~1\EIKE~1.ICE\EIGENE~1
Set AppData=D:\DOKUME~1\EIKE~1.ICE\ANWEND~1
Set audesktop=D:\DOKUME~1\ALLUSE~1.WIN\DESKTOP
Set aufavorites=D:\DOKUME~1\ALLUSE~1.WIN\FAVORI~1
Set austartprg=D:\DOKUME~1\ALLUSE~1.WIN\STARTM~1\PROGRA~1
Set austartm=D:\DOKUME~1\ALLUSE~1.WIN\STARTM~1
Set austartup=D:\DOKUME~1\ALLUSE~1.WIN\STARTM~1\PROGRA~1\AUTOST~1


KeyPath = "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"
File = "SetPaths.bat"

Set Shell = WScript.CreateObject("WScript.Shell")
Set ObjFileSystem = CreateObject("Scripting.fileSystemObject")
Set ObjOutputFile = ObjFileSystem.CreateTextFile(File, TRUE)
Set ObjRegExp = New RegExp

Function ShortFileName(Path)
Dim f
Set f = ObjFileSystem.GetFolder(Path)
ShortFileName = f.ShortPath
End Function
Function Accents(Str)
ObjRegExp.Pattern = "[^a-zA-Z_0-9\\: ]"
ObjRegExp.IgnoreCase = True
ObjRegExp.Global = True
Accents = ObjRegExp.Replace(Str, "?")
End Function

TmpVar = Shell.RegRead (KeyPath & "Desktop")
TmpVar = ShortFileName(TmpVar)
Var = "Set desktop=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Favorites")
TmpVar = ShortFileName(TmpVar)
Var = "Set favorites=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Programs")
TmpVar = ShortFileName(TmpVar)
Var = "Set startprg=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Start Menu")
TmpVar = ShortFileName(TmpVar)
Var = "Set startm=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Startup")
TmpVar = ShortFileName(TmpVar)
Var = "Set startup=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Personal")
TmpVar = ShortFileName(TmpVar)
Var = "Set mydocs=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "AppData")
TmpVar = ShortFileName(TmpVar)
Var = "Set AppData=" & TmpVar
ObjOutputFile.WriteLine(Var)

KeyPath = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\"
TmpVar = Shell.RegRead (KeyPath & "Common Desktop")
TmpVar = ShortFileName(TmpVar)
Var = "Set audesktop=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Common Favorites")
TmpVar = ShortFileName(TmpVar)
Var = "Set aufavorites=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Common Programs")
TmpVar = ShortFileName(TmpVar)
Var = "Set austartprg=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Common Start Menu")
TmpVar = ShortFileName(TmpVar)
Var = "Set austartm=" & TmpVar
ObjOutputFile.WriteLine(Var)

TmpVar = Shell.RegRead (KeyPath & "Common Startup")
TmpVar = ShortFileName(TmpVar)
Var = "Set austartup=" & TmpVar
ObjOutputFile.WriteLine(Var)

ObjOutputFile.Close
Set objFileSystem = Nothing
Set Shell = Nothing
Set ObjRegExp = nothing

If i didn't edit the batch file nothing happen with it. Only working screen or take this little bat so much time (>10 min).
So now the subject about antivirus programs. I didn't have one because i have to often problems with them (autoupdate, find something and can't delete it, slower system, problems with ports and so on).
If you could tell me a better program then antivir i will run it.

What exactly did you edit, and where are the results from running it, a text file you posted contents of batch.

Why doesnt antivir show in your logs ?

I have edited these 2 lines:
del SetPaths.bat
del GetPaths.vbs
There didn't open any log so i thought one of these 2 files are the log.

Why doesnt antivir show in your logs ?
Read the lines over your post.

Is there a d:\report.txt ?, if so open and post it
If there is not delete x-purity.zip and its folder

Manualy delete these folders at only these locations
D:\PROGRA~1\COMMON~1\APPPATCH\ If the only file inside is > cmd.exe
D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MICROSO.NET\ If the only file inside is > JVAW~1.EXE

AVG is a great program
mentioned in this thread
http://forums.spybot.info/showthread.php?t=279
If there are update problems let me know, afterwards post a fresh hijackthis log.

SO here a new log:

Logfile of HijackThis v1.99.1
Scan saved at 09:49:44, on 02.07.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\RUNDLL32.EXE
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\TCAUDIAG.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\iPod\bin\iPodService.exe
D:\Programme\MSN Messenger\msnmsgr.exe
D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe
D:\WINNT\system32\wuauclt.exe
D:\Programme\Mozilla Firefox\firefox.exe
D:\Dokumente und Einstellungen\eike.ICET\Desktop\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 83.151.24.130 L2authd.lineage2.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Arcqkx] D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146681836781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - AppInit_DLLs: svchost.dll D:\WINNT\system32\svchost.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe

This folder is empty D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MICROSO.NET\ and in this folder D:\PROGRA~1\COMMON~1\APPPATCH\ there is an other folder PPPATC~1. This folder is empty to.

Start Hijackthis and place a check next to these items If there.
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKCU\..\Run: [Arcqkx] D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\JVAW~1.EXE
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O20 - AppInit_DLLs: svchost.dll D:\WINNT\system32\svchost.dll
====================================
Hit fix checked and close Hijackthis.(not to worry about the error)

Copy the contents of the quote box below into a new notepad document (not wordpad).
Click file> save as...> call it moveit.bat > file types *all files*> and save it to desktop.


@echo off
attrib -h -s "D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET\*.*"
attrib -h -s "D:\PROGRA~1\COMMON~1\PPPATC~1\*.*"
move "D:\DOKUME~1\EIKE~1.ICE\ANWEND~1\MCROSO~1.NET" %temp%\
move "D:\PROGRA~1\COMMON~1\PPPATC~1" %temp%\

Run moveit.bat
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Start Hijackthis and place a check next to those same items if there and click fix checked.

Post back with another Hiajckthis log please

I think the problem is solved. Good help. I am very grateful. I post a last log. I hope the system is clean now.

Logfile of HijackThis v1.99.1
Scan saved at 12:37:15, on 02.07.2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\Programme\AntiVir PersonalEdition Classic\sched.exe
D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\hidserv.exe
D:\WINNT\System32\nvsvc32.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\system32\RUNDLL32.EXE
D:\WINNT\system32\RunDll32.exe
D:\WINNT\system32\TCAUDIAG.exe
D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
D:\Programme\iTunes\iTunesHelper.exe
D:\Programme\Logitech\MouseWare\system\em_exec.exe
D:\Programme\QuickTime\qttask.exe
D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programme\iPod\bin\iPodService.exe
D:\Programme\MSN Messenger\msnmsgr.exe
D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\WINNT\system32\wuauclt.exe
D:\Programme\RegCleaner\RegCleanr.exe
D:\Dokumente und Einstellungen\eike.ICET\Desktop\HijackThis.exe

O1 - Hosts: 83.151.24.130 L2authd.lineage2.com
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -on
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programme\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Programme\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "D:\Programme\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = D:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINNT\web\related.htm
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1146681836781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O20 - AppInit_DLLs: svchost.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - D:\Programme\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - D:\Programme\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Verwaltungsdienst für die Verwaltung logischer Datenträger (dmadmin) - VERITAS Software Corp. - D:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Programme\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINNT\System32\nvsvc32.exe

Good

Start Hijackthis and place a check next to these items If there.
O4 - HKCU\..\Run: [Aawn] "D:\PROGRA~1\COMMON~1\PPPATC~1\cmd.exe" -vt tzt
O20 - AppInit_DLLs: svchost.dll

Optional fix's
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Programme\PartyGaming\PartyPoker\RunApp.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post back with another log after about a full day please

How is the computer running Xprisoner

This topic is closed.

If you need it re-opened please send me a pm and provide a link to the thread.
Applies only to the original topic starter.