Coolwwwsearch and rootkit problem

**aseee** · 2008-09-20, 22:29

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-20 22:28:05
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT sptd.sys ZwCreateKey [0xF76C3B3A]
SSDT F7E4C214 ZwCreateThread
SSDT sptd.sys ZwEnumerateKey [0xF76C3C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF76C3FF6]
SSDT sptd.sys ZwOpenKey [0xF76C3A18]
SSDT F7E4C200 ZwOpenProcess
SSDT F7E4C205 ZwOpenThread
SSDT sptd.sys ZwQueryKey [0xF76C40C0]
SSDT sptd.sys ZwQueryValueKey [0xF76C3F58]
SSDT sptd.sys ZwSetValueKey [0xF76C4148]
SSDT F7E4C20F ZwTerminateProcess
SSDT F7E4C20A ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

? tstkyt.sys Das System kann die angegebene Datei nicht finden. !
? C:\WINDOWS\system32\drivers\sptd.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
? C:\WINDOWS\System32\Drivers\SPTD4413.SYS Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F63534D0 3 Bytes [ EE, 1E, 71 ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 4 F63534D4 12 Bytes [ 29, E1, 12, A1, FF, 75, 50, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F63534E1 31 Bytes [ 20, 35, F6, B2, 21, C5, 34, ... ]
? C:\WINDOWS\System32\Drivers\dtscsi.sys Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F76CCDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76E271E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F76CD3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F76CD2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F76CD482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F76CD482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F76CD3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F76CD2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76E2032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F76CCF6E] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76E2864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F76D1F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F76E1C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F76E1C82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F76E2864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F76BF020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F76BF020] sptd.sys

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 87388C78
Device \FileSystem\Fastfat \FatCdrom 86013708
Device \FileSystem\Fastfat \FatCdrom 86E4288C
Device \Driver\dmio \Device\DmControl\DmIoDaemon 873D4A40
Device \Driver\dmio \Device\DmControl\DmConfig 873D4A40
Device \Driver\dmio \Device\DmControl\DmPnP 873D4A40
Device \Driver\dmio \Device\DmControl\DmInfo 873D4A40
Device \Driver\prodrv06 \Device\ProDrv06 E1A60C30
Device \Driver\Ftdisk \Device\HarddiskVolume1 873D4C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 873D4C78
Device \Driver\Cdrom \Device\CdRom0 86E8B008
Device \FileSystem\Rdbss \Device\FsWrap 871B3458
Device \FileSystem\Rdbss \Device\FsWrap 86F52B44
Device \Driver\Cdrom \Device\CdRom1 86E8B008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86F21008
Device \Driver\atapi \Device\Ide\IdePort0 86F21008
Device \Driver\Cdrom \Device\CdRom2 86E8B008
Device \Driver\Cdrom \Device\CdRom3 86E8B008
Device \Driver\NetBT \Device\NetBT_Tcpip_{6D9375D0-B53C-46D9-BF7E-9DF2B8FE601C} 86FD20E8
Device \Driver\Cdrom \Device\CdRom4 86E8B008
Device \Driver\USBSTOR \Device\000000a8 871AA6D0
Device \Driver\prohlp02 \Device\ProHlp02 E18D6780
Device \Driver\USBSTOR \Device\000000a9 871AA6D0
Device \Driver\NetBT \Device\NetBt_Wins_Export 86FD20E8
Device \Driver\NetBT \Device\NetbiosSmb 86FD20E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{0F2107D0-6C63-4E7F-BBAC-8DFACE06719E} 86FD20E8
Device \FileSystem\Srv \Device\LanmanServer 872797EC
Device \Driver\00000050 \Device\0000005c sptd.sys
Device \Driver\Disk \Device\Harddisk0\DR0 87388EB0
Device \Driver\Disk \Device\Harddisk1\DR1 87388EB0
Device \Driver\Disk \Device\Harddisk2\DR6 87388EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+7 87388EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86EEC0E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8711D4B4
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86EEC0E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8711D4B4
Device \FileSystem\Npfs \Device\NamedPipe 87029CB8
Device \FileSystem\Npfs \Device\NamedPipe 86CDFCB4
Device \Driver\Ftdisk \Device\FtControl 873D4C78
Device \FileSystem\Msfs \Device\Mailslot 86CD6118
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target1Lun0 871AD058
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target6Lun0 873D4550
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target6Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target1Lun0 873D4550
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target1Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 86176C38
Device \Driver\KR10N \Device\Scsi\KR10N1 873D4550
Device \Driver\KR10N \Device\Scsi\KR10N1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 871AD058
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target0Lun0 873D4550
Device \Driver\KR10N \Device\Scsi\KR10N1Port1Path0Target0Lun0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target2Lun0 871AD058
Device \Driver\dtscsi \Device\Scsi\dtscsi1 871AD058
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target3Lun0 871AD058
Device \FileSystem\Fastfat \Fat 86013708
Device \FileSystem\Fastfat \Fat 86E4288C

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 870422FC
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 870422FC
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 870422FC
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 870422FC
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 870422FC
Device \FileSystem\Cdfs \Cdfs 86D1A0E8
Device \FileSystem\Cdfs \Cdfs 871910AC

---- Modules - GMER 1.0.14 ----

Module _________ F75C8000-F75E0000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0x3D 0xF3 0xAB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x31 0x04 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xFE 0x85 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCD 0xCF 0xA8 0x80 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x3A 0x01 0x63 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x3A 0x01 0x63 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -1267934926
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -887537436
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 530801311
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xE5 0x3D 0xF3 0xAB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x86 0x31 0x04 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCC 0xFE 0x85 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xCD 0xCF 0xA8 0x80 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x3A 0x01 0x63 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x3A 0x01 0x63 0x40 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG06.00.00.01WORKSTATION D8805FE6CAC0FD1F50DDEC1272C58C614F5AC7E936AC24216B4938C9D14162DB8960EC2B43527A304098E4715915F7F680961C4C061AE16D22B114AE0E5624F1AA7BA9CAF9B84BCBF0E0372C635194860FD989D28C85C65EA125FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5C5D575E7D6A3B9808FEBC9E127BECC74C023291A1B28850424D01CD36BCB411C0DB5AC4A7564D845188F27A775250DEC7767D88B4762721EB00CFBBA6DD15D4B58210F79F222B1C1C6BF771CAD8DA9AF1A3AA37975F089A57BE130D2EF93C953580DC0DF4BDD801CEB56DA72ACBE771DD53FCE986E0F00741EC3B1278326B34BDF8F87C6496AF46C9E6F25C03050A4D6B02A1C1BEE14E482D251AF0331A06A513C18090AD8EAC1630B1109CC454F5ADC1DEA532023EAB4F60B4E62491381471BBE474689379F02E6AFE2D4EE57987A4C850FA0594433E23659D3EF74B8AC03304223A76DDA140DE266997275DACBBD62DED7957C0B45C610B15A01119005C9D79EB18015842040ED0BF00B32916340061055A9955490238E1046EE1BA7D5BF170E63BA3D28D4934A1877DD3C85438ED1994BC90232D4CE94089703672D8D48A80EF35CCA0A9425F8EF588BB4279AF044F5222547F7EFECEC275532B07E005538315793F1AAD4
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 0BE8DA16D80848BB3FEB834C4521BE7A3EA9BBECC265A6EF1F0D3500510E288268BEB85D53BB9343FB67E56F405A2114133D7AC66A5BC628C36738854FBDA4CEA2AA51877AE7748FE66FE3F174CD1799A68E0C844FEC25F9A56F823A2B0E96B128004742E4E77D08656D654243FCC6BD7B393A6CB8DC1587FC98DD6336A7A45A8C25886E90674308055C957B70B856ABB56F11FA5544EFE6A969577A2786786D0796C0215BE8E1E0764CE372A4A7F1001EFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D6794A6A0AC4980AC7933C038D530D6EB3452AE804B0E791A67A8F85488591BFBD162D53AF0805C022867ECB71E5579CD6B7BB0B404DFA575D00CA341BB0DED4CF0AD67DB167276B0C6269B5681A182F9750492C3BA8AC86C6ECBCDF3D3ECA1BE54B04F818BDA79323E603B76E94EA0BABFDF48F3BDC45D2FC86F7FF2DCF9D417CF8A4C15B5A5CAFB51705E80BA4D9ED41841D84D8FAAAFF45A23540A931AFC1DAD012FC1339EA08636542AA08C76191141FE5FA064BA63F916377E486B92DD9BA8FC5CF752F606CB972D59C8AC03003EF2950BFE2658ECF9DC1FBF808B1294E3F38CCF6B17C4DD5013C13BAF1A12992E59211FBE73CC96B9887272C94D290EC7B45E1415B801D916BA7B314B0C25FB359

---- EOF - GMER 1.0.14 ----

**Shaba** · 2008-09-21, 11:31

That looks normal now

Have you set these?

O17 - HKLM\System\CCS\Services\Tcpip\..\{4AD59486-ADA1-47B3-B186-C53743B6E789}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5160E54A-A4F6-4693-B031-1F356166FD1F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5824B53B-1DB7-4798-961F-D96F49204EE0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D15E2A-9E3D-48C8-8567-78BFB6B7B77A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

They are OpenDNS DNS servers.

**aseee** · 2008-09-21, 11:57

Thanks a lot, you did a great job.

No i didn´t set those.

**Shaba** · 2008-09-21, 12:05

Then we do this:

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank (if you haven't set it)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.66.10:8088 (if you haven't set it)
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4AD59486-ADA1-47B3-B186-C53743B6E789}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5160E54A-A4F6-4693-B031-1F356166FD1F}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{5824B53B-1DB7-4798-961F-D96F49204EE0}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4D15E2A-9E3D-48C8-8567-78BFB6B7B77A}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close all windows including browser and press fix checked.

Reboot.

Delete if still present:

C:\WINDOWS\system32\msxml71.dll

Empty Recycle Bin.

Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be available on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Post:

- a fresh HijackThis log
- uninstall list

**aseee** · 2008-09-21, 13:40

- HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36:15, on 21.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.66.10:8088
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download all links using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programme\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Programme\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7334 bytes

- uninstall list

Ad-aware 6 Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.8 - Deutsch
Advanced WMA Workshop version 2.1
Alcohol 120%
ALPS Touch Pad Driver
ArchiPHYSIK 6.1.8 aut
AutoCAD Architecture 2008 - Deutsch
Autodesk 3ds Max 9 32-bit
Autodesk Architectural Desktop 2006 - Deutsch
Autodesk DWF Viewer 7
Avira AntiVir Personal - Free Antivirus
Backburner
BitComet 0.87
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Cheating-Death 4.31.0
Counter-Strike 1.6
Direct Show Ogg Vorbis Filter (remove only)
DivX
DivX Content Uploader
DivX Player
DivX Web Player
DU Meter
EVEREST Home Edition v2.20
FBX Plugin 2006.08 for Max 9.0
Free YouTube Download 2.2
Free YouTube to Mp3 Converter version 3.1
Full Tilt Poker
Google Toolbar for Internet Explorer
GTK+ Runtime 2.10.11 rev b (nur entfernen)
Hamachi 1.0.1.5
HijackThis 2.0.2
HLSW v1.0.0.43
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915865)
Hotfix für Microsoft .NET Framework 2.0 (KB918842)
Hotfix für Windows XP (KB888795)
Hotfix für Windows XP (KB891593)
Hotfix für Windows XP (KB899337)
Hotfix für Windows XP (KB899510)
Hotfix für Windows XP (KB902841)
Hotfix für Windows XP (KB952287)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
hp psc 2100 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HTML Executable IERuntime
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 5
Macromedia Flash Player
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
Microsoft Web Publishing Wizard 1.53
mIRC
missingLINK2006
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6
NeroVision Express 2
NVIDIA Drivers
O&O Defrag Professional Edition
plusAzuADT
PowerDVD
ProtectDisc Helper Driver 10
QuickTime
RealPlayer
ROSE Online Evolution
SD Secure Module
Shockwave
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893066)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB896688)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899588)
Sicherheitsupdate für Windows XP (KB899589)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB905915)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911567)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912812)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950749)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Skype 2.5
Sonic Encoders
SoundMAX
Spybot - Search & Destroy
Steam
Sven Co-op 3.0
System Requirements Lab
TeamSpeak 2 RC2
Texas Instruments PCIxx21/x515 drivers.
TOSHIBA Assist
TOSHIBA Benutzerhandbücher
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility für Anzeigegeräte
TOSHIBA PC-Diagnose-Tool
TOSHIBA Picture Enhancement
TOSHIBA Power Saver
TOSHIBA RAID Dienstprogramm
TOSHIBA SD-Speicherkarten-Formatierung
TOSHIBA Software Modem
TOSHIBA Touchpad Ein/Aus Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Utility zum Bildschirmwechsel
TOSHIBA Virtual Sound
TOSHIBA Zoom-Dienstprogramm
Touch and Launch
Uninstall 1.0.0.0
Update für Windows Media Player 10 (KB913800)
Update für Windows XP (KB894391)
Update für Windows XP (KB896727)
Update für Windows XP (KB898461)
Update für Windows XP (KB900485)
Update für Windows XP (KB908531)
Update für Windows XP (KB910437)
Update für Windows XP (KB932823-v3)
Update für Windows XP (KB951072-v2)
Update Rollup 2 für Windows XP Media Center Edition 2005
Ventrilo
VeohTV BETA
VideoLAN VLC media player 0.8.4a
V-Ray for 3dsmax R9 for x86
WhenU Save
Winamp
Winamp Remote
Winamp Toolbar
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
Windows XP-Hotfix - KB834707
Windows XP-Hotfix - KB873333
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885250
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB885884
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
Windows XP-Hotfix - KB887742
Windows XP-Hotfix - KB888113
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB889673
Windows XP-Hotfix - KB890546
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB893086
Windows XP-Hotfix - KB895961
WinRAR Archivierer
WinSchach XL
Wireless Hotkey
Worms World Party
XviD MPEG-4 Video Codec

**Shaba** · 2008-09-21, 14:07

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitComet 0.87

I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also this:

WhenU Save

Please post a fresh uninstall list.

**aseee** · 2008-09-21, 16:02

Ad-aware 6 Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop CS
Adobe Reader 7.0.8 - Deutsch
Advanced WMA Workshop version 2.1
Alcohol 120%
ALPS Touch Pad Driver
ArchiPHYSIK 6.1.8 aut
AutoCAD Architecture 2008 - Deutsch
Autodesk 3ds Max 9 32-bit
Autodesk Architectural Desktop 2006 - Deutsch
Autodesk DWF Viewer 7
Avira AntiVir Personal - Free Antivirus
Backburner
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
Cheating-Death 4.31.0
Counter-Strike 1.6
Direct Show Ogg Vorbis Filter (remove only)
DivX
DivX Content Uploader
DivX Player
DivX Web Player
DU Meter
EVEREST Home Edition v2.20
FBX Plugin 2006.08 for Max 9.0
Free YouTube Download 2.2
Free YouTube to Mp3 Converter version 3.1
Full Tilt Poker
Google Toolbar for Internet Explorer
GTK+ Runtime 2.10.11 rev b (nur entfernen)
Hamachi 1.0.1.5
HijackThis 2.0.2
HLSW v1.0.0.43
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB915865)
Hotfix für Microsoft .NET Framework 2.0 (KB918842)
Hotfix für Windows XP (KB888795)
Hotfix für Windows XP (KB891593)
Hotfix für Windows XP (KB899337)
Hotfix für Windows XP (KB899510)
Hotfix für Windows XP (KB902841)
Hotfix für Windows XP (KB952287)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.A
hp psc 2100 series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HTML Executable IERuntime
Intel(R) PRO Network Adapters and Drivers
InterVideo WinDVD for TOSHIBA
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 5
Macromedia Flash Player
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - DEU
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348)
Microsoft Visual Basic 6.0 Professional Edition (Deutsch)
Microsoft Web Publishing Wizard 1.53
mIRC
missingLINK2006
Mozilla Firefox (2.0.0.7)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Nero 6
NeroVision Express 2
NVIDIA Drivers
O&O Defrag Professional Edition
plusAzuADT
PowerDVD
ProtectDisc Helper Driver 10
QuickTime
RealPlayer
ROSE Online Evolution
SD Secure Module
Shockwave
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127-v2)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows XP (KB890046)
Sicherheitsupdate für Windows XP (KB893066)
Sicherheitsupdate für Windows XP (KB893756)
Sicherheitsupdate für Windows XP (KB896358)
Sicherheitsupdate für Windows XP (KB896422)
Sicherheitsupdate für Windows XP (KB896423)
Sicherheitsupdate für Windows XP (KB896424)
Sicherheitsupdate für Windows XP (KB896428)
Sicherheitsupdate für Windows XP (KB896688)
Sicherheitsupdate für Windows XP (KB899587)
Sicherheitsupdate für Windows XP (KB899588)
Sicherheitsupdate für Windows XP (KB899589)
Sicherheitsupdate für Windows XP (KB899591)
Sicherheitsupdate für Windows XP (KB900725)
Sicherheitsupdate für Windows XP (KB901017)
Sicherheitsupdate für Windows XP (KB901214)
Sicherheitsupdate für Windows XP (KB902400)
Sicherheitsupdate für Windows XP (KB904706)
Sicherheitsupdate für Windows XP (KB905414)
Sicherheitsupdate für Windows XP (KB905749)
Sicherheitsupdate für Windows XP (KB905915)
Sicherheitsupdate für Windows XP (KB908519)
Sicherheitsupdate für Windows XP (KB911562)
Sicherheitsupdate für Windows XP (KB911567)
Sicherheitsupdate für Windows XP (KB911927)
Sicherheitsupdate für Windows XP (KB912812)
Sicherheitsupdate für Windows XP (KB912919)
Sicherheitsupdate für Windows XP (KB913446)
Sicherheitsupdate für Windows XP (KB913580)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950749)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953839)
Skype 2.5
Sonic Encoders
SoundMAX
Spybot - Search & Destroy
Steam
Sven Co-op 3.0
System Requirements Lab
TeamSpeak 2 RC2
Texas Instruments PCIxx21/x515 drivers.
TOSHIBA Assist
TOSHIBA Benutzerhandbücher
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility für Anzeigegeräte
TOSHIBA PC-Diagnose-Tool
TOSHIBA Picture Enhancement
TOSHIBA Power Saver
TOSHIBA RAID Dienstprogramm
TOSHIBA SD-Speicherkarten-Formatierung
TOSHIBA Software Modem
TOSHIBA Touchpad Ein/Aus Utility V2.05.00
TOSHIBA Utilities
TOSHIBA Utility zum Bildschirmwechsel
TOSHIBA Virtual Sound
TOSHIBA Zoom-Dienstprogramm
Touch and Launch
Uninstall 1.0.0.0
Update für Windows Media Player 10 (KB913800)
Update für Windows XP (KB894391)
Update für Windows XP (KB896727)
Update für Windows XP (KB898461)
Update für Windows XP (KB900485)
Update für Windows XP (KB908531)
Update für Windows XP (KB910437)
Update für Windows XP (KB932823-v3)
Update für Windows XP (KB951072-v2)
Update Rollup 2 für Windows XP Media Center Edition 2005
Ventrilo
VeohTV BETA
VideoLAN VLC media player 0.8.4a
V-Ray for 3dsmax R9 for x86
Winamp
Winamp Toolbar
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB908250
Windows XP-Hotfix - KB834707
Windows XP-Hotfix - KB873333
Windows XP-Hotfix - KB873339
Windows XP-Hotfix - KB885250
Windows XP-Hotfix - KB885835
Windows XP-Hotfix - KB885836
Windows XP-Hotfix - KB885884
Windows XP-Hotfix - KB886185
Windows XP-Hotfix - KB887472
Windows XP-Hotfix - KB887742
Windows XP-Hotfix - KB888113
Windows XP-Hotfix - KB888302
Windows XP-Hotfix - KB889673
Windows XP-Hotfix - KB890546
Windows XP-Hotfix - KB890859
Windows XP-Hotfix - KB891781
Windows XP-Hotfix - KB893086
Windows XP-Hotfix - KB895961
WinRAR Archivierer
WinSchach XL
Wireless Hotkey
Worms World Party
XviD MPEG-4 Video Codec

**Shaba** · 2008-09-21, 16:40

Please go to Kaspersky website and perform an online antivirus scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here

**aseee** · 2008-09-21, 21:38

- HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:35:02, on 21.09.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\DU Meter\DUMeter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.66.10:8088
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar4.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DU Meter] C:\Programme\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programme\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programme\Gemeinsame Dateien\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programme\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7180 bytes

- Kaspersky online antivirus scan

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, September 21, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, September 21, 2008 17:03:31
Records in database: 1248247
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Files scanned: 138067
Threat name: 8
Infected objects: 36
Suspicious objects: 0
Duration of the scan: 03:23:03

File name / Threat name / Threats count
C:\Dokumente und Einstellungen\acoOdc\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6012c47e.zip Infected: Exploit.Java.Gimsh.a 1
C:\Dokumente und Einstellungen\acoOdc\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-51b5014c.zip Infected: Exploit.Java.Gimsh.a 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\2D945564d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\2DC1ABD1d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\3139737Fd01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\439AACE8d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\4A0127D5d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\4A423EBFd01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC4FCEE0d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC628EE0d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC62BEE0d01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\E838D5FDd01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\F368FEFCd01 Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\ads[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\adtech_footerad[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\ad[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\show[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H5W0CPT5\al[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H5W0CPT5\index[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\3-s-ata-platten-problem-852188[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\46662-s-ata-treiber-integrieren-notebook-hp-nx6310-3[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\ads[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\ads[2].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\windows-xp-prof-laesst-sich-nicht-neu-aufsetzen---hilfe-t-234426[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\272180-sata-treiber-f-r-toshiba-mk2035gss-3[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\ads[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\ebay[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\GetRcmd[1].htm Infected: Trojan-Downloader.JS.Agent.cnn 1
C:\Programme\DAEMON Tools\SetupDTSB.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
C:\Programme\Gemeinsame Dateien\Real\Toolbar\RealBar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.s 1
C:\Programme\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
C:\Programme\Trend Micro\HijackThis\backups\backup-20080921-132241-418.dll Infected: not-a-virus:FraudTool.Win32.XPAntivirus.oq 1
C:\WINDOWS\system32\tdssserf.dll Infected: Backdoor.Win32.UltimateDefender.gen 1
D:\downloads\BSINSTALLDE52.exe Infected: not-a-virus:AdTool.Win32.WhenU.a 1
D:\downloads\mirc63.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.63 1
D:\downloads\pkrinstall.exe Infected: not-a-virus:Monitor.Win32.PKRPoker.a 1

The selected area was scanned.

**Shaba** · 2008-09-21, 21:44

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code:

C:\Dokumente und Einstellungen\acoOdc\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-6012c47e.zip 
C:\Dokumente und Einstellungen\acoOdc\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-51b5014c.zip 1
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\2D945564d01
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\2DC1ABD1d01
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\3139737Fd01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\439AACE8d01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\4A0127D5d01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\4A423EBFd01
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC4FCEE0d01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC628EE0d01
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\DC62BEE0d01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\E838D5FDd01
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\au4j55fm.default\Cache\F368FEFCd01 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\ads[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\adtech_footerad[1].htm
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\ad[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4GA3868V\show[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H5W0CPT5\al[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\H5W0CPT5\index[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\3-s-ata-platten-problem-852188[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\46662-s-ata-treiber-integrieren-notebook-hp-nx6310-3[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\ads[1].htm
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\ads[2].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\MELM45AN\windows-xp-prof-laesst-sich-nicht-neu-aufsetzen---hilfe-t-234426[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\272180-sata-treiber-f-r-toshiba-mk2035gss-3[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\ads[1].htm I
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\ebay[1].htm 
C:\Dokumente und Einstellungen\acoOdc\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RXBJ2PES\GetRcmd[1].htm 
C:\Programme\DAEMON Tools\SetupDTSB.exe 
C:\Programme\Gemeinsame Dateien\Real\Toolbar
C:\Programme\Trend Micro\HijackThis\backups\backup-20080921-132241-418.dll 
C:\WINDOWS\system32\tdssserf.dll 
D:\downloads\BSINSTALLDE52.exe 
EmptyTemp

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Thread: Coolwwwsearch and rootkit problem

Thread Tools

Display

Posting Permissions