Click.GiftLoad HijackersC (one more)

**headking** · 2011-04-10, 01:31

Sorry, here the remaining:

OTL logfile created on: 09.04.2011 22:06:58 - Run 8
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37.24 Gb Total Space | 20.65 Gb Free Space | 55.44% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 211.69 Gb Free Space | 72.26% Space Free | Partition Type: NTFS
Drive F: | 3.72 Gb Total Space | 1.17 Gb Free Space | 31.51% Space Free | Partition Type: FAT32

Computer Name: SIEGENTH-185917 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.01.26 14:26:06 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe
PRC - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006.11.27 16:24:20 | 000,126,048 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\VPTray.exe
PRC - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\Rtvscan.exe
PRC - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec AntiVirus\DefWatch.exe
PRC - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe
PRC - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe
PRC - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe
PRC - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe
PRC - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

========== Modules (SafeList) ==========

MOD - [2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (clr_optimization_v2.0.50727_32)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 17:20:54 | 000,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2008.01.15 03:40:04 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.11.27 16:22:04 | 000,120,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Programme\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006.11.27 16:21:02 | 001,836,640 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006.11.27 16:18:28 | 000,031,840 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006.11.13 14:01:04 | 000,142,128 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2006.11.13 14:00:58 | 000,224,048 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2006.11.13 14:00:48 | 000,113,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2006.11.13 13:43:56 | 000,269,104 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2)
SRV - [2006.09.08 15:47:28 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006.08.07 17:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006.07.19 20:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006.07.19 20:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006.04.11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.08.28 15:01:22 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2001.02.23 09:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

========== Driver Services (SafeList) ==========

DRV - [2011.04.05 10:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110409.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011.04.05 10:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\VirusDefs\20110409.002\NAVENG.SYS -- (NAVENG)
DRV - [2010.08.19 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010.07.04 14:21:12 | 000,010,345 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.05.28 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.10.06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.05.16 00:58:44 | 004,069,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.04.01 08:28:32 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009.03.27 19:24:20 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.29 17:20:58 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb)
DRV - [2008.07.29 17:20:58 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D)
DRV - [2008.07.29 17:20:54 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.26 14:27:40 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative-SoundFont-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:14 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2008.01.26 14:26:00 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative-Schnittstellen-Verwaltungstreiber (WDM)
DRV - [2008.01.26 14:26:00 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2007.12.17 14:14:29 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2007.12.17 14:14:29 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2007.12.17 14:14:29 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007.12.17 14:14:29 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007.12.17 14:14:29 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007.12.17 14:14:29 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2007.12.17 14:14:29 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007.06.18 15:10:42 | 000,373,568 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acedrv09.sys -- (acedrv09)
DRV - [2007.05.30 18:54:22 | 000,201,696 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\acehlp09.sys -- (acehlp09)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2006.11.13 14:01:38 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2006.11.13 14:01:34 | 000,031,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2006.11.13 14:01:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2006.11.13 14:01:28 | 000,102,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2006.11.13 14:01:26 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2006.11.13 14:00:46 | 000,016,176 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2006.11.13 13:43:56 | 000,018,480 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2)
DRV - [2006.09.18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006.09.06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006.09.06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006.08.07 17:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.08.07 17:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.06.14 13:44:30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2006.04.11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005.10.21 09:04:22 | 000,018,208 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2004.05.28 07:22:24 | 000,046,104 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\stusb2ir.sys -- (STUSB2Ir)
DRV - [2003.12.17 10:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lmouflt2.sys -- (LMouFlt2)
DRV - [2003.12.17 10:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042PR2.SYS -- (L8042PR2)
DRV - [2003.12.17 10:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb)
DRV - [2003.12.17 10:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2)
DRV - [2003.03.19 08:37:12 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys -- (ECBatteryDRV)
DRV - [2003.01.29 05:03:56 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys -- (ECUtilityDRV)
DRV - [2003.01.29 05:03:46 | 000,006,144 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys -- (ECMonitorDRV)
DRV - [2003.01.29 05:03:00 | 000,007,240 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys -- (HotCPUDRV)
DRV - [2003.01.29 05:02:06 | 000,007,242 | R--- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\WinBootDRV.sys -- (WinBootDRV)
DRV - [2002.07.17 10:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2011.04.07 00:54:33 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [vptray] C:\Programme\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] D:\Programme\Tools\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Programme\Tools\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = [binary data]
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\Tools\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1233350009690 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1300835333359 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.17 13:25:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.04.09 16:14:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCTLde.DLL
[2011.04.09 16:14:26 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2011.04.09 16:14:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2011.04.09 16:14:26 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL
[2011.04.09 16:14:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMCT2DE.dll
[2011.04.09 16:14:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Sweepi
[2011.04.05 01:45:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.04.04 21:40:29 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 21:40:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.02 11:53:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011.04.02 10:22:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.03.27 23:41:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.03.27 13:34:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2011.03.26 12:36:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2011.03.26 12:00:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011.03.26 00:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2011.03.26 00:55:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager
[2011.03.24 14:22:56 | 000,952,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WgaTray.exe
[2011.03.20 20:45:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.03.20 20:45:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.03.20 12:26:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2011.03.20 12:26:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.03.20 12:23:05 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.03.20 12:23:05 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.03.20 12:23:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.03.19 14:31:14 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:49:29 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.03.17 22:12:51 | 000,000,000 | ---D | C] -- C:\bd_logs
[2011.03.12 18:35:20 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2011.03.12 18:35:19 | 002,067,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2011.03.12 15:26:58 | 000,000,000 | ---D | C] -- C:\MRecord
[18 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.04.09 21:40:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.09 21:39:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.09 21:38:54 | 2146,504,704 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.09 16:14:26 | 000,000,764 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sweepi.lnk
[2011.04.07 20:59:39 | 000,431,555 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110409-144055.backup
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hosts_Original
[2011.04.07 00:54:33 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.04.04 21:59:44 | 000,000,512 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.04 21:30:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.04.04 21:27:18 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Dokumente und Einstellungen\Administrator\Desktop\aswMBR.exe
[2011.04.04 19:41:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.04.02 11:53:30 | 000,000,650 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.02 10:22:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\erunt-setup.exe
[2011.04.02 00:59:07 | 000,001,728 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT Task.vbs
[2011.04.02 00:22:03 | 000,000,082 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011.03.28 23:10:36 | 000,625,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.27 10:46:07 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.03.27 07:43:38 | 000,451,582 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.03.27 07:43:38 | 000,435,468 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.03.27 07:43:38 | 000,081,742 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.03.27 07:43:38 | 000,068,950 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.03.26 16:07:59 | 000,002,453 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Microsoft PowerPoint.lnk
[2011.03.26 01:05:22 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.24 00:05:53 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.03.19 14:31:14 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011.03.18 21:50:52 | 000,000,083 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\default.pls
[2011.03.12 18:31:48 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2011.04.09 16:14:26 | 000,006,114 | ---- | C] () -- C:\WINDOWS\System32\SHELLLNK.tlb
[2011.04.09 16:14:26 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Sweepi.lnk
[2011.04.09 14:59:28 | 000,000,098 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Hosts_Original
[2011.04.07 19:39:54 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2011.04.07 19:39:53 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2011.04.04 21:59:44 | 000,000,512 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\MBR.dat
[2011.04.02 11:53:30 | 000,000,650 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ERUNT.lnk
[2011.04.01 21:54:57 | 000,625,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\dds.scr
[2011.03.27 17:26:22 | 000,002,530 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Test.jpg
[2011.03.26 01:05:22 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\TaskMan.lnk
[2011.03.25 16:45:17 | 2146,504,704 | -HS- | C] () -- C:\hiberfil.sys
[2011.03.24 00:05:53 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\OnlineScanner ESET.lnk
[2011.03.20 20:45:51 | 000,000,849 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010.12.31 15:48:05 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\drivers\HotCPUDRV.sys
[2010.12.31 15:48:03 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECUtilityDRV.sys
[2010.12.31 15:48:02 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECMonitorDRV.sys
[2010.12.31 15:48:01 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\drivers\ECBatteryDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,242 | R--- | C] () -- C:\WINDOWS\System32\drivers\WinBootDRV.sys
[2010.12.31 15:47:59 | 000,007,240 | R--- | C] () -- C:\WINDOWS\System32\HotCPUDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECUtilityDRV.sys
[2010.12.31 15:47:59 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECMonitorDRV.sys
[2010.12.31 15:47:58 | 000,006,144 | R--- | C] () -- C:\WINDOWS\System32\ECBatteryDRV.sys
[2010.12.31 15:47:57 | 000,217,088 | R--- | C] () -- C:\WINDOWS\System32\DriverInstall.exe
[2010.08.18 23:39:35 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.11 14:31:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.05.21 22:34:19 | 000,071,812 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db
[2009.05.15 22:54:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.05.15 22:54:00 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.04.27 21:07:02 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.23 15:04:54 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.04.05 23:25:36 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.04.05 01:28:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009.04.05 01:28:09 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009.04.05 01:28:09 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009.04.05 01:28:09 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009.04.05 01:28:09 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009.04.05 01:28:07 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009.04.05 01:28:07 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009.04.05 01:28:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.05 01:28:06 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009.04.05 01:28:06 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009.04.05 01:28:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009.04.05 01:28:05 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.05 01:28:05 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009.04.04 23:37:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.04.04 22:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.02.20 22:44:44 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FixVTS.ini
[2009.02.18 13:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 16:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008.08.25 19:23:52 | 000,000,762 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2008.04.15 19:58:46 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.02.15 00:43:59 | 000,000,269 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2008.01.27 15:06:04 | 000,000,234 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008.01.26 11:18:34 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2008.01.20 13:07:59 | 000,008,380 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.01.06 23:11:18 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.12.24 19:30:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinPM.INI
[2007.12.24 17:45:27 | 000,000,176 | ---- | C] () -- C:\WINDOWS\ImageExplorer.INI
[2007.12.24 17:37:31 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2007.12.17 14:53:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007.12.17 14:44:38 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.12.17 13:28:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.12.17 13:21:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.12.17 12:59:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.12.17 12:58:22 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.20 17:16:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ASDR.exe
[2005.03.29 17:54:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.03.29 17:54:44 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2004.08.04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 12:00:00 | 000,451,582 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 12:00:00 | 000,435,468 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 12:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 12:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004390_.tmp.dll
[2004.08.04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 12:00:00 | 000,081,742 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 12:00:00 | 000,068,950 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 12:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 12:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004358_.tmp.dll
[2004.08.04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

**ken545** · 2011-04-10, 03:26

Hi,

O1 - Hosts: 127.0.0.1 localhost <--This is the address of your own computer and its safe

O1 - Hosts: ::1 localhost <--This is the Default Entry of Windows Host File

Still looking at some things that need to go

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**headking** · 2011-04-10, 23:20

Hello Ken
Stopping AntiVirus wasn't that simple (even with your link)!
Meanwhile I've everything done.

Here the log. How does it look to you?

ComboFix 11-04-09.01 - Administrator 10.04.2011 21:40:38.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.41.1031.18.2047.1482 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_004311_.tmp.dll
c:\windows\system32\_004312_.tmp.dll
c:\windows\system32\_004313_.tmp.dll
c:\windows\system32\_004314_.tmp.dll
c:\windows\system32\_004321_.tmp.dll
c:\windows\system32\_004322_.tmp.dll
c:\windows\system32\_004323_.tmp.dll
c:\windows\system32\_004325_.tmp.dll
c:\windows\system32\_004326_.tmp.dll
c:\windows\system32\_004329_.tmp.dll
c:\windows\system32\_004330_.tmp.dll
c:\windows\system32\_004332_.tmp.dll
c:\windows\system32\_004333_.tmp.dll
c:\windows\system32\_004334_.tmp.dll
c:\windows\system32\_004336_.tmp.dll
c:\windows\system32\_004339_.tmp.dll
c:\windows\system32\_004340_.tmp.dll
c:\windows\system32\_004341_.tmp.dll
c:\windows\system32\_004344_.tmp.dll
c:\windows\system32\_004345_.tmp.dll
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004351_.tmp.dll
c:\windows\system32\_004354_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004358_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004374_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004377_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004384_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004393_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004399_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004569_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004571_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004580_.tmp.dll
c:\windows\system32\_004581_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004588_.tmp.dll
c:\windows\system32\_004590_.tmp.dll
c:\windows\system32\_004591_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\_004597_.tmp.dll
c:\windows\system32\_004598_.tmp.dll
c:\windows\system32\_004599_.tmp.dll
c:\windows\system32\_004602_.tmp.dll
c:\windows\system32\_004603_.tmp.dll
c:\windows\system32\_004605_.tmp.dll
c:\windows\system32\_004608_.tmp.dll
c:\windows\system32\_004610_.tmp.dll
c:\windows\system32\_004611_.tmp.dll
c:\windows\system32\_004612_.tmp.dll
c:\windows\system32\_004613_.tmp.dll
c:\windows\system32\_004616_.tmp.dll
c:\windows\system32\_004617_.tmp.dll
c:\windows\system32\_004618_.tmp.dll
c:\windows\system32\_004619_.tmp.dll
c:\windows\system32\_004620_.tmp.dll
c:\windows\system32\_004625_.tmp.dll
c:\windows\system32\_004627_.tmp.dll
c:\windows\system32\CoolXPProgress.ocx
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-03-10 bis 2011-04-10 ))))))))))))))))))))))))))))))
.
.
2011-04-10 16:07 . 2011-04-10 16:09 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\PrevxCSI
2011-04-09 14:14 . 2003-04-18 14:46 1233920 ----a-w- c:\windows\system32\msxml4.dll
2011-04-09 14:14 . 2003-04-18 14:29 82432 ----a-w- c:\windows\system32\msxml4r.dll
2011-04-09 14:14 . 2003-04-18 14:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2011-04-09 14:14 . 1998-07-06 15:55 33792 ----a-w- c:\windows\system32\CMDLGDE.DLL
2011-04-09 14:14 . 1998-05-05 14:35 24576 ----a-w- c:\windows\system32\CMCT2DE.dll
2011-04-09 14:14 . 1998-05-05 14:35 112640 ----a-w- c:\windows\system32\CMCTLde.DLL
2011-04-07 17:39 . 2011-02-09 13:53 186880 -c----w- c:\windows\system32\dllcache\encdec.dll
2011-04-07 17:39 . 2011-02-09 13:53 270848 -c----w- c:\windows\system32\dllcache\sbe.dll
2011-04-04 23:45 . 2011-04-04 23:45 -------- d-----w- C:\_OTL
2011-03-27 21:41 . 2011-03-27 21:42 -------- dc-h--w- c:\windows\ie8
2011-03-27 11:34 . 2011-03-27 11:34 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PackageAware
2011-03-26 10:36 . 2011-03-26 10:36 -------- d-----w- c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Threat Expert
2011-03-26 10:00 . 2011-03-27 05:37 -------- d---a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2011-03-25 22:55 . 2011-04-10 12:02 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\SecTaskMan
2011-03-20 18:45 . 2011-03-20 19:57 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
2011-03-20 10:26 . 2011-03-20 10:26 -------- d-----w- c:\programme\Gemeinsame Dateien\Java
2011-03-20 10:23 . 2011-02-02 20:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-19 12:31 . 2011-03-19 12:31 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-03-18 19:49 . 2011-03-18 19:49 -------- d-----w- c:\programme\ESET
2011-03-17 20:12 . 2011-03-31 19:06 -------- d-----w- C:\bd_logs
2011-03-15 19:43 . 2011-03-15 19:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\PrivacIE
2011-03-15 19:43 . 2011-03-15 19:43 -------- d-sh--w- c:\dokumente und einstellungen\LocalService\IECompatCache
2011-03-12 16:35 . 2011-01-27 11:57 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2011-03-12 16:35 . 2011-02-02 07:58 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2011-03-12 13:27 . 2011-03-12 13:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 13:26 . 2011-03-12 13:26 -------- d-----w- C:\MRecord
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-08 23:17 . 2011-03-08 23:17 71880 ----a-w- c:\windows\system32\PxSecure.dll-204976953
2011-02-18 17:36 . 2011-02-18 17:36 1409 ----a-w- c:\windows\QTFont.for
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 18:19 . 2009-10-23 22:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2007-12-17 11:20 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2007-12-17 11:20 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-11 39408]
"AlcoholAutomount"="d:\programme\Tools\Alcohol 120\axcmd.exe" [2008-11-23 203720]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Programme\\Spiele\\FIFA 09\\FIFA09.exe"=
"d:\\Programme\\Spiele\\Praetorians\\Praetorians.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\Programme\\Spiele\\Empire Earth\\Empire Earth.exe"=
.
R0 hotcore;hotcore;c:\windows\system32\drivers\hotcore.sys [24.12.2007 17:37 18208]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05.01.2008 19:50 717296]
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [18.06.2007 15:10 373568]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [30.05.2007 18:54 201696]
R2 ECBatteryDRV;ECBatteryDRV;c:\windows\system32\drivers\ECBatteryDRV.sys [31.12.2010 15:48 6144]
R2 ECMonitorDRV;ECMonitorDRV;c:\windows\system32\drivers\ECMonitorDRV.sys [31.12.2010 15:48 6144]
R2 ECUtilityDRV;ECUtilityDRV;c:\windows\system32\drivers\ECUtilityDRV.sys [31.12.2010 15:48 6144]
R2 HotCPUDRV;HotCPUDRV;c:\windows\system32\drivers\HotCPUDRV.sys [31.12.2010 15:48 7240]
R2 WinBootDRV;WinBootDRV;c:\windows\system32\drivers\WinBootDRV.sys [31.12.2010 15:47 7242]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [29.05.2010 00:15 102448]
S1 ethxcvhp;ethxcvhp; [x]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [29.01.2010 21:02 135664]
S3 Lavasoft Kernexplorer;Lavasoft helper driver; [x]
S3 SavRoam;SAVRoam;c:\programme\Symantec AntiVirus\SavRoam.exe [27.11.2006 16:22 120416]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;c:\windows\system32\drivers\stusb2ir.sys [14.02.2009 11:31 46104]
S3 XDva369;XDva369; [x]
S3 XDva383;XDva383; [x]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bluewin.ch/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\dokumente und einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-10 21:49
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,04,74,ac,7f,df,0c,4c,85,29,9c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,46,04,74,ac,7f,df,0c,4c,85,29,9c,\
.
[HKEY_USERS\S-1-5-21-842925246-1177238915-1801674531-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1532)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2176)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programme\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\ATKKBService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\windows\system32\devldr32.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Analog Devices\SoundMAX\spkrmon.exe
c:\programme\VMware\VMware Workstation\vmware-authd.exe
c:\programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-04-10 21:54:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-04-10 19:54
.
Vor Suchlauf: 11 Verzeichnis(se), 22'164'148'224 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 21'973'045'248 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 98FA09E22F3BC6F44BE48FDE4238C83A

**ken545** · 2011-04-11, 10:46

Combofix removed what I was hoping it would

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has been checked before, have them check it again

c:\windows\system32\drivers\ECUtilityDRV.sys

If the site is busy you can try this one
http://virusscan.jotti.org/en

**headking** · 2011-04-11, 23:58

Hi Ken

You probably not want to see all the 42 Anti Virus softwares.

Here the final result:

File name: ECUtilityDRV.sys
Submission date: 2011-04-11 20:49:50 (UTC)
Current status: finished
Result: 0/ 42 (0.0%)

**ken545** · 2011-04-12, 00:29

Download CKScanner

Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

**headking** · 2011-04-12, 06:56

Here the text file:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.ZZ.11
----- EOF -----

**ken545** · 2011-04-12, 10:09

When a helper on the forum helps you there is a certain trust between helper and user, by altering the CKScanner log you broke that trust and the helper is no longer bound to help you. I suspect that you downloaded and installed illegal software, this is one of the quickest ways to infect your computer as Cracked/Keygen/Warez software about 100% of the time is infected.

This thread is now closed

Thread: Click.GiftLoad HijackersC (one more)

Thread Tools

Display

OTL logfile

ComboFix log

Resul of VirusTotal

ckfiles.txt

Posting Permissions