Hi there, noticed some freezing and strange actions my system was doing last week, so i ran spybot, kaspersky, malwarebytes and superantispyware.
-Spybot found the Click.Giftload.
-Malwarebytes found Trojan.Dropper and Trojan.LVBP .
-Kaspersky found Trojan-Downloader.Java.OpenConnection.dc, exploit.java.cve-2010-0840.c , Trojan.Java.Agent.ak , Trojan.Win32.chifrax.d and Rootkit.Win32.TDDS.mbr
-SuperAntiSpyware only found cookies
If you want the reports of all of them, i can post them.
Here is my DDS Log(exchanged computer name with "owner"):
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by owner at 17:37:30,56 on 24.04.2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.1.1252.49.1031.18.3326.1958 [GMT 2:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\FsUsbExService.Exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\Ctxfihlp.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\owner\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [AVMUSBFernanschluss] "c:\users\owner\appdata\local\apps\2.0\8lwr5xwo.e90\60ld1qa6.tlg\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NPSStartup]
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Free YouTube to MP3 Converter - c:\users\owner\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner~1\appdata\roaming\mozilla\firefox\profiles\jw87o644.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\id software\quakelive\npquakezero.dll
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-2-2 218688]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AVP;Kaspersky Anti-Virus Service;c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe [2010-11-2 365336]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [2011-3-30 812448]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2011-3-8 233472]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-2 1153368]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2011-1-6 37944]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-3-7 7566848]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-3-7 238592]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
R3 avmaudio;AVM Audio;c:\windows\system32\drivers\avmaudio.sys [2011-3-30 101248]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-8 36608]
R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-7-7 1227352]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-2 327784]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-2-2 27320]
S2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2010-7-1 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2011-2-2 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2011-1-6 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2011-2-2 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2010-7-7 198232]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2010-7-7 1353304]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2010-7-7 73816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-22 15872]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [2011-3-8 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [2011-3-8 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [2011-3-8 121856]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-22 52224]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-3-7 176128]
S4 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-1-26 284672]
S4 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-3-28 1242504]
.
=============== Created Last 30 ================
.
2011-04-24 05:07:05 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ce6ec03d-a039-43f6-9a02-e582bddb93ee}\mpengine.dll
2011-04-24 03:47:39 -------- d-----w- c:\program files\AutoShutdownManager
2011-04-17 19:52:54 109240 ----a-w- c:\program files\mozilla firefox\extensions\kavantibanner@kaspersky.ru\components\abhelperxpcom.dll
2011-04-17 19:52:52 150200 ----a-w- c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
2011-04-17 19:21:24 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-04-17 19:21:24 115267 ----a-w- c:\windows\system32\drivers\klin.dat
2011-04-17 19:19:27 -------- d-----w- c:\program files\Kaspersky Lab
2011-04-17 19:19:27 -------- d-----w- c:\progra~2\Kaspersky Lab
2011-04-17 19:15:23 -------- d-----w- c:\progra~2\Kaspersky Lab Setup Files
2011-04-16 14:12:12 -------- d-----w- c:\users\owner~1\appdata\roaming\Malwarebytes
2011-04-16 14:12:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-16 14:12:09 -------- d-----w- c:\progra~2\Malwarebytes
2011-04-16 14:12:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-16 14:12:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-04-16 14:09:57 -------- d-----w- c:\users\owner~1\appdata\roaming\SUPERAntiSpyware.com
2011-04-16 14:09:57 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-04-16 14:09:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-16 13:07:21 159080 ----a-w- c:\progra~2\microsoft\windows\sqm\manifest\Sqm10138.bin
2011-04-16 11:51:44 -------- d-----w- c:\users\owner~1\appdata\local\{5523E60C-7AD7-407A-A0C1-0071764F926C}
2011-04-16 10:16:56 94 --sha-w- c:\windows\48D97.exe
2011-04-16 10:06:56 94 --sha-w- c:\windows\0061F.exe
2011-04-15 13:36:27 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-12 16:26:26 -------- d-----w- c:\program files\CCleaner
2011-04-12 16:18:04 -------- d-----w- c:\windows\system32\appmgmt
2011-04-09 06:01:03 -------- d-----w- c:\users\owner~1\appdata\roaming\Windows Live Writer
2011-04-09 06:01:03 -------- d-----w- c:\users\owner~1\appdata\local\Windows Live Writer
2011-04-03 23:26:07 -------- d-----w- C:\rage
2011-03-30 21:56:39 -------- d-----w- c:\users\owner~1\appdata\local\ESL Wire Game Client
2011-03-30 21:56:36 812448 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2011-03-30 21:56:33 -------- d-----w- c:\program files\EslWire
2011-03-30 21:56:33 -------- d-----w- c:\progra~2\ESL Wire
2011-03-30 21:22:48 -------- d-----w- c:\program files\VentriloMIX
2011-03-30 21:19:13 -------- d-----w- c:\users\owner~1\appdata\roaming\TS3Client
2011-03-30 21:19:03 -------- d-----w- c:\program files\TeamSpeak 3 Client
2011-03-30 14:43:45 71168 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNBPP4.DLL
2011-03-30 14:41:13 32256 ----a-w- c:\windows\system32\MiniInstaller.dll
2011-03-30 14:41:13 101248 ----a-w- c:\windows\system32\drivers\avmaudio.sys
2011-03-30 14:40:48 -------- d-----w- c:\users\owner~1\appdata\local\Apps
2011-03-30 14:40:47 -------- d-----w- c:\users\owner~1\appdata\local\Deployment
2011-03-29 16:04:13 26176 ---ha-w- c:\windows\system32\hamachi.sys
2011-03-29 16:04:12 -------- d-----w- c:\program files\LogMeIn Hamachi
.
==================== Find3M ====================
.
2011-03-07 01:12:11 52736 ----a-w- c:\windows\system32\coinst.dll
2011-03-07 01:11:47 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2011-03-07 01:11:45 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2011-03-07 01:11:43 17204736 ----a-w- c:\windows\system32\atioglxx.dll
2011-03-07 01:11:42 3463680 ----a-w- c:\windows\system32\atiumdva.dll
2011-03-07 01:11:12 5580800 ----a-w- c:\windows\system32\aticaldd.dll
2011-03-07 01:10:58 596480 ----a-w- c:\windows\system32\aticfx32.dll
2011-03-07 01:10:58 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-07 01:10:49 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-07 01:10:44 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2011-03-07 00:32:58 44032 ----a-w- c:\windows\system32\aticalcl.dll
2011-03-07 00:32:54 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-07 00:32:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-02-22 21:40:47 113594 ----a-w- c:\windows\system32\slmgr.vbs
2011-02-22 21:40:46 811520 ----a-w- c:\windows\system32\user32.dll
2011-02-22 21:40:45 14336 ----a-w- c:\windows\system32\slwga.dll
2011-02-22 21:40:41 53760 ----a-w- c:\windows\system32\sppuinotify.dll
2011-02-22 21:40:28 410624 ----a-w- c:\windows\system32\systemcpl.dll
2011-02-22 21:16:25 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-02-19 06:30:54 805376 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 06:30:51 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 06:30:50 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-02-18 19:41:59 406528 ----a-w- c:\windows\system32\ReWire.dll
2011-02-18 19:41:59 338432 ----a-w- c:\windows\system32\REX Shared Library.dll
2011-02-02 23:09:14 118784 ----a-w- c:\windows\system32\sppwmi.dll
2011-02-02 23:09:13 345088 ----a-w- c:\windows\system32\sppcommdlg.dll
2011-02-02 21:00:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 17:37:51,76 ===============
The Spybot results log:
Click.GiftLoad: [SBI $89783858] Benutzereinstellungen (Registrierungsdatenbank-Wert, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\svchost.exe
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-02-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-04-05 Includes\Malware.sbi (*)
2011-04-19 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-04-20 Includes\TrojansC-02.sbi (*)
2011-04-18 Includes\TrojansC-03.sbi (*)
2011-04-18 Includes\TrojansC-04.sbi (*)
2011-04-11 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Hopefully i have done everything as needed. Oh and ofcourse i tried to remove everything found with all the Programms, but its still coming back, which is the rootkits fault i guess.
Thank you for helping in advance.
joshua