exploit.java.cve-2011-3544 irreparabel

sly · 07.02.2012, 12:36

Hallo,

der Scan mit Avast wurde wegen eines Fehlers abgebrochen. Soll ich den nochmal wiederholen?

Hier ein Bild der Fehlermeldung:

die Scans mit GMER und OSAM habe ich durchgeführt, anbei die Logs:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 11:33:12 on 07.02.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 10.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"CinePlayer DVD Decoder Options" - "Sonic Solutions" - C:\Program Files\Sonic\CinePlayer Decoder Pack\cmdvdpak.cpl
"CreativeAudioConsole" - "Creative Technology Ltd" - C:\Program Files\Creative\Sound Blaster X-Fi\AudioCS\CTAudCS.cpl
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ACEDRV08" (ACEDRV08) - "Protect Software GmbH" - C:\Windows\system32\drivers\ACEDRV08.sys
"catchme" (catchme) - ? - C:\Users\Basti\AppData\Local\Temp\catchme.sys  (File not found)
"CT20XUT.DLL" (CT20XUT.DLL) - ? - C:\Windows\System32\CT20XUT.DLL  (File not found)
"CTEXFIFX.DLL" (CTEXFIFX.DLL) - ? - C:\Windows\System32\CTEXFIFX.DLL  (File not found)
"CTHWIUT.DLL" (CTHWIUT.DLL) - ? - C:\Windows\System32\CTHWIUT.DLL  (File not found)
"fxlirpoc" (fxlirpoc) - ? - C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"Hamachi Network Interface" (hamachi) - "LogMeIn, Inc." - C:\Windows\System32\DRIVERS\hamachi.sys
"hwinterface" (hwinterface) - "Logix4u" - C:\Windows\System32\Drivers\hwinterface.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Logitech LVPr2Mon Driver" (LVPr2Mon) - "Logitech Inc." - C:\Windows\System32\DRIVERS\LVPr2Mon.sys
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\3C77.tmp  (File not found)
"Philips SPC 900NC PC Camera" (camdrv41) - ? - C:\Windows\System32\DRIVERS\camdrv41.sys  (File signed by Microsoft | File found, but it contains no detailed information)
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SANDRA" (SANDRA) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys
"SDDMI2" (SDDMI2) - ? - C:\Windows\system32\DDMI2.sys  (File not found)
"SSHDRV84" (SSHDRV84) - ? - C:\Windows\system32\drivers\SSHDRV84.sys
"Trident Analog Video" (TridVid) - "Trident Multimedia Technologies Co.,Ltd" - C:\Windows\System32\DRIVERS\TridVid.sys
"TSHWMDTCP" (TSHWMDTCP) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys
"YEDDEF driver" (yeddef) - ? - C:\Windows\System32\Drivers\yeddef.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\VISSHE.DLL
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\system32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\MLSHEXT.DLL
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Windows\system32\btncopy.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{DBD8E168-244D-448C-9922-25508950D1DC} "USIShellExt Class" - "Ulead Systems, Inc." - C:\Program Files\Common Files\Ulead Systems\DVD\USIShex.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{FE8D01BF-610A-4261-9C6E-32D65A42C907} "ZipGenius DnD Extract handler" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\ZGDRAG~1.DLL
{310A0C95-EA11-42AE-A8E4-53E69E650310} "ZipGenius Drag and Drop handler" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
{C169E5F0-E2B3-41F3-B81A-7BA529CBE193} "ZipGenius Shell Extension" - "M.Dev Software" - C:\PROGRA~1\ZIPGEN~1\contmenu.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
"@btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ6" - "ICQ, LLC." - C:\Program Files\ICQ6.5\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{04F93351-81D2-4484-9982-0D55DEFFFAE6} "Launch Cooliris" - "Cooliris Inc." - C:\Program Files\PicLensIE\cooliris.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{CA6319C0-31B7-401E-A518-A07C3DB8F777} "CBrowserHelperObject Object" - "Dell Inc." - C:\Program Files\Dell\BAE\BAE.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MI61B6~1\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} "{EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA}" - "Cooliris Inc." - C:\Program Files\PicLensIE\cooliris.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft OfficeNew\Office14\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Basti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"PopTray.lnk" - "Renier Crause" - C:\Program Files\PopTray\PopTray.exe  (Shortcut exists | File exists)
"Trillian.lnk" - "Cerulean Studios" - C:\Program Files\Trillian\trillian.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"BTTray.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"AVP" - "Kaspersky Lab ZAO" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
"Garmin Lifetime Updater" - "Garmin" - C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
"LogitechCommunicationsManager" - "Logitech Inc." - "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
"NMSSupport" - "Intel Corporation" - "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
"PDFPrint" - "Geek Software GmbH" - C:\Program Files\pdf24\pdf24.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"Reader Library Launcher" - "Sony Corporation" - C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"VolPanel" - "Creative Technology Ltd" - "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Canon BJNP Port" - "CANON INC." - C:\Windows\system32\CNMNPPM.DLL
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Canon Camera Access Library 8" (CCALib8) - "Canon Inc." - C:\Program Files\Canon\CAL\CALMAIN.exe
"Capture Device Service" (Capture Device Service) - "InterVideo Inc." - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"DQLWinService" (DQLWinService) - ? - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Macrovision Europe Ltd." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Update Service (gupdate1c9bd96adc49da3)" (gupdate1c9bd96adc49da3) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
"Intel(R) Alert Service" (AlertService) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
"Intel(R) Application Tracker" (MCLServiceATL) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
"Intel(R) DHTrace Controller" (DHTRACE) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
"Intel(R) NMSCore" (NMSCore) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
"Intel(R) Quality Manager" (QualityManager) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
"Intel(R) Remoting Service" (Remote UI Service) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
"Intel(R) Software Services Manager" (ISSM) - "Intel(R) Corporation" - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
"Intel(R) Viiv(TM) Media Server" (M1 Server) - ? - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
"LVCOMSer" (LVCOMSer) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"RoxMediaDB9" (RoxMediaDB9) - "Sonic Solutions" - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
"Sony SCSI Helper Service" (Sony SCSI Helper Service) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
"stllssvr" (stllssvr) - "MicroVision Development, Inc." - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
"SupportSoft Sprocket Service (dellsupportcenter)" (sprtsvc_dellsupportcenter) - ? - C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter  (File not found)
"TeamViewer 3" (TeamViewer) - "TeamViewer GmbH" - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab ZAO" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-07 11:23:58
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3750640AS rev.3.ADG
Running: dims4kt3.exe; Driver: C:\Users\Basti\AppData\Local\Temp\fxlirpoc.sys


---- System - GMER 1.0.15 ----

SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAdjustPrivilegesToken [0x99E3928A]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcConnectPort [0x99E53342]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcCreatePort [0x99E53678]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwAlpcSendWaitReceivePort [0x99E539EE]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwClose [0x99E39D04]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwConnectPort [0x99E5302A]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateEvent [0x99E3A276]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateMutant [0x99E3A164]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreatePort [0x99E534E8]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSection [0x99E39046]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateSemaphore [0x99E3A38E]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThread [0x99E398BA]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateWaitablePort [0x99E535B0]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDebugActiveProcess [0x99E3A74E]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDeviceIoControlFile [0x99E39D46]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwDuplicateObject [0x99E3B750]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwLoadDriver [0x99E3A840]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwMapViewOfSection [0x99E3ADAC]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwNotifyChangeKey [0x99E51840]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenEvent [0x99E3A308]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenMutant [0x99E3A1F0]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenProcess [0x99E394C4]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSection [0x99E3AB90]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenSemaphore [0x99E3A420]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwOpenThread [0x99E393B8]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryDirectoryObject [0x99E3A55C]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueryObject [0x99E51A38]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQuerySection [0x99E3B0D2]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwQueueApcThread [0x99E3A9E0]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyPort [0x99E537DC]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwReplyWaitReceivePort [0x99E5372A]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwRequestWaitReplyPort [0x99E53848]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwResumeThread [0x99E3B5F2]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSecureConnectPort [0x99E531B2]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetContextThread [0x99E39BA4]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetInformationToken [0x99E3A5FA]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSetSystemInformation [0x99E3B222]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendProcess [0x99E3B316]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSuspendThread [0x99E3B450]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwSystemDebugControl [0x99E3A670]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateProcess [0x99E39664]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwTerminateThread [0x99E395BA]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwUnmapViewOfSection [0x99E3AF8A]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwWriteVirtualMemory [0x99E39750]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateThreadEx [0x99E39A2A]
SSDT     \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wlh_x86]/Kaspersky Lab)                            ZwCreateUserProcess [0x99E3A4A6]

---- Kernel code sections - GMER 1.0.15 ----

.text    ntkrnlpa.exe!KeSetEvent + 119                                                                                   862AF89C 4 Bytes  [8A, 92, E3, 99]
.text    ntkrnlpa.exe!KeSetEvent + 13D                                                                                   862AF8C0 8 Bytes  [42, 33, E5, 99, 78, 36, E5, ...] {INC EDX; XOR ESP, EBP; CDQ ; JS 0x3c; IN EAX, 0x99}
.text    ntkrnlpa.exe!KeSetEvent + 181                                                                                   862AF904 4 Bytes  [EE, 39, E5, 99] {OUT DX, AL ; CMP EBP, ESP; CDQ }
.text    ntkrnlpa.exe!KeSetEvent + 1A9                                                                                   862AF92C 4 Bytes  [04, 9D, E3, 99] {ADD AL, 0x9d; JECXZ 0xffffffffffffff9d}
.text    ntkrnlpa.exe!KeSetEvent + 1C1                                                                                   862AF944 4 Bytes  [2A, 30, E5, 99] {SUB DH, [EAX]; IN EAX, 0x99}
.text    ...                                                                                                             
.text    C:\Windows\system32\drivers\SSHDRV84.sys                                                                        section is writeable [0x99E9F000, 0x233D4, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\SSHDRV84.sys                                                                        entry point in ".pklstb" section [0x99ED1000]
.relo2   C:\Windows\system32\drivers\SSHDRV84.sys                                                                        unknown last section [0x99EE7000, 0x8E, 0x42000040]
.text    C:\Windows\system32\drivers\ACEDRV08.sys                                                                        section is writeable [0x9C39B000, 0x328BA, 0xE8000020]
.pklstb  C:\Windows\system32\drivers\ACEDRV08.sys                                                                        entry point in ".pklstb" section [0x9C3DF000]
.relo2   C:\Windows\system32\drivers\ACEDRV08.sys                                                                        unknown last section [0x9C3FB000, 0x8E, 0x42000040]
PAGE     spsys.sys!?SPVersion@@3PADA + 1ABF                                                                              9BF8E03F 110 Bytes  [8B, FF, 55, 8B, EC, 8B, 45, ...]
PAGE     spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9BF8E0AF 1 Byte  [16]
PAGE     spsys.sys!?SPVersion@@3PADA + 1B2F                                                                              9BF8E0AF 128 Bytes  [16, 3B, C8, 75, E2, B0, 01, ...]
PAGE     spsys.sys!?SPVersion@@3PADA + 1BB0                                                                              9BF8E130 6 Bytes  [0E, 83, 78, 14, 01, 75]
PAGE     spsys.sys!?SPVersion@@3PADA + 1BB7                                                                              9BF8E137 229 Bytes  [83, 78, 18, 37, 75, 02, B3, ...]
PAGE     ...                                                                                                             

---- User code sections - GMER 1.0.15 ----

?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] C:\Windows\system32\ntdll.dll     time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] ntdll.dll!NtProtectVirtualMemory  77544BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; 
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2384] USER32.dll!SetScrollInfo + 7A8    76587980 4 Bytes  [E0, 13, 54, 67]
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] C:\Windows\system32\ntdll.dll     time/date stamp mismatch; unknown module: secserv.dll
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] ntdll.dll!NtProtectVirtualMemory  77544BA4 5 Bytes  JMP 6AC91765 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ushata.dll (Ushata module/Kaspersky Lab ZAO)
?        C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] C:\Windows\system32\kernel32.dll  time/date stamp mismatch; 
.text    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe[2840] USER32.dll!SetScrollInfo + 7A8    76587980 4 Bytes  [E0, 13, 54, 67]
.text    C:\Program Files\Mozilla Thunderbird\thunderbird.exe[6052] ntdll.dll!LdrLoadDll                                 77509378 5 Bytes  JMP 003C12F7 C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Messaging)

---- Registry - GMER 1.0.15 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029                                     
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                        0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                        0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029 (not active ControlSet)                 
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0018130d74a1                            0x97 0x4C 0x18 0x13 ...
Reg      HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00197edb8029@0024ef198e8d                            0xAD 0x1B 0x8D 0x52 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-086a-2252-0e0bfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-17af-8ed4-a9c5fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-4a8c-7e47-64a7fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-8ce4-f9e3-2e18fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-c79d-f9f5-02e4fa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e661-f5c0-9e5afa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32                               
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@Class                         0x00 0x00 0x00 0x00 ...
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@ThreadingModel                Apartment
Reg      HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-e9ad-a48f-cd7dfa04e19f}\InprocServer32@                              C:\Windows\system32\OLE32.DLL

---- EOF - GMER 1.0.15 ----

GMER hat an die 13h oder sowas benötigt

Gruß Sebastian

cosinus · 07.02.2012, 12:41

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sly · 07.02.2012, 21:06

Hallo hab erstmal SUPERAntiSpyware fertig mit mehreren Funden nach über 7 Stunden. Malewarebytes lass ich jetzt noch laufen!

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 02/07/2012 at 08:58 PM

Application Version : 5.0.1144

Core Rules Database Version : 8208
Trace Rules Database Version: 6020

Scan type       : Complete Scan
Total Scan Time : 07:29:14

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Administrator

Memory items scanned      : 775
Memory threats detected   : 0
Registry items scanned    : 39075
Registry threats detected : 0
File items scanned        : 523340
File threats detected     : 21

Unclassified.Unknown Origin
	F:\BACKUP\DOCUMENTS\VERSION CUE\KEYGEN.NFO
	F:\SICHERUNG\DOCUMENTS\VERSION CUE\KEYGEN.NFO
	C:\USERS\BASTI\DOCUMENTS\VERSION CUE\KEYGEN.NFO

Trojan.Agent/Gen-SoftonicDownloader
	ZIP ARCHIVE( F:\THINK-PAED\BACKUP SET 2011-10-23 151743\BACKUP FILES 2011-10-23 151743\BACKUP FILES 16.ZIP )/C\USERS\SEBASTIAN\DOWNLOADS\SOFTONICDOWNLOADER_FUER_ZIPGENIUS.EXE
	F:\THINK-PAED\BACKUP SET 2011-10-23 151743\BACKUP FILES 2011-10-23 151743\BACKUP FILES 16.ZIP

Adware.Tracking Cookie
	.kaspersky.122.2o7.net [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	.deutschepostag.112.2o7.net [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	.overture.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	secure.wikimedia.org [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	secure.wikimedia.org [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\BASTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\GQ42K2W4.DEFAULT\COOKIES.SQLITE ]

Trojan.Agent/Gen-FakeSmoke
	C:\WINDOWS\SYSTEM32\ACCESOR.DLL

Trojan.Agent/Gen-Weirdon
	C:\WINDOWS\SYSTEM32\MFC45.DLL

Gruß Sebastian

sly · 07.02.2012, 21:12

P.S.: die habe ich jetzt in die Quarantäne geschoben ABER NICHT GELÖSCHT, ich hoffe das war richtig?

Gruß Sebastian

sly · 07.02.2012, 21:26

Hmm,

irgendwie hat der jetzt doch einiges gelöscht,
in der Quarantäne befinden sich nur noch die Dateien:

3x Keygen.NFO

1x GenFakeSmoke (Accessor.dll)

1x Gen Weirdon (MFC45.dll)

alle anderen scheinen doch gelöscht nach dem Neustart,
lass jetzt noch Malwarebytes laufen und meld mich wenn das fertig ist.

LG Sebastian

cosinus · 07.02.2012, 22:15

Zitat:

3x Keygen.NFO

Illegale Software kann sehr zerstörerisch sein.

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!

In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

sly · 07.02.2012, 22:26

Ich kann mich nicht erinnern illegale Software genutzt zu haben???

Aber ich denke da versteht ihr wohl keinen Spass allen Beteuerungen zum Trotz.

Zitat:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Also bleibt mir jetzt die zu löschen und das System neu aufzusetzen ???

Gruß Sebastian

cosinus · 07.02.2012, 22:33

Du kannst dich nicht erinnern, aber deine Festplatte!

=> C:\USERS\BASTI\DOCUMENTS\VERSION CUE\KEYGEN.NFO

sly · 07.02.2012, 22:39

Ja, ich find das in der Tat gar nicht lustig ... aber ich versteh euch da natürlich ...

LG Sebastian

07.02.2012, 12:41	#17
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	exploit.java.cve-2011-3544 irreparabel Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ __________________

07.02.2012, 22:33	#23
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	exploit.java.cve-2011-3544 irreparabel Du kannst dich nicht erinnern, aber deine Festplatte! => C:\USERS\BASTI\DOCUMENTS\VERSION CUE\KEYGEN.NFO __________________ Logfiles bitte immer in CODE-Tags posten

exploit.java.cve-2011-3544 irreparabel

Plagegeister aller Art und deren Bekämpfung: exploit.java.cve-2011-3544 irreparabel