Heur:Exploit.Java.CVE und diverse andere (BKA, Trojan.Phex.THAGen1)

ComboFix 13-02-26.01 - Media 01.03.2013  17:27:48.1.2 - x86
ausgeführt von:: c:\users\Media\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Media\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\emytotqmdbpoboz
c:\programdata\emytotqmdbpoboz\btn-green.png
c:\programdata\emytotqmdbpoboz\corners-btn.png
c:\programdata\emytotqmdbpoboz\corners1.png
c:\programdata\emytotqmdbpoboz\corners2.png
c:\programdata\emytotqmdbpoboz\corners3.png
c:\programdata\emytotqmdbpoboz\corners4.png
c:\programdata\emytotqmdbpoboz\de-flag.png
c:\programdata\emytotqmdbpoboz\de-image.png
c:\programdata\emytotqmdbpoboz\ie6-7.css
c:\programdata\emytotqmdbpoboz\jquery.main.js
c:\programdata\emytotqmdbpoboz\main.html
c:\programdata\emytotqmdbpoboz\McAfee.png
c:\programdata\emytotqmdbpoboz\pays-de.png
c:\programdata\emytotqmdbpoboz\steps-de.png
c:\programdata\emytotqmdbpoboz\steps-en.png
c:\programdata\emytotqmdbpoboz\style.css
c:\programdata\emytotqmdbpoboz\tabs.png
c:\programdata\emytotqmdbpoboz\wait.html
c:\users\All Users\emytotqmdbpoboz\btn-green.png
c:\users\All Users\emytotqmdbpoboz\corners-btn.png
c:\users\All Users\emytotqmdbpoboz\corners1.png
c:\users\All Users\emytotqmdbpoboz\corners2.png
c:\users\All Users\emytotqmdbpoboz\corners3.png
c:\users\All Users\emytotqmdbpoboz\corners4.png
c:\users\All Users\emytotqmdbpoboz\de-flag.png
c:\users\All Users\emytotqmdbpoboz\de-image.png
c:\users\All Users\emytotqmdbpoboz\ie6-7.css
c:\users\All Users\emytotqmdbpoboz\jquery.main.js
c:\users\All Users\emytotqmdbpoboz\main.html
c:\users\All Users\emytotqmdbpoboz\McAfee.png
c:\users\All Users\emytotqmdbpoboz\pays-de.png
c:\users\All Users\emytotqmdbpoboz\steps-de.png
c:\users\All Users\emytotqmdbpoboz\steps-en.png
c:\users\All Users\emytotqmdbpoboz\style.css
c:\users\All Users\emytotqmdbpoboz\tabs.png
c:\users\All Users\emytotqmdbpoboz\wait.html
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-01 bis 2013-03-01  ))))))))))))))))))))))))))))))
.
.
2013-03-01 16:36 . 2013-03-01 16:36	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-01 11:18 . 2013-03-01 16:36	--------	d-----w-	c:\users\Media\AppData\Local\temp
2013-03-01 07:20 . 2013-03-01 07:20	--------	d-----w-	c:\programdata\Malwarebytes
2013-02-15 02:09 . 2013-03-01 07:31	--------	d-----w-	c:\users\Media\AppData\Roaming\Akegoh
2013-02-15 02:09 . 2013-02-15 02:15	--------	d-----w-	c:\users\Media\AppData\Roaming\Giko
2013-02-14 12:43 . 2013-01-04 01:38	2048512	----a-w-	c:\windows\system32\win32k.sys
2013-02-14 12:43 . 2012-11-08 03:48	1314816	----a-w-	c:\windows\system32\quartz.dll
2013-02-14 12:43 . 2013-01-04 11:28	905576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-14 12:43 . 2013-01-05 05:26	3550072	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-14 12:43 . 2013-01-05 05:26	3602808	----a-w-	c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 13:12 . 2013-01-02 06:31	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2013-01-02 06:31	293376	----a-w-	c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-02-28 08:35	121968	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02	120104	----a-w-	c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EADM"="c:\program files\Origin\Origin.exe" [2013-01-02 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-02-19 1833504]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-16 30192]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"AllShareAgent"="c:\program files\Samsung\AllShare\AllShareAgent.exe" [2011-12-16 284560]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-02-28 4767304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\Media\Desktop\mbar\mbar.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 0009681362134654mcinstcleanup;McAfee Application Installer Cleanup (0009681362134654);c:\users\Media\AppData\Local\Temp\000968~1.EXE [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMONFLT
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSNX
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWVMM
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService	REG_MULTI_SZ   	HsfXAudioService
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-01 14:15	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:40]
.
2013-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 16:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-03-01 17:36
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-03-01  17:37:42
ComboFix-quarantined-files.txt  2013-03-01 16:37
ComboFix2.txt  2013-03-01 11:18
.
Vor Suchlauf: 20 Verzeichnis(se), 186.545.750.016 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 185.787.752.448 Bytes frei
.
- - End Of File - - 00FEDE6170C7486719D6883E3D7FF9AD