EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

DukeYGO · 04.03.2013, 20:54

Ich bedanke mich schon mal im vorhinein bei dir, Unbekannter.
Du opferst Zeit ohne das du etwas dafür bekommt, danke dir.

Hier ist der Combofix Log:

Code:

ATTFilter

ComboFix 13-03-04.01 - xxx04.03.2013  20:38:04.1.4 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3061.2087 [GMT 1:00]
ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-02-04 bis 2013-03-04  ))))))))))))))))))))))))))))))
.
.
2013-03-04 19:43 . 2013-03-04 19:43	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-03-04 14:00 . 2013-03-04 14:00	103680	----a-w-	C:\uwldrkob.sys
2013-03-04 13:30 . 2013-03-04 13:30	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-04 03:51 . 2013-03-04 03:51	--------	d-----w-	c:\windows\system32\SPReview
2013-03-04 03:49 . 2013-03-04 03:49	--------	d-----w-	c:\windows\system32\EventProviders
2013-03-03 20:19 . 2013-03-03 20:19	--------	d-----w-	c:\windows\37B03AA0B1254649900CF26E1081F163.TMP
2013-03-03 20:18 . 2013-03-03 20:18	--------	d-----w-	c:\program files\Common Files\Skype
2013-02-28 10:39 . 2012-10-11 03:08	34432	----a-w-	c:\windows\system32\drivers\mcvidrv.sys
2013-02-28 10:39 . 2013-03-03 20:12	--------	d-----w-	c:\program files\ManyCam
2013-02-26 22:04 . 2013-02-26 22:04	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-02-20 17:53 . 2013-03-03 20:18	--------	d-----r-	c:\program files\Skype
2013-02-13 12:38 . 2013-01-04 03:00	2347008	----a-w-	c:\windows\system32\win32k.sys
2013-02-13 12:38 . 2013-01-05 05:00	3967848	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:38 . 2013-01-05 05:00	3913064	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-02-13 12:38 . 2013-01-03 05:05	1293672	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:38 . 2013-01-03 05:04	187752	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 12:38 . 2012-08-22 17:16	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2013-02-13 12:38 . 2012-12-26 04:49	760320	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:38 . 2013-01-04 04:50	169984	----a-w-	c:\windows\system32\winsrv.dll
2013-02-04 06:18 . 2013-02-04 06:18	--------	d-----w-	c:\program files\Common Files\Adobe
2013-02-04 06:16 . 2013-03-03 20:24	--------	d-----w-	c:\program files\Mozilla Maintenance Service
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-04 04:06 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2013-02-26 22:04 . 2012-12-14 18:45	861088	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-02-26 22:04 . 2010-08-24 11:43	782240	----a-w-	c:\windows\system32\deployJava1.dll
2013-02-26 20:58 . 2013-01-23 16:42	71024	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-26 20:58 . 2013-01-23 16:42	691568	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-31 09:50 . 2013-01-31 09:50	22656	----a-w-	c:\windows\system32\drivers\mcaudrv.sys
2012-12-16 14:13 . 2013-01-01 19:06	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2013-01-01 19:06	34304	----a-w-	c:\windows\system32\atmlib.dll
2013-02-27 05:09 . 2013-03-03 20:16	263064	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-12-20 1521952]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-07 17707624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-18 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-22 8120864]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2009-12-22 678432]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-12-10 1594664]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-12 385248]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-12-20 1574176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean.exe
.
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 TrdCap;CTX's capture service;c:\windows\system32\DRIVERS\TrdCap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-25 05:56	1629648	----a-w-	c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-23 20:58]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-23 17:48]
.
2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-23 17:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.aldi.com
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\vivet5t1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://www.mozilla.org/de/plugincheck/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-03-04  20:46:01
ComboFix-quarantined-files.txt  2013-03-04 19:46
.
Vor Suchlauf: 5 Verzeichnis(se), 565.370.150.912 Bytes frei
Nach Suchlauf: 8 Verzeichnis(se), 565.192.138.752 Bytes frei
.
- - End Of File - - 04F8C8D9EC951FAAE24AFA6F19370E40

EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)

Ähnliche Themen: EXP/CVE-2013-0422, EXP/CVE-2013-0422, JAVA/Lamar.RR.2 (von Antivir gefunden)