Trojaner-Board - Java-Virus JAVA/Agent.LB und Exploits EXP/CVE-2008-5353.AG Windows 7

So,
hier der LOG von Combofix, diesmal im Code-Tag :-)
Code:
ComboFix 12-01-02.01 - Admin 02.01.2012  16:28:39.1.2 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4061.2645 [GMT 1:00]

ausgeführt von:: c:\users\Daniel\Downloads\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\AMMYY

c:\programdata\AMMYY\contacts3.bin

c:\programdata\AMMYY\hr

c:\programdata\AMMYY\hr3

c:\programdata\AMMYY\settings.bin

c:\programdata\AMMYY\settings3.bin

c:\users\Daniel\AppData\Local\assembly\tmp

c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-12-02 bis 2012-01-02  ))))))))))))))))))))))))))))))

.

.

2012-01-02 15:35 . 2012-01-02 15:35        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-01-02 14:21 . 2012-01-02 14:21        --------        d-----w-        C:\TDSSKiller_Quarantine

2012-01-01 16:10 . 2012-01-01 16:10        --------        d-----r-        C:\Sandbox

2012-01-01 16:09 . 2012-01-01 16:09        --------        d-----w-        c:\program files\Sandboxie

2012-01-01 12:07 . 2012-01-01 12:07        --------        d-----w-        c:\program files (x86)\ESET

2011-12-31 08:55 . 2011-12-31 08:54        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll

2011-12-31 08:55 . 2011-12-31 08:54        660368        ----a-w-        c:\windows\system32\deployJava1.dll

2011-12-31 08:54 . 2011-12-31 08:54        --------        d-----w-        c:\program files\Java

2011-12-31 08:49 . 2011-12-31 08:49        --------        d-----w-        c:\program files (x86)\FileHippo.com

2011-12-30 17:47 . 2011-12-30 17:47        --------        d-----w-        c:\program files\CCleaner

2011-12-30 17:22 . 2011-12-30 17:22        69000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DC1881B-221A-49F2-9C81-D2201A3D745F}\offreg.dll

2011-12-30 17:01 . 2011-12-30 17:01        --------        d-----w-        c:\program files (x86)\Common Files\Java

2011-12-30 16:55 . 2011-12-30 17:47        --------        d-----w-        c:\users\Admin

2011-12-30 09:38 . 2011-11-21 11:40        8822856        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9DC1881B-221A-49F2-9C81-D2201A3D745F}\mpengine.dll

2011-12-30 08:09 . 2011-12-30 08:09        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Avira

2011-12-30 08:08 . 2011-12-15 14:14        27760        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-12-30 08:08 . 2011-12-15 14:14        97312        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-12-30 08:08 . 2011-12-15 14:14        139512        ----a-w-        c:\windows\system32\drivers\avfwot.sys

2011-12-30 08:08 . 2011-12-15 14:14        130760        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-12-30 08:08 . 2011-12-15 14:14        113768        ----a-w-        c:\windows\system32\drivers\avfwim.sys

2011-12-30 08:07 . 2011-12-30 08:08        --------        d-----w-        c:\programdata\Avira

2011-12-30 08:07 . 2011-12-30 08:07        --------        d-----w-        c:\program files (x86)\Avira

2011-12-29 17:33 . 2011-12-29 17:33        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Malwarebytes

2011-12-29 17:33 . 2011-12-29 17:33        --------        d-----w-        c:\programdata\Malwarebytes

2011-12-29 17:33 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-12-29 17:33 . 2011-12-29 17:33        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2011-12-21 08:23 . 2011-12-29 13:40        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll

2011-12-21 08:23 . 2011-12-21 08:23        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll

2011-12-21 08:23 . 2011-12-21 08:23        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll

2011-12-21 08:23 . 2011-12-21 08:23        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll

2011-12-16 09:06 . 2011-12-16 09:06        --------        d-----w-        c:\users\Daniel\AppData\Roaming\Canneverbe Limited

2011-12-16 09:06 . 2011-12-16 09:06        --------        d-----w-        c:\programdata\Canneverbe Limited

2011-12-16 09:04 . 2011-12-16 09:04        --------        d-----w-        c:\program files (x86)\CDBurnerXP

2011-12-14 07:53 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll

2011-12-14 07:53 . 2011-11-24 04:52        3145216        ----a-w-        c:\windows\system32\win32k.sys

2011-12-14 07:53 . 2011-10-15 06:31        723456        ----a-w-        c:\windows\system32\EncDec.dll

2011-12-14 07:53 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\SysWow64\EncDec.dll

2011-12-14 07:53 . 2011-11-05 05:32        2048        ----a-w-        c:\windows\system32\tzres.dll

2011-12-14 07:53 . 2011-11-05 04:26        2048        ----a-w-        c:\windows\SysWow64\tzres.dll

2011-12-14 00:19 . 2011-12-14 00:19        4448256        ----a-w-        c:\windows\SysWow64\GPhotos.scr

2011-12-13 18:54 . 2007-04-16 04:00        82944        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPP93.DLL

2011-12-13 18:54 . 2007-04-16 04:00        27648        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\CNMPD93.DLL

2011-12-13 18:53 . 2007-04-16 04:00        258560        ----a-w-        c:\windows\system32\CNMLM93.DLL

2011-12-11 09:40 . 2011-12-11 09:40        --------        d-----w-        c:\users\Daniel\AppData\Roaming\fm.bandit.desktop

2011-12-11 08:45 . 2011-12-11 08:48        --------        d-----w-        c:\users\Daniel\.jenny

2011-12-09 12:50 . 2011-12-09 12:50        --------        d-----w-        c:\programdata\DesktopIcons

2011-12-09 12:50 . 2011-12-09 12:50        --------        d-----w-        c:\users\Daniel\AppData\Roaming\1&1 Mail & Media GmbH

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-31 08:52 . 2011-07-06 06:13        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-10 04:54 . 2011-07-06 06:44        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2011-10-21 07:44 . 2011-10-21 07:44        353576        ----a-w-        c:\windows\SysWow64\msvcr71.dll

2011-10-21 07:44 . 2011-10-21 07:44        29480        ----a-w-        c:\windows\SysWow64\msxml3a.dll

2011-10-21 07:44 . 2011-10-21 07:44        505128        ----a-w-        c:\windows\SysWow64\msvcp71.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]

"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]

R3 GPU-Z;GPU-Z;c:\users\Daniel\AppData\Local\Temp\GPU-Z.sys [x]

R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RTCore64;RTCore64;c:\users\Daniel\Utilities\rmclock\RTCore64.sys [2005-05-25 7168]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]

S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/10/21 09:46];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 146928]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-12-15 342480]

S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]

S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-05 13336]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [x]

S3 k57nd60a;Broadcom NetLink (TM)-Gigabit-Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-24 652872]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 11288450

*NewlyCreated* - SBIEDRV

*Deregistered* - 11288450

.

Inhalt des "geplante Tasks" Ordners

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001Core.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 10:25]

.

2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1772254191-2409900527-3987732256-1001UA.job

- c:\users\Daniel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-28 10:25]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Zusätzlicher Suchlauf -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - 

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]

"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-01-02  16:38:15

ComboFix-quarantined-files.txt  2012-01-02 15:38

.

Vor Suchlauf: 12 Verzeichnis(se), 397.268.537.344 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 400.668.676.096 Bytes frei

.

- - End Of File - - E4E8A7D830A70F5E14785985D9E13874