Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner

rob_bond · 06.05.2011, 18:30

Hi!

Hier die Combofix Log:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-05-05.04 - HelMut 2009 06.05.2011  19:19:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3197.2338 [GMT 2:00]
ausgeführt von:: c:\users\HelMut 2009\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
C:\readme.txt
c:\windows\system32\AVSredirect.dll
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert 
Kopie von - Kitty had a snack :p wurde wiederhergestellt 
.
(((((((((((((((((((((((   Dateien erstellt von 2011-04-06 bis 2011-05-06  ))))))))))))))))))))))))))))))
.
.
2011-05-06 17:25 . 2011-05-06 17:25	--------	d-----w-	c:\users\HelMut 2009\AppData\Local\temp
2011-05-06 14:30 . 2011-05-06 14:30	--------	d-----w-	c:\program files\ERUNT
2011-05-05 15:33 . 2011-05-05 15:33	--------	d-----w-	c:\users\HelMut 2009\AppData\Roaming\SUPERAntiSpyware.com
2011-05-05 15:33 . 2011-05-05 15:33	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2011-05-05 15:33 . 2011-05-05 15:33	--------	d-----w-	c:\program files\SUPERAntiSpyware
2011-05-03 12:53 . 2011-04-18 07:15	7071056	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA4FA20C-76AD-40DF-AB6B-B9FAEBEFB818}\mpengine.dll
2011-05-02 18:44 . 2011-05-02 18:44	388096	----a-r-	c:\users\HelMut 2009\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-02 18:44 . 2011-05-02 18:44	--------	d-----w-	c:\program files\HiJack
2011-05-02 18:20 . 2011-05-02 18:20	98392	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-05-02 18:13 . 2011-05-02 18:13	--------	d-----w-	c:\program files\Lavasoft
2011-05-02 18:13 . 2011-05-02 19:07	--------	d-----w-	c:\programdata\Lavasoft
2011-05-02 18:10 . 2010-12-20 16:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-02 18:10 . 2011-05-02 18:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-05-02 16:02 . 2011-05-02 16:02	--------	d-----w-	c:\users\HelMut 2009\AppData\Local\ESET
2011-05-02 15:10 . 2011-05-02 15:10	98816	----a-w-	c:\windows\system32\mfps.dll
2011-05-02 14:36 . 2011-05-02 14:43	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-05-02 14:36 . 2011-05-02 14:38	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-05-02 14:23 . 2011-05-02 14:23	--------	d-----w-	c:\program files\ESET
2011-05-02 13:42 . 2011-04-14 16:40	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-02 13:42 . 2011-04-14 16:40	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-02 13:42 . 2011-04-14 16:40	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-02 13:42 . 2011-04-14 16:40	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-02 13:42 . 2011-04-14 16:40	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-02 13:42 . 2011-04-14 16:40	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-02 13:42 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-02 13:42 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-01 16:44 . 2011-05-01 16:44	--------	d-----w-	c:\users\HelMut 2009\AppData\Roaming\5015
2011-05-01 16:44 . 2011-05-01 16:44	112	----a-w-	c:\users\HelMut 2009\AppData\Roaming\srvblck2.tmp
2011-05-01 16:44 . 2011-05-01 16:44	--------	d-----w-	c:\users\HelMut 2009\AppData\Roaming\xmldm
2011-05-01 16:43 . 2011-05-01 16:43	--------	d-----w-	c:\users\HelMut 2009\AppData\Roaming\kock
2011-05-01 14:22 . 2011-05-01 14:24	--------	d-----w-	c:\program files\Wise Registry Cleaner
2011-05-01 14:14 . 2011-05-01 14:18	--------	d-----w-	c:\program files\RegCleaner
2011-05-01 14:00 . 2011-05-01 14:00	--------	d-----w-	c:\users\HelMut 2009\AppData\Local\PackageAware
2011-04-24 00:26 . 2011-04-24 00:26	--------	d-----w-	c:\users\HelMut 2009\AppData\Roaming\Malwarebytes
2011-04-24 00:26 . 2011-04-24 00:26	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-18 14:10 . 2011-05-01 18:08	--------	d-----w-	c:\program files\Microsoft Works
2011-04-18 14:03 . 2011-04-18 14:04	--------	d-----w-	c:\program files\Microsoft Visual Studio 8
2011-04-18 14:01 . 2011-04-18 14:01	--------	d-----r-	C:\MSOCache
2011-04-18 13:42 . 2011-04-18 13:42	--------	d-----w-	c:\users\HelMut 2009\AppData\Local\Seven Zip
2011-04-15 14:57 . 2011-03-03 13:25	2041856	----a-w-	c:\windows\system32\win32k.sys
2011-04-15 14:57 . 2011-03-03 15:42	739328	----a-w-	c:\windows\system32\inetcomm.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:40 . 2011-05-02 13:42	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2011-03-18 . 179AF7B52C59EED5635F69870D9E75E0 . 247808 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
[7] 2009-07-10 . 1E3FDB80E40A3CE645F229DFBDFB7694 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_cce0e39c1d282219\shsvcs.dll
[7] 2009-07-10 . 94285A002D2826D2FD1C0806455136E9 . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_caf6a3ce20052bcc\shsvcs.dll
[7] 2009-07-10 . 6898575E052CE7CB1CB87622EF187CDA . 245760 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_cb7e18273924cc2a\shsvcs.dll
[7] 2009-07-10 . 6669714ACE90E9BB4E8C1D550C67B160 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_cd80222536358728\shsvcs.dll
[7] 2009-07-10 . F0942394F642F5CE3D9A86474FA293FA . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_cf6894a1335a0efa\shsvcs.dll
[7] 2009-07-10 . C7230FBEE14437716701C15BE02C27B8 . 247808 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_ced8f61a1a41d726\shsvcs.dll
[7] 2009-04-11 . C818C44C201898399BF999BB6B35D4E3 . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_cf1bd6361a0f622e\shsvcs.dll
[7] 2008-01-21 . 27F10F348E508243F6254846F8370D0D . 247296 . . [6.0.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_cd305d2a1ced96e2\shsvcs.dll
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\HelMut 2009\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\HelMut 2009\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19	94208	----a-w-	c:\users\HelMut 2009\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-08 6273568]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-04-07 2145000]
.
c:\users\HelMut 2009\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 23:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-16 07:43	274432	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M-Audio Taskbar Icon]
2009-10-02 11:53	643592	----a-w-	c:\windows\System32\M-AudioTaskBarIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2010-07-20 15:21	323280	----a-w-	c:\program files\Napster\napster.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18	413696	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-03-14 12:01	71216	----a-w-	c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44	248552	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2086721481-1816665269-1032341940-1003]
"EnableNotificationsRef"=dword:00000002
.
R2 BulkUsb;USB MIDI Driver;c:\windows\system32\Drivers\BULKUSB.sys [2003-03-31 167580]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 VMC302;Vimicro Camera Service VMC302;c:\windows\system32\Drivers\VMC302.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
S1 PStrip;PStrip;c:\windows\system32\drivers\pstrip.sys [2007-07-15 27992]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-04-07 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-04-07 96896]
S2 KMDFMEMIO;SAMSUNG Kernel Driver;c:\windows\system32\DRIVERS\kmdfmemio.sys [2008-09-01 13312]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2008-05-28 22072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 13:04	8192	----a-w-	c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.bing.com/?cc=de
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: Free YouTube Download - c:\users\HelMut 2009\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\HelMut 2009\AppData\Roaming\Mozilla\Firefox\Profiles\j9a1qkgp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-NeroCheck - c:\windows\system32\NeroCheck.exe
AddRemove-Free Audio Converter_is1 - c:\program files\DVDVideoSoft\Free Audio Converter\unins000.exe
AddRemove-Free CD to MP3 Converter - c:\progra~1\CDTOMP~1\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-06 19:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-06  19:27:12
ComboFix-quarantined-files.txt  2011-05-06 17:26
.
Vor Suchlauf: 9.305.739.264 Bytes frei
Nach Suchlauf: 9.120.591.872 Bytes frei
.
- - End Of File - - 0BC2CA1E18278249CCACD8D6EC4780F6

--- --- ---

Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner

Log-Analyse und Auswertung: Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner

Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner

Ähnliche Themen: Werbung hörbar, ohne Bild oder Prozess!/ NOD32 meldet: JS/Kryptik.AI Trojaner