Malewarebytes findet pup.blabbers

tankred · 22.10.2012, 18:23

So, hier das Log von Combofix:

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-10-22.01 - Jan 22.10.2012  19:09:31.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.2322 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SecureW2
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nvsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-22 bis 2012-10-22  ))))))))))))))))))))))))))))))
.
.
2012-10-21 10:53 . 2012-10-21 10:53	--------	d-----w-	C:\_OTL
2012-10-19 17:57 . 2012-09-24 21:16	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-10-17 18:26 . 2012-10-17 18:26	--------	d-----w-	c:\program files\ESET
2012-10-15 18:08 . 2012-10-15 18:08	--------	d-----w-	c:\users\Jan\AppData\Roaming\Malwarebytes
2012-10-15 18:08 . 2012-10-15 18:08	--------	d-----w-	c:\programdata\Malwarebytes
2012-10-15 18:08 . 2012-10-15 18:08	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-10-15 18:08 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-10-10 16:46 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 16:46 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-09-26 23:56 . 2012-09-26 23:56	--------	d-----w-	c:\users\Jan\.thumbnails
2012-09-26 16:00 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 09:21 . 2012-06-04 13:52	696760	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-10-09 09:21 . 2012-06-04 13:52	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-14 09:26 . 2012-08-21 18:43	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-09-14 09:26 . 2012-08-21 18:43	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-08-24 06:59 . 2012-09-22 07:44	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 07:44	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 07:44	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 07:44	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 07:44	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 07:44	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-13 21:50	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-13 21:50	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-13 21:50	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-13 21:50	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-13 21:50	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-10-14 11:53 . 2012-10-14 11:53	261600	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"Ocs_SM"="c:\users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizer.exe" [2012-08-18 106496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect]
2008-07-04 10:52	2072576	----a-w-	c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-10-03 09:40	13826664	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2010-04-28 09:31	307768	------w-	c:\program files\CONEXANT\SAII\SAIICpl.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AAV UpdateService;AAV UpdateService;c:\program files\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe [x]
S2 SearchAnonymizer;SearchAnonymizer;c:\users\Jan\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 09:21]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-22 11:55]
.
2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-22 11:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: Alles mit FDM herunterladen - file://c:\program files\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\program files\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\program files\Free Download Manager\dllink.htm
IE: Videos mit FDM herunterladen - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\yvl9e47t.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Lenovo EasyCamera - c:\windows\system32\RemoveSM37X.exe USB\VID_090c&PID_3712&MI_00 USB\VID_090c&PID_3713&MI_00 USB\VID_090c&PID_3714&MI_00 USB\VID_090c&PID_3715&MI_00 USB\VID_090c&PID_3716&MI_00 USB\VID_090c&PID_7371&MI_00 USB\VID_090c&PID_37A9&MI_00
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Conexant\SAII\SmartAudio.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-22  19:19:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-22 17:19
.
Vor Suchlauf: 12 Verzeichnis(se), 190.671.011.840 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 190.329.184.256 Bytes frei
.
- - End Of File - - B8EF2D43D4B6952CA0F06C24F7CF4251

--- --- ---

Malewarebytes findet pup.blabbers

Plagegeister aller Art und deren Bekämpfung: Malewarebytes findet pup.blabbers

Malewarebytes findet pup.blabbers

Ähnliche Themen: Malewarebytes findet pup.blabbers