|
Log-Analyse und Auswertung: Diverse Funde PUP.FunWebProductsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.12.2011, 00:09 | #1 |
| Diverse Funde PUP.FunWebProducts Habe bei meinem Gatten auch scannen lassen: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8286 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01.12.2011 22:28:19 mbam-log-2011-12-01 (22-27-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 316656 Laufzeit: 1 Stunde(n), 37 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 2 Infizierte Dateien: 26 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\ResultBrowse (Adware.ResultBrowse) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBrowse (Adware.ResultBrowse) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: c:\programme\resultbrowse (Adware.ResultBrowse) -> No action taken. c:\dokumente und einstellungen\all users\anwendungsdaten\resultbrowse (Adware.ResultBrowse) -> No action taken. Infizierte Dateien: c:\programme\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken. c:\programme\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098642.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098651.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098653.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098654.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098656.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098657.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098658.SCR (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098659.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098660.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098661.EXE (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098662.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098663.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098664.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098665.EXE (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098648.DLL (PUP.FunWebProducts) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098666.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098669.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098673.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098674.EXE (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098675.DLL (Adware.MyWebSearch) -> No action taken. c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098676.DLL (Adware.MyWebSearch) -> No action taken. c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken. c:\dokumente und einstellungen\Hardy\anwendungsdaten\desktopicon\ebayshortcuts.exe (Adware.ADON) -> No action taken. c:\programme\resultbrowse\uninstall.exe (Adware.ResultBrowse) -> No action taken. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:01 on 02/12/2011 (Hardy) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL Extras logfile created on: 02.12.2011 21:11:35 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Hardy\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1022,42 Mb Total Physical Memory | 574,41 Mb Available Physical Memory | 56,18% Memory free 2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,48% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 47,28 Gb Total Space | 14,74 Gb Free Space | 31,18% Space Free | Partition Type: NTFS Drive D: | 34,15 Gb Total Space | 1,62 Gb Free Space | 4,73% Space Free | Partition Type: NTFS Drive E: | 11,69 Gb Total Space | 3,61 Gb Free Space | 30,88% Space Free | Partition Type: FAT32 Computer Name: -FB399BACD9SCHM | User Name: Hardy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "5031:UDP" = 5031:UDP:LocalSubNet:Enabled:AVM TAPI Services for FRITZ!Box - UDP 5031 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Casino\bwin Casino\casino.exe" = C:\Casino\bwin Casino\casino.exe:*:Enabled:casino -- () "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin) "C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation) "C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software) "C:\3cd07c43f82e2a68124b353b15\mrtstub.exe" = C:\3cd07c43f82e2a68124b353b15\mrtstub.exe:*:Enabled:mrtstub.exe -- (Microsoft Corporation) "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe" = C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe:*:Enabled:Adobe Photoshop Album Starter Edition 3.0 -- (Adobe Systems Incorporated) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\AirPrint\airprint.exe" = C:\Programme\AirPrint\airprint.exe:*:Enabled:AirPrint For Windows -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney "{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform "{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard "{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese "{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29 "{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish "{2A4AF2C5-1920-4287-9950-A7BE42F5C0BA}" = AT Navigation Control "{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English "{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins "{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French "{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software "{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator "{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = TIxx21 "{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian "{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0 "{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari "{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek "{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall "{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New "{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6 "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian "{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish "{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney "{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All "{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.2.4 "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities "{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.7 "{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static "{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light "{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel "{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "bwin Casino" = bwin Casino "cayahooantispy" = CA Yahoo! Anti-Spy (remove only) "DivX Setup.divx.com" = DivX-Setup "Driver Genius Professional Edition_is1" = Driver Genius Professional Edition "EasyPrediction" = EasyPrediction "FinalMediaPlayer_is1" = Final Media Player 2010 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Audio Converter_is1" = Free Audio Converter version 2.3.815 "Free Studio_is1" = Free Studio version 4.3 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815 "FRITZ!DSL" = AVM FRITZ!DSL "HP OrderReminder" = HP OrderReminder "HP-LaserJet 1018" = LaserJet 1018 "ie8" = Windows Internet Explorer 8 "InstallShield_{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = Texas Instruments PCIxx21/x515 drivers. "IrfanView" = IrfanView (remove only) "LetsTrade" = LetsTrade Komponenten "Macromedia Shockwave Player" = Macromedia Shockwave Player "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D) "MAGIX Fotobuch" = MAGIX Fotobuch 3.6 "MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Message Faces for IE" = Message Faces für Internet Explorer (remove only) "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE "NeroMultiInstaller!UninstallKey" = Nero Suite "nfsSky01 New Free Screensaver_is1" = NewFreeScreensaver nfsSky01 "Personal Backup 5_is1" = Personal Backup 5.1 "Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator "RealPlayer 6.0" = RealPlayer "Shockwave" = Shockwave "SMSERIAL" = Motorola SM56 Data Fax Modem "StreetPlugin" = Learn2 Player (Uninstall Only) "SynTPDeinstKey" = Synaptics Pointing Device Driver "TuneUp Utilities" = TuneUp Utilities "Uninstall_is1" = Uninstall 1.0.0.1 "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 1.1.7 "VMidi" = vanBasco's Karaoke Player "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "X10Hardware" = X10 Hardware(TM) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Consumer Input Software" = Consumer Input Software (remove only) ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10049 Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 09:26:09 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 09:26:09 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 09:26:10 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 09:26:10 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100 Description = SendWakeupPacket error: sent -1 bytes: 10004 Error - 30.11.2011 10:27:20 | Computer Name = -FB399BACD9SCHM | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module mshtml.dll, version 8.0.6001.19154, stamp 4e897384, debug? 0, fault address 0x000da5cc. Error - 01.12.2011 18:04:52 | Computer Name = -FB399BACD9SCHM | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 02.12.2011 15:53:59 | Computer Name = -FB399BACD9SCHM | Source = .NET Runtime 2.0 Error Reporting | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address 0x05d45ee0. [ System Events ] Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet: %%126 Error - 02.12.2011 15:49:48 | Computer Name = -FB399BACD9SCHM | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {204810B9-73B2-11D4-BF42-00B0D0118B56} < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-12-02 23:44:07 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM100JC rev.YN100-19 Running: erc9tr2i.exe; Driver: C:\DOKUME~1\Hardy\LOKALE~1\Temp\ugpdrfog.sys ---- System - GMER 1.0.15 ---- SSDT F7B851BC ZwClose SSDT F7B85176 ZwCreateKey SSDT F7B851C6 ZwCreateSection SSDT F7B8516C ZwCreateThread SSDT F7B8517B ZwDeleteKey SSDT F7B85185 ZwDeleteValueKey SSDT F7B851B7 ZwDuplicateObject SSDT F7B8518A ZwLoadKey SSDT F7B85158 ZwOpenProcess SSDT F7B8515D ZwOpenThread SSDT F7B85194 ZwReplaceKey SSDT F7B8518F ZwRestoreKey SSDT F7B851CB ZwSetContextThread SSDT F7B85180 ZwSetValueKey SSDT F7B85167 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF63E6000, 0x1C5D38, 0xE8000020] init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF6164F80] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\Hardy\Eigene Dateien\PersBackup\G\LwH\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Karin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol.gz 102 bytes ---- EOF - GMER 1.0.15 ---- OTL siehe Anhang |
12.12.2011, 11:55 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Diverse Funde PUP.FunWebProductsZitat:
__________________ |
Themen zu Diverse Funde PUP.FunWebProducts |
adobe, adware.adon, avira, converter, driver genius, druck, dsl, ebayshortcuts.exe, einstellungen, error, fehler, flash player, google, help, home, iexplore.exe, install.exe, launch, logfile, mp3, msimg32.dll, photoshop, pup.funwebproducts, realtek, registry, rundll, scan, security, server, software, studio, system, tcp, udp, windows internet |