Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Diverse Funde PUP.FunWebProducts

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.12.2011, 00:09   #1
ellacacau
 
Diverse Funde PUP.FunWebProducts - Standard

Diverse Funde PUP.FunWebProducts



Habe bei meinem Gatten auch scannen lassen:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8286

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

01.12.2011 22:28:19
mbam-log-2011-12-01 (22-27-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 316656
Laufzeit: 1 Stunde(n), 37 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 26

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\ResultBrowse (Adware.ResultBrowse) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ResultBrowse (Adware.ResultBrowse) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\programme\resultbrowse (Adware.ResultBrowse) -> No action taken.
c:\dokumente und einstellungen\all users\anwendungsdaten\resultbrowse (Adware.ResultBrowse) -> No action taken.

Infizierte Dateien:
c:\programme\windows live\messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
c:\programme\windows live\messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098642.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098651.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098653.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098654.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098656.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098657.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098658.SCR (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098659.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098660.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098661.EXE (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098662.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098663.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098664.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098665.EXE (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098648.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098666.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098669.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098673.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098674.EXE (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098675.DLL (Adware.MyWebSearch) -> No action taken.
c:\system volume information\_restore{53c4c432-4c83-4fab-abf0-92303ff6d88a}\RP509\A0098676.DLL (Adware.MyWebSearch) -> No action taken.
c:\WINDOWS\system32\f3PSSavr.scr (PUP.FunWebProducts) -> No action taken.
c:\dokumente und einstellungen\Hardy\anwendungsdaten\desktopicon\ebayshortcuts.exe (Adware.ADON) -> No action taken.
c:\programme\resultbrowse\uninstall.exe (Adware.ResultBrowse) -> No action taken.
         
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:01 on 02/12/2011 (Hardy)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Code:
ATTFilter
OTL Extras logfile created on: 02.12.2011 21:11:35 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Hardy\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,42 Mb Total Physical Memory | 574,41 Mb Available Physical Memory | 56,18% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,48% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 47,28 Gb Total Space | 14,74 Gb Free Space | 31,18% Space Free | Partition Type: NTFS
Drive D: | 34,15 Gb Total Space | 1,62 Gb Free Space | 4,73% Space Free | Partition Type: NTFS
Drive E: | 11,69 Gb Total Space | 3,61 Gb Free Space | 30,88% Space Free | Partition Type: FAT32
 
Computer Name: -FB399BACD9SCHM | User Name: Hardy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Programme\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5031:UDP" = 5031:UDP:LocalSubNet:Enabled:AVM TAPI Services for FRITZ!Box - UDP 5031
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Casino\bwin Casino\casino.exe" = C:\Casino\bwin Casino\casino.exe:*:Enabled:casino -- ()
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
"C:\3cd07c43f82e2a68124b353b15\mrtstub.exe" = C:\3cd07c43f82e2a68124b353b15\mrtstub.exe:*:Enabled:mrtstub.exe -- (Microsoft Corporation)
"C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe" = C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\Photoshop Album Starter Edition.exe:*:Enabled:Adobe Photoshop Album Starter Edition 3.0 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\AirPrint\airprint.exe" = C:\Programme\AirPrint\airprint.exe:*:Enabled:AirPrint For Windows -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022D2599-2316-4927-89F1-9188894CEB02}" = StarMoney
"{02EE107B-8D95-4949-8935-4DEBE8F08BE3}" = Bing Bar Platform
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2A4AF2C5-1920-4287-9950-A7BE42F5C0BA}" = AT Navigation Control
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = TIxx21
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6C89B82E-AD76-7715-43EA-C37E563E83BB}" = ATI Catalyst Install Manager
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96F51932-0944-4D62-945F-E6837E510462}" = AVM FRITZ!Box AddOn (IE)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B1A70A4D-549B-4C56-9C00-EF55A22E52B6}" = StarMoney
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.2.4
"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.7
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"bwin Casino" = bwin Casino
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"DivX Setup.divx.com" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"EasyPrediction" = EasyPrediction
"FinalMediaPlayer_is1" = Final Media Player 2010
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Audio Converter_is1" = Free Audio Converter version 2.3.815
"Free Studio_is1" = Free Studio version 4.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.815
"FRITZ!DSL" = AVM FRITZ!DSL
"HP OrderReminder" = HP OrderReminder
"HP-LaserJet 1018" = LaserJet 1018
"ie8" = Windows Internet Explorer 8
"InstallShield_{406A5ABF-CA65-4E11-95C7-52228FE48F58}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D)
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D)
"MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Message Faces for IE" = Message Faces für Internet Explorer (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"NeroMultiInstaller!UninstallKey" = Nero Suite
"nfsSky01 New Free Screensaver_is1" = NewFreeScreensaver nfsSky01
"Personal Backup 5_is1" = Personal Backup 5.1
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"SMSERIAL" = Motorola SM56 Data Fax Modem
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"VMidi" = vanBasco's Karaoke Player
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Consumer Input Software" = Consumer Input Software (remove only)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10049 
 
Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 09:18:04 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 09:26:09 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 09:26:09 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 09:26:10 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 09:26:10 | Computer Name = -FB399BACD9SCHM | Source = Bonjour Service | ID = 100
Description = SendWakeupPacket error: sent -1 bytes: 10004 
 
Error - 30.11.2011 10:27:20 | Computer Name = -FB399BACD9SCHM | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
 faulting module mshtml.dll, version 8.0.6001.19154, stamp 4e897384, debug? 0, fault
 address 0x000da5cc.
 
Error - 01.12.2011 18:04:52 | Computer Name = -FB399BACD9SCHM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 02.12.2011 15:53:59 | Computer Name = -FB399BACD9SCHM | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e,
 faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
 0x05d45ee0.
 
[ System Events ]
Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:36 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 01.12.2011 18:18:37 | Computer Name = -FB399BACD9SCHM | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 02.12.2011 15:49:48 | Computer Name = -FB399BACD9SCHM | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "upnphost"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {204810B9-73B2-11D4-BF42-00B0D0118B56}
 
 
< End of report >
         
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-02 23:44:07
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM100JC rev.YN100-19
Running: erc9tr2i.exe; Driver: C:\DOKUME~1\Hardy\LOKALE~1\Temp\ugpdrfog.sys


---- System - GMER 1.0.15 ----

SSDT            F7B851BC                                                                                                                                                                                                                                                                            ZwClose
SSDT            F7B85176                                                                                                                                                                                                                                                                            ZwCreateKey
SSDT            F7B851C6                                                                                                                                                                                                                                                                            ZwCreateSection
SSDT            F7B8516C                                                                                                                                                                                                                                                                            ZwCreateThread
SSDT            F7B8517B                                                                                                                                                                                                                                                                            ZwDeleteKey
SSDT            F7B85185                                                                                                                                                                                                                                                                            ZwDeleteValueKey
SSDT            F7B851B7                                                                                                                                                                                                                                                                            ZwDuplicateObject
SSDT            F7B8518A                                                                                                                                                                                                                                                                            ZwLoadKey
SSDT            F7B85158                                                                                                                                                                                                                                                                            ZwOpenProcess
SSDT            F7B8515D                                                                                                                                                                                                                                                                            ZwOpenThread
SSDT            F7B85194                                                                                                                                                                                                                                                                            ZwReplaceKey
SSDT            F7B8518F                                                                                                                                                                                                                                                                            ZwRestoreKey
SSDT            F7B851CB                                                                                                                                                                                                                                                                            ZwSetContextThread
SSDT            F7B85180                                                                                                                                                                                                                                                                            ZwSetValueKey
SSDT            F7B85167                                                                                                                                                                                                                                                                            ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\system32\DRIVERS\ati2mtag.sys                                                                                                                                                                                                                                            section is writeable [0xF63E6000, 0x1C5D38, 0xE8000020]
init            C:\WINDOWS\system32\drivers\tifm21.sys                                                                                                                                                                                                                                              entry point in "init" section [0xF6164F80]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                                                                                                                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                                                                                                                                                                             SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                                                                                                                                                                                            fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File            C:\Dokumente und Einstellungen\Hardy\Eigene Dateien\PersBackup\G\LwH\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\Karin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#macromedia.com\settings.sol.gz  102 bytes

---- EOF - GMER 1.0.15 ----
         

OTL siehe Anhang

Alt 12.12.2011, 11:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Funde PUP.FunWebProducts - Standard

Diverse Funde PUP.FunWebProducts



Zitat:
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________

__________________

Antwort

Themen zu Diverse Funde PUP.FunWebProducts
adobe, adware.adon, avira, converter, driver genius, druck, dsl, ebayshortcuts.exe, einstellungen, error, fehler, flash player, google, help, home, iexplore.exe, install.exe, launch, logfile, mp3, msimg32.dll, photoshop, pup.funwebproducts, realtek, registry, rundll, scan, security, server, software, studio, system, tcp, udp, windows internet




Ähnliche Themen: Diverse Funde PUP.FunWebProducts


  1. Fehlermeldung von Avira und diverse Funde von Adaware Cleaner
    Log-Analyse und Auswertung - 28.11.2014 (17)
  2. Diverse Funde mit MBAM
    Plagegeister aller Art und deren Bekämpfung - 15.10.2014 (5)
  3. Windows 7: diverse Probleme und viele Funde bei MWB Antimalware
    Log-Analyse und Auswertung - 06.03.2014 (15)
  4. Windows 7, PC langsam und diverse Funde durch Malwarebytes Antimalware
    Log-Analyse und Auswertung - 07.12.2013 (27)
  5. Win 7 64: Avira meldet diverse Funde, regelmäßige Floodings, geblockte Websiteaufrufe von "SYSTEM"
    Log-Analyse und Auswertung - 04.11.2013 (6)
  6. Win8 - eMail Anhang geöffnet [Fax von 04018138550] diverse Funde
    Log-Analyse und Auswertung - 30.10.2013 (15)
  7. Win 8 diverse Funde PUP (Babylon) Win32/installcore
    Log-Analyse und Auswertung - 17.09.2013 (1)
  8. Win 7 64bit: 2 Funde - Diverse Viren in Quarantäne
    Log-Analyse und Auswertung - 15.09.2013 (3)
  9. Diverse bedenkliche Funde von AntiVir
    Log-Analyse und Auswertung - 13.09.2012 (11)
  10. Windows XP - diverse Antivir Funde u.a. TR/EyeStye.N.490, TR/Hiloti.D.3194, TR/Dldr.Karagany.A.92
    Log-Analyse und Auswertung - 24.08.2011 (1)
  11. Diverse Funde, kritische Fehler - lohnt sich Reperatur?
    Plagegeister aller Art und deren Bekämpfung - 22.08.2011 (12)
  12. Weiterleitung bei Google und diverse andere Funde
    Log-Analyse und Auswertung - 15.07.2009 (7)
  13. Bitte anschauen. Habe diverse Funde gehabt.
    Log-Analyse und Auswertung - 28.01.2009 (0)
  14. FunWebProducts
    Log-Analyse und Auswertung - 21.03.2008 (0)
  15. Funwebproducts II
    Log-Analyse und Auswertung - 13.03.2008 (1)
  16. Funwebproducts
    Plagegeister aller Art und deren Bekämpfung - 11.03.2008 (0)
  17. FunWebProducts
    Log-Analyse und Auswertung - 30.09.2005 (2)

Zum Thema Diverse Funde PUP.FunWebProducts - Habe bei meinem Gatten auch scannen lassen: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8286 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 01.12.2011 22:28:19 mbam-log-2011-12-01 - Diverse Funde PUP.FunWebProducts...
Archiv
Du betrachtest: Diverse Funde PUP.FunWebProducts auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.