| |
| |||||||
Log-Analyse und Auswertung: PUP.Spyware.MarketScoreWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.08.2012, 11:39
| #5 |
| |  PUP.Spyware.MarketScore Hallo kira, zu 1.) Proxyserver notwendig, aber nicht lokal. zu 2.) Habe gar keinen Firefox installiert!? zu 3.) Beides deinstalliert! zu 4.) Alles nach Anleitung mit OTL gefixt: Nachstehend die Logdatei: Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17897CEE-7FEB-46A9-905E-958B96EE6630}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17897CEE-7FEB-46A9-905E-958B96EE6630}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{405A4F3F-B553-45C7-84A9-6E114EEB15C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{405A4F3F-B553-45C7-84A9-6E114EEB15C1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFE781A4-126B-476F-A835-F5184BD0C830}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFE781A4-126B-476F-A835-F5184BD0C830}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EBDF18D9-C7F7-4D9B-B74F-C47D7349AEA5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBDF18D9-C7F7-4D9B-B74F-C47D7349AEA5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dda6e291-2a54-11e0-a1e8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dda6e291-2a54-11e0-a1e8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dda6e291-2a54-11e0-a1e8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dda6e291-2a54-11e0-a1e8-806e6f6e6963}\ not found.
File move failed. D:\software/cdstart.exe scheduled to be moved on reboot.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
ADS C:\ProgramData\TEMP:50C78B39 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\schmidt.h\Desktop\cmd.bat deleted successfully.
C:\Users\schmidt.h\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: administrator
->Temp folder emptied: 4674545 bytes
->Temporary Internet Files folder emptied: 29464443 bytes
->Flash cache emptied: 456 bytes
User: ADMINI~1~PUN
User: All Users
User: CURRENT_USER
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: GBV
->Temp folder emptied: 50175 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Public
User: schmidt.h
->Temp folder emptied: 182180728 bytes
->Temporary Internet Files folder emptied: 536370745 bytes
->Java cache emptied: 52749482 bytes
->FireFox cache emptied: 3225335 bytes
->Flash cache emptied: 25990 bytes
User: SCHMIDT~H
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 320589584 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 2571425126 bytes
Total Files Cleaned = 3.529,00 mb
OTL by OldTimer - Version 3.2.55.0 log created on 08022012_103730
Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.
File move failed. D:\software/cdstart.exe scheduled to be moved on reboot.
C:\Users\schmidt.h\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\schmidt.h\AppData\Local\Temp\~DF5127F0150887AEC5.TMP moved successfully.
C:\Users\schmidt.h\AppData\Local\Temp\~DF6E676118C7F2362F.TMP moved successfully.
C:\Users\schmidt.h\AppData\Local\Temp\~DF8B99ED5AD628E11F.TMP moved successfully.
C:\Users\schmidt.h\AppData\Local\Temp\~DFA0C127562C203E7B.TMP moved successfully.
C:\Users\schmidt.h\AppData\Local\Temp\~DFC1E017B42D477795.TMP moved successfully.
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.
PendingFileRenameOperations files...
[2006.10.09 12:36:26 | 000,000,054 | R--- | M] () D:\autorun.inf : MD5=EE58553F4E68CD394242F90AFCC9030B
[2009.03.31 09:34:10 | 002,500,024 | R--- | M] () D:\software/cdstart.exe : MD5=120AFFE3645FDC448664F93D264BE159
File C:\Users\schmidt.h\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\schmidt.h\AppData\Local\Temp\~DF5127F0150887AEC5.TMP not found!
File C:\Users\schmidt.h\AppData\Local\Temp\~DF6E676118C7F2362F.TMP not found!
File C:\Users\schmidt.h\AppData\Local\Temp\~DF8B99ED5AD628E11F.TMP not found!
File C:\Users\schmidt.h\AppData\Local\Temp\~DFA0C127562C203E7B.TMP not found!
File C:\Users\schmidt.h\AppData\Local\Temp\~DFC1E017B42D477795.TMP not found!
[2012.08.02 10:39:46 | 000,274,432 | ---- | M] () C:\Windows\temp\asat0000.tmp : Unable to obtain MD5
[2012.08.02 10:39:43 | 008,405,015 | ---- | M] () C:\Windows\temp\TmpFile1 : Unable to obtain MD5
Registry entries deleted on Reboot...
zu 6.) Adobe Reader: Kein Update verfügbar v.9.5.1. zu 7.) OpenOffice deinstalliert! zu 8.) Danke für die tollen Tipps! ;-) zu 9.) CCleaner: Alles gecleant und Registry-Fehler behoben! zu 10.) Autorun abgeschaltet! zu 11.) Systemcheck mit "ESET Online Scanner" erfolgreich durchgeführt: no threats found. Vielen Dank für die tolle Hilfe. Gruß metalhenni. |
| Themen zu PUP.Spyware.MarketScore |
| aktion, anti-malware, autostart, befallen, bösartige, dateien, ergebnisse, explorer, files, forum, gefährlich, komplette, malware, minute, pup.spyware.marketscore, quarantäne, registrierung, relevantknowledge, richtig, schädling, service, speicher, test, version, verzeichnisse, wissen |
Baum-Darstellung