| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: "Mediashifting.com" VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
28.12.2011, 19:56
| #1 |
 |  "Mediashifting.com" Virus OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 28.12.2011 20:03:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = D:\Programme\Virus
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
952,87 Mb Total Physical Memory | 411,41 Mb Available Physical Memory | 43,18% Memory free
1,93 Gb Paging File | 1,36 Gb Available in Paging File | 70,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 53,62 Gb Total Space | 28,68 Gb Free Space | 53,49% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 17,31 Gb Free Space | 35,44% Space Free | Partition Type: NTFS
Drive E: | 46,50 Gb Total Space | 41,22 Gb Free Space | 88,66% Space Free | Partition Type: NTFS
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.txt [@ = NFOPad] -- C:\Program Files\NFOPad\NFOPad.exe (True Human Design)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1" = Allgemeine Runtime Files (x86)
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 29
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3C569633-C8DE-46E2-BB8F-F65198681C2F}" = Corel MediaOne
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Foto Designer Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{759ef96c-3b1c-492b-b872-65869600a028}" = Nero 9
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1" = DirectX 9.0c Extra Files (x86)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C0410301-8AA7-460D-AB92-13BEDAC25753}" =
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 SP1 + KB928366
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1" = DirectX for Managed Code
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 9.10 beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Autoruns" = Autoruns
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ClearProg" = ClearProg 1.6.0 Final
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Core Temp" = Core Temp
"Counter-Strike 1.6" = Counter-Strike 1.6
"CPU-Z" = CPU-Z
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBDBServer_2_5_is1" = Firebird 2.5.0.26074 (Win32)
"FL Studio 9" = FL Studio 9
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Gpuz" = GPU-Z
"Hardcore" = Hardcore
"HDTune" = HDTune
"IL Download Manager" = IL Download Manager
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"IrfanView" = IrfanView (remove only)
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 SP1 + KB928366
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mp3tag" = Mp3tag v2.48
"N360" = Norton 360
"NFOPad" = NFOPad 1.55
"PictureItSuite_v10" = Microsoft Picture It! Foto Designer Pro Plus 10
"PoiZone" = PoiZone
"Real Temp" = Real Temp
"SAM3" = SAM Broadcaster (remove only)
"Sawer" = Sawer
"Songr" = Songr
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"Toxic Biohazard" = Toxic Biohazard
"TuneUp Utilities" = TuneUp Utilities
"Update Service" = Sony Ericsson Update Service
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"vShare.tv plugin" = vShare.tv plugin 1.3
"Windows 7 Custom Theme Pack" = Windows 7 Custom Theme Pack
"Windows 7 Theme Pack" = Windows 7 Theme Pack
"WinLiveSuite" = Windows Live Essentials
"winscp3_is1" = WinSCP 4.3.5
"xp-AntiSpy" = xp-AntiSpy 3.98
"XYLIOfdp_is1" = FutureDecks Pro 2.0.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 557251
Error - 28.12.2011 14:01:36 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 557251
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 565846
Error - 28.12.2011 14:01:45 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 565846
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 573288
Error - 28.12.2011 14:01:52 | Computer Name = FiFu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 573288
Error - 28.12.2011 14:03:47 | Computer Name = FiFu-PC | Source = TeamViewer6 | ID = 0
Description =
[ System Events ]
Error - 28.12.2011 13:10:52 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 28.12.2011 13:29:49 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
Error - 28.12.2011 14:03:37 | Computer Name = FiFu-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?12.?2011 um 18:51:27 unerwartet heruntergefahren.
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
Error - 28.12.2011 14:03:41 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Norton 360" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = DCOM | ID = 10005
Description =
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
iPod-Dienst erreicht.
Error - 28.12.2011 14:05:47 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
MBAMService erreicht.
Error - 28.12.2011 14:06:02 | Computer Name = FiFu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MBAMService" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
< End of report >
Hier der Extras.txt |
|
28.12.2011, 20:13
| #2 |
  | "Mediashifting.com" Virus Hi,
__________________Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\System32\drivers\tdx.sys
C:\Windows\unins000.exe
 Code:
ATTFilter
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UacDisableNotify" = dword:0x00
"InternetSettingsDisableNotify" = dword:0x00
"AutoUpdateDisableNotify" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = dword:0x00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = dword:0x00
:Commands
[emptytemp]
[Reboot]
MBCHeck und MAM-Log noch... chris
__________________ |
|
28.12.2011, 20:58
| #3 | |
| | "Mediashifting.com" VirusZitat:
|
|
28.12.2011, 21:00
| #4 |
| | "Mediashifting.com" Virus [SPOILER]Antivirus Version Last Update Result AhnLab-V3 2011.12.28.03 2011.12.28 - AntiVir 7.11.20.59 2011.12.28 - Antiy-AVL 2.0.3.7 2011.12.28 - Avast 6.0.1289.0 2011.12.28 - AVG 10.0.0.1190 2011.12.28 - BitDefender 7.2 2011.12.28 - ByteHero 1.0.0.1 2011.12.07 - CAT-QuickHeal 12.00 2011.12.28 - ClamAV 0.97.3.0 2011.12.28 - Commtouch 5.3.2.6 2011.12.28 - Comodo 11122 2011.12.28 - DrWeb 5.0.2.03300 2011.12.28 - Emsisoft 5.1.0.11 2011.12.28 - eSafe 7.0.17.0 2011.12.25 - eTrust-Vet 37.0.9650 2011.12.28 - F-Prot 4.6.5.141 2011.12.28 - F-Secure 9.0.16440.0 2011.12.28 - Fortinet 4.3.388.0 2011.12.28 - GData 22.323/22.610 2011.12.28 - Ikarus T3.1.1.109.0 2011.12.28 - Jiangmin 13.0.900 2011.12.28 - K7AntiVirus 9.120.5796 2011.12.28 - Kaspersky 9.0.0.837 2011.12.28 - McAfee 5.400.0.1158 2011.12.28 - McAfee-GW-Edition 2010.1E 2011.12.28 - Microsoft 1.7903 2011.12.28 - NOD32 6750 2011.12.28 - Norman 6.07.13 2011.12.28 - nProtect 2011-12-28.01 2011.12.28 - Panda 10.0.3.5 2011.12.28 - PCTools 8.0.0.5 2011.12.28 - Prevx 3.0 2011.12.28 - Rising 23.90.02.02 2011.12.28 - Sophos 4.72.0 2011.12.28 - SUPERAntiSpyware 4.40.0.1006 2011.12.27 - Symantec 20111.2.0.82 2011.12.28 - TheHacker 6.7.0.1.366 2011.12.27 - TrendMicro 9.500.0.1008 2011.12.28 - TrendMicro-HouseCall 9.500.0.1008 2011.12.28 - VBA32 3.12.16.4 2011.12.28 - VIPRE 11317 2011.12.28 - ViRobot 2011.12.28.4851 2011.12.28 - VirusBuster 14.1.138.0 2011.12.28 - Additional informationShow all MD5 : cb39e896a2a83702d1737bfd402b3542 SHA1 : 8b529b5c51c7bd0e7c5a4ff6b0e7a64abde649ce SHA256: fa77d98ea3606ca2fcef0e0949fde2c32a080b47cafde46ce903ca3cbfc5df35 ssdeep: 1536:9klJmrevoqvFyQ9/ffrQWxo953f4kTPeV1i5/sqOJFdl5w8xJXO3O:OlN3sc5AQkie5/sp JFdlq8x0e File size : 74240 bytes First seen: 2009-07-19 02:12:11 Last seen : 2011-12-28 19:51:34 TrID: Win32 Executable Generic (68.0%) Generic Win/DOS Executable (15.9%) DOS Executable Generic (15.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: TDI Translation Driver original name: tdx.sys internal name: tdx.sys file version.: 6.1.7600.16385 (win7_rtm.090713-1255) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x1303E timedatestamp....: 0x4A5BBF4A (Mon Jul 13 23:12:10 2009) machinetype......: 0x14c (I386) [[ 7 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0xE8B3, 0xEA00, 6.41, 12b2ae36fea8454f6e82aff577dd708c .rdata, 0x10000, 0x6EC, 0x800, 4.21, b80f2bcd1969979c6f9b482d727a021f .data, 0x11000, 0x3A0, 0x200, 2.77, bc7cad3945605ccc34a21697e84021b3 PAGE, 0x12000, 0x4DC, 0x600, 5.27, ec945ab7bb158456785f47acb1c85d34 INIT, 0x13000, 0xCBC, 0xE00, 5.29, 9e8be2845d580dde6a1e865be349fcab .rsrc, 0x14000, 0x3E8, 0x400, 3.36, f779ea3904cd7bbd404544e89e7218a8 .reloc, 0x15000, 0x100C, 0x1200, 6.18, d8ef5378864e86186167874ce25a9c07 [[ 5 import(s) ]] ntoskrnl.exe: KeSetTimer, IoFreeWorkItem, IoQueueWorkItem, ZwQueryValueKey, ZwOpenKey, _vsnwprintf, KeFlushQueuedDpcs, KeCancelTimer, KeDelayExecutionThread, KeInitializeDpc, KeInitializeTimer, IoAllocateWorkItem, KeInitializeMutex, KeSetEvent, IoGetIrpExtraCreateParameter, MmUnlockPages, IoFreeMdl, KeReleaseSemaphore, KeReleaseMutex, IoAllocateMdl, ExAllocatePoolWithTagPriority, IoWMIWriteEvent, MmGetSystemRoutineAddress, IoWMIRegistrationControl, IoGetCurrentProcess, KeQueryMaximumProcessorCountEx, KeQuerySystemTime, RtlCopyUnicodeString, KeTickCount, KeBugCheckEx, RtlUnwind, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, ObfDereferenceObject, RtlInitUnicodeString, ExCreateCallback, RtlCompareMemory, IoCreateDevice, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoDeleteDevice, KeInitializeSemaphore, IoFileObjectType, ObReferenceObjectByHandle, MmMapLockedPagesSpecifyCache, KeGetCurrentProcessorNumberEx, IoAcquireCancelSpinLock, IoReleaseCancelSpinLock, memcpy, ExAllocatePoolWithTag, ObDereferenceSecurityDescriptor, SeLockSubjectContext, IoGetFileObjectGenericMapping, SeAssignSecurity, SeUnlockSubjectContext, ObLogSecurityDescriptor, ExFreePoolWithTag, IoGetTopLevelIrp, memset, KeInitializeEvent, ExNotifyCallback, PsGetCurrentProcess, KeWaitForSingleObject, IofCompleteRequest, RtlUnicodeStringToInteger, RtlGetCallersAddress, KeReleaseInStackQueuedSpinLockFromDpcLevel, KeAcquireInStackQueuedSpinLockAtDpcLevel, IoInitializeWorkItem, IoSizeofWorkItem, IoUninitializeWorkItem, IoQueueWorkItemEx, MmProbeAndLockPages, KeGetCurrentThread HAL.dll: KeAcquireInStackQueuedSpinLock, KeGetCurrentIrql, KfLowerIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeReleaseInStackQueuedSpinLock NETIO.SYS: NmrRegisterProvider, RtlCopyMdlToMdl, RtlCopyBufferToMdl, NsiGetParameter, NsiFreeTable, NsiAllocateAndGetTable, NmrClientDetachProviderComplete, NmrClientAttachProvider, NsiDeregisterChangeNotification, NsiSetAllParameters, NmrProviderDetachClientComplete, NmrDeregisterProvider, NmrWaitForProviderDeregisterComplete, RtlCopyMdlToBuffer, NmrRegisterClient, NsiRegisterChangeNotification, NsiGetAllParameters, NmrDeregisterClient, NmrWaitForClientDeregisterComplete TDI.SYS: TdiDeregisterProvider, TdiProviderReady, TdiRegisterProvider, TdiDeregisterDeviceObject, TdiDeregisterNetAddress, TdiRegisterDeviceObject, TdiRegisterNetAddress, TdiPnPPowerRequest, TdiMapUserRequest NDIS.SYS: NdisIfGetInterfaceIndexFromNetLuid ExifTool: file metadata CharacterSet: Unicode CodeSize: 65024 CompanyName: Microsoft Corporation EntryPoint: 0x1303e FileDescription: TDI Translation Driver FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 72 kB FileSubtype: 6 FileType: Win32 EXE FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255) FileVersionNumber: 6.1.7600.16385 ImageVersion: 6.1 InitializedDataSize: 8704 InternalName: tdx.sys LanguageCode: English (U.S.) LegalCopyright: Microsoft Corporation. All rights reserved. LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 6.1 ObjectFileType: Driver OriginalFilename: tdx.sys PEType: PE32 ProductName: Microsoft Windows Operating System ProductVersion: 6.1.7600.16385 ProductVersionNumber: 6.1.7600.16385 Subsystem: Native SubsystemVersion: 6.1 TimeStamp: 2009:07:14 01:12:10+02:00 UninitializedDataSize: 0 [/SPOILER] Das ist hier ist von VirusTotal das erste |
|
28.12.2011, 21:02
| #5 |
| | "Mediashifting.com" Virus Hi, ja, auf jeden Fall... Poste noch das Log der zweiten Datei... chris
__________________  Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden  ) |
|
28.12.2011, 21:05
| #6 |
| | "Mediashifting.com" Virus [SPOILER] Antivirus Version Last Update Result AhnLab-V3 2011.12.28.03 2011.12.28 - AntiVir 7.11.20.59 2011.12.28 - Antiy-AVL 2.0.3.7 2011.12.28 - Avast 6.0.1289.0 2011.12.28 - AVG 10.0.0.1190 2011.12.28 - BitDefender 7.2 2011.12.28 - ByteHero 1.0.0.1 2011.12.07 - CAT-QuickHeal 12.00 2011.12.28 - ClamAV 0.97.3.0 2011.12.28 - Commtouch 5.3.2.6 2011.12.28 - Comodo 11122 2011.12.28 - DrWeb 5.0.2.03300 2011.12.28 - Emsisoft 5.1.0.11 2011.12.28 - eSafe 7.0.17.0 2011.12.25 - eTrust-Vet 37.0.9650 2011.12.28 - F-Prot 4.6.5.141 2011.12.28 - F-Secure 9.0.16440.0 2011.12.28 - Fortinet 4.3.388.0 2011.12.28 - GData 22 2011.12.28 - Ikarus T3.1.1.109.0 2011.12.28 - Jiangmin 13.0.900 2011.12.28 - K7AntiVirus 9.120.5796 2011.12.28 - Kaspersky 9.0.0.837 2011.12.28 - McAfee 5.400.0.1158 2011.12.28 - McAfee-GW-Edition 2010.1E 2011.12.28 - Microsoft 1.7903 2011.12.28 - NOD32 6750 2011.12.28 - Norman 6.07.13 2011.12.28 - nProtect 2011-12-28.01 2011.12.28 - Panda 10.0.3.5 2011.12.28 - PCTools 8.0.0.5 2011.12.28 - Prevx 3.0 2011.12.28 - Rising 23.90.02.02 2011.12.28 - Sophos 4.72.0 2011.12.28 - SUPERAntiSpyware 4.40.0.1006 2011.12.27 - Symantec 20111.2.0.82 2011.12.28 - TheHacker 6.7.0.1.366 2011.12.27 - TrendMicro 9.500.0.1008 2011.12.28 - TrendMicro-HouseCall 9.500.0.1008 2011.12.28 - VBA32 3.12.16.4 2011.12.28 - VIPRE 11317 2011.12.28 - ViRobot 2011.12.28.4851 2011.12.28 - VirusBuster 14.1.138.0 2011.12.28 - Additional informationShow all MD5 : 42669885e097c23ab7e7ac6fb00abc42 SHA1 : e70089fbbc32bf0a6b8ad7d70e84ade0427e245d SHA256: fabe121dd06046f9329b37e9fbe1324dfc6de48f8c24a00591d4f4e97851ed89 ssdeep: 12288:i0QfKb7nH5lrPo37AzHTA63I0ihE4qE7prN9cgKARpkZXYnXExy8gs9g:SfKbT5lrPo37 AzHTA63/cfqAcgKckZIh File size : 709724 bytes First seen: 2010-02-13 08:55:13 Last seen : 2011-12-28 19:56:03 TrID: Windows OCX File (86.8%) Win32 Executable Delphi generic (10.3%) Generic Win/DOS Executable (1.4%) DOS Executable Generic (1.4%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: Setup/Uninstall original name: n/a internal name: n/a file version.: 51.50.0.0 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x933C0 timedatestamp....: 0x2A425E19 (Fri Jun 19 22:22:17 1992) machinetype......: 0x14c (I386) [[ 8 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 CODE, 0x1000, 0x925F8, 0x92600, 6.58, 950e9bffdff8b1afc7f81fed8584f3b1 DATA, 0x94000, 0x103C, 0x1200, 4.11, cddbf029146d500daccb5db3f93f79b3 BSS, 0x96000, 0x1488, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .idata, 0x98000, 0x25A4, 0x2600, 5.03, 466bb5755f9b35bcf5c5ea65669d018f .tls, 0x9B000, 0x8, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .rdata, 0x9C000, 0x18, 0x200, 0.20, c69afab126bf434e49f23fb46e4baac7 .reloc, 0x9D000, 0x8730, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e .rsrc, 0xA6000, 0x13E00, 0x13E00, 4.93, c5b5704710f4d4cb1f72326efbb96735 [[ 17 import(s) ]] kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, WideCharToMultiByte, TlsSetValue, TlsGetValue, MultiByteToWideChar, GetModuleHandleA, GetLastError, GetCommandLineA, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetSystemTime, GetFileType, ExitProcess, CreateFileA, CloseHandle user32.dll: MessageBoxA oleaut32.dll: SafeArrayPutElement, SafeArrayCreate, VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysAllocStringLen advapi32.dll: RegSetValueExA, RegQueryValueExA, RegQueryInfoKeyA, RegOpenKeyExA, RegEnumValueA, RegEnumKeyExA, RegDeleteValueA, RegDeleteKeyA, RegCreateKeyExA, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid kernel32.dll: lstrcmpA, WriteProfileStringA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, VirtualFree, VirtualAlloc, UnmapViewOfFile, TransactNamedPipe, TerminateThread, TerminateProcess, Sleep, SizeofResource, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesA, SetErrorMode, SetEndOfFile, SetCurrentDirectoryA, RemoveDirectoryA, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileExA, MoveFileA, MapViewOfFile, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExA, LoadLibraryA, IsDBCSLeadByte, IsBadWritePtr, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetWindowsDirectoryA, GetVersionExA, GetVersion, GetUserDefaultLangID, GetTickCount, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryA, GetSystemDefaultLCID, GetShortPathNameA, GetProfileStringA, GetProcAddress, GetPrivateProfileStringA, GetOverlappedResult, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeProcess, GetEnvironmentVariableA, GetDriveTypeA, GetDiskFreeSpaceA, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryA, GetComputerNameA, GetCommandLineA, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FlushFileBuffers, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, DeviceIoControl, DeleteFileA, CreateThread, CreateProcessA, CreateNamedPipeA, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CompareFileTime, CloseHandle mpr.dll: WNetOpenEnumA, WNetGetUniversalNameA, WNetGetConnectionA, WNetEnumResourceA, WNetCloseEnum version.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA gdi32.dll: UnrealizeObject, TextOutA, StretchDIBits, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceA, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetCurrentPositionEx, GetClipBox, GetBitmapBits, ExtFloodFill, ExcludeClipRect, EnumFontsA, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateFontIndirectA, CreateDIBitmap, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceA user32.dll: WindowFromPoint, WinHelpA, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowOwnedPopups, ShowCursor, SetWindowRgn, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetCapture, SetActiveWindow, SendNotifyMessageA, SendMessageTimeoutA, SendMessageW, SendMessageA, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClassA, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharBuffA, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRgn, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetSystemMetrics, GetSystemMenu, GetSysColor, GetSubMenu, GetScrollPos, GetPropA, GetParent, GetWindow, GetMessagePos, GetMessageA, GetMenuStringA, GetMenuState, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassInfoW, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, ExitWindowsEx, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableMenuItem, DrawTextW, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreateWindowExA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcW, CallWindowProcA, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuA, CharPrevA, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemBuffA, AdjustWindowRectEx comctl32.dll: ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Destroy, ImageList_Create, InitCommonControls ole32.dll: CoTaskMemFree, CLSIDFromProgID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID oleaut32.dll: GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString shell32.dll: ShellExecuteExA, ShellExecuteA, SHGetFileInfoA, ExtractIconA shell32.dll: SHChangeNotify, SHBrowseForFolder, SHGetPathFromIDList, SHGetMalloc comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA ole32.dll: CoDisconnectObject advapi32.dll: AdjustTokenPrivileges ExifTool: file metadata CharacterSet: Unicode CodeSize: 599552 EntryPoint: 0x933c0 FileDescription: Setup/Uninstall FileFlagsMask: 0x003f FileOS: Win32 FileSize: 693 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 51.50.0.0 FileVersionNumber: 51.50.0.0 ImageVersion: 6.0 InitializedDataSize: 131072 LanguageCode: Neutral LinkerVersion: 2.25 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 1.0 ObjectFileType: Executable application PEType: PE32 ProductVersionNumber: 0.0.0.0 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 1992:06:20 00:22:17+02:00 UninitializedDataSize: 0 [/SPOILER] Das hier ist die zweite von VirusTotal. |
|
28.12.2011, 21:15
| #7 |
| | "Mediashifting.com" Virus Hi, Okay sieht sauber aus.... Kannst auch den MBRCheck vorziehen vor MAM, geht nicht so lange.. chris
__________________ Don't bring me downVor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
|
28.12.2011, 21:28
| #8 |
| | "Mediashifting.com" Virus Nachdem ich die Textdatei in OTL reinkopiert habe musste ich nach dem 'Fix' mein Laptop neu starten. Dann kam diese Textdatei [SPOILER]All processes killed ========== REGISTRY ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UacDisableNotify" | dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"InternetSettingsDisableNotify" | dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AutoUpdateDisableNotify" |dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\\"DisableMonitoring" |dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\"DisableMonitoring" |dword:0x00 /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\"DisableMonitoring" | dword:0x00 /E : value set successfully! ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 2270642 bytes ->Temporary Internet Files folder emptied: 16993018 bytes ->Java cache emptied: 11327 bytes ->Google Chrome cache emptied: 340469915 bytes ->Flash cache emptied: 91886 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56475 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3596 bytes RecycleBin emptied: 534599727 bytes Total Files Cleaned = 853,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12282011_212953 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb scheduled to be moved on reboot. Registry entries deleted on Reboot... [/SPOILER] |
|
| Themen zu "Mediashifting.com" Virus |
| 95p.com, beheben, drücke, google, große, link, mediashifting.com, online virus, problem, schritt, seite, seiten, suche, verschiedene, virus, virus oder maleware beseitigen |
Hybrid-Darstellung
