Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !

Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !


Log-Analyse und Auswertung: Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 28.04.2011, 11:34   #1
florian1
 
Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg ! - Standard

Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !


Combofix Logfile:
Code:
ATTFilter
ComboFix 11-04-27.02 - - 28.04.2011  12:02:38.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3580.2289 [GMT 2:00]
ausgeführt von:: c:\users\-\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-03-28 bis 2011-04-28  ))))))))))))))))))))))))))))))
.
.
2011-04-28 10:16 . 2011-04-28 10:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-04-28 10:16 . 2011-04-28 10:16	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2011-04-27 06:45 . 2011-04-27 06:45	--------	d-----w-	c:\windows\system32\drivers\NSSx64
2011-04-27 06:45 . 2011-04-27 06:45	--------	d-----w-	c:\program files (x86)\Norton Security Scan
2011-04-26 05:57 . 2011-04-11 08:21	8802128	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{06E1B915-A12B-4B94-930D-EA9DD6721A4F}\mpengine.dll
2011-04-23 11:27 . 2011-03-30 17:50	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2011-04-23 11:27 . 2011-03-30 17:45	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2011-04-23 11:27 . 2011-03-30 17:45	25920	----a-w-	c:\windows\system32\authuitu.dll
2011-04-23 11:27 . 2011-03-30 17:45	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2011-04-23 11:27 . 2011-03-30 17:45	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2011-04-23 11:27 . 2011-04-23 11:27	--------	d-----w-	c:\users\-\AppData\Roaming\TuneUp Software
2011-04-23 11:26 . 2011-04-23 11:27	--------	d-----w-	c:\program files (x86)\TuneUp Utilities 2011
2011-04-23 11:26 . 2011-04-23 11:28	--------	d-----w-	c:\programdata\TuneUp Software
2011-04-23 11:25 . 2011-04-23 11:25	--------	d-sh--w-	c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-04-23 10:30 . 2011-04-23 10:30	--------	d-----w-	c:\users\-\AppData\Roaming\Reviversoft
2011-04-23 10:30 . 2011-03-16 11:28	18240	----a-w-	c:\windows\system32\roboot64.exe
2011-04-22 10:57 . 2011-04-22 10:57	50688	----a-w-	c:\windows\SysWow64\dtsoftbusinst64.exe
2011-04-22 10:57 . 2011-04-22 10:57	256576	----a-w-	c:\windows\SysWow64\dtsoftbus01.sys
2011-04-22 10:57 . 2011-04-22 10:57	256576	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-04-22 10:40 . 2011-04-22 10:40	--------	d-----w-	c:\users\-\AppData\Roaming\Malwarebytes
2011-04-22 10:40 . 2010-12-20 16:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-22 10:40 . 2011-04-22 10:40	--------	d-----w-	c:\programdata\Malwarebytes
2011-04-22 10:40 . 2011-04-22 19:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-04-22 10:40 . 2010-12-20 16:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-22 09:03 . 2011-04-22 09:03	--------	d-----w-	C:\Log
2011-04-22 09:03 . 2006-04-17 09:56	1207808	----a-w-	c:\windows\SysWow64\PhoenixDll.dll
2011-04-22 09:03 . 2004-10-16 19:46	178176	----a-w-	c:\windows\SysWow64\StellarProfile.dll
2011-04-22 09:03 . 2011-04-22 09:03	--------	d-----w-	c:\program files (x86)\Stellar Phoenix Windows Data Recovery
2011-04-21 15:57 . 2011-04-21 15:57	--------	d-----w-	c:\program files (x86)\eSupport.com
2011-04-21 15:12 . 2011-04-21 15:17	--------	d-----w-	c:\programdata\SecTaskMan
2011-04-21 15:11 . 2011-04-21 15:11	--------	d-----w-	c:\program files (x86)\Security Task Manager
2011-04-14 13:46 . 2011-02-19 04:13	367104	----a-w-	c:\windows\system32\atmfd.dll
2011-04-14 13:45 . 2011-02-05 12:41	640896	----a-w-	c:\windows\system32\winload.efi
2011-04-10 09:48 . 2011-04-10 09:48	--------	d-----w-	c:\program files (x86)\WildGames
2011-04-03 15:53 . 2011-04-04 15:08	--------	d-----w-	c:\program files (x86)\SweetIM
2011-04-03 15:53 . 2011-04-03 16:17	--------	d-----w-	c:\users\-\AppData\Local\OpenCandy
2011-04-03 15:53 . 2011-04-03 15:53	--------	d-----w-	c:\users\-\AppData\Roaming\OpenCandy
2011-04-03 15:53 . 2011-04-03 15:53	--------	d-----w-	c:\users\-\AppData\Roaming\CBS Interactive
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 06:17 . 2011-04-27 06:50	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:17 . 2011-04-27 06:50	347648	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 06:37 . 2011-03-09 15:50	1135104	----a-w-	c:\windows\system32\FntCache.dll
2011-02-19 06:37 . 2011-03-09 15:50	1540608	----a-w-	c:\windows\system32\DWrite.dll
2011-02-19 06:36 . 2011-03-09 15:50	902656	----a-w-	c:\windows\system32\d2d1.dll
2011-02-19 05:32 . 2011-03-09 15:50	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2011-02-19 05:32 . 2011-03-09 15:50	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
2011-02-02 16:11 . 2010-04-04 10:01	270720	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\tbMes0.dll" [2009-12-31 2349080]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVD0.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-10-18 138552]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
2010-06-13 17:10	2734688	----a-w-	c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08	2393184	----a-w-	c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2009-12-31 10:53	2349080	----a-w-	c:\program files (x86)\Messenger_Plus_Live\tbMes0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
2010-06-03 16:24	2736736	----a-w-	c:\program files (x86)\softonic-de3\tbsoft.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2010-03-09 09:06	2355224	----a-w-	c:\program files (x86)\DVDVideoSoft\tbDVD0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-10-18 15:28	1485112	----a-r-	c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files (x86)\Messenger_Plus_Live\tbMes0.dll" [2009-12-31 2349080]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files (x86)\DVDVideoSoft\tbDVD0.dll" [2010-03-09 2355224]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{76aeea42-e04a-4b62-83ab-df4b2be2541e}"= "c:\program files (x86)\MessengerPlusLive_Germany_TB\tbMess.dll" [2010-06-13 2734688]
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"= "c:\program files (x86)\softonic-de3\tbsoft.dll" [2010-06-03 2736736]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-10-18 1485112]
.
[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]
.
[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{76aeea42-e04a-4b62-83ab-df4b2be2541e}]
.
[HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-08-20 322104]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
c:\users\-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CNET TechTracker.lnk - c:\users\-\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe [2011-3-4 2621952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"=c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-23 483688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-03-30 2026304]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-23 209768]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 11:11	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 14:14]
.
2011-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-04 14:14]
.
2011-04-27 c:\windows\Tasks\Norton Security Scan for -.job
- c:\program files (x86)\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2011-04-27 06:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://home.sweetim.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - c:\users\-\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://92.51.137.94/objects/NpFv522.dll
DPF: {EF0D1A14-1033-41A2-A589-240C01EDC078} - hxxp://download.pplive.com/config/pplite/pluginsetup.cab
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-klmdb.sys
WebBrowser-{9B339F6E-DDCD-401B-8764-230ADBD01761} - (no file)
WebBrowser-{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
WebBrowser-{76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{08DB3902-2CE0-474D-BCE3-0177766CE9F1} - c:\program files (x86)\InstallShield Installation Information\{08DB3902-2CE0-474D-BCE3-0177766CE9F1}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-04-28  12:23:22
ComboFix-quarantined-files.txt  2011-04-28 10:23
.
Vor Suchlauf: 15 Verzeichnis(se), 216.834.224.128 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 216.585.662.464 Bytes frei
.
- - End Of File - - 2E9C7FC4702DE67018A4D63987DA255E
--- --- ---
Antwort

Themen zu Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !
angemeldet, bildschirm, datei, daten, daten weg, fehler, gen, hardware, ide, krieg, laptop, meldungen, musik, neu, nichts, platte, probleme, schule, schwarz, speicher, system, system neu, system32, tr/kazy.mekml.1, trojan, trojaner, verursacht, wichtige, wichtige daten, windows, ändern


« "bundespolizei" ukash trojaner - fix request | Trojaner Vista Desktop leer Festplatte defekt? »


Ähnliche Themen: Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !


  1. TR/Kazy.mekml.1' [trojan] / daten weg
    Plagegeister aller Art und deren Bekämpfung - 15.05.2011 (75)
  2. Kazy.20364.1 und jetzt sind alle Daten sind weg !
    Plagegeister aller Art und deren Bekämpfung - 13.05.2011 (13)
  3. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (38)
  4. kazy.mekml.1 Probleme !
    Log-Analyse und Auswertung - 09.05.2011 (8)
  5. Kazy.mekml.1 auf dem PC und alle Daten sind weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (13)
  6. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  7. Auch Probleme mit TR/Kazy.mekml.1 (schon alles befolgt....
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (16)
  8. TR/Kazy.mekml.1 bereitet mir Probleme
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (23)
  9. TR/Kazy.mekml.1, festplatten cluster beschädigt, daten nicht mehr lesbar, schwarzer hintergrund
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  10. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  11. Trojaner TR/kazy.mekml.1 nach Anweisung entfernt aber trotzdem noch Probleme!
    Log-Analyse und Auswertung - 28.04.2011 (2)
  12. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (17)
  13. Probleme durch TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (12)
  14. TR/Kazy.mekml.1' [trojan] / daten weg
    Mülltonne - 24.04.2011 (1)
  15. TR/Kazy.mekml.1 ebenfalls Probleme !
    Log-Analyse und Auswertung - 24.04.2011 (13)
  16. Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 20.04.2011 (25)
  17. TR/kazy.mekml.1 bereitet Probleme
    Plagegeister aller Art und deren Bekämpfung - 17.04.2011 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg ! - Combofix Logfile: Code: Alles auswählen Aufklappen ATTFilter ComboFix 11-04-27.02 - - 28.04.2011 12:02:38.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3580.2289 [GMT 2:00] ausgeführt von:: c:\users\-\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* - Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !...
Archiv
Du betrachtest: Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg ! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131