Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
TR/Kazy.mekml.1' [trojan] / daten weg

TR/Kazy.mekml.1' [trojan] / daten weg


Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1' [trojan] / daten weg

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.05.2011, 13:21   #11
claudi25
 
TR/Kazy.mekml.1' [trojan] / daten weg - Standard

TR/Kazy.mekml.1' [trojan] / daten weg


Hallo Petra

Ich habe es jetzt nochmal gemacht aber es kommt wieder das hier raus
Attention !!! Database was last updated 19.04.2011 it is necessary to update the database (via File - Database update)
AVZ Antiviral Toolkit log; AVZ version is 4.35
Scanning started at 04.05.2011 18:20:19
Database loaded: signatures - 288679, NN profile(s) - 2, malware removal microprograms - 56, signature database released 19.04.2011 22:47
Heuristic microprograms loaded: 388
PVS microprograms loaded: 9
Digital signatures of system files loaded: 272495
Heuristic analyzer mode: Medium heuristics mode
Malware removal mode: enabled
Windows version is: 6.0.6002, Service Pack 2 ; AVZ is run with administrator rights
System Restore: enabled
1. Searching for Rootkits and other software intercepting API functions
1.1 Searching for user-mode API hooks
Analysis: kernel32.dll, export table found in section .text
Analysis: ntdll.dll, export table found in section .text
Analysis: user32.dll, export table found in section .text
Analysis: advapi32.dll, export table found in section .text
Analysis: ws2_32.dll, export table found in section .text
Analysis: wininet.dll, export table found in section .text
Analysis: rasapi32.dll, export table found in section .text
Analysis: urlmon.dll, export table found in section .text
Analysis: netapi32.dll, export table found in section .text
1.2 Searching for kernel-mode API hooks
Driver loaded successfully
SDT found (RVA=137B00)
Kernel ntkrnlpa.exe found in memory at address 82043000
SDT = 8217AB00
KiST = 820EF86C (391)
Functions checked: 391, intercepted: 0, restored: 0
1.3 Checking IDT and SYSENTER
Analyzing CPU 1
Analyzing CPU 2
Checking IDT and SYSENTER - complete
1.4 Searching for masking processes and drivers
Masking process with PID=476, name = ""
>> PID substitution detected (current PID is=0, real = 476)
Masking process with PID=568, name = ""
>> PID substitution detected (current PID is=0, real = 568)
Masking process with PID=624, name = ""
>> PID substitution detected (current PID is=0, real = 624)
Masking process with PID=1216, name = ""
>> PID substitution detected (current PID is=0, real = 1216)
Masking process with PID=1176, name = ""
>> PID substitution detected (current PID is=0, real = 1176)
Masking process with PID=1472, name = ""
>> PID substitution detected (current PID is=0, real = 1472)
Masking process with PID=1712, name = ""
>> PID substitution detected (current PID is=0, real = 1712)
Masking process with PID=904, name = ""
>> PID substitution detected (current PID is=0, real = 904)
Masking process with PID=2064, name = ""
>> PID substitution detected (current PID is=0, real = 2064)
Masking process with PID=2072, name = ""
>> PID substitution detected (current PID is=0, real = 2072)
Masking process with PID=2356, name = ""
>> PID substitution detected (current PID is=0, real = 2356)
Masking process with PID=2392, name = ""
>> PID substitution detected (current PID is=0, real = 2392)
Masking process with PID=2420, name = ""
>> PID substitution detected (current PID is=0, real = 2420)
Masking process with PID=2564, name = ""
>> PID substitution detected (current PID is=0, real = 2564)
Masking process with PID=2608, name = ""
>> PID substitution detected (current PID is=0, real = 2608)
Masking process with PID=2716, name = ""
>> PID substitution detected (current PID is=0, real = 2716)
Masking process with PID=2732, name = ""
>> PID substitution detected (current PID is=0, real = 2732)
Masking process with PID=2752, name = ""
>> PID substitution detected (current PID is=0, real = 2752)
Masking process with PID=2892, name = ""
>> PID substitution detected (current PID is=0, real = 2892)
Masking process with PID=2908, name = ""
>> PID substitution detected (current PID is=0, real = 2908)
Masking process with PID=2944, name = ""
>> PID substitution detected (current PID is=0, real = 2944)
Masking process with PID=3000, name = ""
>> PID substitution detected (current PID is=0, real = 3000)
Masking process with PID=3100, name = ""
>> PID substitution detected (current PID is=0, real = 3100)
Masking process with PID=3204, name = ""
>> PID substitution detected (current PID is=0, real = 3204)
Masking process with PID=3212, name = ""
>> PID substitution detected (current PID is=0, real = 3212)
Masking process with PID=3948, name = ""
>> PID substitution detected (current PID is=0, real = 3948)
Masking process with PID=4064, name = ""
>> PID substitution detected (current PID is=0, real = 4064)
Masking process with PID=4088, name = ""
>> PID substitution detected (current PID is=0, real = 4088)
Masking process with PID=2080, name = ""
>> PID substitution detected (current PID is=0, real = 2080)
Masking process with PID=1436, name = ""
>> PID substitution detected (current PID is=0, real = 1436)
Masking process with PID=3096, name = ""
>> PID substitution detected (current PID is=0, real = 3096)
Masking process with PID=4088, name = ""
>> PID substitution detected (current PID is=0, real = 4088)
Masking process with PID=2588, name = ""
>> PID substitution detected (current PID is=0, real = 2588)
Masking process with PID=2564, name = ""
>> PID substitution detected (current PID is=0, real = 2564)
Masking process with PID=3184, name = ""
>> PID substitution detected (current PID is=0, real = 3184)
Masking process with PID=2936, name = ""
>> PID substitution detected (current PID is=0, real = 2936)
Masking process with PID=3940, name = ""
>> PID substitution detected (current PID is=0, real = 3940)
Masking process with PID=2980, name = ""
>> PID substitution detected (current PID is=0, real = 2980)
Masking process with PID=920, name = ""
>> PID substitution detected (current PID is=0, real = 920)
Masking process with PID=2320, name = ""
>> PID substitution detected (current PID is=0, real = 2320)
Masking process with PID=2076, name = ""
>> PID substitution detected (current PID is=0, real = 2076)
Masking process with PID=3348, name = ""
>> PID substitution detected (current PID is=0, real = 3348)
Masking process with PID=2564, name = ""
>> PID substitution detected (current PID is=0, real = 2564)
Masking process with PID=3168, name = ""
>> PID substitution detected (current PID is=0, real = 3168)
Masking process with PID=1624, name = ""
>> PID substitution detected (current PID is=0, real = 1624)
Masking process with PID=1764, name = ""
>> PID substitution detected (current PID is=0, real = 1764)
Masking process with PID=1804, name = ""
>> PID substitution detected (current PID is=0, real = 1804)
Masking process with PID=2600, name = ""
>> PID substitution detected (current PID is=0, real = 2600)
Masking process with PID=3964, name = ""
>> PID substitution detected (current PID is=0, real = 3964)
Masking process with PID=4052, name = ""
>> PID substitution detected (current PID is=0, real = 4052)
Masking process with PID=3564, name = ""
>> PID substitution detected (current PID is=0, real = 3564)
Masking process with PID=3692, name = ""
>> PID substitution detected (current PID is=0, real = 3692)
Masking process with PID=3132, name = ""
>> PID substitution detected (current PID is=0, real = 3132)
Masking process with PID=3160, name = ""
>> PID substitution detected (current PID is=0, real = 3160)
Masking process with PID=764, name = ""
>> PID substitution detected (current PID is=0, real = 764)
Masking process with PID=2588, name = ""
>> PID substitution detected (current PID is=0, real = 2588)
Masking process with PID=2852, name = ""
>> PID substitution detected (current PID is=0, real = 2852)
Masking process with PID=348, name = ""
>> PID substitution detected (current PID is=0, real = 348)
Masking process with PID=1624, name = ""
>> PID substitution detected (current PID is=0, real = 1624)
Masking process with PID=2264, name = ""
>> PID substitution detected (current PID is=0, real = 2264)
Masking process with PID=2564, name = ""
>> PID substitution detected (current PID is=0, real = 2564)
Masking process with PID=1700, name = ""
>> PID substitution detected (current PID is=0, real = 1700)
Masking process with PID=3348, name = ""
>> PID substitution detected (current PID is=0, real = 3348)
Masking process with PID=4076, name = ""
>> PID substitution detected (current PID is=0, real = 4076)
Masking process with PID=1428, name = ""
>> PID substitution detected (current PID is=0, real = 1428)
Masking process with PID=2932, name = ""
>> PID substitution detected (current PID is=0, real = 2932)
Masking process with PID=240, name = ""
>> PID substitution detected (current PID is=0, real = 240)
Masking process with PID=1488, name = ""
>> PID substitution detected (current PID is=0, real = 1488)
Masking process with PID=1624, name = ""
>> PID substitution detected (current PID is=0, real = 1624)
Masking process with PID=1160, name = ""
>> PID substitution detected (current PID is=0, real = 1160)
Masking process with PID=3504, name = ""
>> PID substitution detected (current PID is=0, real = 3504)
Masking process with PID=1464, name = ""
>> PID substitution detected (current PID is=0, real = 1464)
Masking process with PID=3576, name = ""
>> PID substitution detected (current PID is=0, real = 3576)
Masking process with PID=2204, name = ""
>> PID substitution detected (current PID is=0, real = 2204)
Masking process with PID=2072, name = ""
>> PID substitution detected (current PID is=0, real = 2072)
Masking process with PID=3580, name = ""
>> PID substitution detected (current PID is=0, real = 3580)
Masking process with PID=4004, name = ""
>> PID substitution detected (current PID is=0, real = 4004)
Masking process with PID=2932, name = ""
>> PID substitution detected (current PID is=0, real = 2932)
Masking process with PID=276, name = ""
>> PID substitution detected (current PID is=0, real = 276)
Masking process with PID=2024, name = ""
>> PID substitution detected (current PID is=0, real = 2024)
Masking process with PID=2924, name = ""
>> PID substitution detected (current PID is=0, real = 2924)
Masking process with PID=3692, name = ""
>> PID substitution detected (current PID is=0, real = 3692)
Masking process with PID=3864, name = ""
>> PID substitution detected (current PID is=0, real = 3864)
Masking process with PID=3752, name = ""
>> PID substitution detected (current PID is=0, real = 3752)
Masking process with PID=880, name = ""
>> PID substitution detected (current PID is=0, real = 880)
Masking process with PID=3964, name = ""
>> PID substitution detected (current PID is=0, real = 3964)
Masking process with PID=4008, name = ""
>> PID substitution detected (current PID is=0, real = 4008)
Masking process with PID=2928, name = ""
>> PID substitution detected (current PID is=0, real = 2928)
Masking process with PID=3748, name = ""
>> PID substitution detected (current PID is=0, real = 3748)
Masking process with PID=3268, name = ""
>> PID substitution detected (current PID is=0, real = 3268)
Masking process with PID=1700, name = ""
>> PID substitution detected (current PID is=0, real = 1700)
Masking process with PID=2412, name = ""
>> PID substitution detected (current PID is=0, real = 2412)
Masking process with PID=512, name = ""
>> PID substitution detected (current PID is=0, real = 512)
Masking process with PID=3824, name = ""
>> PID substitution detected (current PID is=0, real = 3824)
Masking process with PID=2896, name = ""
>> PID substitution detected (current PID is=0, real = 2896)
Masking process with PID=3016, name = ""
>> PID substitution detected (current PID is=0, real = 3016)
Masking process with PID=2916, name = ""
>> PID substitution detected (current PID is=0, real = 2916)
Masking process with PID=1112, name = ""
>> PID substitution detected (current PID is=0, real = 1112)
Masking process with PID=3988, name = ""
>> PID substitution detected (current PID is=0, real = 3988)
Masking process with PID=3964, name = ""
>> PID substitution detected (current PID is=0, real = 3964)
Masking process with PID=1536, name = ""
>> PID substitution detected (current PID is=0, real = 1536)
Masking process with PID=3556, name = ""
>> PID substitution detected (current PID is=0, real = 3556)
Masking process with PID=788, name = ""
>> PID substitution detected (current PID is=0, real = 788)
Masking process with PID=1112, name = ""
>> PID substitution detected (current PID is=0, real = 1112)
Masking process with PID=2380, name = ""
>> PID substitution detected (current PID is=0, real = 2380)
Masking process with PID=864, name = ""
>> PID substitution detected (current PID is=0, real = 864)
Masking process with PID=4028, name = ""
>> PID substitution detected (current PID is=0, real = 4028)
Masking process with PID=2924, name = ""
>> PID substitution detected (current PID is=0, real = 2924)
Masking process with PID=3856, name = ""
>> PID substitution detected (current PID is=0, real = 3856)
Masking process with PID=1856, name = ""
>> PID substitution detected (current PID is=0, real = 1856)
Masking process with PID=3580, name = ""
>> PID substitution detected (current PID is=0, real = 3580)
Masking process with PID=3444, name = ""
>> PID substitution detected (current PID is=0, real = 3444)
Masking process with PID=2720, name = ""
>> PID substitution detected (current PID is=0, real = 2720)
Masking process with PID=3000, name = ""
>> PID substitution detected (current PID is=0, real = 3000)
Masking process with PID=1536, name = ""
>> PID substitution detected (current PID is=0, real = 1536)
Masking process with PID=2360, name = ""
>> PID substitution detected (current PID is=0, real = 2360)
Masking process with PID=496, name = ""
>> PID substitution detected (current PID is=0, real = 496)
Masking process with PID=1236, name = ""
>> PID substitution detected (current PID is=0, real = 1236)
Masking process with PID=3556, name = ""
>> PID substitution detected (current PID is=0, real = 3556)
Masking process with PID=3956, name = ""
>> PID substitution detected (current PID is=0, real = 3956)
Masking process with PID=3884, name = ""
>> PID substitution detected (current PID is=0, real = 3884)
Masking process with PID=508, name = ""
>> PID substitution detected (current PID is=0, real = 508)
Masking process with PID=3160, name = ""
>> PID substitution detected (current PID is=0, real = 3160)
Masking process with PID=1584, name = ""
>> PID substitution detected (current PID is=0, real = 1584)
Masking process with PID=492, name = ""
>> PID substitution detected (current PID is=0, real = 492)
Masking process with PID=1616, name = ""
>> PID substitution detected (current PID is=0, real = 1616)
Masking process with PID=1820, name = ""
>> PID substitution detected (current PID is=0, real = 1820)
Masking process with PID=1140, name = ""
>> PID substitution detected (current PID is=0, real = 1140)
Masking process with PID=1104, name = ""
>> PID substitution detected (current PID is=0, real = 1104)
Masking process with PID=628, name = ""
>> PID substitution detected (current PID is=0, real = 628)
Masking process with PID=3160, name = ""
>> PID substitution detected (current PID is=0, real = 3160)
Masking process with PID=2260, name = ""
>> PID substitution detected (current PID is=0, real = 2260)
Masking process with PID=3616, name = ""
>> PID substitution detected (current PID is=0, real = 3616)
Masking process with PID=1572, name = ""
>> PID substitution detected (current PID is=0, real = 1572)
Masking process with PID=3348, name = ""
>> PID substitution detected (current PID is=0, real = 3348)
Masking process with PID=3000, name = ""
>> PID substitution detected (current PID is=0, real = 3000)
Masking process with PID=2380, name = ""
>> PID substitution detected (current PID is=0, real = 2380)
Searching for masking processes and drivers - complete
1.5 Checking IRP handlers
Driver loaded successfully
Checking - complete
2. Scanning RAM
Number of processes found: 61
Number of modules loaded: 523
Scanning RAM - complete
3. Scanning disks
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Documents and Settings\claudi\AppData\Local\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Dokumente und Einstellungen\claudi\AppData\Local\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Anwendungsdaten\Temp\~DF461A.tmp
Direct reading: C:\Users\claudi\AppData\Local\Temp\~DF461A.tmp
4. Checking Winsock Layered Service Provider (SPI/LSP)
LSP settings checked. No errors detected
5. Searching for keyboard/mouse/windows events hooks (Keyloggers, Trojan DLLs)
6. Searching for opened TCP/UDP ports used by malicious software
Checking - disabled by user
7. Heuristic system check
Latent DLL loading through AppInit_DLLs suspected: "C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
Checking - complete
8. Searching for vulnerabilities
>> Services: potentially dangerous service allowed: TermService (Terminaldienste)
>> Services: potentially dangerous service allowed: SSDPSRV (SSDP-Suche)
>> Services: potentially dangerous service allowed: Schedule (Aufgabenplanung)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
Checking - complete
9. Troubleshooting wizard
>> HDD autorun is allowed
>> Network drives autorun is allowed
>> Removable media autorun is allowed
Checking - complete
Files scanned: 35462506, extracted from archives: 1922133, malicious software found 0, suspicions - 0
Scanning finished at 05.05.2011 13:45:07
Time of scanning: 19:24:49
If you have a suspicion on presence of viruses or questions on the suspected objects,
you can address hxxp://project911.kaspersky-labs.com/

Obwohl ich database update gedrückt habe. Wenn ich auf AVZPM gehe kann ich allerdings auch nicht mehr auf install extended monitoring driver gehen !!?

 

Themen zu TR/Kazy.mekml.1' [trojan] / daten weg
.exe, aktion, avgntflt.sys, busse, conduit, datei, daten, daten weg, excel.exe, forum, gefunde, google chrome, heute, hoffe, immer wieder, install.exe, intranet, location, loszuwerden, microsoft office word, neues, nvlddmkm.sys, office 2007, oldtimer, picasa, plug-in, presentationhost.exe, programm, saver, sched.exe, searchplugins, security update, shell32.dll, shortcut, sicht, start menu, systems, thema, tr/kazy.mekml.1, troja, trojan, unerwünschtes, unerwünschtes programm, verschwunden, virus, zugriff


« 3 Objekte Trojan.Spyeyes mit Malwarebytes gefunden | Nach Neuaufsetzung des Systems erscheint weiterhin Windows Recovery »


Ähnliche Themen: TR/Kazy.mekml.1' [trojan] / daten weg


  1. noch ein 'TR/Kazy.mekml.1' [trojan]
    Log-Analyse und Auswertung - 24.05.2011 (38)
  2. TR/Kazy.mekml.1' [trojan
    Log-Analyse und Auswertung - 20.05.2011 (21)
  3. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (5)
  4. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  5. Probleme mit Trojaner (TR/Kazy.mekml.1) alle daten weg !
    Log-Analyse und Auswertung - 11.05.2011 (38)
  6. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 10.05.2011 (38)
  7. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (29)
  8. Kazy.mekml.1 auf dem PC und alle Daten sind weg
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (13)
  9. Festplatte beschädigt. Private Daten sind in Gefahr. AntiVir Fund: TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (16)
  10. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (14)
  11. Beschädigte Dateien lassen sich nicht öffnen (zuvor TR/Kazy.mekml.1' [trojan] auf den Pc gehabt)
    Log-Analyse und Auswertung - 28.04.2011 (1)
  12. TR/Kazy.mekml.1, festplatten cluster beschädigt, daten nicht mehr lesbar, schwarzer hintergrund
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (1)
  13. Trojaner Kazy.mekml.1 seit gestern - Daten weg, PC fährt immer runter
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (13)
  14. TR/kazy.mekml.1 mit allen Symtomen (Daten unsichtbar, Festplattenfehler usw.)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (17)
  15. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  16. TR/Kazy.mekml.1' [trojan] / daten weg
    Mülltonne - 24.04.2011 (1)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema TR/Kazy.mekml.1' [trojan] / daten weg - Hallo Petra Ich habe es jetzt nochmal gemacht aber es kommt wieder das hier raus Attention !!! Database was last updated 19.04.2011 it is necessary to update the database (via - TR/Kazy.mekml.1' [trojan] / daten weg...
Archiv
Du betrachtest: TR/Kazy.mekml.1' [trojan] / daten weg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55