Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: TR/Kazy.mekml.1

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 26.04.2011, 16:33   #1
Buddy2
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



Hi, hab das erste mal leider in der falschen kategorie gepostet, sorry!
hab das problem mit dem trojaner hab Otl und maleware bytes durchlaufen lassen....Bitte um hilfe!
MFG Buddy






OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2011 16:51:49 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\KingKerosin\Documents
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 302,42 Gb Free Space | 67,84% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
 
Computer Name: KINGKEROSIN-PC | User Name: KingKerosin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1115585454-2118136840-3912530746-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\opera.exe"
https [open] -- "C:\Program Files\Opera\opera.exe"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B6C8E3-037F-4A74-8181-C0313A7993DD}" = lport=445 | protocol=6 | dir=in | app=system | 
"{05951296-CE37-44AB-8C16-0CA401EAAF81}" = rport=139 | protocol=6 | dir=out | app=system | 
"{195AEDEC-7364-4F96-A33C-534B48CA33C5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2A14235D-272C-4D29-8054-9CB77B7CF50F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{31D30E53-6A21-443E-83C4-3B5B10F6BAF9}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3BD8F14B-4CA2-4C55-A717-99F025BA6DCC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65C60274-696F-453C-8B88-124764234E8C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7713221A-F0CC-4040-96AF-BBCFA01C782D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{94EC3D71-BA46-47ED-812D-783B9D55C1E5}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{B43DF98D-A041-4F35-BA87-F04A7B9F9C17}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CBC564F8-D5E9-4AFD-97EB-D4D4366D911D}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D361DBE4-B0B4-4E1E-83C7-FD14B3F1C490}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D7A4690F-AAEE-4B49-A23B-85D96949AF1E}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0082F38A-31F4-49AE-BD7A-33401AD22504}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"{087C5FDB-F2D0-471C-B653-C5AE666CFDAD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{099B04A2-CE8E-4273-B86B-919A238C3AFA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0D733273-9253-4E8C-80D1-A0B1D698BC97}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe | 
"{0FB74B6D-A0FC-48DB-A6FD-6D38EC6B7D1C}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"{10F68EC5-9DD1-4FB3-ACD8-7DA3841CC6A5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | 
"{1896725A-70C4-4B95-A648-92954A7DB566}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{1906FC9B-4D17-439B-9186-FD9685991CD7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{21439909-4F66-4B28-BD81-514F84D70C05}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{257963A3-6AFB-4A34-B1FA-6988D9C9E276}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{2BB6D13A-AB85-4939-8AC8-37342B20AC7E}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\backgrounddownloader.exe | 
"{2C736937-2A67-4CC3-9EFB-10EC6DF6E446}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{303E5D0F-41C3-489A-A52C-C6E1EF74DAD7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{35C50461-DC99-471C-90B6-9326CF9EE7C9}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"{38E8EBC0-DDC5-47F0-9FFE-BEB43ADCBCA2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3FD76FF1-0CFD-4F25-A1E4-EF57E38F7DCD}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{47199E9C-FB3A-4D83-A2D1-50CD9FD9DDDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4CAC1C79-A6A0-435A-B906-A4A0488B64D2}" = protocol=17 | dir=in | app=i:\gamespy arcade\aphex.exe | 
"{540DA23B-B570-4BC0-A825-ED1CAF2B07B5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{55F73501-101A-4FB0-A9D3-6488827627C9}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{58F9106D-C7FE-4303-9D65-41F687C8678D}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.patch.exe | 
"{6E3F2AFF-7C6C-4439-9B84-18887DE891DB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{71BFF01C-FB20-4B7A-BBCE-88A1AEEC8087}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{783DC8FD-834C-4832-B60F-DE0F86E93A37}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{7D615754-A907-41AA-9F62-5864FF153AF2}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{7FAEED07-43C8-4211-9A09-5C2FE71ED182}" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\blizzard downloader.exe | 
"{8AA195CE-438E-4F50-8E3A-4385AA2A0F37}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{8B511B78-FC24-4850-BA96-7CACCE4450F5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-dede-downloader.exe | 
"{93F00B05-33D5-4805-9EF0-8A6EED831C13}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{BD93F194-B68B-4A3A-B24E-4D9038C517A9}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{C76213C9-F511-4C91-8747-8D17966F5848}" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\blizzard downloader.exe | 
"{C9643C75-184C-4EBC-858F-64406C76AC61}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{D4384714-E35A-4986-856E-6D8C0453C5BA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{DD2BD799-977F-4A13-B406-0A115FFC147D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{E6312502-FFDB-474F-836B-6E3F3ACCA8CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{E6F0D15D-DE4D-486A-B494-9A804BD545E2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{EEF604AC-8A5D-47FD-A120-54E37DF19C5A}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield 2142\bf2142.exe | 
"{F1450EC1-45A1-4A25-A85A-3C3BF67934F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{F62EC9CA-D441-4278-9E57-58C1CE028034}" = protocol=6 | dir=in | app=i:\gamespy arcade\aphex.exe | 
"{FD1AE3DB-0575-44A1-AA44-34C885743AB9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{FD4CEFE1-88F3-4D8B-98B4-DA02C899C3D8}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{FF67046C-8379-4BB1-9D9B-6840ACD9CA9F}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\empire total war\empire.exe | 
"TCP Query User{40EED534-5D77-4D38-AB46-4E6ADCD8EA6B}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"TCP Query User{544D55B9-2064-47FD-94B7-AFDF0EBCC61D}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{5F1E5479-20BA-4D20-9B77-6B807B3A0F26}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{6C50C411-1952-43A8-99D6-0143A78648BC}C:\users\public\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"TCP Query User{7729D48B-1496-4802-84F3-C5B0A7586C6C}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"TCP Query User{91DC218D-3A52-4BF1-8D0E-B91215E56356}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{94D77E2F-9DDA-4532-9ED2-76DC8DBC2DD4}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{C4002901-86F3-4A4D-8FD7-2C318A8408D6}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"TCP Query User{FDC2A64C-D2D7-40E0-A686-C9624CBFAE7A}C:\program files\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{05420244-F06C-4EBC-9A77-F4289960C5FE}C:\program files\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"UDP Query User{19F98E33-710B-4C5D-AB5D-A52BC933F9CA}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe | 
"UDP Query User{276EC66B-065E-4887-B2DD-0CFF396A7CCE}C:\program files\thq\dawn of war - soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - soulstorm\soulstorm.exe | 
"UDP Query User{2DB931D8-9126-485A-8B11-1519303C3B24}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe | 
"UDP Query User{71296522-9D8A-42E6-951E-F230413FC7BF}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{78B6D813-21A6-4549-9373-B7FCD5CB1486}C:\users\public\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\world of warcraft\launcher.exe | 
"UDP Query User{AE3F4DF1-4636-4777-9636-CD08D1164C63}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{DCB50646-5A8E-4A89-8A6B-A0F2A50E883F}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{F9AB8D52-6867-433E-A225-A8D73B8BBA4C}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{07605941-9E7C-4828-81A6-134C32CD240F}" = AOC UI Installer 3.0.4
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo AbsolutTV
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{506DDFBE-983F-4BC3-84B8-65F423B2D798}" = NVIDIA PhysX
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{588D9F5F-8C62-4421-BAE9-CCAA57D4E4EE}" = TVsweeper 3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83F12F73-D52E-40C0-93B1-463C311C4E17}" = Dawn Of War
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Double Action Air Grip
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C1920D73-7374-49d9-8C37-58A6E49078A5}" = F2100_Help
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5EF81AC-FE4C-4157-97E3-2E08B000742A}" = F2100_doccd
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1C409F0-8322-4c87-BD08-2F62777D490D}" = F2100
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online: Die Belagerung des Düsterwalds v03.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"LetsTrade" = LetsTrade Komponenten
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.7.4.1962
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1115585454-2118136840-3912530746-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SOE-DC Universe Online Live" = DC Universe Online Live
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.12.2010 12:15:51 | Computer Name = KingKerosin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 14.12.2010 12:34:05 | Computer Name = KingKerosin-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6001.18527, Zeitstempel
 0x4c87abd7, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00043387,  Prozess-ID 0x74c, Anwendungsstartzeit
 01cb9baa06d60502.
 
Error - 14.12.2010 12:34:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.12.2010 12:34:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 14.12.2010 12:34:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 15.12.2010 12:39:29 | Computer Name = KingKerosin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.12.2010 13:06:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 15.12.2010 13:06:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 15.12.2010 13:06:30 | Computer Name = KingKerosin-PC | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 15.12.2010 16:16:01 | Computer Name = KingKerosin-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 11.12.2008 10:37:18 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 11.12.2008 14:09:54 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 12.12.2008 18:58:29 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 14.12.2008 13:53:14 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 15.12.2008 14:21:13 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.12.2008 10:19:09 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.12.2008 12:36:26 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 18.12.2008 10:13:17 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.05.2010 16:34:31 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 02.05.2010 16:34:39 | Computer Name = KingKerosin-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 20.04.2011 04:33:39 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 21.04.2011 07:15:13 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.04.2011 06:24:38 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 22.04.2011 07:51:29 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.04.2011 09:13:53 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 23.04.2011 17:43:56 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 24.04.2011 09:16:28 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 26.04.2011 09:31:51 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 26.04.2011 10:09:58 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 26.04.2011 10:17:07 | Computer Name = KingKerosin-PC | Source = HTTP | ID = 15016
Description = 
 
 
< End of report >
         
--- --- ---

--- --- ---
ufen lassen

Alt 26.04.2011, 17:17   #2
markusg
/// Malware-holic
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



wo ist das Malwarebytes log und otl.txt
malwarebytes logs bekommst du unter malwarebytes, logdateien.
__________________

__________________

Antwort

Themen zu TR/Kazy.mekml.1
32 bit, avira, bonjour, browser, browser.exe, converter, dc universe online, desktop, downloader, error, erste mal, failed, flash player, home, iexplore.exe, install.exe, location, logfile, maleware, mp3, ntdll.dll, oldtimer, problem, realtek, saver, scan, security, server, shell32.dll, software, studio, svchost.exe, teamspeak, trojaner, vista, visual studio



Ähnliche Themen: TR/Kazy.mekml.1


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  3. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  4. Tr/kazy.mekml.1
    Log-Analyse und Auswertung - 03.05.2011 (13)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  6. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  7. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  8. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  9. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  10. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  11. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  12. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  13. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  14. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  15. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  16. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)
  17. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (4)

Zum Thema TR/Kazy.mekml.1 - Hi, hab das erste mal leider in der falschen kategorie gepostet, sorry! hab das problem mit dem trojaner hab Otl und maleware bytes durchlaufen lassen....Bitte um hilfe! MFG Buddy OTL - TR/Kazy.mekml.1...
Archiv
Du betrachtest: TR/Kazy.mekml.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.