Windows XP tmp.exe viren

Despooo · 04.05.2010, 18:48

Hallo Cosinus

Danke erstmal, nun kommen meine Logs

(ich kann übrings keine seite mehr im iexplorer aufsuchen und mit firefox
kann ich zwar surfen..aber hier zb nicht posten..was ein kumpel macht)

Erst der Log von Malware

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
malwarebytes.org

Datenbank Version: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02.05.2010 15:50:13
mbam-log-2010-05-02 (15-50-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|)
Durchsuchte Objekte: 212229
Laufzeit: 1 Stunde(n), 10 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 2
Infizierte Dateien: 18

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined 
and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and 
deleted successfully.
HKEY_CURRENT_USER\Software\Desktop Security 2010 
(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Desktop 
Security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and 
deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and 
deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\desktop 
security 2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\securitycenter 
(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qw53oguvt5ke 
(Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010 (Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Dokumente und Einstellungen\Anwender\Desktop\u98.exe 
(Adware.UltraReach) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010\Activate Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> 
Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010\Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> Quarantined 
and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010\Help Desktop Security 2010.lnk (Rogue.DesktopSecurity2010) -> 
Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010\How to Activate Desktop Security 2010.lnk 
(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\Desktop Security 2010.exe (Rogue.DesktopSecurity2010) -> Quarantined 
and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\mfc71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\MFC71ENU.DLL (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\msvcp71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\msvcr71.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\securitycenter.exe (Rogue.DesktopSecurity2010) -> Quarantined and 
deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\securityhelper.exe (Rogue.DesktopSecurity2010) -> Quarantined and 
deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Desktop Security 
2010\taskmgr.dll (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Startmenü\Programme\Desktop Security 
2010.LNK (Rogue.DesktopSecurity2010) -> Quarantined and deleted 
successfully.
C:\Dokumente und Einstellungen\Anwender\Anwendungsdaten\Microsoft\Internet 
Explorer\Quick Launch\Desktop Security 2010.LNK 
(Rogue.DesktopSecurity2010) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Lokale 
Einstellungen\Temp\wrfwe_di.exe (Trojan.Downloader) -> Quarantined and 
deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Lokale Einstellungen\Temp\test.exe 
(Trojan.Agent) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Anwender\Lokale 
Einstellungen\Temp\m.215.tmp.exe (Trojan.Downloader) -> Quarantined and 
deleted successfully.

und nun von OTL Extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 03.05.2010 23:20:00 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Dokumente und 
Einstellungen\Anwender\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = 
NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: 
dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% 
Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File 
free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = 
C:\Programme
Drive C: | 48,83 Gb Total Space | 6,73 Gb Free Space | 13,77% Space Free | 
Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 5,16 Gb Free Space | 10,56% Space Free | 
Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 43,57 Gb Total Space | 10,02 Gb Free Space | 22,99% Space Free | 
Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANWENDER-73C45A
Current User Name: Anwender
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 
(Microsoft Corporation)
htmlfile [print] -- "D:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p 
%1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft 
Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe 
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft 
Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft 
Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security 
Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP Port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP Port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP Port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP Port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP Port 37675

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows 
Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft 
Corporation)
"%windir%\system32\drivers\svchost.exe" = 
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = 
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime 
Server -- (WIBU-SYSTEMS AG)
"C:\Programme\Vogel Verlag\Gemeinsame 
Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" = C:\Programme\Vogel 
Verlag\Gemeinsame 
Komponenten\FahrenLernenSync\Vogel.USBSpider.exe:*:Enabled:FahrenLernenSync  
-- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 --  
File not found
"C:\Programme\TVUPlayer\TVUPlayer.exe" = 
C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU 
networks)
"C:\Programme\Azureus\Azureus.exe" = 
C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"C:\WINDOWS\system32\LMabcoms.exe" = 
C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- ()
"C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe" = 
C:\Programme\Camfrog\Camfrog Video Chat\Camfrog Video 
Chat.exe:*:Enabled:Camfrog Video Chat 3.94 -- (Camshare LC)
"C:\Programme\Electronic Arts\Command & Conquer 
3\RetailExe\1.0\cnc3game.dat" = C:\Programme\Electronic Arts\Command & 
Conquer 3\RetailExe\1.0\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium 
Wars -- File not found
"C:\Gamigo Games\Smash Online\SmashOnline.exe" = C:\Gamigo Games\Smash 
Online\SmashOnline.exe:*:Enabled:SmashOnline -- File not found
"D:\Programme\poc\poc2008\Poc3D2008.exe" = 
D:\Programme\poc\poc2008\Poc3D2008.exe:*:Enabled:Poc3D2008 -- File not found
"D:\LevelR\LevelR.bin" = D:\LevelR\LevelR.bin:*:Enabled:LEVEL-R -- File not 
found
"C:\Programme\ICQ6.5\ICQ.exe" = 
C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows 
Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft 
Corporation)
"%windir%\system32\drivers\svchost.exe" = 
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found
"C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe" = 
C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe:*:Enabled:CodeMeter Runtime 
Server -- (WIBU-SYSTEMS AG)
"D:\Programme\Vogel Verlag\PC-Professional\Fernwartung.exe" = 
D:\Programme\Vogel 
Verlag\PC-Professional\Fernwartung.exe:*:Enabled:Fernwartung -- File not 
found
"D:\Programme\Vogel Verlag\PC-Professional\FSM_WinVNC.exe" = 
D:\Programme\Vogel 
Verlag\PC-Professional\FSM_WinVNC.exe:*:Enabled:FSM_WinVNC -- File not found
"D:\Programme\Vogel Verlag\PC-Professional\PC_Professional.exe" = 
D:\Programme\Vogel 
Verlag\PC-Professional\PC_Professional.exe:*:Enabled:PC_Professional -- File 
not found
"C:\Programme\Vogel Verlag\Gemeinsame 
Komponenten\FahrenLernenSync\Vogel.USBSpider.exe" = C:\Programme\Vogel 
Verlag\Gemeinsame 
Komponenten\FahrenLernenSync\Vogel.USBSpider.exe:*:Enabled:FahrenLernenSync  
-- (Verlag Heinrich Vogel in der Springer Transport Media GmbH)
"D:\Programme\PC-Professional\Fernwartung.exe" = 
D:\Programme\PC-Professional\Fernwartung.exe:*:Enabled:Fernwartung --  
(Springer Transport Media GmbH)
"D:\Programme\PC-Professional\FSM_WinVNC.exe" = 
D:\Programme\PC-Professional\FSM_WinVNC.exe:*:Enabled:FSM_WinVNC --  
(Springer Transport Media GmbH)
"D:\Programme\PC-Professional\PC_Professional.exe" = 
D:\Programme\PC-Professional\PC_Professional.exe:*:Enabled:PC_Professional -- 
(Verlag Heinrich Vogel)


========== HKEY_LOCAL_MACHINE Uninstall List 
==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL 
Update kb973924 - x86 9.0.30729.4148
"{108DF49C-3AB4-4A7D-B6FD-8B6286B317FA}" = CodeMeter Tools Merge Module
"{14008C85-869F-11D5-986D-00500443CF9F}" = Der Planer Extra
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications 
Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation 
Language Pack - DEU
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE 
Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 
Redistributable
"{7339E5F7-32DE-45CD-995E-A795494A4082}_is1" = FahrenLernenSync 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL 
Update kb973923 - x86 8.0.50727.4053
"{791E2D38-210B-4622-8C57-512520D9F4EF}_is1" = PC-Professional Klasse B 2009
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C56F7E9-9175-48CF-999F-A786DEE68C1E}" = o2 Verbindungsmanager
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 
Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{884BB5CC-108E-41a9-936D-955C999C06A1}_x" = o2 Verbindungsmanager
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 
Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge 
Modules
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional 
Edition 2003
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - 
LIVE Redistributable
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation 
Language Pack (DEU)
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation 
Program
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error 
Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 
Redistributable - x86 9.0.30729.17
"{A1416622-0DDE-45B5-B06C-DFC3ED94C53B}" = Der Pate® II
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 
Service Pack 2
"{A961A077-4BD0-4C98-86BC-EE4A98CE550D}" = CodeMeter Runtime Merge Module 
(Win32)
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1" = Der Planer 4 Version 1.3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 
Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C63DE709-AEF3-4D70-9868-A4D05C18A70F}" = CloneSetup
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EF901A4B-A25A-4962-83C6-C6691D062ED9}" = Nero Mega Plugin Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio 
Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 
German Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FFDC4005-E968-498D-93C8-CC148742167D}}_is1" = Wecker für Windows 6.5
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia 
Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia 
pccsmcfd  (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - 
MobileTop (sshpmdm) Modem  (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - 
MobileTop (sshpusb) USB  (02/23/2007 2.5.0.0)
"8461-7759-5462-8226" = Vuze
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia 
Modem  (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Azureus" = Azureus
"Camfrog 5.5" = Camfrog Video Chat 5.5
"CCleaner" = CCleaner
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced 
Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10250093" = HDAUDIO Soft Data 
Fax Modem with SmartCP
"Crystal Player" = Crystal Player Professional 1.98
"DopLive ÊÓÆµÖ±²¥_is1" = DopLive 1.0.328.1
"EADM" = EA Download Manager
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free FLV Converter_is1" = Free FLV Converter V 6.7.4
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation 
APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments 
PCIxx21/x515/xx12 drivers.
"IsoBuster_is1" = IsoBuster 2.3
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"legacyqcam_10.51" = Logitech Legacy USB Camera-Treiberpaket
"Lexmark_HostCD" = Lexmark Software deinstallieren
"LG PC Suite IV" = LG PC Suite IV
"LManager" = Launch Manager
"lvdrivers_11.90" = Logitech QuickCam-Treiberpaket
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET 
Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET 
Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"Mozilla Sunbird (0.3)" = Mozilla Sunbird (0.3)
"Mozilla Thunderbird (2.0.0.6)" = Mozilla Thunderbird (2.0.0.6)
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ScreenRecorder" = Bulent's Screen Recorder
"SmartTools Publishing · Musterbrief-Assistent" = SmartTools Publishing · 
Musterbrief-Assistent
"SopCast" = SopCast 3.0.3
"StreamTorrent 1.0" = Stream Torrent 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TVUPlayer" = TVUPlayer 2.4.7.2
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Webcam Simulator_is1" = Webcam Simulator 6.3
"Wecker 2.2" = Wecker 2.2 2.2
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List 
==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Desktop Security 2010" = Desktop Security 2010
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.04.2010 07:37:36 | Computer Name = ANWENDER-73C45A | Source = 
Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung chrome.exe, Version 0.0.0.0, 
fehlgeschlagenes
 Modul npswf32.dll, Version 10.0.22.87, Fehleradresse 0x0010a0de.

Error - 24.04.2010 15:45:40 | Computer Name = ANWENDER-73C45A | Source = 
Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung manager10.exe, Version 2.0.0.6, 
fehlgeschlagenes
 Modul manager10.exe, Version 2.0.0.6, Fehleradresse 0x00971f73.

Error - 24.04.2010 17:55:06 | Computer Name = ANWENDER-73C45A | Source = 
Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 
Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 27.04.2010 13:43:53 | Computer Name = ANWENDER-73C45A | Source = 
ESENT | ID = 490
Description = svchost (1148) Versuch, Datei 
"C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 
(0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen 
Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 01.05.2010 09:35:18 | Computer Name = ANWENDER-73C45A | Source = 
Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 
Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.05.2010 11:09:49 | Computer Name = ANWENDER-73C45A | Source = 
Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 
Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.05.2010 11:16:27 | Computer Name = ANWENDER-73C45A | Source = 
Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 
Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 01.05.2010 11:17:58 | Computer Name = ANWENDER-73C45A | Source = 
Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, 
Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 03.05.2010 12:28:13 | Computer Name = ANWENDER-73C45A | Source = 
Google Update | ID = 20
Description =

Error - 03.05.2010 13:28:10 | Computer Name = ANWENDER-73C45A | Source = 
Google Update | ID = 20
Description =

[ System Events ]
Error - 02.05.2010 11:10:37 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 
ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 
Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten 
physikalischen Speicher
 abbilden zu können.

Error - 02.05.2010 11:17:32 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht 
laden.

Error - 02.05.2010 11:17:32 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 
ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 
Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten 
physikalischen Speicher
 abbilden zu können.

Error - 02.05.2010 11:46:27 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht 
laden.

Error - 02.05.2010 11:46:27 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 
ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 
Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten 
physikalischen Speicher
 abbilden zu können.

Error - 03.05.2010 06:34:31 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht 
laden.

Error - 03.05.2010 06:34:31 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 
ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 
Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten 
physikalischen Speicher
 abbilden zu können.

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 
NetBT | ID = 4307
Description = Initialisierung fehlgeschlagen, da die Transportschicht das 
Öffnen
 der Anfangsadressen verweigerte.

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht 
laden.

Error - 03.05.2010 17:12:38 | Computer Name = ANWENDER-73C45A | Source = 
Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild 
ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der 
Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten 
physikalischen Speicher
 abbilden zu können.

< End of report >

Windows XP tmp.exe viren

Log-Analyse und Auswertung: Windows XP tmp.exe viren

Windows XP tmp.exe viren

Ähnliche Themen: Windows XP tmp.exe viren