Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?

cosinus · 27.08.2013, 15:15

Code:

ATTFilter

(Wsys Co., Ltd.) C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe
12:50:00.0515 2452  [ 6FF3CFB85B18C032AF8F242498DFC8D9 ] WsysSvc         C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe
R2 WsysSvc; C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)

Hier die Einträge zu "deiner" Datei.
Sagt die eSafe oder Wsys irgendetwas?

Wenn ich das richtig gesehen hab nach ner kurzen Googlesuche, sollten adwCleaner bzw JRT das löschen.

RibbAdy · 27.08.2013, 15:25

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-08-2013 01
Ran by Administrator (administrator) on 27-08-2013 16:18:58
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Microsoft Windows XP Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [18918208 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\System32\NvMCTray.dll [222528 2011-10-08] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [1692264 2011-10-08] ()
HKLM\...\Run: [Cmaudio8788GX] - C:\WINDOWS\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\WINDOWS\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
HKLM-x32\...\Winlogon: [Userinit] userinit [x]
HKLM\...\Winlogon: [UIHost] C:\Windows\system32\logonui.exe [662016 2007-02-18] ( (Microsoft Corporation))
Winlogon\Notify\dimsntfy: dimsntfy.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM\...\Command Processor:  <======= ATTENTION
HKLM-x32\...\Command Processor:  <======= ATTENTION
HKCU\...\Run: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe [20992 2007-02-18] (Microsoft Corporation)
HKCR\...0c966feabec1\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
MountPoints2: {83ad87c2-a644-11e1-aa49-002215896829} - E:\setup.exe
HKLM-x32\...\Run: [DeathAdder] - C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [244224 2009-12-15] ()
HKLM-x32\...\Run: [Cmaudio8788] - C:\WINDOWS\Syswow64\cmicnfgp.dll [8769536 2011-05-12] (C-Media Corporation)
HKLM-x32\...\Run: [EVGAPrecision] - C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [627016 2013-07-18] ()
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-23] (Avira Operations GmbH & Co. KG)
HKU\Default User\...\Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE [20992 2007-02-18] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [62464 2007-02-18] (Microsoft Corporation)
SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} -  No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
SSODL-x32: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\syswow64\SHELL32.dll No File
SSODL-x32: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.microsoft.com/isapi/redir.dll?Prd=ie&Pver=5.0&Ar=ie5update&O1=b1
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD321KJ_S0MQJ1KQ116668&ts=1376318977
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHD321KJ_S0MQJ1KQ116668&ts=1376318977
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - No Name - {01E04581-4EEE-11D0-BFE9-00AA005B4383} -  No File
Toolbar: HKCU - No Name - {0E5CBF21-D15F-11D0-8301-00AA005B4383} -  No File
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} -  No File
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} -  No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler: msdaipp - No CLSID Value - 
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\Windows\system32\mshtml.dll (Microsoft Corporation)
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} -  No File
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} -  No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\SysWOW64\mshtml.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\SysWOW64\mshtml.dll No File
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\SysWOW64\mshtml.dll No File
Handler-x32: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -  No File
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\SysWOW64\mshtml.dll No File
Handler-x32: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\SysWOW64\mshtml.dll No File
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\SysWOW64\mshtml.dll No File
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -  No File
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} -  No File
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\SysWOW64\urlmon.dll (Microsoft Corporation)
Filter-x32: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\syswow64\SHELL32.dll No File
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [10510848 2012-06-08] (Microsoft Corporation)
ShellExecuteHooks-x32: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll [8362496 2012-06-08] (Microsoft Corporation)
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [233472] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 %SystemRoot%\System32\mswsock.dll [492544] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: gmx.net
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\searchplugins\searchplugins-backup
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\ich@maltegoetz.de
FF Extension: DownloadHelper - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: Block site - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF Extension: testpilot - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\egsl36o0.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [lyrix@lyrixeeker.co] C:\Program Files (x86)\LyriXeeker\128.xpi

==================== Services (Whitelisted) =================

R2 AeLookupSvc; C:\Windows\SysWow64\aelupsvc.dll [26624 2007-02-18] (Microsoft Corporation)
S4 Alerter; C:\Windows\system32\alrsvc.dll [29696 2007-02-18] (Microsoft Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-23] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-23] (Avira Operations GmbH & Co. KG)
R2 AudioSrv; C:\Windows\SysWow64\audiosrv.dll [41472 2007-02-18] (Microsoft Corporation)
R2 Browser; C:\Windows\SysWow64\browser.dll [78336 2012-06-29] (Microsoft Corporation)
S3 ClipSrv; C:\Windows\system32\clipsrv.exe [49664 2007-02-18] (Microsoft Corporation)
S3 dmadmin; C:\Windows\System32\dmadmin.exe [399872 2007-02-18] (Microsoft Corporation)
R2 dmserver; C:\Windows\System32\dmserver.dll [37376 2007-02-18] (Microsoft Corporation)
R2 ERSvc; C:\Windows\System32\ersvc.dll [31744 2007-02-18] (Microsoft Corporation)
S2 helpsvc; C:\Windows\PCHealth\HelpCtr\Binaries\pchsvc.dll [77312 2007-02-18] (Microsoft Corporation)
S3 HTTPFilter; C:\Windows\System32\w3ssl.dll [21504 2007-02-18] (Microsoft Corporation)
S3 IASJet; C:\Windows\SysWOW64\iasrecst.dll [162816 2007-02-18] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS\system32\imapi.exe [265728 2007-02-18] (Microsoft Corporation)
S3 LPDSVC; C:\Windows\system32\tcpsvcs.exe [27648 2007-02-18] (Microsoft Corporation)
S4 Messenger; C:\Windows\System32\msgsvc.dll [57344 2007-02-18] (Microsoft Corporation)
S3 mnmsrvc; C:\Windows\SysWow64\mnmsrvc.exe [32768 2007-02-18] (Microsoft Corporation)
S3 NetDDE; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 NetDDEdsdm; C:\Windows\system32\netdde.exe [160768 2007-02-18] (Microsoft Corporation)
S3 Netman; C:\Windows\SysWow64\netman.dll [263680 2007-02-18] (Microsoft Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [492544 2011-03-03] (Microsoft Corporation)
R3 Nla; C:\Windows\SysWow64\mswsock.dll [233472 2011-03-03] (Microsoft Corporation)
S3 NtLmSsp; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [794112 2007-02-18] (Microsoft Corporation)
R2 NVSvc; C:\Windows\system32\nvsvc64.exe [344896 2011-10-08] (NVIDIA Corporation)
R2 PlugPlay; C:\Windows\system32\services.exe [227840 2009-03-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-08-08] ()
R2 PolicyAgent; C:\Windows\system32\lsass.exe [14336 2007-02-18] (Microsoft Corporation)
S3 RasAuto; C:\Windows\SysWow64\rasauto.dll [91648 2007-02-18] (Microsoft Corporation)
R3 RasMan; C:\Windows\SysWow64\rasmans.dll [181760 2007-02-18] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS\system32\sessmgr.exe [212480 2007-02-18] (Microsoft Corporation)
S3 SCardSvr; C:\Windows\System32\SCardSvr.exe [166400 2007-02-18] (Microsoft Corporation)
R2 Schedule; C:\Windows\SysWow64\schedsvc.dll [202240 2007-02-18] (Microsoft Corporation)
R2 seclogon; C:\Windows\SysWow64\seclogon.dll [18432 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
R2 srservice; C:\WINDOWS\system32\srsvc.dll [231424 2007-02-18] (Microsoft Corporation)
S2 SysmonLog; C:\Windows\system32\smlogsvc.exe [133120 2007-02-18] (Microsoft Corporation)
S4 TlntSvr; C:\WINDOWS\system32\tlntsvr.exe [113152 2007-02-18] (Microsoft Corporation)
R2 TrkWks; C:\Windows\SysWow64\trkwks.dll [86528 2007-02-18] (Microsoft Corporation)
S3 UPS; C:\Windows\System32\ups.exe [34816 2007-02-18] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\SysWOW64\mspmsnsv.dll [25088 2007-02-18] (Microsoft Corporation)
S3 Wmi; C:\Windows\System32\advapi32.dll [1052160 2009-03-19] (Microsoft Corporation)
S3 Wmi; C:\Windows\SysWow64\advapi32.dll [619008 2009-03-19] (Microsoft Corporation)
S3 WMPNetworkSvc; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [913408 2006-10-18] (Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\wuauserv.dll [12288 2007-02-18] (Microsoft Corporation)
S4 WZCSVC; C:\Windows\System32\wzcsvc.dll [659968 2007-02-18] (Microsoft Corporation)
S4 WZCSVC; C:\Windows\SysWow64\wzcsvc.dll [489472 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\System32\xmlprov.dll [326144 2007-02-18] (Microsoft Corporation)
S3 xmlprov; C:\Windows\SysWow64\xmlprov.dll [131584 2007-02-18] (Microsoft Corporation)
R2 Eventlog;  [x]
S3 WinHttpAutoProxySvc; winhttp.dll [x]

==================== Drivers (Whitelisted) ====================

S4 ACPIEC; C:\Windows\System32\Drivers\ACPIEC.sys [18432 2007-02-18] (Microsoft Corporation)
S3 aec; C:\Windows\System32\drivers\aec.sys [188928 2005-03-24] (Microsoft Corporation)
R3 Arp1394; C:\Windows\System32\DRIVERS\arp1394.sys [111104 2007-02-17] (Microsoft Corporation)
S3 Atmarpc; C:\Windows\System32\DRIVERS\atmarpc.sys [106496 2007-02-18] (Microsoft Corporation)
R3 audstub; C:\Windows\System32\DRIVERS\audstub.sys [5632 2005-03-24] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-23] (Avira Operations GmbH & Co. KG)
R2 CdaC15BA; C:\Windows\System32\DRIVERS\CdaC15BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R2 CdaD10BA; C:\Windows\System32\DRIVERS\CdaD10BA.sys [13312 2007-02-18] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2717696 2011-03-10] (C-Media Inc)
R2 cpuz132; C:\WINDOWS\system32\drivers\cpuz132_x64.sys [19432 2009-03-27] (Windows (R) Codename Longhorn DDK provider)
S4 dmboot; C:\Windows\System32\drivers\dmboot.sys [415232 2007-02-18] (Microsoft Corporation)
R0 dmio; C:\Windows\System32\drivers\dmio.sys [244224 2007-02-18] (Microsoft Corporation)
R0 dmload; C:\Windows\System32\drivers\dmload.sys [9216 2007-02-18] (Microsoft Corporation)
R1 Fips; C:\Windows\System32\Drivers\Fips.sys [50176 2007-02-18] (Microsoft Corporation)
R0 Ftdisk; C:\Windows\System32\DRIVERS\ftdisk.sys [240128 2007-02-18] (Microsoft Corporation)
R3 Gpc; C:\Windows\System32\DRIVERS\msgpc.sys [71168 2007-02-18] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [239616 2005-07-13] (Windows (R) Server 2003 DDK provider)
R1 imapi; C:\Windows\System32\DRIVERS\imapi.sys [72704 2007-02-18] (Microsoft Corporation)
S3 Ip6Fw; C:\Windows\System32\DRIVERS\Ip6Fw.sys [57856 2007-02-18] (Microsoft Corporation)
R1 IPSec; C:\Windows\System32\DRIVERS\ipsec.sys [156672 2007-02-18] (Microsoft Corporation)
R3 kmixer; C:\Windows\System32\drivers\kmixer.sys [204288 2005-03-24] (Microsoft Corporation)
R1 mnmdd; C:\Windows\System32\Drivers\mnmdd.sys [8192 2007-02-18] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2006-05-08] ()
R3 NIC1394; C:\Windows\System32\DRIVERS\nic1394.sys [92160 2005-03-24] (Microsoft Corporation)
R3 nv; C:\Windows\System32\DRIVERS\nv4_mini.sys [12579072 2011-10-08] (NVIDIA Corporation)
R3 PSched; C:\Windows\System32\DRIVERS\psched.sys [106496 2007-02-18] (Microsoft Corporation)
R3 Ptilink; C:\Windows\System32\DRIVERS\ptilink.sys [31232 2007-02-18] (Parallel Technologies, Inc.)
R3 Raspti; C:\Windows\System32\DRIVERS\raspti.sys [31232 2007-02-18] (Microsoft Corporation)
R1 redbook; C:\Windows\System32\DRIVERS\redbook.sys [64000 2005-03-24] (Microsoft Corporation)
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-18] ()
R3 RTCore64; C:\Program Files (x86)\EVGA Precision X\RTCore64.sys [15176 2013-07-18] ()
R1 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
R1 speedfan; C:\WINDOWS\SysWOW64\speedfan.sys [14104 2007-02-07] (Windows (R) Server 2003 DDK provider)
S3 splitter; C:\Windows\System32\drivers\splitter.sys [10240 2007-02-17] (Microsoft Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [513080 2011-08-20] (Duplex Secure Ltd.)
R0 sr; C:\Windows\System32\DRIVERS\sr.sys [123904 2007-02-18] (Microsoft Corporation)
S3 swmidi; C:\Windows\System32\drivers\swmidi.sys [86528 2005-03-24] (Microsoft Corporation)
R3 sysaudio; C:\Windows\System32\drivers\sysaudio.sys [147456 2007-02-17] (Microsoft Corporation)
R3 Update; C:\Windows\System32\DRIVERS\update.sys [152576 2007-05-30] (Microsoft Corporation)
R3 wdmaud; C:\Windows\System32\drivers\wdmaud.sys [187904 2007-02-17] (Microsoft Corporation)
R3 yukonx64; C:\Windows\System32\DRIVERS\yk51x64.sys [351744 2007-08-15] (Marvell)
S4 Abiosdsk; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 AmdIde; No ImagePath
S4 Atdisk; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 dpti2o; No ImagePath
S1 i2omgmt; No ImagePath
S4 iirsp; No ImagePath
S4 IntelIde; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 LGBusEnum; system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid; system32\drivers\LGVirHid.sys [x]
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S2 StarOpen; No ImagePath
S4 symc8xx; No ImagePath
S4 symmpi; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U1 WS2IFSL; 

==================== NetSvcs (Whitelisted) ===================

NETSVCx32: Browser -> C:\Windows\SysWOW64\browser.dll (Microsoft Corporation)
NETSVCx32: CryptSvc -> C:\Windows\SysWOW64\cryptsvc.dll (Microsoft Corporation)
NETSVCx32: DMServer -> C:\Windows\SysWOW64\dmserver.dll ==> No File.
NETSVCx32: EventSystem -> C:\WINDOWS\SysWOW64\es.dll (Microsoft Corporation)
NETSVCx32: HidServ -> C:\Windows\SysWOW64\hidserv.dll ==> No File.
NETSVCx32: Iprip -> No ServiceDLL Path.
NETSVCx32: LanmanWorkstation -> C:\Windows\SysWOW64\wkssvc.dll ==> No File.
NETSVCx32: Messenger -> C:\Windows\SysWOW64\msgsvc.dll ==> No File.
NETSVCx32: Netman -> C:\Windows\SysWOW64\netman.dll (Microsoft Corporation)
NETSVCx32: Seclogon -> C:\Windows\SysWOW64\seclogon.dll (Microsoft Corporation)
NETSVCx32: TrkWks -> C:\Windows\SysWOW64\trkwks.dll (Microsoft Corporation)
NETSVCx32: WZCSVC -> C:\Windows\SysWOW64\wzcsvc.dll (Microsoft Corporation)
NETSVCx32: wscsvc -> C:\Windows\SysWOW64\wscsvc.dll ==> No File.
NETSVCx32: xmlprov -> C:\Windows\SysWOW64\xmlprov.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-08-25 17:51 - 2013-08-25 17:51 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-25 17:34 - 2013-08-27 16:00 - 00000000 ____D C:\AdwCleaner
2013-08-25 17:31 - 2013-08-25 17:31 - 01021434 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-08-25 17:29 - 2013-08-25 17:29 - 00994642 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-08-23 16:32 - 2013-08-23 16:32 - 00163840 _____ C:\WINDOWS\Minidump\Mini082313-02.dmp
2013-08-23 16:21 - 2013-08-23 16:21 - 00163840 _____ C:\WINDOWS\Minidump\Mini082313-01.dmp
2013-08-23 16:15 - 2013-08-23 16:15 - 00000000 ____D C:\FRST
2013-08-23 16:10 - 2013-08-23 16:10 - 00000020 _____ C:\Documents and Settings\Administrator\defogger_reenable
2013-08-23 15:08 - 2013-08-25 17:33 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Trojaner Board
2013-08-23 14:28 - 2013-08-23 14:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
2013-08-23 14:25 - 2013-08-23 14:25 - 00001761 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-08-23 14:24 - 2013-08-23 14:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-23 14:24 - 2013-08-23 14:19 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-08-23 14:24 - 2013-08-23 14:19 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-08-23 14:24 - 2013-08-23 14:19 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-08-22 21:06 - 2013-08-22 21:06 - 00000000 ____D C:\User Data
2013-08-18 20:04 - 2013-08-23 15:59 - 00005454 _____ C:\WINDOWS\PFRO.log
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\RivaTuner Statistics Server
2013-08-15 13:12 - 2013-08-15 13:12 - 00005515 _____ C:\WINDOWS\KB2850869.log
2013-08-15 13:12 - 2013-08-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 13:05 - 2013-08-15 13:06 - 00006028 _____ C:\WINDOWS\KB2849470.log
2013-08-15 13:05 - 2013-08-15 13:06 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 13:03 - 2013-08-15 13:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-15 13:02 - 2013-08-15 13:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 13:01 - 2013-08-15 13:02 - 00004291 _____ C:\WINDOWS\KB2863058.log
2013-08-12 16:49 - 2013-08-26 18:49 - 00000422 _____ C:\WINDOWS\Tasks\At1.job
2013-08-08 23:20 - 2013-08-21 19:32 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-08-08 23:19 - 2013-08-21 19:32 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-08-08 23:19 - 2013-08-20 21:17 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-08-08 23:19 - 2013-08-08 23:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Arktos
2013-08-08 23:18 - 2013-08-08 23:18 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-08-07 00:52 - 2013-08-21 19:31 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Infestation Survivor Stories

==================== One Month Modified Files and Folders =======

2013-08-27 16:05 - 2013-05-20 12:03 - 00000000 _____ C:\WINDOWS\0.log
2013-08-27 16:03 - 2010-08-23 22:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-27 16:03 - 2010-08-23 22:06 - 01595055 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-27 16:01 - 2010-08-23 22:12 - 00032642 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2013-08-27 16:01 - 2010-08-23 22:12 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-08-27 16:01 - 2010-08-23 22:12 - 00000000 ____D C:\Documents and Settings\Administrator
2013-08-27 16:00 - 2013-08-25 17:34 - 00000000 ____D C:\AdwCleaner
2013-08-26 18:49 - 2013-08-12 16:49 - 00000422 _____ C:\WINDOWS\Tasks\At1.job
2013-08-26 18:41 - 2012-06-10 12:02 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-26 17:54 - 2007-02-18 14:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-25 17:52 - 2013-08-25 17:52 - 00000972 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2013-08-25 17:51 - 2013-08-25 17:51 - 00000000 ____D C:\WINDOWS\ERUNT
2013-08-25 17:36 - 2010-08-23 22:12 - 00000214 _____ C:\Documents and Settings\LocalService\wiadebug.log
2013-08-25 17:35 - 2011-06-30 01:35 - 00000669 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-08-25 17:33 - 2013-08-23 15:08 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\Trojaner Board
2013-08-25 17:31 - 2013-08-25 17:31 - 01021434 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2013-08-25 17:31 - 2010-08-23 23:52 - 01320574 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-25 17:31 - 2010-08-23 22:17 - 00558072 _____ C:\WINDOWS\system32\perfh007.dat
2013-08-25 17:31 - 2010-08-23 22:17 - 00116646 _____ C:\WINDOWS\system32\perfc007.dat
2013-08-25 17:29 - 2013-08-25 17:29 - 00994642 _____ C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
2013-08-24 15:26 - 2013-05-20 11:58 - 00045444 _____ C:\WINDOWS\FaxSetup.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00023926 _____ C:\WINDOWS\msmqinst.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00019658 _____ C:\WINDOWS\tsoc.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00017783 _____ C:\WINDOWS\ocgen.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00017208 _____ C:\WINDOWS\iis6.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00015596 _____ C:\WINDOWS\comsetup.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00010248 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00002819 _____ C:\WINDOWS\ocmsn.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00002563 _____ C:\WINDOWS\msgsocm.log
2013-08-24 15:26 - 2013-05-20 11:58 - 00002436 _____ C:\WINDOWS\imsins.log
2013-08-24 00:03 - 2010-11-01 05:37 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\QuickPar
2013-08-23 16:32 - 2013-08-23 16:32 - 00163840 _____ C:\WINDOWS\Minidump\Mini082313-02.dmp
2013-08-23 16:32 - 2010-09-26 13:13 - 00000000 ____D C:\WINDOWS\Minidump
2013-08-23 16:21 - 2013-08-23 16:21 - 00163840 _____ C:\WINDOWS\Minidump\Mini082313-01.dmp
2013-08-23 16:19 - 2010-09-27 00:17 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-08-23 16:15 - 2013-08-23 16:15 - 00000000 ____D C:\FRST
2013-08-23 16:10 - 2013-08-23 16:10 - 00000020 _____ C:\Documents and Settings\Administrator\defogger_reenable
2013-08-23 15:59 - 2013-08-18 20:04 - 00005454 _____ C:\WINDOWS\PFRO.log
2013-08-23 15:57 - 2010-08-24 16:05 - 00000000 ___RD C:\Documents and Settings\Administrator\Desktop\Programme
2013-08-23 15:53 - 2010-08-24 14:25 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Aufbewahrung
2013-08-23 14:28 - 2013-08-23 14:28 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Avira
2013-08-23 14:25 - 2013-08-23 14:25 - 00001761 _____ C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
2013-08-23 14:24 - 2013-08-23 14:24 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-23 14:19 - 2013-08-23 14:24 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-08-23 14:19 - 2013-08-23 14:24 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-08-23 14:19 - 2013-08-23 14:24 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-08-23 14:19 - 2013-05-20 11:57 - 00032360 _____ C:\WINDOWS\setupapi.log
2013-08-23 13:13 - 2013-03-14 22:31 - 00000000 ____D C:\Program Files (x86)\EVGA Precision X
2013-08-22 21:06 - 2013-08-22 21:06 - 00000000 ____D C:\User Data
2013-08-21 21:16 - 2012-07-26 21:52 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\AIMP3
2013-08-21 19:32 - 2013-08-08 23:20 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2013-08-21 19:32 - 2013-08-08 23:19 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2013-08-21 19:31 - 2013-08-07 00:52 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Infestation Survivor Stories
2013-08-21 19:22 - 2010-08-30 11:39 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\DVDVideoSoft
2013-08-21 18:41 - 2012-04-08 15:58 - 00692104 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-08-21 18:41 - 2011-06-21 20:20 - 00071048 ____C (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:17 - 2013-08-08 23:19 - 00291128 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2013-08-20 00:08 - 2012-08-02 19:10 - 00000622 _____ C:\Documents and Settings\All Users\Desktop\AIMP3.lnk
2013-08-20 00:08 - 2012-07-26 21:52 - 00000000 ____D C:\Program Files (x86)\AIMP3
2013-08-18 13:24 - 2010-10-13 18:35 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\vlc
2013-08-17 10:21 - 2012-05-04 11:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 10:21 - 2010-08-24 00:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 21:25 - 2011-10-29 01:00 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2013-08-16 21:24 - 2013-08-16 21:24 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\RivaTuner Statistics Server
2013-08-16 21:24 - 2013-03-14 22:31 - 00000000 ____D C:\Documents and Settings\Administrator\Start Menu\Programs\EVGA Precision X
2013-08-15 13:12 - 2013-08-15 13:12 - 00005515 _____ C:\WINDOWS\KB2850869.log
2013-08-15 13:12 - 2013-08-15 13:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 13:12 - 2013-05-20 11:58 - 00000970 _____ C:\WINDOWS\imsins.BAK
2013-08-15 13:06 - 2013-08-15 13:05 - 00006028 _____ C:\WINDOWS\KB2849470.log
2013-08-15 13:06 - 2013-08-15 13:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 13:06 - 2013-05-20 11:58 - 00001846 _____ C:\WINDOWS\updspapi.log
2013-08-15 13:05 - 2013-08-15 13:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-15 13:03 - 2010-08-24 16:49 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-15 13:02 - 2013-08-15 13:02 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 13:02 - 2013-08-15 13:01 - 00004291 _____ C:\WINDOWS\KB2863058.log
2013-08-15 13:02 - 2010-08-24 16:56 - 00039942 ____C C:\WINDOWS\system32\TZLog.log
2013-08-15 13:00 - 2010-08-24 16:05 - 01274714 ____C C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2013-08-11 12:43 - 2011-06-13 14:35 - 00000000 ___RD C:\Documents and Settings\Administrator\My Documents\Eigene Texte
2013-08-08 23:19 - 2013-08-08 23:19 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Arktos
2013-08-08 23:18 - 2013-08-08 23:18 - 00076888 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-08-08 22:26 - 2010-08-23 22:12 - 00000265 ____C C:\Documents and Settings\Administrator\wiadebug.log

Files to move or delete:
====================
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSLib.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LyriXtmp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Quarantine.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\avmres.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\avwebloader.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\avwebloader.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\avwebloadergui.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\msvcp100.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\msvcr100.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcimage.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcnwload_ar.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_de.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcnwload_en.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcnwload_es.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_fr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_it.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_jp.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_ko.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcnwload_nl.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_pt.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_ru.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcnwload_tr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_zhcn.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\rcNwLoad_zhtw.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\scewxmlw.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\update.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jrt\erunt\ERUNT.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is1275519350\7104750_Setup.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is1275519350\7104873_Setup.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is1275519350\DeltaTB.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is1275519350\dp.exe
C:\Windows\Tasks\At1.job

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 0944128 ____A (Microsoft Corporation) 901C7E44D11C00CA9D48BA1A866FDC4B

C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 1364480 ____A (Microsoft Corporation) AE7A08C05F72A9242734C03230A5CD7F

C:\Windows\SysWOW64\explorer.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344

C:\Windows\System32\svchost.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 0025600 ____A (Microsoft Corporation) 46300880A5062A41C16DF5E3E836A6C9

C:\Windows\SysWOW64\svchost.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\services.exe
[2007-02-18 14:00] - [2009-03-19 19:51] - 0227840 ____A (Microsoft Corporation) 1E07EE3F50DFF2FE9B0A9D196E82698F

C:\Windows\System32\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 1086464 ____A (Microsoft Corporation) C34683231AA9162B2106CA149B729D38

C:\Windows\SysWOW64\User32.dll
[2007-03-02 01:54] - [2007-03-02 01:54] - 0602624 ____A (Microsoft Corporation) 8BE4E29DA25073BF7894E2A61C9525DE

C:\Windows\System32\userinit.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 0039424 ____A (Microsoft Corporation) 438393CC0B5122B5D988BD7BA05FE3C9

C:\Windows\SysWOW64\userinit.exe
[2007-02-18 14:00] - [2007-02-18 14:00] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\Drivers\volsnap.sys
[2007-02-18 14:00] - [2012-08-23 01:44] - 0288768 ____A (Microsoft Corporation) 941D45C8A14B2B1E8A57D0EEF6A98AEB

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

Zitat:

Zitat von cosinus

Code:

ATTFilter

(Wsys Co., Ltd.) C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe
12:50:00.0515 2452  [ 6FF3CFB85B18C032AF8F242498DFC8D9 ] WsysSvc         C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe
R2 WsysSvc; C:\Documents and Settings\All Users\Application Data\eSafe\eGdpSvc.exe [303680 2013-08-22] (Wsys Co., Ltd.)

Hier die Einträge zu "deiner" Datei.
Sagt die eSafe oder Wsys irgendetwas?

Wenn ich das richtig gesehen hab nach ner kurzen Googlesuche, sollten adwCleaner bzw JRT das löschen.

Das stimmt der eGdpSvc Prozess is weg, aber meine windows leiste auf desktop dafür auch. Und ich kann keine exe Anwendungen mehr starten auf dem desktop, und ich kann die symbole aufm desktop auch nichmehr bewegen. Jedesmal wenn ich die anklicke werden die einfach jnur so leicht transparent.

Addition LOG:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2013 01
Ran by Administrator at 2013-08-27 16:27:51
Running from C:\Documents and Settings\Administrator\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9.5.4 - Deutsch (x32 Version: 9.5.4)
AIMP3 (x32 Version: v3.51.1288, 07.08.2013)
Ashampoo Burning Studio 6 FREE v.6.83 (x32 Version: 6.8.3)
ASUS Xonar Essence ST Audio (x32)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Command & Conquer 3 (x32 Version: 1.00.0000)
Command & Conquer™ 3: Kanes Rache (x32 Version: 1.00.0000)
CPUID CPU-Z 1.52.2
Creative WaveStudio 7 (x32 Version: 7.12)
DAEMON Tools Lite (x32 Version: 4.40.2.0131)
DivX-Setup (x32 Version: 2.1.2.2)
dows Driver Package - Cypress (CYUSB) USB  (06/05/2009 3.4.1.20) (Version: 06/05/2009 3.4.1.20)
Empire Earth Ultimate Edition (x32 Version: 1.0)
EVEREST Home Edition v2.20 (x32 Version: 2.20)
EVGA Precision X 4.2.1 (x32 Version: 4.2.1)
Far Cry (Patch 1.4) (x32 Version: 1.00.0000)
Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.26.0)
Free Mp3 Wma Converter V 2.2 (x32 Version: 2.2.0.0)
Free Studio version 5.0.9 (x32)
Free WMA to MP3 Converter 1.16 (x32)
Google Update Helper (x32 Version: 1.3.23.0)
ICQ Sparberater (x32 Version: 1.2.662)
Infestation Survivor Stories version 1.0 (x32 Version: 1.0)
Logitech Gaming Software (Version: 8.30.86)
MAGIX Music Maker 16 Premium Download-Version (x32 Version: 16.0.0.30)
MAGIX Screenshare (x32 Version: 4.3.6.1987)
MAGIX Speed burnR (x32 Version: 7.0.1.27)
Marvell Miniport Driver (x32 Version: 10.22.4.3)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2833941) (x32)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU (Version: 2.1.21022)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU (Version: 3.1.21022)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30320)
Microsoft Compression Client Pack 1.0 for Windows x64 (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000)
Microsoft Software Update for Web Folders  (German) 12 (x32 Version: 12.0.6425.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Windows German User Interface Pack (Version: 1.0.705.0)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
Mp3tag v2.46a (x32 Version: v2.46a)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0)
MyFreeCodec (HKCU)
Nero Lite 9.4.13.2 Build.1.0 (x32 Version: 1.0)
NVIDIA Grafiktreiber 285.58 (Version: 285.58)
NVIDIA Install Application (Version: 2.1002.46.235)
NVIDIA nView 135.95 (Version: 135.95)
NVIDIA nView Desktop Manager (Version: 6.14.10.13065)
NVIDIA PhysX (x32 Version: 9.11.0621)
NVIDIA PhysX-Systemsoftware 9.11.0621 (Version: 9.11.0621)
NVIDIA Systemsteuerung 285.58 (Version: 285.58)
NVIDIA Update 1.5.20 (Version: 1.5.20)
NVIDIA Update Components (Version: 1.5.20)
OpenAL (x32)
PC Connectivity Solution (x32 Version: 12.0.17.0)
PunkBuster Services (x32 Version: 0.993)
Razer DeathAdder(TM) Mouse (x32 Version: 2.01)
RivaTuner Statistics Server 5.2.0 (x32 Version: 5.2.0)
Samsung Kies (x32 Version: 2.0.1.11053_99)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.6.0)
SpeedFan (remove only) (x32)
Steam (x32 Version: 1.0.0.0)
Text-To-Speech-Runtime (x32 Version: 1.0.0.0)
Uninstall 1.0.0.1 (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft Office Word 2007 (KB974631) (x32)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690-v2) (Version: 2)
Update for Windows XP (KB2661254) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2748349) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB927891) (Version: 5)
Update for Windows XP (KB936357) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Virtual DJ - Atomix Productions (x32)
VLC media player 2.0.2 (Version: 2.0.2)
VLC media player 2.0.6 (x32 Version: 2.0.6)
Watchtower Library 2012 - Deutsch (x32 Version: 14.0)
Windows Driver Package - Razer (HidUsb) HIDClass  (02/02/2007 1.0.5.0) (Version: 02/02/2007 1.0.5.0)
Windows Imaging Component (Version: 3.0.0.0)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0

==================== Restore Points  =========================

Could not list Restore Points.


==================== Hosts content: ==========================

2007-02-18 14:00 - 2013-08-23 13:46 - 00001477 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1       freeporn.to
127.0.0.1       www.freeporn.to   
127.0.0.1       www.kporn.com
127.0.0.1       kporn.com
127.0.0.1       redtube.ru
127.0.0.1       redtube.net
127.0.0.1       redtube.de
127.0.0.1       redtube.co.uk
127.0.0.1       www.redtube.ru
127.0.0.1       www.redtube.net
127.0.0.1       www.redtube.de
127.0.0.1       www.redtube.co.uk
127.0.0.1       pornhub.com
127.0.0.1       www.pornhub.com
127.0.0.1       gosredirector.ea.com
127.0.0.1       blazeserver.blazeemu.org
127.0.0.1       gosgvaprod-qos01.ea.com
127.0.0.1       gosiadprod-qos01.ea.com
127.0.0.1       gossjcprod-qos01.ea.com
127.0.0.1       demangler.ea.com
127.0.0.1       vmp.tools.gos.ea.com
127.0.0.1       delta-homes.com


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\ADMINI~1\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============

Could not list Devices.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/27/2013 04:03:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040155.

Error: (08/27/2013 04:03:43 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstinformationen: Der COM-Server mit CLSID "{4e14fba2-2e22-11d1-9964-00c04fbbb345}" namens "CEventSystem" kann nicht gestartet werden. [0x80040155]

Error: (08/27/2013 04:03:43 PM) (Source: SecurityCenter) (User: )
Description: 

Error: (08/27/2013 04:03:37 PM) (Source: EventSystem) (User: )
Description: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80040155 von Zeile 150 von d:\nt\com\complus\src\events\tier2\service.cpp. Dies kann darauf hinweisen, dass das COM+-Ereignissystem nicht ordnungsgemäß installiert ist. Installieren Sie das COM+-Ereignissystem erneut.

Error: (08/27/2013 03:50:28 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040155.

Error: (08/27/2013 03:50:28 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstinformationen: Der COM-Server mit CLSID "{4e14fba2-2e22-11d1-9964-00c04fbbb345}" namens "CEventSystem" kann nicht gestartet werden. [0x80040155]

Error: (08/27/2013 03:50:28 PM) (Source: SecurityCenter) (User: )
Description: 

Error: (08/27/2013 03:50:22 PM) (Source: EventSystem) (User: )
Description: Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während der internen Verarbeitung erkannt. HRESULT war 80040155 von Zeile 150 von d:\nt\com\complus\src\events\tier2\service.cpp. Dies kann darauf hinweisen, dass das COM+-Ereignissystem nicht ordnungsgemäß installiert ist. Installieren Sie das COM+-Ereignissystem erneut.

Error: (08/26/2013 08:32:56 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80040155.

Error: (08/26/2013 08:32:56 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstinformationen: Der COM-Server mit CLSID "{4e14fba2-2e22-11d1-9964-00c04fbbb345}" namens "CEventSystem" kann nicht gestartet werden. [0x80040155]


System errors:
=============
Error: (08/26/2013 06:49:00 PM) (Source: Schedule) (User: )
Description: Der Befehl "At1.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: 
%%2147942403

Error: (08/26/2013 06:18:21 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80040154.

Error: (08/26/2013 05:54:54 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver has failed to start. Error 0x80040154.

Error: (08/25/2013 05:49:00 PM) (Source: Schedule) (User: )
Description: Der Befehl "At1.job" konnte aufgrund folgenden Fehlers nicht ausgeführt werden: 
%%2147942403

Error: (08/25/2013 05:27:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "mbamchameleon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/25/2013 05:27:34 PM) (Source: 0) (User: )
Description: \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys

Error: (08/25/2013 05:27:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "StarOpen" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (08/25/2013 05:27:23 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wsys Service" wurde nicht ordnungsgemäß gestartet.

Error: (08/25/2013 00:19:39 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "mbamchameleon" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1275

Error: (08/25/2013 00:19:38 PM) (Source: 0) (User: )
Description: \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys


Microsoft Office Sessions:
=========================

==================== Memory info =========================== 

Percentage of memory in use: 22%
Total physical RAM: 4094.8 MB
Available physical RAM: 3174.75 MB
Total Pagefile: 5891.75 MB
Available Pagefile: 5159.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:298.08 GB) (Free:74.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 0D100D0F)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?

Log-Analyse und Auswertung: Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?

Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?

Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?

Ähnliche Themen: Win XP64bit SpyProgramm eGdpSvc.exe*32 Wie entfernen?