Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys

System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys


Log-Analyse und Auswertung: System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 07.07.2013, 09:33   #1
AZ0815
 
System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys - Standard

System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys


1 Scan von Malwarebytes hat eine Infizierung gemeldet:

Zitat:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.06.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Picard :: PICARD-PC [Administrator]

06.07.2013 12:18:38
MBAM-log-2013-07-06 (12-33-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P
Deaktivierte Suchlaufeinstellungen:
Durchsuchte Objekte: 354475
Laufzeit: 7 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Services\SVKP (Trojan.Agent) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Windows\System32\SVKP.sys (Trojan.Agent) -> Keine Aktion durchgeführt.
C:\Windows\SysWOW64\SVKP.sys (Trojan.Agent) -> Keine Aktion durchgeführt.

(Ende)
Da mein Standard- AV- Programm Avast nix gemeldet hat, hab ich es im Anschluß mit weiteren Programmen versucht:
Microsoft Safety Scanner: nichts.
McAfee Getsusp und Stinger: nix.
Kaspersky TDSS Killer: nichts dazu, aber eine andere Datei als verdächtig befunden:

Zitat:
Auszug:
17:11:03.0881 4072 Detected object count: 1
17:11:03.0881 4072 Actual detected object count: 1
17:11:39.0090 4072 C:\Users\Picard\AppData\Local\Temp\7zS33A8\hpslpsvc64.dll - copied to quarantine
17:11:39.0121 4072 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
17:11:51.0086 2788 Deinitialize success
HPSLPSVC und SVKP.sys habe ich bei Virustotal und Jotti gescantt, da nichts, auch nicht von vorg. Herstellern. Nun bin ich dich recht verunsichert: Fehlalarm oder mehr?
PS. Gothic 2 war zuvor installiert und ich habe einen HP Drucker.

Die Logs von Kaspersky und GMER habe ich im Anhang beigefügt, da sie offenbar die Limits sprengen.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.07.2013 09:08:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Picard\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,06% Memory free
15,87 Gb Paging File | 14,22 Gb Available in Paging File | 89,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,73 Gb Total Space | 68,91 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1393,87 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: PICARD-PC | User Name: Picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.07 09:07:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Picard\Downloads\OTL.exe
PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2013.02.22 20:42:42 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.12 09:29:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013.02.06 11:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Picard\AppData\Local\Temp\7zS33A8\hpslpsvc64.dll -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.06.29 10:39:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013.06.28 16:08:01 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013.06.28 16:08:01 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013.06.28 16:08:01 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013.06.22 15:20:12 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013.02.22 20:40:12 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013.02.22 20:40:12 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013.02.22 20:40:12 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2012.12.27 01:26:12 | 000,805,088 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.07 10:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.06.22 14:51:41 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\SVKP.sys -- (SVKP)
DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.05.14 17:27:13 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD3DFD2-4871-4447-A216-5099B07501CB}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c36ce61d-ab71-11e2-be97-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c36ce61d-ab71-11e2-be97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.06 17:11:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.07.06 13:40:07 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.6e21.deleteme
[2013.07.06 13:36:49 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.274a.deleteme
[2013.06.26 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Mozilla
[2013.06.26 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Local\Mozilla
[2013.06.22 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Local\Risen
[2013.06.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\ProtectDISC
[2013.06.22 15:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.06.22 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.06.22 15:20:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2013.06.22 15:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.22 15:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver
[2013.06.22 14:51:41 | 000,002,368 | ---- | C] (AntiCracking) -- C:\Windows\SysWow64\SVKP.sys
[2013.06.22 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.06.22 14:35:45 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.06.22 14:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2013.06.22 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD
[2013.06.09 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.07 09:06:58 | 000,000,000 | ---- | M] () -- C:\Users\Picard\defogger_reenable
[2013.07.07 09:06:36 | 000,050,477 | ---- | M] () -- C:\Users\Picard\Desktop\Defogger.exe
[2013.07.07 08:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.07 07:43:06 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 07:43:06 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.07 07:40:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.07.07 07:40:30 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.07.07 07:40:30 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.07.07 07:40:30 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.07.07 07:40:30 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.07.07 07:35:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.07 07:35:55 | 2094,579,711 | -HS- | M] () -- C:\hiberfil.sys
[2013.07.06 13:40:06 | 000,177,680 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.6e21.deleteme
[2013.07.06 13:36:48 | 000,177,680 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.274a.deleteme
[2013.07.06 13:32:37 | 000,284,010 | ---- | M] () -- C:\Users\Picard\Documents\cc_20130706_133221.reg
[2013.07.01 07:12:00 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2013.06.29 10:39:46 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.06.28 19:12:48 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001B09.LCS
[2013.06.28 16:08:01 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013.06.28 16:08:01 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013.06.28 16:08:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.22 15:20:12 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.06.22 14:51:41 | 000,002,368 | ---- | M] (AntiCracking) -- C:\Windows\SysWow64\SVKP.sys
[2013.06.22 11:41:31 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
========== Files Created - No Company Name ==========
 
[2013.07.07 09:06:58 | 000,000,000 | ---- | C] () -- C:\Users\Picard\defogger_reenable
[2013.07.07 09:06:31 | 000,050,477 | ---- | C] () -- C:\Users\Picard\Desktop\Defogger.exe
[2013.07.06 13:32:24 | 000,284,010 | ---- | C] () -- C:\Users\Picard\Documents\cc_20130706_133221.reg
[2013.06.28 16:08:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013.06.26 20:01:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013.06.26 20:01:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013.06.22 15:21:43 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001B09.LCS
[2013.06.22 15:20:12 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2013.06.22 15:20:12 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2013.04.22 20:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.04.22 19:59:59 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.04.22 19:59:59 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.04.22 19:59:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.14 17:27:25 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Leadertech
[2013.04.22 22:54:56 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\OpenOffice.org
[2013.04.22 21:11:42 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Opera
[2013.06.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\ProtectDISC
[2013.04.26 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Stardock
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.07.2013 09:08:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Picard\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,93 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,06% Memory free
15,87 Gb Paging File | 14,22 Gb Available in Paging File | 89,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,73 Gb Total Space | 68,91 Gb Free Space | 61,68% Space Free | Partition Type: NTFS
Drive D: | 1397,26 Gb Total Space | 1393,87 Gb Free Space | 99,76% Space Free | Partition Type: NTFS
 
Computer Name: PICARD-PC | User Name: Picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E4384F-4BC9-40C7-AE51-6020E6EC8C0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{06C261D5-8C03-48F2-89A5-4F2A676BADB3}" = lport=139 | protocol=6 | dir=in | app=system | 
"{1BAB50A9-7D95-48E1-AFF8-9C57C551CBEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{214C73FC-9D11-4A3F-B91F-249E422677F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{43F813D8-C6E9-4A17-9B48-FC35E5E9581D}" = rport=139 | protocol=6 | dir=out | app=system | 
"{77D4A26E-263A-4376-AADF-DD290351A17A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7882F00C-A04D-417C-A3A2-318011E77F3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7C892E82-4FE5-416F-8D6E-2CD72785D454}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8A705067-7558-47F6-9329-963972D1055E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{980C51A6-2DD0-42BA-B7B9-93118C4C2D3F}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9C7CDDF5-594C-46EA-AC38-533E499C2079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B0927CFF-14FF-41F6-8E15-BC8308A150CF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B0B3AC81-4E9E-45C5-9911-46A086DDCF8A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B4A1C723-FDC5-43FE-872A-CF59CD4CF226}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B5020E16-0158-4CDE-96AC-72BCEDED4674}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C319394E-03B2-42D2-A88F-4C627B45EB6C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{CB5FE6E8-5F94-4AA8-BA6E-B9378B21F78D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D513E549-BFC6-4125-844B-6FFF54E49E3A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EF301782-B3BB-44F6-9FE4-FB9962018E75}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F4B53A09-EBEC-488C-8F9F-6F28DC5FEB33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FBD6D120-38EF-4F56-A8ED-C1F98AB1EC43}" = lport=445 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{028AB9DC-7742-469F-BA2E-8150DC4A7736}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{080478BC-AAF2-423F-A23B-2655B8FDB47B}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{0CD45C02-B93B-4660-B944-4589796A1CB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{141989E5-493A-4580-8975-1EB45606548D}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{1AF8C078-70AE-4C17-A600-40B6D7812FDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1B2FD175-84CD-4A20-B8AF-E907B523D8D0}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{3C4936B9-C149-4C79-AA9D-5254DBE32B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4CE3272C-2989-4690-9EF0-C7394BDAE96B}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{4E35B8FE-66E1-4799-A46A-610CAEE2573A}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{58F31B92-3B64-4916-826C-F8FFD976C2D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5A049478-1735-435E-8869-5F6E598BEB92}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{5B37E8A4-A61C-4181-B0CA-854F329F7692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{67506F56-8AA1-4A18-B04C-366D54C7E89A}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{6890F47B-2192-44BB-9A10-DC9E9AE96E25}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{6C140EA5-79DC-48D6-AC1A-3870332D83CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6CE83434-C684-41C5-821E-BE32B0ACF802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6D602A48-EA07-47FF-B4F5-C06799585BBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6DB8D651-F269-46A5-A5AA-B55274B06A99}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{7BE639BC-305C-4178-AEAA-268C47EA61D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7DC45ADF-EE12-4B91-82A4-5DF9B704B325}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | 
"{916220E4-CD4C-444E-A3EF-4FB0B4C88B87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{92C40749-82F9-4A3C-8F3A-D20E22E7C020}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{9A916626-47B9-4B95-941B-D56653159671}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9FF5F7D6-2F04-46DE-98D9-A213A502B83F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A361B49C-ABFA-4D60-9A5A-FF230566F45F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AADB03AE-F0A6-419F-8FA8-65F45C60C653}" = protocol=6 | dir=out | app=system | 
"{BA29C37E-72C1-4F32-855D-F8ACDD59CEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BE1E8442-15F3-4C57-B68F-03DC0F1689D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BF036078-D6E9-4B01-AAB4-ADC32F5D3BCF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C0E53D0B-66F8-486A-8893-D6B3A5EBFF22}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | 
"{C177FA64-464F-4EFD-B254-8C2181ED9F7F}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe | 
"{C3B6D542-9A80-45F9-8711-35E6598998D5}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{CFCBCA03-0DF1-4D9E-B6FB-B6835910C8B0}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{D4BCA630-62AD-466C-9C40-F2B84AE1D711}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E062DD32-3494-44E7-AD34-2A5E6F937AF9}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{E751AE8D-C4FE-4D3D-B8FC-FD9B81AA862E}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{E968D80B-C650-4B91-86DE-7B9384EA9DF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AFC919D-751B-A5D7-B17D-7C0067A65D2E}" = AMD Drag and Drop Transcoding
"{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 12.16.1860" = Opera 12.16
"sp6" = Logitech SetPoint 6.52
"VLC media player" = VLC media player 2.0.7
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021BC94E-D464-4B9D-96F1-C6566B476A71}" = DDBAC
"{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
"{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
"{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
"{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity
"{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
"{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
"{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
"{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
"{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
"{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
"{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
"{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
"{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013
"{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
"{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
"{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
"{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
"{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
"{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Afterburner" = MSI Afterburner 2.1.0
"avast" = avast! Free Antivirus
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Impulse" = Impulse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Secunia PSI" = Secunia PSI (3.0.0.6005)
"Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.07.2013 13:49:40 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 02:44:04 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 04:45:10 | Computer Name = Picard-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gorkon\Downloads\computerbild_downloader_fuer_sg-tcp-optimizer.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.07.2013 06:29:33 | Computer Name = Picard-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gorkon\Downloads\computerbild_downloader_fuer_sg-tcp-optimizer.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 06.07.2013 07:22:50 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 08:23:04 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 09:26:56 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 10:21:23 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.07.2013 11:15:45 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.07.2013 01:37:50 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Media Center Events ]
Error - 03.07.2013 03:43:34 | Computer Name = Picard-PC | Source = MCUpdate | ID = 0
Description = 09:43:31 - Fehler beim Herstellen der Internetverbindung.  09:43:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 04.07.2013 13:10:57 | Computer Name = Picard-PC | Source = SCardSvr | ID = 610
Description = 
 
Error - 05.07.2013 05:53:11 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.07.2013 13:47:49 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2013 02:42:13 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2013 07:21:00 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2013 07:36:25 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 06.07.2013 09:26:56 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2013 10:19:34 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.07.2013 11:13:54 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 07.07.2013 01:35:59 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >
--- --- ---
 

Themen zu System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys
antivirus, application/pdf:, autorun, bho, converter, downloader, error, fehlalarm, fehler, firefox, flash player, homepage, iexplore.exe, install.exe, installation, logfile, object, plug-in, programm, realtek, registry, richtlinie, scan, secunia psi, security, software, svchost.exe, system, tracker, usb, virus, wrapper


« OTL Logdaten für GVU Trojaner, weißer Bildschirm, kein abgesicherter Modus unter Windows 7 | E-Mail von Telekom Abuse Team erhalten, SMS wurden (nicht von mir) gesendet »


Ähnliche Themen: System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys


  1. WIN 7: TR/ADH.PA hat mein System kompromittiert
    Plagegeister aller Art und deren Bekämpfung - 30.06.2015 (13)
  2. vdeck.exe unbekannte Bedrohung! Ist mein System kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2014 (6)
  3. Windows 7: System kompromittiert? (Avira meldet 25 Funde)
    Log-Analyse und Auswertung - 22.01.2014 (1)
  4. Trojan-Downloader.Win32.Geral.zvj; System Kompromittiert!
    Plagegeister aller Art und deren Bekämpfung - 04.02.2011 (19)
  5. Spam Mails+Anhang,system kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 27.11.2010 (5)
  6. HTML-Virus bei Website-Aufruf ... System kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (7)
  7. System kompromittiert?
    Log-Analyse und Auswertung - 10.08.2009 (16)
  8. Habe ich mein System kompromittiert?
    Log-Analyse und Auswertung - 30.12.2008 (35)
  9. Habe ich mein System kompromittiert?
    Mülltonne - 07.12.2008 (0)
  10. Antivirus 2009 - System kompromittiert?
    Log-Analyse und Auswertung - 07.11.2008 (13)
  11. System kompromittiert?
    Log-Analyse und Auswertung - 15.10.2008 (1)
  12. RBot? System kompromittiert?
    Log-Analyse und Auswertung - 27.12.2006 (8)
  13. System kompromittiert??
    Log-Analyse und Auswertung - 05.02.2006 (3)
  14. Ist mein System kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 09.10.2005 (4)
  15. System kompromittiert? Bitte um Hilfe
    Log-Analyse und Auswertung - 14.09.2005 (65)
  16. System kompromittiert
    Alles rund um Windows - 14.03.2005 (1)
  17. Wann gilt ein System als kompromittiert?
    Plagegeister aller Art und deren Bekämpfung - 20.10.2004 (22)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys - 1 Scan von Malwarebytes hat eine Infizierung gemeldet: Zitat: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.06.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Picard :: PICARD-PC [Administrator] - System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys...
Archiv
Du betrachtest: System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27