![]() |
|
Log-Analyse und Auswertung: System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sysWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 | ||
| ![]() System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys 1 Scan von Malwarebytes hat eine Infizierung gemeldet: Zitat:
Microsoft Safety Scanner: nichts. McAfee Getsusp und Stinger: nix. Kaspersky TDSS Killer: nichts dazu, aber eine andere Datei als verdächtig befunden: Zitat:
PS. Gothic 2 war zuvor installiert und ich habe einen HP Drucker. Die Logs von Kaspersky und GMER habe ich im Anhang beigefügt, da sie offenbar die Limits sprengen. OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.07.2013 09:08:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Picard\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,93 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,06% Memory free 15,87 Gb Paging File | 14,22 Gb Available in Paging File | 89,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,73 Gb Total Space | 68,91 Gb Free Space | 61,68% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1393,87 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Computer Name: PICARD-PC | User Name: Picard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.07 09:07:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Picard\Downloads\OTL.exe PRC - [2013.05.09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2013.02.22 20:42:42 | 000,292,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.06.12 09:29:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013.02.08 20:30:42 | 000,359,664 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2013.02.06 11:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\Picard\AppData\Local\Temp\7zS33A8\hpslpsvc64.dll -- (HPSLPSVC) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.06.29 10:39:46 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2013.06.28 16:08:01 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2013.06.28 16:08:01 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2013.06.28 16:08:01 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:64bit: - [2013.06.22 15:20:12 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2013.05.09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2013.05.09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:64bit: - [2013.05.09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2013.05.09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2013.05.09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2013.02.22 20:40:12 | 000,792,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2013.02.22 20:40:12 | 000,358,896 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2013.02.22 20:40:12 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013.01.03 10:17:38 | 000,079,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb) DRV:64bit: - [2013.01.03 10:17:38 | 000,077,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,061,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2013.01.03 10:17:38 | 000,015,752 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd) DRV:64bit: - [2012.12.27 01:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.07 10:46:58 | 000,070,016 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.09.30 21:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 21:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 02:00:13 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Dot4Scan.sys -- (Dot4Scan) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.06.22 14:51:41 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\SVKP.sys -- (SVKP) DRV - [2010.05.27 02:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013.05.14 17:27:13 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Programme\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {271A3CF5-5A54-447B-A08F-BE805F0DA60B} https://finanzcenter.sparkasse-bremen.de/_plugin/AXFOAM.cab (B+S Banksysteme AG DDBAC Plug-In) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFD3DFD2-4871-4447-A216-5099B07501CB}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c36ce61d-ab71-11e2-be97-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c36ce61d-ab71-11e2-be97-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTOSTARTER.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.06 17:11:39 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2013.07.06 13:40:07 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.6e21.deleteme [2013.07.06 13:36:49 | 000,177,680 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.274a.deleteme [2013.06.26 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Mozilla [2013.06.26 20:03:28 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Local\Mozilla [2013.06.22 15:21:49 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Local\Risen [2013.06.22 15:21:42 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\ProtectDISC [2013.06.22 15:20:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2013.06.22 15:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.06.22 15:20:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2013.06.22 15:20:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.06.22 15:11:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Deep Silver [2013.06.22 14:51:41 | 000,002,368 | ---- | C] (AntiCracking) -- C:\Windows\SysWow64\SVKP.sys [2013.06.22 14:48:52 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JoWooD [2013.06.22 14:35:45 | 000,000,000 | ---D | C] -- C:\Users\Picard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2013.06.22 14:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD [2013.06.22 14:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD [2013.06.09 16:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HP ========== Files - Modified Within 30 Days ========== [2013.07.07 09:06:58 | 000,000,000 | ---- | M] () -- C:\Users\Picard\defogger_reenable [2013.07.07 09:06:36 | 000,050,477 | ---- | M] () -- C:\Users\Picard\Desktop\Defogger.exe [2013.07.07 08:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.07 07:43:06 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 07:43:06 | 000,025,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.07 07:40:30 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.07.07 07:40:30 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.07.07 07:40:30 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.07.07 07:40:30 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.07.07 07:40:30 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.07.07 07:35:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.07 07:35:55 | 2094,579,711 | -HS- | M] () -- C:\hiberfil.sys [2013.07.06 13:40:06 | 000,177,680 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.6e21.deleteme [2013.07.06 13:36:48 | 000,177,680 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe.274a.deleteme [2013.07.06 13:32:37 | 000,284,010 | ---- | M] () -- C:\Users\Picard\Documents\cc_20130706_133221.reg [2013.07.01 07:12:00 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk [2013.06.29 10:39:46 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.06.28 19:12:48 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001B09.LCS [2013.06.28 16:08:01 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013.06.28 16:08:01 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013.06.28 16:08:01 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.28 16:08:01 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.22 15:20:12 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.06.22 14:51:41 | 000,002,368 | ---- | M] (AntiCracking) -- C:\Windows\SysWow64\SVKP.sys [2013.06.22 11:41:31 | 000,000,871 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk ========== Files Created - No Company Name ========== [2013.07.07 09:06:58 | 000,000,000 | ---- | C] () -- C:\Users\Picard\defogger_reenable [2013.07.07 09:06:31 | 000,050,477 | ---- | C] () -- C:\Users\Picard\Desktop\Defogger.exe [2013.07.06 13:32:24 | 000,284,010 | ---- | C] () -- C:\Users\Picard\Documents\cc_20130706_133221.reg [2013.06.28 16:08:01 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013.06.26 20:01:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013.06.26 20:01:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013.06.22 15:21:43 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001B09.LCS [2013.06.22 15:20:12 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys [2013.06.22 15:20:12 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys [2013.04.22 20:01:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.04.22 19:59:59 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2013.04.22 19:59:59 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2013.04.22 19:59:59 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.05.14 17:27:25 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Leadertech [2013.04.22 22:54:56 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\OpenOffice.org [2013.04.22 21:11:42 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Opera [2013.06.22 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\ProtectDISC [2013.04.26 20:32:25 | 000,000,000 | ---D | M] -- C:\Users\Picard\AppData\Roaming\Stardock ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 07.07.2013 09:08:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Picard\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,93 Gb Total Physical Memory | 6,43 Gb Available Physical Memory | 81,06% Memory free 15,87 Gb Paging File | 14,22 Gb Available in Paging File | 89,60% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 111,73 Gb Total Space | 68,91 Gb Free Space | 61,68% Space Free | Partition Type: NTFS Drive D: | 1397,26 Gb Total Space | 1393,87 Gb Free Space | 99,76% Space Free | Partition Type: NTFS Computer Name: PICARD-PC | User Name: Picard | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E4384F-4BC9-40C7-AE51-6020E6EC8C0A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{06C261D5-8C03-48F2-89A5-4F2A676BADB3}" = lport=139 | protocol=6 | dir=in | app=system | "{1BAB50A9-7D95-48E1-AFF8-9C57C551CBEF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{214C73FC-9D11-4A3F-B91F-249E422677F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{43F813D8-C6E9-4A17-9B48-FC35E5E9581D}" = rport=139 | protocol=6 | dir=out | app=system | "{77D4A26E-263A-4376-AADF-DD290351A17A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7882F00C-A04D-417C-A3A2-318011E77F3D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{7C892E82-4FE5-416F-8D6E-2CD72785D454}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8A705067-7558-47F6-9329-963972D1055E}" = rport=10243 | protocol=6 | dir=out | app=system | "{980C51A6-2DD0-42BA-B7B9-93118C4C2D3F}" = rport=445 | protocol=6 | dir=out | app=system | "{9C7CDDF5-594C-46EA-AC38-533E499C2079}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B0927CFF-14FF-41F6-8E15-BC8308A150CF}" = lport=2869 | protocol=6 | dir=in | app=system | "{B0B3AC81-4E9E-45C5-9911-46A086DDCF8A}" = rport=137 | protocol=17 | dir=out | app=system | "{B4A1C723-FDC5-43FE-872A-CF59CD4CF226}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{B5020E16-0158-4CDE-96AC-72BCEDED4674}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{C319394E-03B2-42D2-A88F-4C627B45EB6C}" = rport=138 | protocol=17 | dir=out | app=system | "{CB5FE6E8-5F94-4AA8-BA6E-B9378B21F78D}" = lport=10243 | protocol=6 | dir=in | app=system | "{D513E549-BFC6-4125-844B-6FFF54E49E3A}" = lport=137 | protocol=17 | dir=in | app=system | "{EF301782-B3BB-44F6-9FE4-FB9962018E75}" = lport=138 | protocol=17 | dir=in | app=system | "{F4B53A09-EBEC-488C-8F9F-6F28DC5FEB33}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FBD6D120-38EF-4F56-A8ED-C1F98AB1EC43}" = lport=445 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028AB9DC-7742-469F-BA2E-8150DC4A7736}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{080478BC-AAF2-423F-A23B-2655B8FDB47B}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{0CD45C02-B93B-4660-B944-4589796A1CB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{141989E5-493A-4580-8975-1EB45606548D}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | "{1AF8C078-70AE-4C17-A600-40B6D7812FDA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1B2FD175-84CD-4A20-B8AF-E907B523D8D0}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | "{3C4936B9-C149-4C79-AA9D-5254DBE32B11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4CE3272C-2989-4690-9EF0-C7394BDAE96B}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | "{4E35B8FE-66E1-4799-A46A-610CAEE2573A}" = protocol=6 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe | "{58F31B92-3B64-4916-826C-F8FFD976C2D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5A049478-1735-435E-8869-5F6E598BEB92}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | "{5B37E8A4-A61C-4181-B0CA-854F329F7692}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{67506F56-8AA1-4A18-B04C-366D54C7E89A}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | "{6890F47B-2192-44BB-9A10-DC9E9AE96E25}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | "{6C140EA5-79DC-48D6-AC1A-3870332D83CE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{6CE83434-C684-41C5-821E-BE32B0ACF802}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6D602A48-EA07-47FF-B4F5-C06799585BBB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6DB8D651-F269-46A5-A5AA-B55274B06A99}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | "{7BE639BC-305C-4178-AEAA-268C47EA61D5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7DC45ADF-EE12-4B91-82A4-5DF9B704B325}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire entrenchment.exe | "{916220E4-CD4C-444E-A3EF-4FB0B4C88B87}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{92C40749-82F9-4A3C-8F3A-D20E22E7C020}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | "{9A916626-47B9-4B95-941B-D56653159671}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{9FF5F7D6-2F04-46DE-98D9-A213A502B83F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{A361B49C-ABFA-4D60-9A5A-FF230566F45F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AADB03AE-F0A6-419F-8FA8-65F45C60C653}" = protocol=6 | dir=out | app=system | "{BA29C37E-72C1-4F32-855D-F8ACDD59CEEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{BE1E8442-15F3-4C57-B68F-03DC0F1689D0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BF036078-D6E9-4B01-AAB4-ADC32F5D3BCF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C0E53D0B-66F8-486A-8893-D6B3A5EBFF22}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire diplomacy.exe | "{C177FA64-464F-4EFD-B254-8C2181ED9F7F}" = protocol=17 | dir=in | app=c:\program files\stardock games\sins of a solar empire\sins of a solar empire.exe | "{C3B6D542-9A80-45F9-8711-35E6598998D5}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | "{CFCBCA03-0DF1-4D9E-B6FB-B6835910C8B0}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | "{D4BCA630-62AD-466C-9C40-F2B84AE1D711}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E062DD32-3494-44E7-AD34-2A5E6F937AF9}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | "{E751AE8D-C4FE-4D3D-B8FC-FD9B81AA862E}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | "{E968D80B-C650-4B91-86DE-7B9384EA9DF1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64 "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1AFC919D-751B-A5D7-B17D-7C0067A65D2E}" = AMD Drag and Drop Transcoding "{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Opera 12.16.1860" = Opera 12.16 "sp6" = Logitech SetPoint 6.52 "VLC media player" = VLC media player 2.0.7 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021BC94E-D464-4B9D-96F1-C6566B476A71}" = DDBAC "{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English "{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center "{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish "{20165891-91F8-45F9-A90A-307C7179C515}" = Sins of a Solar Empire - Trinity "{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese "{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch "{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common "{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian "{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian "{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech "{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy "{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All "{AEB61F7A-4BBA-4292-A096-7893E09034A4}" = Steuer-Spar-Erklärung 2013 "{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German "{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager "{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek "{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian "{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish "{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese "{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse "{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish "{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Afterburner" = MSI Afterburner 2.1.0 "avast" = avast! Free Antivirus "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "Impulse" = Impulse "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Secunia PSI" = Secunia PSI (3.0.0.6005) "Sins of a Solar Empire - Trinity" = Sins of a Solar Empire - Trinity ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 05.07.2013 13:49:40 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 02:44:04 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 04:45:10 | Computer Name = Picard-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gorkon\Downloads\computerbild_downloader_fuer_sg-tcp-optimizer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 06.07.2013 06:29:33 | Computer Name = Picard-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Gorkon\Downloads\computerbild_downloader_fuer_sg-tcp-optimizer.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error - 06.07.2013 07:22:50 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 08:23:04 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 09:26:56 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 10:21:23 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 06.07.2013 11:15:45 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = Error - 07.07.2013 01:37:50 | Computer Name = Picard-PC | Source = WinMgmt | ID = 10 Description = [ Media Center Events ] Error - 03.07.2013 03:43:34 | Computer Name = Picard-PC | Source = MCUpdate | ID = 0 Description = 09:43:31 - Fehler beim Herstellen der Internetverbindung. 09:43:31 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 04.07.2013 13:10:57 | Computer Name = Picard-PC | Source = SCardSvr | ID = 610 Description = Error - 05.07.2013 05:53:11 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 05.07.2013 13:47:49 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.07.2013 02:42:13 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.07.2013 07:21:00 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.07.2013 07:36:25 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Secunia PSI Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 06.07.2013 09:26:56 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.07.2013 10:19:34 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 06.07.2013 11:13:54 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 07.07.2013 01:35:59 | Computer Name = Picard-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > |
Themen zu System kompromittiert ? Falschmeldung? Alarme zu HPSLPSVC und SVKP.sys |
antivirus, application/pdf:, autorun, bho, converter, downloader, error, fehlalarm, fehler, firefox, flash player, homepage, iexplore.exe, install.exe, installation, logfile, object, plug-in, programm, realtek, registry, richtlinie, scan, secunia psi, security, software, svchost.exe, system, tracker, usb, virus, wrapper |