mhirtreiter | 04.07.2012 08:03 | GVU Trojaner Hallo
ich habe mir gestern abend den GVU Trojaner eingefangen.
Sobald ich mich bei Windows anmelde wird er angezeigt und ich kann nichts mehr machen. Auch den Taskmanager konnte ich nicht starten.
Nachdem ich den PC vom Netzwerk getrennt habe, konnte ich mich wenigstens anmelden und die gewünschten log-files erstellen.
Avira hat übrigends keine Meldung gegeben. Der Trojaner öffnete sich, als ich auf einer Seite ein Video abspielen wollte. Ich weiß leider nicht mehr welche, weil ich da über einen Link auf Facebook hingekommen bin.
Mein System:
Win 7 Professional 32-bit (mit allen Updates)
Avira free Antivirus (eigtl auch auf aktuellem Stand)
Ich hoffe, dass mir jemand helfen kann, da ich den PC in den nächsten 3 Wochen wegen Prüfungen dringend benötige und gerade nicht wirklich die Zeit habe, um ihn neu zu installieren :-(
Grüße,
Mario Code:
OTL logfile created on: 04.07.2012 08:13:57 - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Mario\Desktop\GVU
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 71,75% Memory free
6,49 Gb Paging File | 5,48 Gb Available in Paging File | 84,33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,64 Gb Total Space | 62,52 Gb Free Space | 64,03% Space Free | Partition Type: NTFS
Drive D: | 489,64 Gb Total Space | 352,03 Gb Free Space | 71,89% Space Free | Partition Type: NTFS
Drive E: | 596,16 Gb Total Space | 100,85 Gb Free Space | 16,92% Space Free | Partition Type: NTFS
Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.04 08:08:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\GVU\OTL.exe
PRC - [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.05.09 07:48:55 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.09 07:48:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 07:48:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.09 07:48:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Programme\Windows Defender\MpCmdRun.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.03 23:41:29 | 000,179,360 | ---- | M] () -- C:\Users\Mario\AppData\Local\Temp\roper0dun.exe
MOD - [2012.02.17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012.06.23 14:19:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.23 08:24:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 07:48:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 07:48:55 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2012.05.09 07:48:55 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.09 07:48:55 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.12.12 01:48:04 | 000,025,984 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 A8 D1 9C 64 59 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 08:24:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 08:24:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.03.28 00:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Extensions
[2012.07.03 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\8276ou77.default\extensions
[2012.07.03 23:43:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Mario\AppData\Roaming\mozilla\Firefox\Profiles\8276ou77.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.03.28 00:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.23 08:24:23 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.23 08:24:22 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.23 08:24:22 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.23 08:24:22 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.23 08:24:22 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.23 08:24:22 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.23 08:24:22 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.04.09 12:11:33 | 000,000,859 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 licensing.ultraedit.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB56EBDF-9DC4-4862-8B00-738AD70C1E3A}: DhcpNameServer = 192.168.0.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFFADCDF-2AED-423B-A9CC-2B4F17A6DA10}: DhcpNameServer = 193.175.141.54
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.04 08:11:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\GVU
[2012.07.03 15:50:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\vlc
[2012.07.03 15:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.07.03 15:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012.07.03 14:40:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{337FE37D-C68F-4A5E-9A40-CB38E1FDC942}
[2012.07.03 14:39:53 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E32147DF-5915-49A2-BB05-76D7EE30E569}
[2012.07.03 09:03:22 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\usb-stick 3.7.12
[2012.07.02 22:07:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1201784C-B002-4BF5-BC5C-FDF971896161}
[2012.07.02 22:07:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{64F5407C-5436-4E36-9418-186154EC2685}
[2012.07.02 07:25:50 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{57796265-F12D-4D1D-A897-791A3F845660}
[2012.07.02 07:25:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9DD97705-DB17-4CE2-B222-D322CA9FCFAE}
[2012.07.01 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{12C5CC9A-F896-4EFD-A21E-8C69DCE80FB2}
[2012.07.01 16:56:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{3B4DE47C-F848-4E02-832F-8660F1BD4E44}
[2012.07.01 15:55:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C723A858-8997-4DDA-8882-84CCFA3829C9}
[2012.07.01 15:55:33 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{17E156D9-C6CB-4494-A2A6-C5E1798DB71D}
[2012.07.01 07:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{60974DB6-E549-4F2F-9EEE-8A6A34FFE3B0}
[2012.07.01 07:54:58 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{184888EF-B4AD-4DF8-93F6-2B4CF99FFEAB}
[2012.06.30 22:37:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{95268468-F2C8-4131-8122-E075495AF7CD}
[2012.06.30 20:34:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{89E2A105-F8A1-4DE8-A6E8-7B46E3F7EA68}
[2012.06.30 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E32B4B0A-876A-4347-B074-E9DC844D8566}
[2012.06.30 08:04:40 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AE5404BC-C1EF-430F-92D2-245DC312363C}
[2012.06.30 08:04:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{2F8C7B68-9851-48D8-B6DF-521E88FCDE7C}
[2012.06.29 16:29:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CDC355AA-03C6-4E45-A53F-471DA91C233F}
[2012.06.29 16:28:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{563D0F75-EE3C-4880-8B8B-B3DFF0B5494C}
[2012.06.29 00:41:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AFA6D2C6-F0FA-4F4E-AEAE-37078E166E2A}
[2012.06.29 00:41:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9F359942-5907-41CF-9AB1-7D6FF59B65AE}
[2012.06.28 12:22:30 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{77E6188C-997F-41AA-8910-DAF0DBB26FA7}
[2012.06.28 12:22:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A33CED0D-9F9A-4455-882E-C2848BF233CE}
[2012.06.27 21:53:33 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{DAF173C3-F87F-48B1-9C69-9A0B8F9DBB37}
[2012.06.27 21:53:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A4B7263D-E786-409F-8AE2-285DED08B0BE}
[2012.06.27 09:52:46 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{B3CAAA2D-E4BC-40B3-828B-F537C874756D}
[2012.06.27 09:52:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E4372B45-BF5B-4769-9BC0-80F989D3D499}
[2012.06.27 09:06:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1DF8871A-AE2E-4D87-93A3-5D31C1CFE57D}
[2012.06.27 09:06:21 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F3D6B6B8-7C53-4DAF-A8C3-ACEE61467F00}
[2012.06.26 19:14:30 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F516432B-5A1E-4363-BCDC-6D071623F17A}
[2012.06.26 19:14:19 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C55500E9-EC73-426B-BC36-B474EADFC9A4}
[2012.06.25 23:31:14 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{75BF860D-5043-4627-8036-C00DC696CF14}
[2012.06.25 23:30:52 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{DE90AC14-66AF-4AFE-9388-6DBFDEEC8098}
[2012.06.25 11:44:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\.pdfsam
[2012.06.25 11:40:15 | 000,000,000 | ---D | C] -- C:\Program Files\pdfsam
[2012.06.25 11:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012.06.25 09:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{882AE0DF-AF03-4AC7-9C0B-671C75E0C35D}
[2012.06.25 08:46:50 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A11F2DAB-CED9-464B-B32B-CF712334EF03}
[2012.06.24 20:18:56 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{0DEAB3AA-297E-4BF4-83C8-B5E8161EE526}
[2012.06.24 20:18:45 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C5EB4B33-B3F6-4A3D-AC86-DF12D0598AE2}
[2012.06.23 16:47:27 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C8773D7D-104B-4920-9701-9240AC671C0D}
[2012.06.23 16:47:04 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{46AFC206-9566-4DBA-9524-CA2F01B11882}
[2012.06.23 15:41:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\Macromedia
[2012.06.23 08:33:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AB8A64A5-7339-46A0-BE5F-F174C9F39FA7}
[2012.06.23 07:49:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F5DFCC9F-00B3-4E30-B99B-185550C28417}
[2012.06.22 19:59:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{26CFC919-77C2-4DCD-9337-E47BDABE7F64}
[2012.06.22 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{6C2F93A0-D667-4867-B23A-C18D444B9CDB}
[2012.06.22 15:48:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{3B8BD39F-9AA1-4832-B9CF-0D5D5424956F}
[2012.06.22 00:45:19 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A7BF2C9B-6E7C-48C5-804D-E72E703C0584}
[2012.06.22 00:44:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{257A6AE1-0766-44F5-8D5C-1D3E67FA1428}
[2012.06.21 20:30:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9E1B7D43-7A76-4E1C-B64D-68678AC34F18}
[2012.06.21 06:51:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{893921CB-F463-4236-B816-880C6B1C6725}
[2012.06.21 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{11A7986A-C4B8-4BC5-B78C-A35C95943850}
[2012.06.21 06:44:18 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{94708B09-9302-4DC8-80CE-3D0267271F16}
[2012.06.20 15:56:57 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E190C312-8147-401E-BB36-D150B598B18E}
[2012.06.20 15:56:34 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{97FF471B-88D1-4A1E-9929-92703B908E62}
[2012.06.20 13:04:15 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CA23BD43-728E-4D52-9F21-441C8A98C0A7}
[2012.06.20 12:52:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{1E2155E1-60B2-4C23-ADC8-1953536592B6}
[2012.06.20 12:23:37 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{CCC07A5A-04A7-40BA-B5B7-21E44FD91C62}
[2012.06.20 12:23:15 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8708A431-5B87-4FDA-A898-8912D1EBA777}
[2012.06.19 23:05:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{9562B6A6-2D3C-4C04-B827-15AAA9CFDA74}
[2012.06.19 23:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{F8B6EF66-FB0B-4260-8D93-4213BA407DAF}
[2012.06.19 19:10:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{871FD18E-A805-4A80-A143-B9524D85F51C}
[2012.06.19 01:52:59 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{4DE0EC45-B14C-478F-A792-F3A41C989335}
[2012.06.19 01:30:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D5FE139A-593A-4C8A-9078-7784FCFE1B7C}
[2012.06.18 08:23:56 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D01B802D-4367-4EC6-BFDB-DB33C6CFE7DF}
[2012.06.17 11:56:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{64706760-F935-47B4-A778-5A050A1FCCBC}
[2012.06.17 11:51:12 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SPORT
[2012.06.17 11:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SPORT
[2012.06.17 11:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\SPORT619
[2012.06.16 23:55:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{12DD0AA8-C28F-4C3E-BC0B-754A131C514D}
[2012.06.16 17:47:05 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{BBA7FC6B-9225-4D65-AA25-05DFCF91625B}
[2012.06.16 13:34:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E945507C-72C0-4845-833A-6BA5E44E81A2}
[2012.06.15 22:06:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{83771C83-F0B8-4841-B759-D6120804F49E}
[2012.06.15 08:46:59 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8FA41F05-6116-47AB-B9D3-5840C7662A66}
[2012.06.14 16:13:26 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{8A0B13AC-E214-474C-AB14-DEA5F0498EAF}
[2012.06.14 16:13:03 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{23952502-49D5-4C59-9404-9CE44E0087FA}
[2012.06.14 13:27:42 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{92395493-A300-4535-9122-72E420E3B87D}
[2012.06.14 12:22:43 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AC95DEC1-C17E-488A-8E50-3F06CCA1CFD0}
[2012.06.14 12:19:16 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{D0D9B58A-2F9D-4E81-8E80-873283C042AA}
[2012.06.14 12:18:54 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{457C549B-7D86-49D8-A1BC-F52247EB0CEA}
[2012.06.13 23:54:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{599449BD-773D-42F6-9E70-3E06E8EB6BB3}
[2012.06.13 23:53:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{6E4873D2-8267-4F66-83D4-201DB924196D}
[2012.06.13 10:32:11 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{94593F72-27FA-45D6-86B5-2270DC131F1E}
[2012.06.13 10:31:49 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C1F4469C-C56D-4650-ACCA-396335634EA4}
[2012.06.13 09:10:14 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{166AD03F-CD98-49D6-AAE8-F244E120B379}
[2012.06.13 09:09:51 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{38D9488D-BEAC-4B0E-A612-1C8A9E0F2939}
[2012.06.12 18:45:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{07049809-D2CB-4D42-9B73-922DF762D295}
[2012.06.12 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A2F6C991-6C18-4FBE-A3DF-9BCEEF9F7363}
[2012.06.12 07:40:07 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AC10C8BA-98A1-4AF2-AAEC-E1ABD81683C5}
[2012.06.11 21:50:10 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{C87F2CF2-E7A1-4A92-934B-784D10A63072}
[2012.06.11 08:33:02 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{0F48D835-9C45-4799-9AEA-F5F0112FE27E}
[2012.06.11 08:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{AB776FFB-3EB6-40BE-B20E-C9016212C47A}
[2012.06.10 17:52:46 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{FF2CED81-5482-4BDA-AD79-6E044243F0DC}
[2012.06.10 17:52:23 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{EE3B6F32-324D-4518-A31D-13B52C02A7A5}
[2012.06.09 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{A676046A-DEB2-48F3-A1FF-E65E7B783002}
[2012.06.09 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\{E3745950-5109-46BA-9627-1C08112204A5}
========== Files - Modified Within 30 Days ==========
[2012.07.04 08:13:10 | 000,000,000 | ---- | M] () -- C:\Users\Mario\defogger_reenable
[2012.07.04 08:13:01 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.04 08:13:01 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.04 08:13:01 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.04 08:13:01 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.04 07:53:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\nud0repor.pad
[2012.07.04 07:53:30 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 07:53:30 | 000,013,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.04 07:45:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.04 07:45:42 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.04 00:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.03 23:41:29 | 000,001,883 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.14 03:21:54 | 000,409,384 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.12 18:46:45 | 000,001,100 | ---- | M] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk
========== Files Created - No Company Name ==========
[2012.07.04 08:13:10 | 000,000,000 | ---- | C] () -- C:\Users\Mario\defogger_reenable
[2012.07.03 23:41:29 | 004,503,728 | ---- | C] () -- C:\ProgramData\nud0repor.pad
[2012.07.03 23:41:29 | 000,001,883 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.06.12 18:46:45 | 000,001,100 | ---- | C] () -- C:\Users\Mario\Desktop\Mozilla Firefox.lnk
[2012.04.19 09:41:39 | 000,000,600 | ---- | C] () -- C:\Users\Mario\AppData\Local\PUTTY.RND
[2012.04.16 08:43:39 | 000,978,958 | ---- | C] () -- C:\Windows\System32\libstdc++-6.dll
[2012.04.16 08:36:59 | 000,118,784 | ---- | C] () -- C:\Windows\System32\libgcc_s_dw2-1.dll
[2012.03.29 06:22:51 | 002,515,790 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2012.03.28 00:54:39 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
========== LOP Check ==========
[2012.03.28 09:11:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Windows Live Writer
[2009.07.14 06:53:46 | 000,012,220 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > |