Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win32.Agent.tdd / Win32.Delf.uv Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 10.06.2011, 17:19   #1
sazke
 
Win32.Agent.tdd / Win32.Delf.uv Trojaner - Standard

Win32.Agent.tdd / Win32.Delf.uv Trojaner



Hallo,

ich habe mir vor 2-3Tagen die 2 Trojaner Win32.Delf.uv und Win32.Agent.tdd eingefangen. Ich habe bisher mit ESET NOD32 AV und Spybot S&D gescant.
Bisher konnte ich 5 infizierte Dateien säubern. Spybot zeigt mir aber immer wieder die 2 obenstehenden Trojaner in meiner Registry an.

Delf.uv:
HKAY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\ekrn.exe
Agent.tdd:
HKAY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Image File Execution Options\egui.exe

Habe dann in der Registry nachgeguckt, kann aber keine verdächtigen Dateien an den 2 Orten finden. Das Löschen durch Spybot funktioniert nicht und ESET NOD32 zeigt mir die 2 Trojaner gar nicht mehr an.

Habe nun zusätzlich unter "Ordneroptionen" die Einstellungen geändert, dass alle versteckten Ordner/Dateien angezeigt werden. In der Registry kann ich aber noch immer nichts finden.



Mfg sazke

Extras.txt OTL Logfiles:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10.06.2011 18:36:56 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Marcin i Daniel\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,76% Memory free
6,66 Gb Paging File | 5,61 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,57 Gb Total Space | 18,80 Gb Free Space | 32,09% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 72,13 Gb Free Space | 53,34% Space Free | Partition Type: NTFS
 
Computer Name: MARCINIDANIE-PC | User Name: Marcin i Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E6E75F1-A0EB-47C4-A8BA-A8C811DC2540}" = lport=445 | protocol=6 | dir=in | app=system | 
"{266B6038-BF6E-4B61-B6F7-7C76DF88E767}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{35D31D3A-E088-48D9-82E7-1380B3A1514E}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface | 
"{35F370D1-2DF3-46F6-8715-FB03C06BB672}" = rport=445 | protocol=6 | dir=out | app=system | 
"{38B66CE0-EE95-4AC1-A3A0-19F7ED6DF8D0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{393D167A-3FD3-4049-992A-16435CEEC1D4}" = lport=3658 | protocol=17 | dir=in | name=fifaaa | 
"{3CEF3890-1514-4015-A8CA-E3D879E1821E}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{423E88D8-9C86-4104-A083-1EF18317A910}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{471E63E1-8F7D-4277-B907-31689480004C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{50821E34-F360-4944-939A-94F07F35CA3B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{579BA39A-E383-4D42-9CE4-024AE818C269}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{5B0AFEE6-2018-48D4-B5A9-04E8CA828A29}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{64255473-166A-4471-A56B-2E4AE36AB7F8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6666DE5E-375E-4468-B4D5-FE18C4804F9E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67CB1A0F-7496-4297-8FC6-819E6C4F1854}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6F63DAB2-4795-4BEB-848A-D622698B6986}" = lport=49164 | protocol=6 | dir=in | name=akamai netsession interface | 
"{756B6FBE-10B7-48B2-9949-6BA4F230F18D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{77838E9E-4496-4E56-BB8E-4557A07E17EB}" = lport=138 | protocol=17 | dir=in | app=system | 
"{85D8C8D4-606A-4F4E-A4F2-ACBE1C1126CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{88C131A3-88E3-4899-9678-425A3712FE75}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{8AAFC901-C39A-4246-9176-8B8FB55597BA}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{97BFEBE7-6824-427C-839A-BF26DA7CA70E}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{A1EE9199-EE18-4300-A4EB-08269E44CEB0}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe | 
"{A232B88C-1DEB-4D42-9B72-077390236144}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A3DF11C7-2591-4CB2-A9A0-ECD32DBD0877}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A59724CA-6607-4137-B1CF-3704EC80441E}" = lport=80 | protocol=6 | dir=in | name=fifaa | 
"{A9C1247E-E811-4E76-90F8-A59CD00F9899}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB683821-E2EA-4418-824F-C7E415013481}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B907FC33-E184-4D8E-88E3-C894A6CA70F1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{E6A851E4-5CBF-4E3A-B988-F1EDD79959D1}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E7D52290-C1CE-481C-8F65-0553CBE2F4B7}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{E9B143B3-87F7-4B9C-8F29-62F3A418FD81}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB5CEEA9-7FBD-481E-85A9-7C26D40E06E1}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{FD9AD275-73F7-43D0-BD24-CE6865740B5A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FDDDBFB9-E68C-4C12-8516-33CF5B39601B}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B74BBE-B7B4-4B7B-8F98-43F513A2B5D9}" = protocol=17 | dir=in | app=d:\samsung pc\npsvsvr.exe | 
"{04527F3C-5138-4D3D-A276-5FD7331A50C2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe | 
"{0685DD82-DD77-45FE-939D-FB86B765C842}" = protocol=17 | dir=in | app=c:\users\marcin i daniel\saved games\stronghold2.exe | 
"{07C6AA18-7E30-4A8C-A061-64883C287EE3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe | 
"{09CE2BA5-C894-40B5-910C-0967254218A7}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-dede-downloader.exe | 
"{0A1BEC58-CE06-4792-9ADD-A33F3CB11DB9}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe | 
"{0BE82E40-4F23-4CAF-80D7-3E9D9C88AAB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0CEA40A7-CFE4-4809-AB6A-11403E3456D2}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe | 
"{0FE7AE3E-227C-4FDA-8F10-3AEAF646CA39}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{14637251-7B35-4E64-8B16-89262D83C69B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"{148CF79E-3527-4B10-A105-41CDC752A28F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{19CB10C5-2EBB-4B9A-A9BB-F5616DBAA94B}" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\common\call of duty black ops\blackops.exe | 
"{19CFE30B-0602-46FC-AEB7-838DD0D4E835}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{217C6699-6448-4BD6-907E-A9AF1E8ECAC5}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0-dede-downloader.exe | 
"{273CDCC3-205E-481B-BDB5-E2410351F64D}" = protocol=6 | dir=in | app=d:\hdr\game.dat | 
"{2D8958E7-C122-4451-A1CD-EC720705DCB0}" = protocol=6 | dir=in | app=d:\samsung pc\npsvsvr.exe | 
"{2DB2E5D7-C44B-4029-9E34-5177AE9B2076}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2F1D458C-E9B1-45E6-B168-3F13C94DC95F}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-dede-downloader.exe | 
"{318F50B9-2B3C-4640-BDF6-63F7097D980F}" = protocol=17 | dir=in | app=d:\samsung pc\npsasvr.exe | 
"{325AD980-EA1B-4E57-932B-316CA232E10E}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-dede-downloader.exe | 
"{3585F239-5DDF-41C4-86F2-F4B7601718D1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{36C724BB-6AB2-4351-9D49-685B65AE5B2A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{3C9C8675-1773-44D4-A4CD-36B7D5A8D8C4}" = protocol=6 | dir=in | app=d:\bad company 2\bfbc2updater.exe | 
"{3DABF8CC-E9A3-400A-9D97-1446D1A6FDAA}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0.9626-to-0.1.0.9637-dede-downloader.exe | 
"{3F5B807D-787F-487C-8A41-EC1F2F4DB9FC}" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{3F5F012A-0CE6-4F14-9B25-59B86A3EFD1D}" = protocol=17 | dir=in | app=d:\hdr\game.dat | 
"{40DA46CC-96D5-4649-9385-6D0696C7276D}" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\moviebario_fm(2).exe | 
"{429FC0DC-751E-4821-AE57-584D8809B130}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-dede-downloader.exe | 
"{45673964-B6F2-43CB-8D90-E727E4067F90}" = protocol=6 | dir=in | app=d:\blackshot\efusion\blackshot\system\blackshot.exe | 
"{456E8D3C-D599-4184-B8EF-5DA44CED7B55}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{469C3DB9-DC8C-4307-9122-6E0361B42044}" = protocol=17 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{475442D9-E067-4F2B-B012-17199B951326}" = protocol=17 | dir=in | app=d:\curse\curseclient.exe | 
"{48A11A2F-680C-40F5-996C-CD6A5DB8BC6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4C2C6E15-D6B0-48D7-AE3B-58C4EA8242E2}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe | 
"{4C38830E-D0D0-469C-944E-34603193D8AB}" = protocol=17 | dir=in | app=d:\rift\rift beta\rift.exe | 
"{4CBDE0A1-81AE-48E3-96A6-A989AAD17F37}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{4D535081-6A55-432E-B509-3BBC5681FB9E}" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{4DA39333-E473-4E5C-816E-59AF2F76D97F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4E34986F-B207-4A1F-8FE1-52A432D75C8B}" = protocol=6 | dir=in | app=c:\users\marcin i daniel\saved games\stronghold2.exe | 
"{4EC1E7EB-FA9A-414C-A6AB-F5EF56A72CD3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{53A9C2F6-DE00-4213-A92F-3E7A72107ECD}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | 
"{56E3DA57-BDB5-4271-9356-6ACF6A814CFC}" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\counter-strike source\hl2.exe | 
"{5A3E51D4-3624-4A58-B2E6-F6C1198FFDFD}" = protocol=6 | dir=in | app=d:\rift\rift beta\rifterrorhandler.exe | 
"{5B420124-6A21-484E-A227-97CF5A892447}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{5C8FEA2C-2157-47B8-A773-C40CFACEDF87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{5DDAAC93-9384-48F1-8528-DFD4B9C48C79}" = protocol=6 | dir=in | app=d:\rift\rift beta\riftpatchbeta.exe | 
"{668342E1-3686-45A1-BABA-082AB9574767}" = protocol=6 | dir=in | app=d:\bittorrent\bittorrent.exe | 
"{680464C5-8FD6-4562-BB03-B822D1D9C3A1}" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\counter-strike source\hl2.exe | 
"{69532227-AEB9-49A0-9DD1-F232218D9919}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-dede-ptr-downloader.exe | 
"{69A3C160-2671-4975-89B3-6487EA24CDEC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe | 
"{6F4FC713-0689-4194-9247-6DCD9AF61B91}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{70026ED3-3662-4807-B2F6-CC989FF93369}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-dede-ptr-downloader.exe | 
"{71FD6477-6310-49A7-9D47-0ED8F69A309A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-dede-downloader.exe | 
"{79FEF85B-037C-41DC-B32B-1236336DC1CE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A27227D-DDF0-4AD9-A541-A27772349B6F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe | 
"{7ADA7784-ABD6-415B-A898-0CD2B26BBC5B}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10179-to-0.2.0.10192-dede-downloader.exe | 
"{7B5E2E11-88FB-4411-AEFF-C2FC2C0D435A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7FD0C1A6-6D70-4623-AD0A-AFE9539EA649}" = protocol=6 | dir=in | app=d:\rift\rift beta\rift.exe | 
"{85B402B5-59C5-4698-981D-CA2375DF4816}" = protocol=17 | dir=in | app=d:\blackshot\efusion\blackshot\system\blackshot.exe | 
"{8874CEB8-113A-4B48-B05E-11F59E7913C5}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe | 
"{8C6F0AB0-3A82-493D-A221-418152994514}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{8D81FE82-EEC7-45D5-84C6-DCBF388271F6}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10571-to-0.3.0.10596-dede-ptr-downloader.exe | 
"{8EA2CEC4-0957-4C6E-BBF6-EE55CFB8D821}" = protocol=6 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe | 
"{941A23DC-320E-4DD9-ACCD-3E0B47DD5461}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe | 
"{991E2B23-3C93-4130-B32F-6D15097BE4DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{99BB6CD9-6C89-4381-9F58-217B340D64C0}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.2.10257-dede-ptr-downloader.exe | 
"{9CEEDCC0-7663-4ABE-8A2D-D174FAF4C7ED}" = protocol=17 | dir=in | app=c:\program files\levelone\11g wireless lan\wlanutility.exe | 
"{9F7A126A-75AF-4BED-A32F-30C18E6090A4}" = protocol=6 | dir=in | app=c:\program files\levelone\11g wireless lan\wlanutility.exe | 
"{A6DA12AD-EDA1-4943-8A01-C7D3BC37AE94}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7338D47-6F40-498C-81F9-36B3EAA12E49}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7DDF6A5-1F35-415C-B443-6CAE6E9A6B66}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe | 
"{A99617FC-34CC-4AA0-8595-121E947AD077}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AA91AE8A-2770-4CE6-890C-C376FED23A4B}" = protocol=6 | dir=out | app=system | 
"{ACCB561E-489A-46D0-BB56-5183F0D14EC7}" = protocol=17 | dir=in | app=d:\rift\rift beta\riftpatchbeta.exe | 
"{B1E2601D-6538-4BD3-A85D-0037D783FCFB}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B29E1BF2-927E-4331-86BD-5E16BC555802}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10522-to-0.3.0.10554-dede-ptr-downloader.exe | 
"{B37DC246-931B-4143-84A5-0C7555509959}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-dede-downloader.exe | 
"{B81DBB4E-5BB7-4B7D-A92D-C603902A62DB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BA328BE4-BF98-4EF5-8BE4-F7D650FFB024}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{BA8A2767-03AF-44C2-A1CC-27D056A28E17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C546FF41-13F6-4627-B456-E7653C11BF8F}" = protocol=6 | dir=in | app=d:\curse\curseclient.exe | 
"{CA9B6E8B-9AF5-4DCD-8CCB-13FC081AF1FF}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{CB98576A-C276-4F13-8E41-25B51527AF25}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.3.9183-to-3.0.8.9464-dede-downloader.exe | 
"{CC87048A-24DA-45A8-802E-EA113A60BCE3}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe | 
"{CF81F363-EF3E-492C-822A-D19D319FB2F9}" = protocol=17 | dir=in | app=d:\bad company 2\bfbc2updater.exe | 
"{D15F1B0E-F59F-4D3A-9E3F-A51570F81755}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-dede-downloader.exe | 
"{D2EE0D8F-327A-489B-996E-B4E2CE07D9BC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe | 
"{D41DB059-DDDE-4B99-A1EF-DBAB35F889AF}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{D5A16915-4AA0-4202-BC22-0AA0D23FF574}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-dede-downloader.exe | 
"{D5DC276C-51C3-4E68-B7EE-0987D6220D83}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-dede-downloader.exe | 
"{D6C94069-28B4-4BEC-AA8F-A1829B7FE1CA}" = protocol=6 | dir=in | app=d:\samsung pc\npsasvr.exe | 
"{DBAD1C9D-A062-41E8-AEDE-3B1BDE852477}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe | 
"{DC0CF110-A939-41BA-BF2E-A46FA68675BE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.1.0.9626-to-0.1.0.9637-dede-downloader.exe | 
"{E0999C7A-A841-4203-8EA2-FA83A0E28E47}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
"{E2CF2A6C-0DCD-40D0-BABC-55596DC68013}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.3.0.10554-to-0.3.0.10571-dede-ptr-downloader.exe | 
"{E374BE74-199D-4DF2-AD5A-0F7E6611F9E2}" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\moviebario_fm(2).exe | 
"{E68E4772-5C04-49A7-858C-9586F1AFA76A}" = protocol=17 | dir=in | app=d:\rift\rift beta\rifterrorhandler.exe | 
"{E6F9ACF2-2934-4F42-A616-4C1AB52B150D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-dede-downloader.exe | 
"{EC5AE447-0EBC-46AF-B0AA-621B40D8F4D2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{ECA154B8-4E7E-4556-B1E8-5B61DEFCC575}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{EF251834-9ED7-4AF8-8D2E-795640F26233}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{EF6ADB1C-D3F1-4F75-B641-2032BA10CCD4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4642274-020B-4C7F-B0E5-A6D338C9D58F}" = protocol=17 | dir=in | app=d:\efusion\blackshot\system\blackshot.exe | 
"{F5526803-D55E-4393-A551-CEFF4E0CBC1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{F8CA575F-4FCD-4B7A-939A-25FDBC74E4F6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{FA207F22-32A8-415F-A1C9-615E7DD831AF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FB0D7537-4854-4894-B6BE-0227F3158CFB}" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\common\call of duty black ops\blackops.exe | 
"{FE46A801-30BD-4D1C-8148-680A14E2725D}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{FE473595-3434-4123-89C7-CDF910C2DDB7}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-dede-downloader.exe | 
"{FED5D103-B975-4F37-B4A2-C738F0AA4750}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{0AF6A74C-9667-478D-BF2E-653CF96B9EA9}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{121B3A99-8181-4583-93E9-564072BE3F03}C:\users\marcin i daniel\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\temp\teamviewer\version4\teamviewer.exe | 
"TCP Query User{18139473-0303-4CA6-B905-9DF4BAA85DAB}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{2AB23202-9C81-4A44-BDB8-77628D497054}D:\xfire\dppm_source.exe" = protocol=6 | dir=in | app=d:\xfire\dppm_source.exe | 
"TCP Query User{2BA609B4-36A5-46DB-B15F-E679CED4D865}D:\counterstrike\steamapps\darkcsplaya\day of defeat source\hl2.exe" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\day of defeat source\hl2.exe | 
"TCP Query User{2CA21525-5369-4ED1-8811-3649DDD6E00A}D:\program files\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=d:\program files\ea sports\fifa 10\fifa10.exe | 
"TCP Query User{32CBD786-2D91-41BE-93CE-008EA2D31000}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{367A7D84-AE66-43A1-9688-255679016A07}C:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe | 
"TCP Query User{3BC80711-96B5-4807-9EA7-1678F2B5AA27}D:\xfire\xfire.exe" = protocol=6 | dir=in | app=d:\xfire\xfire.exe | 
"TCP Query User{4141BF9F-B874-4765-B0E6-DD353669A0D9}C:\users\marcin i daniel\saved games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\launcher.exe | 
"TCP Query User{41CF7975-08BC-48E1-BF97-3B03F5B5D7AD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{510C2EFD-E421-495C-AF4B-75B527D7AACB}C:\users\marcin i daniel\appdata\locallow\dyyno receiver\dppm.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\appdata\locallow\dyyno receiver\dppm.exe | 
"TCP Query User{521CAEA9-8D0B-43B8-B1A6-545501A9A4DC}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"TCP Query User{5B7D091B-FD69-440D-98CD-B9D2B7AE2B7E}D:\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=d:\world of warcraft public test\launcher.exe | 
"TCP Query User{5CBBFFF1-4664-45C7-B72A-F1FF23EA7054}C:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe | 
"TCP Query User{73248979-016E-4086-AD5E-6562B0CD0B38}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{79C278D6-FDD0-48C0-8DE5-DAA9571ACDD0}D:\counterstrike\steamapps\darkcsplaya\counter-strike\hl.exe" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\counter-strike\hl.exe | 
"TCP Query User{88AED824-D87B-4806-864F-FEFD7FCFBD10}C:\users\marcin i daniel\appdata\locallow\dyyno receiver\bin\api-1.4.3-all\dppm.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\appdata\locallow\dyyno receiver\bin\api-1.4.3-all\dppm.exe | 
"TCP Query User{9550F87E-BE90-4477-A2E2-7A0E4CE4FF6E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{A1615F7A-E4E7-4EAB-8BCE-646F95D5A238}C:\users\marcin i daniel\saved games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A931F3E2-DB08-48B0-9DF4-77590C8C8F1A}D:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{AED5C398-964C-463D-8892-4890C11515CB}C:\users\marcin i daniel\saved games\world of warcraft\wow-2.4.0-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\wow-2.4.0-dede-downloader.exe | 
"TCP Query User{AF5A570D-BCA3-4C9E-A4A8-6B8AD48D1CF4}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe | 
"TCP Query User{AFE9D8D2-839E-43AF-AA3F-F7E40DE3C91C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe | 
"TCP Query User{BAE3133D-9663-441F-BA96-5A688DC5C940}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(2).exe | 
"TCP Query User{BC45C103-E4A8-41F5-9090-AA6DE0DE063F}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{C101CF7A-B718-473B-A55D-CEB547A3C96D}C:\program files\nowe gadu-gadu\gg.exe" = protocol=6 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | 
"TCP Query User{CDB147F2-E54E-4DE2-A708-93D6B4F6FB08}D:\counterstrike\steamapps\darkcsplaya\condition zero\hl.exe" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\condition zero\hl.exe | 
"TCP Query User{D7E34242-F32C-47DB-BE90-A17B83756FF8}D:\counterstrike\steamapps\darkcsplaya\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\condition zero deleted scenes\hl.exe | 
"TCP Query User{E1BEADFA-CD06-4AF2-9109-38A9F7DC6844}D:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{E8BB051E-F272-487A-B35E-FDFFDF11CAF1}C:\users\marcin i daniel\desktop\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\desktop\world of warcraft public test\launcher.exe | 
"TCP Query User{F59DCE79-8A91-4758-8868-0D7E9325E49E}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | 
"TCP Query User{F8218CC4-EC45-4A7C-AA92-8E1C251EBBEF}C:\users\marcin i daniel\appdata\local\temp\blizzard launcher temporary - 3c33bf20\launcher.exe" = protocol=6 | dir=in | app=c:\users\marcin i daniel\appdata\local\temp\blizzard launcher temporary - 3c33bf20\launcher.exe | 
"UDP Query User{1C7D88E0-062D-42CD-ADDF-74987D2EA4CD}D:\counterstrike\steamapps\darkcsplaya\counter-strike\hl.exe" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\counter-strike\hl.exe | 
"UDP Query User{1E0ED1B2-1D75-414C-B7B0-5BDBDEC4DAF1}D:\counterstrike\steamapps\darkcsplaya\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\condition zero deleted scenes\hl.exe | 
"UDP Query User{44760A7F-D022-4AA0-A39F-7574E5B6ECB4}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{489D2A87-23DE-4BDE-8B21-BB171346EB06}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{4BCAB2EB-00E9-4AB0-8801-10B8E3EBFC20}D:\counterstrike\steamapps\darkcsplaya\day of defeat source\hl2.exe" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\day of defeat source\hl2.exe | 
"UDP Query User{4BDF4811-13E2-4CD3-8BC8-A0E8660EC226}C:\users\marcin i daniel\appdata\local\temp\blizzard launcher temporary - 3c33bf20\launcher.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\appdata\local\temp\blizzard launcher temporary - 3c33bf20\launcher.exe | 
"UDP Query User{531665FD-35F4-4640-8C9C-D8F5C83E1634}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{625C8931-2198-4751-9648-7E5F485172B2}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe | 
"UDP Query User{6BF3C0FE-DCD8-4354-8615-EA94AFC66C77}C:\users\marcin i daniel\saved games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\launcher.exe | 
"UDP Query User{71A55BD4-3FF5-4DB4-A9E8-54B598617D53}C:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe | 
"UDP Query User{762F2516-4772-4629-B291-F950B602FB61}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader.exe | 
"UDP Query User{7F352D80-9037-40E9-AB8E-D28AE0740ED5}C:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\wow-dede-installer-downloader.exe | 
"UDP Query User{87426D9F-A7C6-4A2E-A1FC-1E7BED0AB71A}C:\users\marcin i daniel\appdata\locallow\dyyno receiver\dppm.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\appdata\locallow\dyyno receiver\dppm.exe | 
"UDP Query User{89ED05E2-35D9-4A86-A7BB-41EABEAB6C93}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(3).exe | 
"UDP Query User{922A8B74-8272-4DE5-8B60-837377157E81}C:\users\marcin i daniel\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\temp\teamviewer\version4\teamviewer.exe | 
"UDP Query User{923B8FC6-7E1A-4E73-9B60-C8F20305784C}C:\users\marcin i daniel\desktop\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\desktop\world of warcraft public test\launcher.exe | 
"UDP Query User{94932CF5-0F57-4BF1-8CB9-B42F817C8262}C:\users\marcin i daniel\saved games\world of warcraft\wow-2.4.0-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\wow-2.4.0-dede-downloader.exe | 
"UDP Query User{9E4C9850-B625-4A2B-BAEC-298495218598}C:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\downloads\wow-2.4.3.8568-to-3.0.2.8916-dede-downloader(2).exe | 
"UDP Query User{9EBFD9AE-BD75-4EF5-BBF9-7B61F4072AAD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{A017B10D-75BF-43F5-9C0C-831BB32402C0}D:\xfire\dppm_source.exe" = protocol=17 | dir=in | app=d:\xfire\dppm_source.exe | 
"UDP Query User{A19BB351-3CEC-4D74-905B-17A98DFFF980}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A27AE522-1736-450B-91E5-22932E178344}D:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\program files\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A7FADDF7-BA8B-4A49-BE84-9D40F16BEC8C}D:\program files\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=d:\program files\ea sports\fifa 10\fifa10.exe | 
"UDP Query User{B31EDE15-60FD-44EE-B651-ED4F6E88F158}D:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{BBF1F492-C19B-4A38-9E1C-9D74C629659B}D:\counterstrike\steamapps\darkcsplaya\condition zero\hl.exe" = protocol=17 | dir=in | app=d:\counterstrike\steamapps\darkcsplaya\condition zero\hl.exe | 
"UDP Query User{CF329308-4051-4009-B81E-E4E6BC4CCA21}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{D0531C17-D930-44B1-BB8D-DCF0D23259BD}C:\users\marcin i daniel\appdata\locallow\dyyno receiver\bin\api-1.4.3-all\dppm.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\appdata\locallow\dyyno receiver\bin\api-1.4.3-all\dppm.exe | 
"UDP Query User{D118BB6B-87C1-4B8C-B760-3F385BCCFDEF}C:\users\marcin i daniel\saved games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\marcin i daniel\saved games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{D1A63938-2E5F-4CAE-A2E0-A947B2ECAD85}C:\program files\nowe gadu-gadu\gg.exe" = protocol=17 | dir=in | app=c:\program files\nowe gadu-gadu\gg.exe | 
"UDP Query User{DC5C3405-61B6-43F2-8DBD-1F436EB937E4}D:\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=d:\world of warcraft public test\launcher.exe | 
"UDP Query User{E9A080BD-664E-4E4E-A124-121205740ED1}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe | 
"UDP Query User{F0DEF452-6C7D-4BEF-94D3-A1484FC627D6}D:\xfire\xfire.exe" = protocol=17 | dir=in | app=d:\xfire\xfire.exe | 
"UDP Query User{F834045C-670A-4E58-92AB-B918B00E6EFA}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36DCC61E-53B6-41D4-9590-9894BCE17068}" = ESET NOD32 Antivirus
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D04E8C-71A5-4470-B5D9-DD0EB32F0F02}" = ZyAIR G-200 Wireless LAN USB 2.0 Adapter
"{765443B7-555F-4E8C-9C96-A52409AE4E4A}" = Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{AC4C38FD-A54C-4CA5-92EE-D983CD81293E}" = Microsoft Xbox 360 Accessories 1.2
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFC3C2E5-82ED-4823-9433-328045AE2F4B}" = 11g Wireless LAN
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D54640A3-2C2B-4CB1-9666-01E55F54E7F5}" = NCsoft Launcher
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{EFCEF949-9821-4759-A573-3EB8C857DF46}" = Windows Live Family Safety
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"BlackShot" = BlackShot
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GameSpy Arcade" = GameSpy Arcade
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Quick Help 2.0" = Quick Help 2.0
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Steam App 10" = Counter-Strike
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SteelSeries Engine" = SteelSeries Engine
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"VLC media player" = VLC media player 0.9.8a
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"xvid" = XviD MPEG-4 Video Codec
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Octoshape Streaming Services" = Octoshape Streaming Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.10.2010 16:13:54 | Computer Name = MarciniDanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
 0xc0000005, Fehleroffset 0x0003b15f,  Prozess-ID 0x15dc, Anwendungsstartzeit 01cb63fe14f9b9a0.
 
Error - 04.10.2010 16:14:02 | Computer Name = MarciniDanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc,
 fehlerhaftes Modul fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00ac3658,  Prozess-ID 0x15dc, Anwendungsstartzeit 01cb63fe14f9b9a0.
 
Error - 05.10.2010 06:42:43 | Computer Name = MarciniDanie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 05.10.2010 06:49:13 | Computer Name = MarciniDanie-PC | Source = VSS | ID = 8194
Description = 
 
Error - 05.10.2010 06:49:27 | Computer Name = MarciniDanie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 05.10.2010 06:50:14 | Computer Name = MarciniDanie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 05.10.2010 16:36:21 | Computer Name = MarciniDanie-PC | Source = System Restore | ID = 8193
Description = 
 
Error - 05.10.2010 16:36:21 | Computer Name = MarciniDanie-PC | Source = System Restore | ID = 8210
Description = 
 
Error - 06.10.2010 16:00:04 | Computer Name = MarciniDanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc,
 fehlerhaftes Modul fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00059636,  Prozess-ID 0xe40, Anwendungsstartzeit 01cb658fdc36ccb8.
 
Error - 06.10.2010 16:04:55 | Computer Name = MarciniDanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc,
 fehlerhaftes Modul fifa.exe, Version 1.0.0.0, Zeitstempel 0x4c8a90dc, Ausnahmecode
 0xc0000005, Fehleroffset 0x00059636,  Prozess-ID 0x10d4, Anwendungsstartzeit 01cb6591797e51b6.
 
[ System Events ]
Error - 10.06.2011 00:11:47 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 10.06.2011 00:25:56 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 10.06.2011 00:25:56 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 10.06.2011 00:26:14 | Computer Name = MarciniDanie-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.06.2011 10:21:36 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 10.06.2011 10:21:36 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 10.06.2011 10:22:10 | Computer Name = MarciniDanie-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.06.2011 12:26:53 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfvfs02.sys konnte nicht geladen werden.
 
Error - 10.06.2011 12:26:53 | Computer Name = MarciniDanie-PC | Source = Application Popup | ID = 875
Description = Treiber sfdrv01.sys konnte nicht geladen werden.
 
Error - 10.06.2011 12:27:27 | Computer Name = MarciniDanie-PC | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >
         
--- --- ---

OTL.Txt Logfiles:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10.06.2011 18:36:56 - Run 1
OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\Marcin i Daniel\Downloads
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,17 Gb Available Physical Memory | 66,76% Memory free
6,66 Gb Paging File | 5,61 Gb Available in Paging File | 84,35% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,57 Gb Total Space | 18,80 Gb Free Space | 32,09% Space Free | Partition Type: NTFS
Drive D: | 135,23 Gb Total Space | 72,13 Gb Free Space | 53,34% Space Free | Partition Type: NTFS
 
Computer Name: MARCINIDANIE-PC | User Name: Marcin i Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.10 18:34:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin i Daniel\Downloads\OTL.exe
PRC - [2011.03.02 16:28:42 | 000,241,152 | ---- | M] () -- D:\steelseries\SteelSeries Engine\SteelSeriesEngine.exe
PRC - [2011.01.16 21:25:20 | 003,046,808 | ---- | M] () -- C:\Programme\Pando Networks\Media Booster\PMB.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.05.14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.10.01 02:57:18 | 000,718,688 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Xbox 360 Accessories\XBoxStat.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.05.27 14:38:28 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe
PRC - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- D:\SystemDiagnostic\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.05.25 03:14:55 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.11.02 14:36:04 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2006.11.02 14:36:04 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.10 18:34:21 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Marcin i Daniel\Downloads\OTL.exe
MOD - [2006.11.02 11:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.05.20 22:51:06 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.18 13:07:24 | 003,275,864 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_8832f4b.dll -- (Akamai)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2010.12.07 22:21:09 | 003,988,144 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2010.07.09 16:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2009.05.27 14:38:28 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - [2009.02.19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- D:\SystemDiagnostic\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.05.25 03:14:55 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.14 07:48:18 | 000,084,608 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SteelBus.sys -- (busenum)
DRV - [2011.02.14 07:48:18 | 000,031,488 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SAlpham.sys -- (SAlphamHid)
DRV - [2010.12.21 15:04:06 | 000,137,144 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,094,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2010.09.22 21:19:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2010.07.10 05:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.07.20 19:02:24 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 10:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 10:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 10:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2008.02.07 11:38:41 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008.02.07 11:38:38 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007.10.03 09:18:12 | 000,099,840 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.06.13 23:47:00 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.02.07 13:20:32 | 000,206,336 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8187.sys -- (RTL8187)
DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AsusVRC.sys -- (ASUSVRC)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2003.10.31 14:30:28 | 000,310,912 | ---- | M] (Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wind502u.sys -- (wind502u)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.09 08:07:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.02 20:15:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.06.03 13:15:48 | 000,000,000 | ---D | M]
 
[2011.05.09 08:07:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin i Daniel\AppData\Roaming\mozilla\Extensions
[2011.06.03 13:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
[2008.10.21 19:45:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.12.10 13:05:03 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009.06.24 18:58:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.08.09 19:26:37 | 000,319,186 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 10947 more lines...
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Marcin i Daniel\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SteelSeries Engine] D:\steelseries\SteelSeries Engine\SteelSeriesEngine.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [4ECYTQ9SIC]  File not found
O4 - HKCU..\Run: [EA Core]  File not found
O4 - HKCU..\Run: [Metropolis]  File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Marcin i Daniel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} hxxp://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.1.0.0.26.CAB (DyynoX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\World of Warcraft\Screenshots\WoWScrnShot_110808_063235.jpg
O24 - Desktop BackupWallPaper: D:\World of Warcraft\Screenshots\WoWScrnShot_110808_063235.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{952df554-586e-11de-9ff5-00192148fc59}\Shell - "" = AutoRun
O33 - MountPoints2\{952df554-586e-11de-9ff5-00192148fc59}\Shell\AutoRun\command - "" = K:\setup\rsrc\Autorun.exe
O33 - MountPoints2\{952df554-586e-11de-9ff5-00192148fc59}\Shell\dinstall\command - "" = K:\Directx\dxsetup.exe
O33 - MountPoints2\{d33cf29e-1257-11df-b0f6-00192148fc59}\Shell - "" = AutoRun
O33 - MountPoints2\{d33cf29e-1257-11df-b0f6-00192148fc59}\Shell\AutoRun\command - "" = K:\Win32\AppWizard.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.06 14:25:22 | 000,000,000 | ---D | C] -- C:\Users\Marcin i Daniel\AppData\Local\ESET
[2011.06.06 12:26:45 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.06.03 13:15:48 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.06.03 13:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011.06.03 13:15:48 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011.06.03 12:44:09 | 000,000,000 | R-SD | C] -- C:\Users\Marcin i Daniel\Documents\My Stationery
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.10 18:35:01 | 000,000,312 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.10 18:33:34 | 000,651,112 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.10 18:33:34 | 000,618,272 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.10 18:33:34 | 000,120,908 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.10 18:33:34 | 000,107,416 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.10 18:29:13 | 000,057,221 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.06.10 18:29:13 | 000,057,221 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.06.10 18:27:06 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 18:27:06 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.10 18:27:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.10 18:27:01 | 3488,931,840 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.10 18:25:32 | 000,000,020 | ---- | M] () -- C:\Users\Marcin i Daniel\defogger_reenable
[2011.06.03 13:45:10 | 000,000,612 | ---- | M] () -- C:\Users\Marcin i Daniel\Desktop\BlackShot.lnk
[2011.06.02 23:09:20 | 833,801,410 | ---- | M] () -- C:\Users\Marcin i Daniel\Desktop\BlackShotEurope.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.10 18:25:22 | 000,000,020 | ---- | C] () -- C:\Users\Marcin i Daniel\defogger_reenable
[2011.06.06 12:25:16 | 000,000,312 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.03 13:45:10 | 000,000,612 | ---- | C] () -- C:\Users\Marcin i Daniel\Desktop\BlackShot.lnk
[2011.06.03 13:18:08 | 833,801,410 | ---- | C] () -- C:\Users\Marcin i Daniel\Desktop\BlackShotEurope.exe
[2010.10.16 21:46:11 | 000,057,221 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.09.25 17:11:02 | 000,140,248 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.09.25 17:11:02 | 000,138,056 | ---- | C] () -- C:\Users\Marcin i Daniel\AppData\Roaming\PnkBstrK.sys
[2010.09.25 17:10:48 | 000,266,400 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.09.25 17:10:46 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010.09.25 17:10:46 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.05.18 15:22:45 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.18 15:22:45 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.05 20:48:16 | 000,057,221 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.08.03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009.06.15 09:29:22 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.04.14 18:33:09 | 000,000,103 | ---- | C] () -- C:\Users\Marcin i Daniel\AppData\Local\fusioncache.dat
[2009.02.22 12:25:31 | 000,000,624 | ---- | C] () -- C:\Windows\eReg.dat
[2008.09.14 11:30:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.31 19:57:08 | 000,044,544 | ---- | C] () -- C:\Windows\System32\GIF89.DLL
[2008.08.31 19:56:09 | 000,000,140 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008.08.31 19:22:54 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.08.30 20:12:53 | 000,000,604 | ---- | C] () -- C:\Windows\Thps3.INI
[2008.05.23 21:15:11 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.23 21:15:10 | 000,651,112 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.23 21:15:10 | 000,120,908 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.23 21:15:10 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.23 13:10:35 | 000,026,112 | ---- | C] () -- C:\Users\Marcin i Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.23 11:27:37 | 000,001,356 | ---- | C] () -- C:\Users\Marcin i Daniel\AppData\Local\d3d9caps.dat
[2008.05.23 10:51:24 | 000,032,768 | ---- | C] () -- C:\Windows\System32\CheckDLL.DLL
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,372,096 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,618,272 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,416 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 09:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 09:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2011.01.26 14:23:28 | 000,000,000 | -HSD | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\.#
[2010.12.20 19:07:52 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\.minecraft
[2009.06.14 01:43:36 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\DAEMON Tools Lite
[2008.11.17 19:50:14 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\dyyno-vlc
[2009.09.04 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\GetRightToGo
[2008.06.27 22:46:02 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\ICQ
[2008.06.27 22:56:03 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\ICQ Toolbar
[2009.10.11 11:37:56 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Leadertech
[2009.07.24 17:52:26 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\LimeWire
[2010.11.26 22:33:51 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Need for Speed World
[2010.12.08 11:40:46 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Notepad++
[2009.06.21 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Nowe Gadu-Gadu
[2010.08.29 22:59:12 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Octoshape
[2010.05.18 15:27:30 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\PC Suite
[2010.10.31 21:08:55 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\PixelPlanet
[2011.02.04 23:52:53 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\RIFT
[2010.05.18 18:55:15 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Samsung
[2011.04.30 15:13:35 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\SteelSeries
[2009.06.14 01:18:52 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\TeamViewer
[2010.12.18 02:20:58 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\TS3Client
[2009.04.14 18:38:54 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Turbine
[2011.01.26 01:17:36 | 000,000,000 | ---D | M] -- C:\Users\Marcin i Daniel\AppData\Roaming\Uniblue
[2011.06.10 18:26:10 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.10 18:35:01 | 000,000,312 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< defogger_disable by jpshortstuff (23.02.10.1) >
 
< Log created at 18:25 on 10/06/2011 (Marcin i Daniel) >
Invalid Switch: 2011 (Marcin i Daniel)
 
 
<  >
 
< Checking for autostart values... >
 
< HKCU\~\Run values retrieved. >
 
< HKLM\~\Run values retrieved. >
 
<  >
 
< Checking for services/drivers... >
Invalid Switch: drivers...
 
 
< Unable to read sptd.sys >
 
< SPTD -> Disabled (Service running -> reboot required) >
 
<  >
 
<  >
 
< -=E.O.F=- >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
 
< End of report >
         
--- --- ---

gmer folgt

gmer müsste nun als zip anhang datei drauf sein

Alt 14.06.2011, 10:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.tdd / Win32.Delf.uv Trojaner - Standard

Win32.Agent.tdd / Win32.Delf.uv Trojaner



Zitat:
ich habe mir vor 2-3Tagen die 2 Trojaner Win32.Delf.uv und Win32.Agent.tdd eingefangen. Ich habe bisher mit ESET NOD32 AV
Was wurde wo genau gefunden? Solche Angaben reichen nicht aus, bitte poste das Log vollständig!
__________________

__________________

Alt 15.06.2011, 10:33   #3
sazke
 
Win32.Agent.tdd / Win32.Delf.uv Trojaner - Standard

Win32.Agent.tdd / Win32.Delf.uv Trojaner



nochmal durchscannen lassen und ESET hat wieder nix gefunden
S&D allerdings:

--- Search result list ---
Win32.Palevo: [SBI $C6E5CBDE] Konfigurations-Datei (Datei, nothing done)
C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E
__________________

Alt 15.06.2011, 11:45   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.tdd / Win32.Delf.uv Trojaner - Standard

Win32.Agent.tdd / Win32.Delf.uv Trojaner



Zitat:
nochmal durchscannen lassen und ESET hat wieder nix gefunden
Danach hatte ich nicht gefragt. Ich wollte wissen, was genau gefunden wurde bei den von dir erwähnten Durchgängen.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Win32.Agent.tdd / Win32.Delf.uv Trojaner
administrator, alternate, black, call of duty, counter-strike source, credit, curse, dateien, einstellungen, eset nod32, excel.exe, extras.txt, file, fix, funktioniert, funktioniert nicht, hijackthis, hkcu\~\run values retrieved., image, infizierte, infizierte dateien, install.exe, löschen, microsoft, microsoft office word, mozilla thunderbird, nicht mehr, ntdll.dll, nvlddmkm.sys, office 2007, oldtimer, otl.txt, plug-in, programm, rechtsklick, registry, required, safer networking, searchplugins, security update, shell32.dll, software, sptd.sys, spybot, start menu, system, torrent.exe, trojane, trojaner, usb 2.0, versteckte, vista, warnung, win32.delf.uv, windows, zip anhang




Ähnliche Themen: Win32.Agent.tdd / Win32.Delf.uv Trojaner


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF
    Log-Analyse und Auswertung - 19.09.2014 (23)
  3. Win32/openCandy + Win32.Trojan.Agent.C5K071 auf PC Win7/64bit
    Log-Analyse und Auswertung - 17.01.2014 (3)
  4. Win32/Provis!rts, Win32/Ragterneb.A, Win32/Meredrop, Win32/VB.RC, TrojanDropper:Win32/Bamital.C
    Plagegeister aller Art und deren Bekämpfung - 30.08.2010 (7)
  5. nach spybot durchlauf... Win32.Agent.ieu, Win32.FraudLoad, Win32.PornPopup
    Log-Analyse und Auswertung - 08.08.2010 (3)
  6. Virus.Win32.Protector.f & Trojan-Dropper.Win32.delf.eu
    Log-Analyse und Auswertung - 19.05.2010 (13)
  7. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  8. Probleme mit Trojaner WIN32.delf -MGZ & Win32.zbot -MKK
    Plagegeister aller Art und deren Bekämpfung - 03.12.2009 (5)
  9. Alle 10 min. http://212.227.253.139:80/verchk/usb496.dat Win32/Delf.NKL Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.11.2009 (11)
  10. Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (6)
  11. Win32.delf.uc Trojaner eingefangen
    Plagegeister aller Art und deren Bekämpfung - 20.07.2009 (19)
  12. eventuell noch trojaner? Trojan-PSW.Win32.Delf.cqp, Backdoor.Win32.Poison.jmo
    Log-Analyse und Auswertung - 21.11.2008 (0)
  13. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)
  14. Trojaner Win32:Delf-IWD
    Log-Analyse und Auswertung - 14.04.2008 (0)
  15. Trojaner-Verdacht: Win32:Agent-PBF + Win32:Zlob-AJG
    Log-Analyse und Auswertung - 05.01.2008 (1)
  16. Trojan-Clicker.Win32.Agent.ac / Bachdoor.Win32.PoeBot.a etc
    Plagegeister aller Art und deren Bekämpfung - 22.01.2005 (1)
  17. HackTool.Win32.Hidd.c / TrojanSpy.Win32.Agent.w / Trojan-Downloader.Win32.Agent.fy
    Plagegeister aller Art und deren Bekämpfung - 21.12.2004 (3)

Zum Thema Win32.Agent.tdd / Win32.Delf.uv Trojaner - Hallo, ich habe mir vor 2-3Tagen die 2 Trojaner Win32.Delf.uv und Win32.Agent.tdd eingefangen. Ich habe bisher mit ESET NOD32 AV und Spybot S&D gescant. Bisher konnte ich 5 infizierte Dateien - Win32.Agent.tdd / Win32.Delf.uv Trojaner...
Archiv
Du betrachtest: Win32.Agent.tdd / Win32.Delf.uv Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.