Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: BKA Virus auf pc!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.07.2012, 21:12   #1
Jerre97
 
BKA Virus auf pc! - Standard

BKA Virus auf pc!



Huhu habe ein Virus auf dem pc. Und zwar dieses "BKA" Virus.


Nach Otl Scan:

Code:
ATTFilter
OTL logfile created on: 08.07.2012 21:48:16 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Jeremy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 13,75% Memory free
11,98 Gb Paging File | 5,36 Gb Available in Paging File | 44,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,17 Gb Total Space | 812,64 Gb Free Space | 88,22% Space Free | Partition Type: NTFS
Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
 
Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jeremy\Downloads\24960-OTL.exe (OldTimer Tools)
PRC - C:\World of Warcraft\Wow.exe (Blizzard Entertainment)
PRC - C:\Users\Jeremy\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
PRC - C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe (Adobe Systems, Inc.)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName})
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Jeremy\AppData\Roaming\Spotify\Data\libcef.dll ()
MOD - C:\Users\Jeremy\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.DLL ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (McAfee, Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.382.0\BBSvc.exe (Microsoft Corporation.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton Internet Security) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
         


Und die extra.TxT

Code:
ATTFilter
OTL Extras logfile created on: 08.07.2012 21:48:16 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Jeremy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 0,82 Gb Available Physical Memory | 13,75% Memory free
11,98 Gb Paging File | 5,36 Gb Available in Paging File | 44,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 921,17 Gb Total Space | 812,64 Gb Free Space | 88,22% Space Free | Partition Type: NTFS
Drive D: | 10,24 Gb Total Space | 1,91 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
 
Computer Name: JEREMY-PC | User Name: Jeremy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3218139785-3739349501-2943519655-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0257B221-B22B-4553-9BF8-5F9391F029C9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0A1A7E2A-CB37-446C-ACD1-4FAFE974CC56}" = lport=445 | protocol=6 | dir=in | app=system | 
"{14143A05-732B-4E9C-BEBC-805DA21CD0D9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{155C9E43-73AD-4D48-BABD-6399024EB960}" = rport=138 | protocol=17 | dir=out | app=system | 
"{161B6A39-B273-444D-8D45-6F64A99A9ECF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{296635E4-C0C0-4EEF-BD0C-9113196F1651}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{382062FD-1176-4A6B-B54A-8E53C8388510}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{3C6C9C9D-640B-4588-8892-2F3BE305F425}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F69FB5A-2542-493C-B73B-C2D5B417BB63}" = lport=138 | protocol=17 | dir=in | app=system | 
"{527FCD82-B70B-4179-A141-41C74854EE72}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{64425A67-ED4A-4ACD-BF34-C863888C8306}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{6F66B165-4EFB-442D-9400-A6785205969D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{74A55CBB-AAD3-475E-9FF2-67C92C7B0F83}" = rport=139 | protocol=6 | dir=out | app=system | 
"{78024579-1F1B-4A32-A2AC-490F5403B9C0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7D9A1B09-7C49-4761-8B3C-ECE4C225DD7B}" = lport=137 | protocol=17 | dir=in | app=system | 
"{86DD6E15-830C-44B2-A3C8-742103A0A735}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{8A54EF26-36AF-4440-9154-3840C9A97C0E}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{8AA839AA-DFBB-41FB-BCD8-F895F02E38D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{91B8DBB7-5CF5-45B6-8EEC-03695991A09A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B67D5979-8775-45F4-BAD1-DC674430DAAB}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{B8931E77-6EBF-46B6-B0C4-59444CDEA145}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BCE6F1C9-B5FE-46D5-9C41-EBE4C2200302}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CE1AC6E9-8846-4151-BA2F-9FA10D30906F}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{E2D61881-3E76-4698-8C92-1D806030AD26}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{EAACFA38-FF75-47FE-9604-7E971B9B0923}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F2699F99-7A3C-41D0-AA2D-4023A0622C37}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{F45C7599-D258-4144-9F00-E10AC47B0777}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F841398E-2A4E-48D6-BBE0-0F9D1C2BF1FD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00FA2875-8897-452E-B802-9DD9DCB82261}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{04F704DE-A17C-42BA-9DA0-929A4628D204}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe | 
"{067D56FE-556D-488D-9DF5-D8AFDC63B4E8}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{07ACFFFD-390B-41CF-8651-0D36BE40BDF0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1259FD63-113E-4FDA-88FC-3267F0AF1412}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{12725068-BBCA-4E80-A4E6-7BEC685B589D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{12FE4E93-E8DC-46EF-A244-B4296B842C06}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{135E58C2-E85A-4305-BE29-5624F855C965}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{15F3016B-38DB-426E-B998-01C50F4BD229}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{18347AAA-114C-48F5-B103-C3EFC45A1556}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1DCB5CE3-E439-4A99-8349-30D72E7529FC}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{1E4A08AB-62C8-4C20-BACB-B53B9561F258}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{21243604-2C93-4FF4-9EB5-9A42EC0F9A80}" = protocol=6 | dir=out | app=system | 
"{23B57529-2A83-4835-A7D5-6A91DCC82555}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{263254B3-9335-4B9E-A506-C3624FBFF10C}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{263352DF-8EF5-4AE2-96C3-69C59C46619E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{263B37B7-85EC-4647-A937-B333D70FD135}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{2770C654-54CC-42D1-AE2A-CFED858D8A50}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{2813D4E6-E447-4496-8481-415FB18A1416}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{313FB264-E9E8-4A89-8AF8-4D0FCB0ECF83}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{3370554E-2D2A-412D-A70D-5CD3642BC5D0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{344A69FC-D3BE-4C9F-B780-AC4C42D4F827}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{3546864B-E655-4FAA-9153-EC224EAB73B7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{376D5092-ED70-4D59-96F2-E326DFAF49A9}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.exe | 
"{37D499B4-015B-4312-8825-3B3C8545AD17}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{3BEDCF66-6B06-4B2E-AC2E-6F5BD83AD00B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{425139EF-5DC2-47B7-922A-24A46C438803}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{4BFC1CF8-461B-4BA7-A33B-F2B947314B73}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{4E19CBCE-3AC8-48AE-BC73-59EEA32CD239}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{52FC5CF7-A8B5-40A0-B08E-2837839C4B47}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.patch.exe | 
"{57DDEED6-5618-4EF3-8929-CF5B73B5F151}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5A774B97-04E0-490F-8CC5-DCDA86E5DF95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5F259BA5-BA64-4D64-90F7-EB85CDC2CF4A}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{6088CA45-EC77-400E-82D3-23817A27C626}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{676A45A2-D041-4970-81C5-8DE19D897D40}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe | 
"{6BF863F6-60DB-49DF-8601-C8231C37CB38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6CC2D185-5C52-48B5-8AA7-FE4B910071D7}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{72C3EE88-83FE-406D-853C-A9D26D203FCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{769FD4A8-F7AA-4A3E-91BC-225756577715}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7A620F41-511E-4246-AA7E-0C0D3D67603B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{7ACB08C3-8447-49C7-A720-05789B228348}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{7EF83FED-4E3C-4D14-A57A-4DF6791EC322}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{81AE9286-6358-4970-A3A5-E7CE2060D322}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{81F1203F-7049-491B-BE7C-C9332125E3A4}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{861630D6-209B-4E16-B35B-24A5E2BC9BFD}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe | 
"{89626932-2FA4-40A8-BFB2-1C764A6846FE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{8B7EEFA5-9637-4F2B-AB9B-17B07D7A7107}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{8F6ABD7E-5A82-43D2-A195-73F68F2238FF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{908B4A24-A750-4CEC-A266-028685E26371}" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{91EEF3F2-A47D-4B0D-BC9F-43399E6C67F0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9233FE85-DAB0-41F4-A5DE-6DD2586079CD}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{95A79B4F-0F0D-4955-94BE-42428E761783}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9722CE3B-616A-4C60-A2DE-F9D0114906E6}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{9F63D5C1-A47D-4EEF-953C-3967D22DF0B8}" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.exe | 
"{A260E0A6-E992-4AD5-96AA-50B417C7D4CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A4E4A2B9-4407-4CA4-A1CB-8F60DE348A36}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AA459632-3C0C-4A00-800E-0F1A625D73AE}" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe | 
"{AE0C2C20-5051-465F-9B94-B59893805477}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{B04D4801-B2E5-4ABF-83CA-B3A5BB947CF2}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{B06CDF73-A5CC-4D0D-9DF9-50C847C8BE5E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{B4DBBC01-0224-4683-B6BD-44FD7E19E8CD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B8F2851B-3503-44DA-B11A-D4F92C480938}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{B92F4246-CF2B-457C-A262-752217EEE408}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BB2266FC-954D-420E-9315-2F401499C6C5}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft public test\launcher.patch.exe | 
"{BD28870D-03F6-4246-A75E-D17719BF97E5}" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.exe | 
"{C88012E4-6485-4E36-949F-8A874D34C77E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{D238C864-2B28-4BC6-8C70-798BB38A0E7C}" = protocol=17 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe | 
"{D7B6F69D-38F9-4857-B38B-19DA87F5D9AC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{DB29BEB9-FD54-4F80-8A28-6741011E0DF9}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version5\teamviewer.exe | 
"{DBE4EC35-9F17-470C-8C82-BBF801E22ECF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DD57589C-BB1D-46FE-9E3C-3FA27DF3772E}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe | 
"{DF44AAE0-AB17-4CFC-A099-FEF9F0A13ED5}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{E675694B-533B-4D4B-A549-50561A453368}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E86F1020-679B-461F-93B8-702332E4F022}" = protocol=6 | dir=in | app=c:\world of warcraft public test\launcher.patch.exe | 
"{F04C6DE0-49C2-4AD0-9C03-04DEAEDADAD0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{F33CBC42-3D19-4F71-BAA8-E3A01CD0226F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F700A11A-2FE6-4B0F-BB5B-BA047B29128A}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{FE9DB386-5EF9-4E6B-98EA-6331D9D905B4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"TCP Query User{09A52CDD-BB67-466E-9577-C0517B67E719}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{0DADC6B3-45FC-4E5D-9A61-24A6B7376294}C:\users\jeremy\desktop\work\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\launcher.exe | 
"TCP Query User{113B1057-9FEB-4479-9BA5-72E072359888}C:\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft public test\backgrounddownloader.exe | 
"TCP Query User{11C0F171-702A-48AC-94E0-B024C95FC5F5}C:\users\jeremy\downloads\ptr-installer-de_de(1).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(1).exe | 
"TCP Query User{11D22D32-95EE-4940-AAD0-4FD6C502B828}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{177491F5-7178-4EF4-AB64-878024CB7379}C:\users\jeremy\downloads\ptr-installer-de_de(2).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(2).exe | 
"TCP Query User{1F07AC1C-8B07-4FB7-88B7-5F0364C53420}C:\users\jeremy\desktop\work\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\launcher.patch.exe | 
"TCP Query User{20EB484E-DCD4-4B4C-9D56-23D1A9AE9662}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(5).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(5).exe | 
"TCP Query User{217758BB-0C52-40AF-B669-8C842788D687}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"TCP Query User{2D493C2A-0E7C-4634-8087-BA72F499EBDE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"TCP Query User{2F7C5D31-C4B0-4DF7-9C08-392829B2D0B9}C:\users\jeremy\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\jeremy\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{44337611-27DC-4702-94C0-249709128EAE}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{47BC3A51-B2D6-4CA2-8F4E-5AF718C3CE5C}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"TCP Query User{482A9E22-17F9-42A0-AF5F-BCC481AA724C}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe | 
"TCP Query User{4ACD3155-2569-4964-8E4C-D44664F13061}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{529C20E7-AE7E-49E1-8DC2-6A87F02DE955}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"TCP Query User{550205D2-93D1-4CF2-A47C-58B6F6B72C23}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{60055922-5C76-4C4D-A315-93EB9D1C6FA8}C:\users\jeremy\downloads\ptr-installer-en_us.exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-en_us.exe | 
"TCP Query User{6197AF03-CC85-48AB-ABBE-3F2FCFCD7685}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{6383AD98-3FA5-4D5A-931A-CC1AB28C0E7D}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{6885D030-19C5-4AB0-83C0-BD634B09D57D}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"TCP Query User{6E775BCD-BBC4-4D20-B3CF-4FC61FCAEAF6}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"TCP Query User{6FA71E18-31C6-4DD4-814E-2EC851A0E20C}C:\users\jeremy\downloads\ptr-installer-de_de(3).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(3).exe | 
"TCP Query User{73162F99-8FE5-4B4A-8A12-31AA36EF0BB6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{7921AA1D-E328-436C-916A-5AB92A8F3C9E}C:\users\jeremy\downloads\ptr-installer-de_de(4).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(4).exe | 
"TCP Query User{7A2BC74B-CF82-42C9-9598-350EFBABF106}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"TCP Query User{7C8AA864-0B64-455B-AD9C-B99019F97B32}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(7).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(7).exe | 
"TCP Query User{844D2905-4A51-411E-9A56-B62E56B4AC94}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"TCP Query User{9024DF08-7FAA-4B09-AFD7-77BB25BF9526}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"TCP Query User{99F69F4E-4B4A-40CD-934E-9A9E9C0304C3}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(6).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(6).exe | 
"TCP Query User{9CEFA52B-3E6E-4DFE-AC69-1EC9FBCFE7A5}C:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{A1C9CAD9-D12A-44FC-9504-1FB02902BD9C}C:\users\jeremy\desktop\work\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A4E180E4-6035-4EE9-80C8-CE65FBF10E75}C:\users\jeremy\desktop\work\world of warcraft\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | 
"TCP Query User{A98E9FC4-5372-4F6B-81B4-D089F1DEC006}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe | 
"TCP Query User{ABB7F97A-325A-4124-8B9B-7C8F804FA19E}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"TCP Query User{B1317B57-B682-4563-BE45-3FABE91BE86D}C:\users\public\games\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"TCP Query User{B3FF96A1-6EE7-4DF1-8EFE-9FD90ECF3A39}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{BBB0906C-3418-4E26-B530-B31146AEF92D}C:\users\jeremy\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=6 | dir=in | app=c:\users\jeremy\desktop\teamspeak3-server_win64\ts3server_win64.exe | 
"TCP Query User{BFF1C10D-9585-4EE5-B018-060AC7260658}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"TCP Query User{CDB5B278-181E-4BD0-8DD2-2B7F949F40A6}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{CEF4D64B-FE17-407F-904B-9F9351A0E8A2}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
"TCP Query User{D6397B30-8DAA-4584-B1A9-F839FCDFDBB6}C:\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{DF5AEF44-43C0-4FC2-AFD4-C23455E941ED}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{F6193FC2-C51C-4ED5-B4FA-5D89FF764C2A}C:\users\jeremy\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de.exe | 
"TCP Query User{FC339942-EFD4-483C-8353-A9B2B64A7439}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"TCP Query User{FEBAF648-D52E-4CAA-833C-A01A9260C806}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"TCP Query User{FF2F728D-4BEA-40B1-A16A-5BD2BCEA2B35}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{FF5D0286-BDE1-494F-96E5-7305E0E2F595}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{084E0583-A0DC-491F-AAA6-95C8F2B60550}C:\users\jeremy\downloads\ptr-installer-de_de(1).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(1).exe | 
"UDP Query User{09E4C6B6-9E38-4952-8343-B478340542F6}C:\users\public\games\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\repair.exe | 
"UDP Query User{0DB23AEC-9117-45FE-AE24-E8D1FB49765F}C:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-dede-downloader.exe | 
"UDP Query User{130EE70E-6624-42BE-BCC1-86615161C5C9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{190A570B-47C7-481C-9600-FC3A4467E53A}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"UDP Query User{192E260D-7EA1-41B2-BDFC-9F8A96070DA9}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-dede-downloader.exe | 
"UDP Query User{1E2758B2-6DEB-453B-9CB2-F99783DC4121}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2685-enus-tools-downloader.exe | 
"UDP Query User{2024AA65-DB8F-44CE-9BDE-2417CF1573F0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{2620FB3B-0FC5-4E47-A648-103E4CC68531}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{274C0EAA-7345-4B61-B225-B9228E521616}C:\users\jeremy\downloads\ptr-installer-de_de(2).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(2).exe | 
"UDP Query User{2869C3A5-0A65-4765-8472-95C2FCBC2719}C:\program files (x86)\ea sports\fussball manager 10\manager10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fussball manager 10\manager10.exe | 
"UDP Query User{2AF2A668-32F2-425B-B942-E71B42AFA813}C:\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{2B679AAC-A065-42AA-B233-111C452C38C3}C:\users\jeremy\desktop\work\world of warcraft\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\temp\wow-4.2.1.2608-enus-ptr-tools-downloader.exe | 
"UDP Query User{2D58FA93-B978-4B81-BBF5-826B01F7ECFE}C:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12340-x86-win-dede-bkgnd-downloader.exe | 
"UDP Query User{2F0D136C-6788-4172-A1BD-DDBB18BBC3C4}C:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-2.1.1.1897-engb-tools-downloader.exe | 
"UDP Query User{3B8BBA92-E8C9-4C1D-96B5-42D575E3BCAB}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(7).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(7).exe | 
"UDP Query User{3CD4A27A-298D-438F-9E2E-432A0CDCF17E}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(4).exe | 
"UDP Query User{4277635F-AAD0-48D3-B8D9-7F76AE2DAC0B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{42BC36B6-A0EF-4086-91E5-7533BBB08C5E}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(5).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(5).exe | 
"UDP Query User{5AF73430-BBC8-4054-AAD7-F928118C573F}C:\users\jeremy\downloads\ptr-installer-de_de(3).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(3).exe | 
"UDP Query User{5FFA4D61-85B2-4E20-9108-77C13E7A7F6D}C:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe | 
"UDP Query User{62931907-046B-4183-AB3C-157CAB7E5ACF}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{653490DE-0958-4456-9C27-04A09CCCBEB9}C:\users\jeremy\downloads\ptr-installer-de_de(4).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de(4).exe | 
"UDP Query User{6989194B-3AB6-4494-AAD1-D8E0222AB438}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{6A710B6B-C5A9-4D03-AC75-985FD8D8135B}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe | 
"UDP Query User{6D9306B7-8096-4DA2-BA24-CE7A6F2EB1A4}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{7A7E9507-F4AE-4FE2-BF64-726422D39891}C:\users\jeremy\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\jeremy\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{7D05EE87-2768-4BC3-A538-BE27AE9DF67C}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{7F9AC1A8-E531-4DB5-8C07-9B6CC1AF8771}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{91D02902-5A61-4B9F-B771-137B358E6031}C:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{A708DBF0-8272-4A8D-B10A-21E61FD2A66F}C:\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft public test\backgrounddownloader.exe | 
"UDP Query User{B029BC15-35F4-47FF-85DF-263BD085F1A2}C:\users\jeremy\downloads\ptr-installer-en_us.exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-en_us.exe | 
"UDP Query User{B2A423F1-1F19-47B2-96C4-8372239AB2CA}C:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-dede-downloader.exe | 
"UDP Query User{B417CDFD-74BC-4FDF-9A97-0408B442E82B}C:\users\jeremy\desktop\work\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B4FB2100-A6DB-4D3F-8DB9-99DDC5694C3E}C:\users\jeremy\desktop\work\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\launcher.patch.exe | 
"UDP Query User{B9587E30-8A16-4343-B84D-A06A4917217A}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe | 
"UDP Query User{CACCD628-EC65-40BC-B676-2EF0FAB62DF6}C:\users\jeremy\desktop\teamspeak3-server_win64\ts3server_win64.exe" = protocol=17 | dir=in | app=c:\users\jeremy\desktop\teamspeak3-server_win64\ts3server_win64.exe | 
"UDP Query User{CD5A19E9-35DD-431F-90CA-7344338B667B}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(6).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(6).exe | 
"UDP Query User{D87C2DAD-9388-4822-894D-2BAA922D22A1}C:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\world of warcraft\temp\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{DC287EDD-4E05-437F-BCBF-1AA4759397C8}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe | 
"UDP Query User{E00CB3FF-913F-4353-BDFB-D8FCD1BC1187}C:\users\jeremy\desktop\work\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\jeremy\desktop\work\world of warcraft\launcher.exe | 
"UDP Query User{F0AEEAC2-7BFB-4961-8B7A-30BE45AEF606}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2727-enus-tools-downloader.exe | 
"UDP Query User{F0F9BEA2-380A-431D-9C03-92C86E697887}C:\users\jeremy\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\ptr-installer-de_de.exe | 
"UDP Query User{F34CFF60-0A83-4994-97FD-1F780FD8F80C}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe | 
"UDP Query User{F437A69B-94C9-41C1-805F-5E81C388D6C1}C:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\temp\wow-4.2.1.2609-enus-tools-downloader.exe | 
"UDP Query User{F772A494-8F57-4B04-9199-7EFAF300025B}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F7B8F9B5-3832-41EB-AF9C-293D908F245A}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(3).exe | 
"UDP Query User{FB679CC4-DC66-4A91-81C4-FA84CD0E7485}C:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\jeremy\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader(2).exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26280024-DFB7-4967-90DB-7F9C6660D01E}" = HP MediaSmart SmartMenu
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"NVIDIA Drivers" = NVIDIA Drivers
"PC-Doctor for Windows" = Hardwarediagnosetools
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5B295588-59C1-4386-9F85-BB4BEDCB0D22}" = HP Customer Experience Enhancements
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9739666-2235-42F8-85D6-9B4005DC7951}" = Bing Bar
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B40D7926-AE5F-41EA-8AC6-56C0E2F00E9D}" = HP MAINSTREAM KEYBOARD
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD6C316A-FE75-4FBB-9D22-4C1920232B72}" = LightScribe System Software
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.24.608
"Google Chrome" = Google Chrome
"HP Remote Solution" = HP Remote Solution
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{57C5B3B2-E935-441F-9D3A-0B331E1FE4B9}" = HOT ALBUM MYBOX
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mumble" = Mumble and Murmur
"NIS" = Norton Internet Security
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PHPNukeDE Toolbar" = PHPNukeDE Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"Uninstall_is1" = Uninstall 1.0.0.1
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3218139785-3739349501-2943519655-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.05.2011 14:38:13 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
 
Error - 07.05.2011 14:38:14 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.05.2011 14:38:14 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
 
Error - 07.05.2011 14:38:14 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8003
 
Error - 07.05.2011 14:38:15 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.05.2011 14:38:15 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9002
 
Error - 07.05.2011 14:38:15 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9002
 
Error - 07.05.2011 14:38:16 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 07.05.2011 14:38:16 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 10031
 
Error - 07.05.2011 14:38:16 | Computer Name = Jeremy-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 10031
 
[ Media Center Events ]
Error - 06.01.2012 09:36:57 | Computer Name = Jeremy-PC | Source = MCUpdate | ID = 0
Description = 14:36:49 - Fehler beim Herstellen der Internetverbindung.  14:36:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 08.07.2012 07:58:11 | Computer Name = Jeremy-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
 
Error - 08.07.2012 07:58:11 | Computer Name = Jeremy-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 08.07.2012 07:58:26 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Norton Internet Security" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1.
 
Error - 08.07.2012 07:58:40 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SRTSP
 
Error - 08.07.2012 11:00:56 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 08.07.2012 11:00:56 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst lmhosts erreicht.
 
Error - 08.07.2012 12:23:46 | Computer Name = Jeremy-PC | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
 
Error - 08.07.2012 12:23:46 | Computer Name = Jeremy-PC | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
 
Error - 08.07.2012 12:24:01 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Norton Internet Security" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1.
 
Error - 08.07.2012 12:24:26 | Computer Name = Jeremy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SRTSP
 
 
< End of report >
         

Malewarebytes Scan


Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jeremy :: JEREMY-PC [Administrator]

Schutz: Aktiviert

08.07.2012 22:07:00
mbam-log-2012-07-08 (22-07-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 216987
Laufzeit: 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

CCleaner Ergebnis


Code:
ATTFilter
Adobe Flash Player 11 ActiveX 64-bit	Adobe Systems Incorporated	04.05.2012	6,00MB	11.2.202.235
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	24.06.2012	6,00MB	11.3.300.262
Adobe Reader X (10.1.1) - Deutsch	Adobe Systems Incorporated	01.11.2011	119MB	10.1.1
Apple Application Support	Apple Inc.	08.07.2011	50,9MB	1.5.2
Apple Mobile Device Support	Apple Inc.	08.07.2011	22,6MB	3.4.1.2
Apple Software Update	Apple Inc.	08.07.2011	2,25MB	2.1.3.127
Avira AntiVir Personal - Free Antivirus	Avira GmbH	13.02.2012	61,7MB	10.2.0.707
Avira SearchFree Toolbar plus Web Protection	Ask.com	04.07.2012	4,98MB	1.15.4.0
Bing Bar	Microsoft Corporation	15.05.2012	464KB	7.1.382.0
Bonjour	Apple Inc.	08.07.2011	1,74MB	2.0.5.0
CCleaner	Piriform	22.06.2012		3.20
Compatibility Pack für 2007 Office System	Microsoft Corporation	15.05.2012	324MB	12.0.6612.1000
CyberLink DVD Suite Deluxe	CyberLink Corp.	22.09.2009	16,4MB	6.0.3101
Free YouTube to MP3 Converter version 3.11.24.608	DVDVideoSoft Ltd.	18.06.2012	90,1MB	3.11.24.608
Google Chrome	Google Inc.	30.06.2010		20.0.1132.47
Google Earth	Google	25.11.2011	92,7MB	6.1.0.5001
Hardwarediagnosetools	PC-Doctor, Inc.	22.09.2009		6.0.5205.31
HOT ALBUM MYBOX	PLANNING Co., Ltd.	01.12.2010	72,3MB	3.1.7.9
HP Customer Experience Enhancements	Hewlett-Packard	22.09.2009		5.7.0.3036
HP MAINSTREAM KEYBOARD	Hewlett-Packard	22.09.2009		1.4.3.0
HP MediaSmart DVD	Hewlett-Packard	22.09.2009	101MB	3.0.3123
HP MediaSmart Movie Themes	Hewlett-Packard	22.09.2009	399MB	3.0.3102
HP MediaSmart Music/Photo/Video	Hewlett-Packard	22.09.2009	401MB	3.0.3205
HP MediaSmart SmartMenu	Hewlett-Packard	22.09.2009	1,85MB	3.0.28.2
HP Odometer	Hewlett-Packard	22.09.2009	48,0KB	2.10.0000
HP Remote Solution	TopSeed	22.09.2009		1.1.9.0
HP Setup	Hewlett-Packard	22.09.2009		1.2.3220.3079
HP Support Information	Hewlett-Packard	22.09.2009	160KB	10.1.0002
HP Update	Hewlett-Packard	22.09.2009	2,96MB	5.001.000.014
Intel® Matrix Storage Manager	Intel Corporation	08.12.2009		
Java(TM) 7 Update 4	Oracle	15.05.2012	99,3MB	7.0.40
LabelPrint	CyberLink Corp.	22.09.2009	230MB	2.5.1901
League of Legends	Riot Games	18.11.2011		1.3
LightScribe System Software	LightScribe	22.09.2009	22,4MB	1.18.5.1
Malwarebytes Anti-Malware Version 1.61.0.1400	Malwarebytes Corporation	08.07.2012	18,0MB	1.61.0.1400
McAfee SiteAdvisor	McAfee, Inc.	05.07.2012		3.5.217
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	26.06.2010	38,8MB	4.0.30319
Microsoft IntelliPoint 8.2	Microsoft Corporation	25.04.2012		8.20.468.0
Microsoft Office PowerPoint Viewer 2007 (German)	Microsoft Corporation	15.05.2012	114MB	12.0.6612.1000
Microsoft Silverlight	Microsoft Corporation	15.05.2012	242MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	16.01.2010	1,72MB	3.1.0000
Microsoft Sync Framework Runtime Native v1.0 (x86)	Microsoft Corporation	07.03.2011	625KB	1.0.1215.0
Microsoft Sync Framework Services Native v1.0 (x86)	Microsoft Corporation	07.03.2011	1,44MB	1.0.1215.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053	Microsoft Corporation	17.01.2010	260KB	8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	17.01.2010	252KB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	16.06.2011	300KB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	22.09.2009	708KB	8.0.61000
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175	Microsoft Corporation	02.06.2011	580KB	8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148	Microsoft Corporation	17.01.2010	212KB	9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148	Microsoft Corporation	17.01.2010	200KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570	Microsoft Corporation	02.06.2011	790KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	02.06.2011	598KB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17	Microsoft Corporation	22.09.2009	788KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	16.06.2011	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729	Microsoft Corporation	25.08.2010	598KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	22.09.2009	596KB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.12.2010	592KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	16.06.2011	600KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	10.11.2011	13,8MB	10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	10.11.2011	15,0MB	10.0.40219
Microsoft Works	Microsoft Corporation	12.04.2012	666MB	9.7.0621
Mozilla Firefox 13.0.1 (x86 de)	Mozilla	18.06.2012	37,7MB	13.0.1
Mozilla Maintenance Service	Mozilla	18.06.2012	309KB	13.0.1
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	17.01.2010	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	17.01.2010	1,33MB	4.20.9876.0
Mumble and Murmur	Mumble	21.10.2010		1.2.2
Norton Internet Security	Symantec Corporation	08.12.2010		16.7.0.30
NVIDIA Drivers	NVIDIA Corporation	22.09.2009		1.4
NVIDIA PhysX	NVIDIA Corporation	25.08.2010	120MB	9.09.0814
OpenAL		25.08.2010		
Pando Media Booster	Pando Networks Inc.	24.09.2011	5,46MB	2.3.6.0
PhotoScape		02.12.2010		
PHPNukeDE Toolbar		28.04.2012		
PowerDirector	CyberLink Corp.	22.09.2009	521MB	7.0.3101
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	22.09.2009		6.0.1.5882
Skype Toolbars	Skype Technologies S.A.	08.04.2010	5,23MB	1.0.4051
Skype™ 4.2	Skype Technologies S.A.	08.04.2010	31,7MB	4.2.155
Spotify	Spotify AB	27.06.2012		0.8.4.93.gd9f49c35
         




Hoffe mir kann jemand helfen...

mfg

Alt 10.07.2012, 19:09   #2
markusg
/// Malware-holic
 
BKA Virus auf pc! - Standard

BKA Virus auf pc!



hi
prinzipiell gern, aber otl.txt ist nicht vollständig
__________________

__________________

Alt 11.07.2012, 00:05   #3
Jerre97
 
BKA Virus auf pc! - Standard

BKA Virus auf pc!



Ach hab swh genacht alles weg
__________________

Alt 11.07.2012, 22:46   #4
markusg
/// Malware-holic
 
BKA Virus auf pc! - Standard

BKA Virus auf pc!



woher willst du das wissen, das wegbleiben von symptomen hat nichts mit der entfernung der malware zu tun
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu BKA Virus auf pc!
antivir, avira, bingbar, bonjour, converter, desktop, downloader, error, firefox, flash player, google, google earth, heuristiks/extra, heuristiks/shuriken, home, install.exe, league of legends, logfile, mozilla, mp3, realtek, registry, scan, security, siteadvisor, software, svchost.exe, symantec, teamspeak, virus, win64, windows, yontoo





Zum Thema BKA Virus auf pc! - Huhu habe ein Virus auf dem pc. Und zwar dieses "BKA" Virus. Nach Otl Scan: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 08.07.2012 21:48:16 - Run 1 OTL - BKA Virus auf pc!...
Archiv
Du betrachtest: BKA Virus auf pc! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.