Polizeivirus

riku2806 · 17.07.2012, 12:24

Hallo, ich habe mir heute den Polizeivirus (österr. Bundespolizei) eingefangen.
Nach dem Start des Rechners im abgesicherten Modus hat kein Virenscanner etwas gefunden. Ich hab einige Files, die mir seltsam vorkamen, mit der Endung bak versehen:
C:\Windows\Prefetch\ReadyBoot\ReadyBoot.etl.bak
C:\ProgramData\to_r0tsef.pad.bak
C:\Users\user\AppData\Local\Temp\fest0r_ot.exe.bak

Habe mit OTL das Log erstellt (unten angehängt).

Habe dann probiert, den Rechner neu zu starten und siehe da, normaler Start bis auf die Meldung, dass C:\Users\user\AppData\Local\Temp\fest0r_ot.exe nicht gefunden werden konnte.

Ich fürchte nur, dass das problem noch nicht beseitigt ist, bitte um Hilfe, wie ich weiter vorgehen soll.

Log:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17/07/2012 12:31:08 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\user\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd/MM/yyyy
 
3,73 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 74,39% Memory free
7,47 Gb Paging File | 6,67 Gb Available in Paging File | 89,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288,10 Gb Total Space | 237,94 Gb Free Space | 82,59% Space Free | Partition Type: NTFS
 
Computer Name: NBKUPEC | User Name: user | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{012C1018-90E1-4496-9A58-80AE53E53857}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0E482483-8391-4DAF-934A-CDE081C0079E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{162FE884-A517-40DE-A273-6425A2F252F0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1CD3F688-8740-4E88-9354-F2EEAD8AD11A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{26C66949-E0E0-4A99-99AB-CFD1C2C48B51}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{28C73C41-0307-40E2-983C-1965CE53A075}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{3021DA8F-7BA0-4056-810F-A0E81ADA7A30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{31633D25-79C5-47FF-A738-9AA5231C15C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{33E430BD-369F-428C-9CE9-8D9EE2C36E0E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3A6C9B36-5BA7-488D-809B-2BA1029962DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3C1E35D2-42AB-483B-AA04-B66D822F4F68}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4C044EA0-FBED-4902-A3FC-E956DB0249B7}" = lport=445 | protocol=6 | dir=in | app=system | 
"{57423854-ADC6-448E-8A57-57819C67B634}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5A798763-DF07-4A73-815C-A1B2B5F1B59F}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{5E71DDFE-63DC-49AD-A777-098D1FE80AC6}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{60DF9656-447E-4E18-85F4-BF7A2C269A19}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{640A4E79-06E2-4831-92C2-960E0DF8C850}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{658AE13C-0672-46D3-9FCF-6A5E12684605}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{67F7948F-AE64-4B11-A482-A71144AEFA05}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6A277B7A-95AD-4F78-9618-5D16CFE6E157}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7B578106-D9DF-4EF5-9514-624AE4451AE3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{8051B373-114F-4034-A933-40EB8E120C3C}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | 
"{94DF83D3-439A-4C60-9535-B54F03C01D24}" = lport=139 | protocol=6 | dir=in | app=system | 
"{96CFB0E2-7EB8-4842-91EA-841BF0CA1EE3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A6597BFF-D1EF-48E0-8725-A06125452E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{A932EE7A-A5B6-49E1-95A4-EB86214D7C60}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{B43ED3F7-A31B-42BB-93DA-5AF3CE33B4B9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{BF2997F1-C06B-4F0D-A804-C3888118EF0B}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | 
"{C32B4D2F-2A96-467F-AF89-B5BB77C45CAB}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{C5033435-308D-4353-97CD-BDE5D2AF83A7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C85B2032-1A3B-4A34-BF74-3E045DA20C98}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C9484CD6-5DBA-4368-8208-8BDF7C92AB6E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CBC295B7-D2F4-4069-AB79-8BE4E4829A18}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D929F75F-99C4-4595-B411-EC74F0F2EB08}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{EC06F537-FFE2-482C-B3A4-D91C03B63755}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FDB4E57F-4866-4667-A2BA-8946CFA59B1F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CBFB41-435B-4A68-B7DB-C04ED2735986}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0668D763-D196-4915-BE04-36603F8B2C51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0DB22D4A-69BD-40DA-91C8-34D0740A4F9E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{10EAACDE-0CF2-480E-B524-735B21046AAB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{1177264B-C069-4D1D-BF42-8DFAF69229A0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{1682CE81-EF37-48A4-8CA3-4EE933E13D77}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{16FC0FDC-1962-4E36-8A18-C29D8AB92E9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1D8F1E0F-64F3-4765-9E1D-5E4595523283}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{1ED6C596-4066-454C-BF75-CEB5B6C76458}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | 
"{2028C07F-48ED-47B4-BAEC-E2841572836A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{2280FE98-9B4F-43F0-8806-DAED05AAFA50}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | 
"{2825BA58-580B-469D-B434-AE57E189C0CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{29CC527D-9411-4A1E-9333-C2771A453B25}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{30C2D79D-A15B-4539-86F6-571009B5723D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{32839DC3-E8D6-4B9D-86B3-C0333CD39DEA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{33BC35B3-5A0B-4663-8EDC-88A69882115A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{373162BE-99E6-47FC-B29F-73DCC908933A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{3780B86C-5E8F-47E6-899A-7AC1F9A3A28E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{37B3B065-BA82-446F-B937-A117A1F489BB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CFBDE18-F970-4F2A-8B7F-274FFA670A14}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{40612A27-669C-484C-80B9-87AB04938708}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{46646A0E-0686-4E5B-A762-EF8B41D82F80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{47620843-3F32-4FEC-830A-A48CAAECC3FD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4DF5DC91-8CB9-41F3-BC78-493B55E7F57F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5984C366-6475-4C33-9488-0CA6B2BAB45A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5AB09C3C-0FD6-4FF6-954F-B375FE28EAC5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{5BDC5FD5-E375-4DA9-8ED5-7E2B67C3293C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5DF22D10-B530-41A2-9E59-A1E904D4D486}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5F3CCD64-CA84-48FA-B006-57252A9BDC11}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{5F87558C-832A-4BA0-9FC2-444030217B3B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{66A7C044-578A-4354-993C-9EC833CE1016}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{67CACCEE-1D1F-4636-A558-B5E0EBCC8BC9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{7D251EC0-D1F4-4D26-8609-DB7CA9D09930}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{7E5084DD-1EF2-4711-A4DD-58B892168482}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{8905CA7E-456F-4822-A7B4-6A10513A1B35}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{903CBC2B-60FB-417B-B564-30DB299B60BB}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{9CA27EE0-7C9B-4AF1-9C72-1AA876B83E4B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9F81EBCD-FF72-4674-8E32-B429268A47F1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | 
"{A05DA4D3-A2DA-4A5E-8B17-110E25671E0B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | 
"{A7331F19-A7EC-476D-A971-FA91F4475141}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | 
"{AD1756D6-DAB9-4C40-B3B9-272BE1E1C787}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{B2936282-3A89-46E6-89FA-C667C1C18A26}" = protocol=6 | dir=out | app=system | 
"{B952F7F9-72CD-411F-AC23-1197782E9FD2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{BA803B45-7B05-4003-A902-A4AC6501B5F3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{BEFF5EE5-2EBA-416A-941B-ADA86100DC7F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{C18F2436-4876-423F-92C9-45A12B1F3E48}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C1F86024-DA24-4F25-A6A9-DB0B8A8834CB}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{C7C81FC7-F1D5-4753-9BFB-2BF3EA408AD7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C84BB5D0-4827-4277-9078-24107CC8756E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3B43E3C-A05A-4FA8-83AE-09D3DE73F50C}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{DF49B8F1-7317-451E-A8DB-D5D4DCBF8699}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe | 
"{DF8D07FE-C42F-411F-A18E-0843B1203BFF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E11DF8DF-D9D0-4562-83CE-98296F587C31}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E13A3433-6784-4664-A6A6-2359FAFC5DFE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{E7BB5DE6-9FA9-4C5B-A2DD-C97DBF4BC1A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{ECE7AA2E-8486-4ACD-8DDE-6BB087654ABF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F1B1F7F5-D046-439E-B7C2-D8B26E1A8D78}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe | 
"{F203FDD4-C7D4-43D7-9A65-89612215B1F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{F6FF3353-37E3-4188-8E9D-49953C9BDE8D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"TCP Query User{39E2788F-9150-4D6E-B7F0-D50001D1E53C}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{77E86909-0168-4E1C-B8A7-C9CE8A2C52F0}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
"TCP Query User{B410D0CC-1FDF-4EE9-8B97-F38FA8821D43}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{220809C9-BEB4-4F18-A124-D8C08A58D651}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"UDP Query User{E19A7691-9AE1-4E83-A264-B8C26FFCA7C0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{EFD864B9-F689-43CA-BF65-B68D9B1DB63C}C:\program files (x86)\openvpn\bin\openvpn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\openvpn\bin\openvpn.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3E38B0F4-1B86-421E-9B2A-9EA617DF6ABB}" = AuthenTec Fingerprint Software
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{988329F4-A1A1-4D51-803C-EF2725A97627}" = HP Photosmart All-In-One Driver Software 13.0 Rel. 2
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"{A7760E07-4C23-4766-A99E-F715F298E99C}" = TFPU
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"PROSet" = Intel(R) Network Connections Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Speccy" = Speccy
"TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}" = TOSHIBA Fingerprint Utility
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}" = RICOH R5U230 Media Driver ver.2.08.03.03
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = Toshiba Assist
"{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}" = TOSHIBA Sicherheits-Assistent
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1f0b7c1b-b3e9-43c9-a341-52bd9d02fe92}" = Nero 9 Essentials
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{397516AE-7DFE-4F90-84E0-BD616D559434}" = Nero BurnRights
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{685B0843-6C8D-4E42-B60D-2B86B45526E0}" = PS_AIO_02_Software_Min
"{6A631D31-1FD6-46B5-9337-3485C3CBB002}" = TOSHIBA Wireless Manager
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6C3CF7AC-5AB0-42D9-93C0-68166A57AFB6}" = Nero Express
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{838E187D-8B7A-473D-B93C-C8E970B15D2B}" = psqlODBC
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}" = Toshiba Manuals
"{94F8D42D-BB31-4858-9705-7D756D8D9655}" = PS_AIO_02_Software
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B4B2096B-B13E-408E-8985-BD07463D5487}" = PS_AIO_02_ProductContext
"{B7191DD7-E7B4-4658-9025-487916EC21C8}" = TOSHIBA Mobile Broadband Device
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CBAFE561-E351-43C7-9D05-171A73F404F7}" = Lotus Notes 8.5.1 (Basic) de
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel
"{DB8FCBE8-B9AE-455D-B9FE-55BB06F165CF}" = C4380
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DF9A6075-9308-4572-8932-A4316243C4D9}" = Brother P-touch Editor 5.0
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F082CB11-4794-4259-99A1-D91BA762AD15}" = TOSHIBA TEMPRO
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FEDFB4DC-E149-4897-B616-4811C718E54F}" = TOSHIBA 180 Degrees Rotation Utility
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Professional Security
"Digital Editions" = Adobe Digital Editions
"FileRestorePlus™_is1" = FileRestorePlus™ 3.0.1.1111
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Hardcopy(C__Program Files (x86)_Hardcopy)" = Hardcopy (C:\Program Files (x86)\Hardcopy)
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}" = TOSHIBA Recovery Media Creator Reminder
"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MPE" = MyPhoneExplorer
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenVPN" = OpenVPN 2.1.4
"TOSHIBA Game Console" = WildTangent ORB Game Console
"WildTangent toshiba Master Uninstall" = WildTangent-Spiele
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMerge_is1" = WinMerge 2.12.4
"WT083877" = Chuzzle Deluxe
"WT083890" = Zuma Deluxe
"WT083910" = Jewel Quest II
"WT083916" = Diner Dash 2 Restaurant Rescue
"WT083925" = Plants vs. Zombies
"WT083929" = Bejeweled 2 Deluxe
"WT083945" = FATE
"WT083958" = Penguins!
"WT083959" = Polar Bowler
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 17/07/2012 04:38:47 | Computer Name = nbkupec | Source = Windows Search Service | ID = 7010
Description = 
 
Error - 17/07/2012 06:27:14 | Computer Name = nbkupec | Source = System Restore | ID = 8193
Description = 
 
[ Media Center Events ]
Error - 24/07/2011 09:54:07 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 15:54:05 - Fehler beim Herstellen der Internetverbindung.  15:54:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05/09/2011 13:26:16 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 19:26:16 - Fehler beim Herstellen der Internetverbindung.  19:26:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05/09/2011 13:26:27 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 19:26:22 - Fehler beim Herstellen der Internetverbindung.  19:26:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14/09/2011 11:57:55 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 17:57:55 - Fehler beim Herstellen der Internetverbindung.  17:57:55 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14/09/2011 11:58:10 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 17:58:00 - Fehler beim Herstellen der Internetverbindung.  17:58:00 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14/09/2011 12:58:20 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 18:58:19 - Fehler beim Herstellen der Internetverbindung.  18:58:19 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14/09/2011 12:58:28 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 18:58:25 - Fehler beim Herstellen der Internetverbindung.  18:58:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22/09/2011 09:32:02 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 15:32:02 - Fehler beim Herstellen der Internetverbindung.  15:32:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22/09/2011 09:32:16 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 15:32:08 - Fehler beim Herstellen der Internetverbindung.  15:32:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05/10/2011 02:59:11 | Computer Name = nbkupec | Source = MCUpdate | ID = 0
Description = 08:59:01 - Fehler beim Herstellen der Internetverbindung.  08:59:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 17/07/2012 05:53:32 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17/07/2012 06:06:55 | Computer Name = nbkupec | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17/07/2012 06:06:55 | Computer Name = nbkupec | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17/07/2012 06:06:56 | Computer Name = nbkupec | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17/07/2012 06:06:57 | Computer Name = nbkupec | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
 
Error - 17/07/2012 06:14:11 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17/07/2012 06:14:11 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17/07/2012 06:14:34 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17/07/2012 06:18:51 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 17/07/2012 06:32:42 | Computer Name = nbkupec | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
 
< End of report >

--- --- ---

Log von Malwarebytes:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
user :: NBKUPEC [Administrator]

17/07/2012 12:10:19
mbam-log-2012-07-17 (12-10-19).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 402261
Laufzeit: 28 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Polizeivirus

Log-Analyse und Auswertung: Polizeivirus

Polizeivirus

Ähnliche Themen: Polizeivirus