http://search.fbdownloader.com/?channel=de_nt entfernen

futureneo · 31.07.2014, 20:07

Hallo, habe auch das Problem, dass bei jedem neuen Tab die Seite hxxp://search.fbdownloader.com/?channel=de_nt erscheint. Wie bekomme ich die weg? Grüße

schrauber · 31.07.2014, 20:09

hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

futureneo · 31.07.2014, 20:28

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by Carina (administrator) on LAPTOP-CARINA on 31-07-2014 21:17:47
Running from C:\Users\Carina\Desktop
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(GEAR Software) C:\Windows\System32\gearsec.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TNROTATE\TNROTATE.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [SSync] => C:\Users\Carina\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [SCheck] => C:\Users\Carina\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Snoozer] => C:\Users\Carina\AppData\Roaming\Snz\Snz.exe [1628641 2014-07-27] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [DataMgr] => C:\Users\Carina\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-03-04] (HTTO Group, Ltd.)
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Intermediate] => C:\Users\Carina\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Sixth] => C:\Users\Carina\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-27] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: E - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {2c44c7b9-3e32-11e2-9ca8-002318e9fb54} - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {3a4816fd-8e37-11e2-b764-002318e9fb54} - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {4a95f050-0a2b-11e2-8d8d-806e6f6e6963} - D:\start.exe /auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: ATFPUOverlayIcon -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
BHO: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO: AC-Pro -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\Carina\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: about:home
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Allin1Convert - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\8hffxtbr@Allin1Convert_8h.com [2014-07-13]
FF Extension: OfferMosquito - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\om@offermosquito.com.xpi [2014-02-28]
FF Extension: Simple New Tab - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2012-09-29]
FF HKLM\...\Firefox\Extensions: [support@predictad.com] - C:\Program Files\AutocompletePro\support@predictad.com
FF Extension: AutocompletePro - Your handy search suggestions tool - C:\Program Files\AutocompletePro\support@predictad.com [2012-10-12]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-08-04] (AuthenTec, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2123416 2014-05-20] (G Data Software AG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2564816 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 gearsec; C:\windows\system32\gearsec.exe [53248 2003-12-02] (GEAR Software) [File not signed]
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
S2 pg_alwinservice; c:/alwin6/postgresql/9.0/bin/pg_ctl.exe runservice -N "pg_alwinservice" -D "c:/alwin6/postgresql/9.0/data" -w [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ASPI; C:\windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R0 GDBehave; C:\windows\System32\drivers\GDBehave.sys [43008 2014-07-03] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt32.sys [20096 2014-07-03] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [102400 2014-07-03] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon32.sys [29400 2014-03-15] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [52224 2014-07-03] (G Data Software AG)
R1 gdwfpcd; C:\windows\System32\drivers\gdwfpcd32.sys [53248 2014-07-03] (G Data Software AG)
R3 GEARAspiWDM; C:\windows\System32\DRIVERS\GEARAspiWDM.sys [9856 2004-01-18] (GEAR Software) [File not signed]
R1 GRD; C:\windows\system32\drivers\GRD.sys [29528 2014-04-29] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [46080 2014-07-03] (G Data Software AG)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 21:17 - 2014-07-31 21:19 - 00017599 _____ () C:\Users\Carina\Desktop\FRST.txt
2014-07-31 21:17 - 2014-07-31 21:18 - 00000000 ____D () C:\FRST
2014-07-31 21:17 - 2014-07-31 21:17 - 01084928 _____ (Farbar) C:\Users\Carina\Desktop\FRST.exe
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Snz
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Sixth
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Local\simple_new_tab
2014-07-30 19:25 - 2014-07-30 19:25 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\SCheck
2014-07-30 19:23 - 2014-07-30 19:23 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OfferMosquito
2014-07-30 12:26 - 2014-07-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IsolatedStorage
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Local\FileViewPro
2014-07-29 06:28 - 2014-07-29 06:28 - 00000000 ____D () C:\Spacekace
2014-07-25 20:48 - 2014-07-25 20:48 - 00041599 _____ () C:\Users\Carina\Desktop\soccerstar.studio
2014-07-08 21:08 - 2014-07-08 21:08 - 00000000 ____D () C:\Users\Carina\Documents\Buhl
2014-07-06 20:56 - 2014-07-06 20:56 - 00000000 ____D () C:\Users\Carina\Documents\tax
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Buhl Data Service
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl Data Service
2014-07-06 19:39 - 2014-07-06 20:46 - 00000660 _____ () C:\windows\wiso.ini
2014-07-06 19:39 - 2014-07-06 20:39 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl
2014-07-06 19:39 - 2014-07-06 19:39 - 00002135 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-07-06 19:39 - 2014-07-06 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014 Professional
2014-07-06 19:36 - 2014-07-06 19:36 - 00000000 ____D () C:\Program Files\Buhl finance
2014-07-06 19:11 - 2014-07-06 20:46 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-07-03 12:39 - 2014-07-03 12:39 - 00000000 ____D () C:\windows\system32\appmgmt
2014-07-03 09:02 - 2014-07-03 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-07-01 12:29 - 2014-07-01 14:20 - 00023881 _____ () C:\Users\Carina\Desktop\Übersicht Bastelmaus.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-31 21:19 - 2014-07-31 21:17 - 00017599 _____ () C:\Users\Carina\Desktop\FRST.txt
2014-07-31 21:18 - 2014-07-31 21:17 - 00000000 ____D () C:\FRST
2014-07-31 21:18 - 2012-09-29 13:51 - 01941704 _____ () C:\windows\WindowsUpdate.log
2014-07-31 21:17 - 2014-07-31 21:17 - 01084928 _____ (Farbar) C:\Users\Carina\Desktop\FRST.exe
2014-07-31 21:16 - 2009-07-14 06:34 - 00017280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 21:16 - 2009-07-14 06:34 - 00017280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 21:04 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing
2014-07-31 20:34 - 2013-09-15 16:39 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 20:30 - 2014-03-13 13:23 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 20:20 - 2014-03-13 13:23 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Snz
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Sixth
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Local\simple_new_tab
2014-07-30 19:26 - 2014-03-13 13:24 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\DataMgr
2014-07-30 19:26 - 2012-09-29 14:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 19:25 - 2014-07-30 19:25 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\SCheck
2014-07-30 19:25 - 2014-03-20 00:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-07-30 19:23 - 2014-07-30 19:23 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OfferMosquito
2014-07-30 19:22 - 2014-03-13 22:34 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-07-30 19:22 - 2009-09-16 01:24 - 01556882 _____ () C:\windows\PFRO.log
2014-07-30 19:22 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-30 19:22 - 2009-07-14 06:39 - 00068617 _____ () C:\windows\setupact.log
2014-07-30 12:26 - 2014-07-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IsolatedStorage
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Local\FileViewPro
2014-07-29 06:28 - 2014-07-29 06:28 - 00000000 ____D () C:\Spacekace
2014-07-29 06:17 - 2009-09-16 01:35 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-26 21:24 - 2014-02-18 07:20 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OpenCandy
2014-07-25 20:48 - 2014-07-25 20:48 - 00041599 _____ () C:\Users\Carina\Desktop\soccerstar.studio
2014-07-10 20:50 - 2012-10-07 20:13 - 00000000 ____D () C:\Users\Carina\Documents\Taxpool-Buchhalter
2014-07-10 13:51 - 2014-06-08 15:53 - 00000000 ____D () C:\Users\Carina\Desktop\Bilder entwickeln DM
2014-07-09 15:49 - 2012-09-29 14:47 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IrfanView
2014-07-09 10:34 - 2012-09-29 17:50 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:34 - 2012-09-29 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 21:08 - 2014-07-08 21:08 - 00000000 ____D () C:\Users\Carina\Documents\Buhl
2014-07-06 20:56 - 2014-07-06 20:56 - 00000000 ____D () C:\Users\Carina\Documents\tax
2014-07-06 20:46 - 2014-07-06 19:39 - 00000660 _____ () C:\windows\wiso.ini
2014-07-06 20:46 - 2014-07-06 19:11 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Buhl Data Service
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl Data Service
2014-07-06 20:39 - 2014-07-06 19:39 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl
2014-07-06 19:39 - 2014-07-06 19:39 - 00002135 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-07-06 19:39 - 2014-07-06 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014 Professional
2014-07-06 19:36 - 2014-07-06 19:36 - 00000000 ____D () C:\Program Files\Buhl finance
2014-07-06 19:36 - 2009-09-16 01:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-04 23:20 - 2012-09-29 14:24 - 00000000 ____D () C:\Users\Carina
2014-07-04 21:52 - 2013-01-18 10:22 - 00002084 ____H () C:\Users\Carina\Documents\Default.rdp
2014-07-03 12:39 - 2014-07-03 12:39 - 00000000 ____D () C:\windows\system32\appmgmt
2014-07-03 09:02 - 2014-07-03 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-07-03 09:02 - 2014-04-15 20:04 - 00020096 _____ (G Data Software AG) C:\windows\system32\Drivers\GDKBFlt32.sys
2014-07-03 09:02 - 2014-04-15 20:04 - 00001907 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-07-03 09:02 - 2014-03-15 18:43 - 00052224 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys
2014-07-03 09:02 - 2014-03-15 18:42 - 00046080 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00102400 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00053248 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00043008 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys
2014-07-03 09:00 - 2012-10-01 21:01 - 00000000 ____D () C:\Program Files\Common Files\G Data
2014-07-03 09:00 - 2012-09-29 13:55 - 00013796 _____ () C:\windows\DPINST.LOG
2014-07-01 22:01 - 2012-09-29 14:26 - 00108888 _____ () C:\Users\Carina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 22:01 - 2009-07-14 06:33 - 00415048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-01 22:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles
2014-07-01 14:37 - 2012-11-04 18:28 - 00000000 ____D () C:\Users\Carina\Documents\Steuerfälle
2014-07-01 14:20 - 2014-07-01 12:29 - 00023881 _____ () C:\Users\Carina\Desktop\Übersicht Bastelmaus.xlsx

Some content of TEMP:
====================
C:\Users\Carina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Carina\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Carina\AppData\Local\Temp\FileSystemView.dll
C:\Users\Carina\AppData\Local\Temp\LollipopInstaller_notifications.exe
C:\Users\Carina\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Carina\AppData\Local\Temp\tmp3634.exe
C:\Users\Carina\AppData\Local\Temp\tmp7D02.exe
C:\Users\Carina\AppData\Local\Temp\uninst1.exe
C:\Users\Carina\AppData\Local\Temp\update_biller.exe
C:\Users\Carina\AppData\Local\Temp\Webcake-1114.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-28 12:17

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Carina at 2014-07-31 21:19:25
Running from C:\Users\Carina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.302.109 - ALPS ELECTRIC CO., LTD.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.2.1 - AuthenTec, Inc.)
AutocompletePro (HKLM\...\AutocompletePro2_is1) (Version:  - ) <==== ATTENTION
Biller (HKLM\...\Biller) (Version: 1.49 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.08(T) - TOSHIBA CORPORATION)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
eJay Mix CD Producer (HKLM\...\{7AE4987B-33AA-4725-9E47-1B9FBFE7F5CF}) (Version: 5.1.5.0 - eJay)
framily Gestaltungs-Software 4.80 (HKLM\...\{593ED299-14EF-4C0F-92B4-B262E7CD5C2B}_is1) (Version:  - framily Gestaltungs-Software)
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK Create@Home Software (für dm) (HKLM\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
PDF24 Creator 5.6.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.63.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.63.02 - RICOH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
t@x 2014 Professional (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Taxpool-Buchhalter Mini 6.23 (HKLM\...\Taxpool-Buchhalter Mini) (Version: 6.23 - psynetic® Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA 180 Degrees Rotation Utility (HKLM\...\InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}) (Version: 1.2.0.0 - TOSHIBA Corporation)
TOSHIBA 180 Degrees Rotation Utility (Version: 1.2.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.0.32 - TOSHIBA Corporation) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.9 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - Ihr Firmenname)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - Ihr Firmenname) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.0 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA SD Memory Boot Utility (HKLM\...\{BBF5493A-05FB-4449-90DE-84A61EB78154}) (Version: 1.3.1.2 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.7 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sicherheits-Assistent (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.6 - TOSHIBA)
Toshiba TEMPRO (HKLM\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.0.12.0 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.2 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

13-06-2014 09:43:03 Windows Update
17-06-2014 07:47:25 Windows Update
28-06-2014 10:14:39 Windows Update
30-06-2014 14:23:06 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:38:09 Steuer-Sparer 2014 wurde entfernt.
03-07-2014 10:41:13 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:51:53 Steuer-Sparer 2014 wurde entfernt.
06-07-2014 17:36:14 Installiert t@x 2014 Professional
30-07-2014 15:30:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DEFD168-9A45-481B-B45B-261AAAF33F5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {80DE133C-4475-4010-8FD2-A95A67007CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {B3DB0360-0C47-40D3-BB3C-682832CA6198} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E65C5599-1A7A-489C-BA85-87166B74BD6A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {E74DB292-F012-4F97-9D03-BA85751ABEAF} - System32\Tasks\OMESupervisor => C:\Users\Carina\AppData\Local\omesuperv.exe <==== ATTENTION
Task: {E9416CC6-9817-4BD6-B4B0-1425F7C5B451} - System32\Tasks\Fifth => C:\Users\Carina\AppData\Roaming\Fifth\Fifth.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 07263544 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-29 15:35 - 2009-07-29 15:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2014-07-06 19:39 - 2014-07-02 10:13 - 00589080 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-07-06 19:37 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00277624 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2009-08-03 18:17 - 2009-08-03 18:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-30 12:26 - 2014-07-30 12:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 10:34 - 2014-07-09 10:34 - 17029808 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2012-09-29 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 10:45:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1234
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/30/2014 10:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (07/30/2014 07:22:33 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL:  58P01: could not open directory "c:/alwin6/postgresql/9.0/lib": No such file or directory
HINT:  This may indicate an incomplete PostgreSQL installation, or that the file "c:/alwin6/postgresql/9.0/bin/postgres.exe" has been moved away from its proper location.
LOCATION:  getInstallationPaths, .\src\backend\postmaster\postmaster.c:1145

Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Laptop-Carina)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Laptop-Carina)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (07/30/2014 05:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/30/2014 05:24:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/30/2014 04:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (07/29/2014 00:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/28/2014 07:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (07/30/2014 10:46:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (07/30/2014 10:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2014 07:22:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎07.‎2014 um 19:21:21 unerwartet heruntergefahren.

Error: (07/30/2014 06:09:28 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

Error: (07/30/2014 04:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2014 03:33:30 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/28/2013 06:40:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 370 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/24/2013 08:50:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267054 seconds with 240 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 2937.18 MB
Available physical RAM: 941.41 MB
Total Pagefile: 5872.65 MB
Available Pagefile: 3131.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.98 MB

==================== Drives ================================

Drive c: (TI30371300A) (Fixed) (Total:225.78 GB) (Free:157.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (tax2014) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EF83368D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=17)

==================== End Of Log ============================

--- --- ---

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Carina at 2014-07-31 21:19:25
Running from C:\Users\Carina\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.302.109 - ALPS ELECTRIC CO., LTD.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.2.1 - AuthenTec, Inc.)
AutocompletePro (HKLM\...\AutocompletePro2_is1) (Version:  - ) <==== ATTENTION
Biller (HKLM\...\Biller) (Version: 1.49 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.08(T) - TOSHIBA CORPORATION)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
eJay Mix CD Producer (HKLM\...\{7AE4987B-33AA-4725-9E47-1B9FBFE7F5CF}) (Version: 5.1.5.0 - eJay)
framily Gestaltungs-Software 4.80 (HKLM\...\{593ED299-14EF-4C0F-92B4-B262E7CD5C2B}_is1) (Version:  - framily Gestaltungs-Software)
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK Create@Home Software (für dm) (HKLM\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version:  - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
PDF24 Creator 5.6.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.63.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.63.02 - RICOH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
t@x 2014 Professional (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Taxpool-Buchhalter Mini 6.23 (HKLM\...\Taxpool-Buchhalter Mini) (Version: 6.23 - psynetic® Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA 180 Degrees Rotation Utility (HKLM\...\InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}) (Version: 1.2.0.0 - TOSHIBA Corporation)
TOSHIBA 180 Degrees Rotation Utility (Version: 1.2.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.0.32 - TOSHIBA Corporation) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.9 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - Ihr Firmenname)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - Ihr Firmenname) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.0 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA SD Memory Boot Utility (HKLM\...\{BBF5493A-05FB-4449-90DE-84A61EB78154}) (Version: 1.3.1.2 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.7 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sicherheits-Assistent (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.6 - TOSHIBA)
Toshiba TEMPRO (HKLM\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.0.12.0 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.2 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)

==================== Restore Points  =========================

13-06-2014 09:43:03 Windows Update
17-06-2014 07:47:25 Windows Update
28-06-2014 10:14:39 Windows Update
30-06-2014 14:23:06 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:38:09 Steuer-Sparer 2014 wurde entfernt.
03-07-2014 10:41:13 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:51:53 Steuer-Sparer 2014 wurde entfernt.
06-07-2014 17:36:14 Installiert t@x 2014 Professional
30-07-2014 15:30:28 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {6DEFD168-9A45-481B-B45B-261AAAF33F5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {80DE133C-4475-4010-8FD2-A95A67007CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {B3DB0360-0C47-40D3-BB3C-682832CA6198} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E65C5599-1A7A-489C-BA85-87166B74BD6A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {E74DB292-F012-4F97-9D03-BA85751ABEAF} - System32\Tasks\OMESupervisor => C:\Users\Carina\AppData\Local\omesuperv.exe <==== ATTENTION
Task: {E9416CC6-9817-4BD6-B4B0-1425F7C5B451} - System32\Tasks\Fifth => C:\Users\Carina\AppData\Roaming\Fifth\Fifth.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 07263544 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-29 15:35 - 2009-07-29 15:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2014-07-06 19:39 - 2014-07-02 10:13 - 00589080 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-07-06 19:37 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00277624 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2009-08-03 18:17 - 2009-08-03 18:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-30 12:26 - 2014-07-30 12:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 10:34 - 2014-07-09 10:34 - 17029808 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2012-09-29 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2014 10:45:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1234
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/30/2014 10:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (07/30/2014 07:22:33 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL:  58P01: could not open directory "c:/alwin6/postgresql/9.0/lib": No such file or directory
HINT:  This may indicate an incomplete PostgreSQL installation, or that the file "c:/alwin6/postgresql/9.0/bin/postgres.exe" has been moved away from its proper location.
LOCATION:  getInstallationPaths, .\src\backend\postmaster\postmaster.c:1145

Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Laptop-Carina)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.

Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Laptop-Carina)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.

Error: (07/30/2014 05:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/30/2014 05:24:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (07/30/2014 04:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3

Error: (07/29/2014 00:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (07/28/2014 07:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3


System errors:
=============
Error: (07/30/2014 10:46:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler: 
%%1056

Error: (07/30/2014 10:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2014 07:22:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎30.‎07.‎2014 um 19:21:21 unerwartet heruntergefahren.

Error: (07/30/2014 06:09:28 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

Error: (07/30/2014 04:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (07/30/2014 03:33:30 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.

Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.

Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.


Microsoft Office Sessions:
=========================
Error: (09/28/2013 06:40:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 370 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (08/24/2013 08:50:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267054 seconds with 240 seconds of active time.  This session ended with a crash.


==================== Memory info =========================== 

Percentage of memory in use: 67%
Total physical RAM: 2937.18 MB
Available physical RAM: 941.41 MB
Total Pagefile: 5872.65 MB
Available Pagefile: 3131.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.98 MB

==================== Drives ================================

Drive c: (TI30371300A) (Fixed) (Total:225.78 GB) (Free:157.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (tax2014) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EF83368D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=17)

==================== End Of Log ============================

--- --- ---

schrauber · 01.08.2014, 17:51

Adware & Co. deinstallieren

Lade Dir bitte von hier Revo Uninstaller herunter.
Installiere und starte das Programm.
Suche im Uninstallerfeld nach den Programmen, die unter:

diesen Zusatz haben:
Wähle die Programme nacheinander aus und klicke jedesmal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

http://search.fbdownloader.com/?channel=de_nt entfernen

Plagegeister aller Art und deren Bekämpfung: http://search.fbdownloader.com/?channel=de_nt entfernen