| futureneo | 31.07.2014 20:28 |
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:31-07-2014 01
Ran by Carina (administrator) on LAPTOP-CARINA on 31-07-2014 21:17:47
Running from C:\Users\Carina\Desktop
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
() C:\Program Files\AAVUpdateManager\aavus.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(GEAR Software) C:\Windows\System32\gearsec.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TNROTATE\TNROTATE.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUPWDBank.exe
(TOSHIBA) C:\Program Files\Toshiba\TFPU\TFPUTaskMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TEco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
() C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFIWmxSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\RSelect\RSelSvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [SSync] => C:\Users\Carina\AppData\Roaming\SSync\SSync.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [SCheck] => C:\Users\Carina\AppData\Roaming\SCheck\SCheck.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Snoozer] => C:\Users\Carina\AppData\Roaming\Snz\Snz.exe [1628641 2014-07-27] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [DataMgr] => C:\Users\Carina\AppData\Roaming\DataMgr\DataMgr.exe [168824 2014-03-04] (HTTO Group, Ltd.)
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Intermediate] => C:\Users\Carina\AppData\Roaming\Intermediate\Intermediate.exe [37376 2013-12-09] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\Run: [Sixth] => C:\Users\Carina\AppData\Roaming\Sixth\Sixth.exe [63625 2014-07-27] ()
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: E - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {2c44c7b9-3e32-11e2-9ca8-002318e9fb54} - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {3a4816fd-8e37-11e2-b764-002318e9fb54} - E:\ting.exe
HKU\S-1-5-21-2630201904-1804865435-1614418901-1000\...\MountPoints2: {4a95f050-0a2b-11e2-8d8d-806e6f6e6963} - D:\start.exe /auto
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\t@x aktuell.lnk
ShortcutTarget: t@x aktuell.lnk -> C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: ATFPUOverlayIcon -> {3239DBC1-B76D-4dc7-8B29-D99CBA3C7336} => C:\Program Files\TOSHIBA\TFPU\TFPUOverlayIcon.dll (TOSHIBA)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://wisersearch.com/?channel=de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=TJ&userid=08a2ab90-529c-c05e-3636-6640a2ee0bcb&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=18/02/2014&type=hp1000
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://wisersearch.com/search.php?channel=de&q={searchTerms}
BHO: TFPUPWDBankBHO Class -> {030AC7B6-E7EC-40F1-8FB2-C0FD344DE0B9} -> C:\Program Files\TOSHIBA\TFPU\TFPUPWDBankBHO.dll (TODO: <Company name>)
BHO: AC-Pro -> {0FB6A909-6086-458F-BD92-1F8EE10042A0} -> C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: OfferMosquito -> {82B16A3D-F03E-4565-A532-666B219C9A53} -> C:\Users\Carina\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default
FF DefaultSearchEngine: Search
FF SelectedSearchEngine: Search
FF Homepage: about:home
FF Keyword.URL: hxxp://wisersearch.com/search.php?channel=de&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: bebomedia.com/OfferMosquitoIEHelper - C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Allin1Convert - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\8hffxtbr@Allin1Convert_8h.com [2014-07-13]
FF Extension: OfferMosquito - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\om@offermosquito.com.xpi [2014-02-28]
FF Extension: Simple New Tab - C:\Users\Carina\AppData\Roaming\Mozilla\Firefox\Profiles\br6xipc2.default\Extensions\snt@dotlabs.co.xpi [2013-12-16]
FF HKLM\...\Firefox\Extensions: [{C1CA7765-44E4-452e-9D00-A04F3D434281}] - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin
FF Extension: Automatic password input in Fx - C:\Program Files\TOSHIBA\TFPU\FirefoxAddin [2012-09-29]
FF HKLM\...\Firefox\Extensions: [support@predictad.com] - C:\Program Files\AutocompletePro\support@predictad.com
FF Extension: AutocompletePro - Your handy search suggestions tool - C:\Program Files\AutocompletePro\support@predictad.com [2012-10-12]
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1807608 2009-08-04] (AuthenTec, Inc.)
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2123416 2014-05-20] (G Data Software AG)
R2 cfWiMAXService; C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [185712 2009-08-10] (TOSHIBA CORPORATION)
R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [46448 2009-03-10] (TOSHIBA CORPORATION)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2564816 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 gearsec; C:\windows\system32\gearsec.exe [53248 2003-12-02] (GEAR Software) [File not signed]
R2 RSELSVC; C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe [62832 2009-07-07] (TOSHIBA Corporation)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-08-26] (Toshiba Europe GmbH)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [54136 2011-02-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [185712 2009-08-27] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [111960 2009-08-03] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [685424 2009-08-06] (TOSHIBA Corporation)
S2 pg_alwinservice; c:/alwin6/postgresql/9.0/bin/pg_ctl.exe runservice -N "pg_alwinservice" -D "c:/alwin6/postgresql/9.0/data" -w [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ASPI; C:\windows\System32\DRIVERS\ASPI32.sys [84832 2002-07-17] (Adaptec) [File not signed]
R0 GDBehave; C:\windows\System32\drivers\GDBehave.sys [43008 2014-07-03] (G Data Software AG)
R1 GDKBFlt; C:\windows\system32\drivers\GDKBFlt32.sys [20096 2014-07-03] (G Data Software AG)
R1 GDMnIcpt; C:\windows\system32\drivers\MiniIcpt.sys [102400 2014-07-03] (G Data Software AG)
S3 GdNetMon; C:\windows\system32\drivers\GdNetMon32.sys [29400 2014-03-15] (G Data Software AG)
R3 GDPkIcpt; C:\windows\system32\drivers\PktIcpt.sys [52224 2014-07-03] (G Data Software AG)
R1 gdwfpcd; C:\windows\System32\drivers\gdwfpcd32.sys [53248 2014-07-03] (G Data Software AG)
R3 GEARAspiWDM; C:\windows\System32\DRIVERS\GEARAspiWDM.sys [9856 2004-01-18] (GEAR Software) [File not signed]
R1 GRD; C:\windows\system32\drivers\GRD.sys [29528 2014-04-29] (G Data Software)
R1 HookCentre; C:\windows\system32\drivers\HookCentre.sys [46080 2014-07-03] (G Data Software AG)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [24064 2009-06-22] (TOSHIBA Corporation)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 Tosrfcom; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 21:17 - 2014-07-31 21:19 - 00017599 _____ () C:\Users\Carina\Desktop\FRST.txt
2014-07-31 21:17 - 2014-07-31 21:18 - 00000000 ____D () C:\FRST
2014-07-31 21:17 - 2014-07-31 21:17 - 01084928 _____ (Farbar) C:\Users\Carina\Desktop\FRST.exe
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Snz
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Sixth
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Local\simple_new_tab
2014-07-30 19:25 - 2014-07-30 19:25 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\SCheck
2014-07-30 19:23 - 2014-07-30 19:23 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OfferMosquito
2014-07-30 12:26 - 2014-07-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IsolatedStorage
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Local\FileViewPro
2014-07-29 06:28 - 2014-07-29 06:28 - 00000000 ____D () C:\Spacekace
2014-07-25 20:48 - 2014-07-25 20:48 - 00041599 _____ () C:\Users\Carina\Desktop\soccerstar.studio
2014-07-08 21:08 - 2014-07-08 21:08 - 00000000 ____D () C:\Users\Carina\Documents\Buhl
2014-07-06 20:56 - 2014-07-06 20:56 - 00000000 ____D () C:\Users\Carina\Documents\tax
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Buhl Data Service
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl Data Service
2014-07-06 19:39 - 2014-07-06 20:46 - 00000660 _____ () C:\windows\wiso.ini
2014-07-06 19:39 - 2014-07-06 20:39 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl
2014-07-06 19:39 - 2014-07-06 19:39 - 00002135 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-07-06 19:39 - 2014-07-06 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014 Professional
2014-07-06 19:36 - 2014-07-06 19:36 - 00000000 ____D () C:\Program Files\Buhl finance
2014-07-06 19:11 - 2014-07-06 20:46 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-07-03 12:39 - 2014-07-03 12:39 - 00000000 ____D () C:\windows\system32\appmgmt
2014-07-03 09:02 - 2014-07-03 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-07-01 12:29 - 2014-07-01 14:20 - 00023881 _____ () C:\Users\Carina\Desktop\Übersicht Bastelmaus.xlsx
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 21:19 - 2014-07-31 21:17 - 00017599 _____ () C:\Users\Carina\Desktop\FRST.txt
2014-07-31 21:18 - 2014-07-31 21:17 - 00000000 ____D () C:\FRST
2014-07-31 21:18 - 2012-09-29 13:51 - 01941704 _____ () C:\windows\WindowsUpdate.log
2014-07-31 21:17 - 2014-07-31 21:17 - 01084928 _____ (Farbar) C:\Users\Carina\Desktop\FRST.exe
2014-07-31 21:16 - 2009-07-14 06:34 - 00017280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-31 21:16 - 2009-07-14 06:34 - 00017280 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-31 21:04 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\tracing
2014-07-31 20:34 - 2013-09-15 16:39 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-31 20:30 - 2014-03-13 13:23 - 00001098 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 20:20 - 2014-03-13 13:23 - 00001094 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Snz
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Sixth
2014-07-30 19:26 - 2014-07-30 19:26 - 00000000 ____D () C:\Users\Carina\AppData\Local\simple_new_tab
2014-07-30 19:26 - 2014-03-13 13:24 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\DataMgr
2014-07-30 19:26 - 2012-09-29 14:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-30 19:25 - 2014-07-30 19:25 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\SCheck
2014-07-30 19:25 - 2014-03-20 00:45 - 00000000 ____D () C:\Program Files\Mozilla Firefox.bak
2014-07-30 19:23 - 2014-07-30 19:23 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OfferMosquito
2014-07-30 19:22 - 2014-03-13 22:34 - 00065536 _____ () C:\windows\system32\Ikeext.etl
2014-07-30 19:22 - 2009-09-16 01:24 - 01556882 _____ () C:\windows\PFRO.log
2014-07-30 19:22 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-30 19:22 - 2009-07-14 06:39 - 00068617 _____ () C:\windows\setupact.log
2014-07-30 12:26 - 2014-07-30 12:26 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IsolatedStorage
2014-07-29 06:30 - 2014-07-29 06:30 - 00000000 ____D () C:\Users\Carina\AppData\Local\FileViewPro
2014-07-29 06:28 - 2014-07-29 06:28 - 00000000 ____D () C:\Spacekace
2014-07-29 06:17 - 2009-09-16 01:35 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-26 21:24 - 2014-02-18 07:20 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\OpenCandy
2014-07-25 20:48 - 2014-07-25 20:48 - 00041599 _____ () C:\Users\Carina\Desktop\soccerstar.studio
2014-07-10 20:50 - 2012-10-07 20:13 - 00000000 ____D () C:\Users\Carina\Documents\Taxpool-Buchhalter
2014-07-10 13:51 - 2014-06-08 15:53 - 00000000 ____D () C:\Users\Carina\Desktop\Bilder entwickeln DM
2014-07-09 15:49 - 2012-09-29 14:47 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\IrfanView
2014-07-09 10:34 - 2012-09-29 17:50 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:34 - 2012-09-29 17:50 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 21:08 - 2014-07-08 21:08 - 00000000 ____D () C:\Users\Carina\Documents\Buhl
2014-07-06 20:56 - 2014-07-06 20:56 - 00000000 ____D () C:\Users\Carina\Documents\tax
2014-07-06 20:46 - 2014-07-06 19:39 - 00000660 _____ () C:\windows\wiso.ini
2014-07-06 20:46 - 2014-07-06 19:11 - 00000000 ____D () C:\ProgramData\Buhl Data Service GmbH
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Roaming\Buhl Data Service
2014-07-06 20:40 - 2014-07-06 20:40 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl Data Service
2014-07-06 20:39 - 2014-07-06 19:39 - 00000000 ____D () C:\Users\Carina\AppData\Local\Buhl
2014-07-06 19:39 - 2014-07-06 19:39 - 00002135 _____ () C:\Users\Public\Desktop\t@x 2014.lnk
2014-07-06 19:39 - 2014-07-06 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\t@x 2014 Professional
2014-07-06 19:36 - 2014-07-06 19:36 - 00000000 ____D () C:\Program Files\Buhl finance
2014-07-06 19:36 - 2009-09-16 01:25 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-04 23:20 - 2012-09-29 14:24 - 00000000 ____D () C:\Users\Carina
2014-07-04 21:52 - 2013-01-18 10:22 - 00002084 ____H () C:\Users\Carina\Documents\Default.rdp
2014-07-03 12:39 - 2014-07-03 12:39 - 00000000 ____D () C:\windows\system32\appmgmt
2014-07-03 09:02 - 2014-07-03 09:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-07-03 09:02 - 2014-04-15 20:04 - 00020096 _____ (G Data Software AG) C:\windows\system32\Drivers\GDKBFlt32.sys
2014-07-03 09:02 - 2014-04-15 20:04 - 00001907 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-07-03 09:02 - 2014-03-15 18:43 - 00052224 _____ (G Data Software AG) C:\windows\system32\Drivers\PktIcpt.sys
2014-07-03 09:02 - 2014-03-15 18:42 - 00046080 _____ (G Data Software AG) C:\windows\system32\Drivers\HookCentre.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00102400 _____ (G Data Software AG) C:\windows\system32\Drivers\MiniIcpt.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00053248 _____ (G Data Software AG) C:\windows\system32\Drivers\gdwfpcd32.sys
2014-07-03 09:01 - 2014-03-15 18:42 - 00043008 _____ (G Data Software AG) C:\windows\system32\Drivers\GDBehave.sys
2014-07-03 09:00 - 2012-10-01 21:01 - 00000000 ____D () C:\Program Files\Common Files\G Data
2014-07-03 09:00 - 2012-09-29 13:55 - 00013796 _____ () C:\windows\DPINST.LOG
2014-07-01 22:01 - 2012-09-29 14:26 - 00108888 _____ () C:\Users\Carina\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-01 22:01 - 2009-07-14 06:33 - 00415048 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-01 22:01 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\LogFiles
2014-07-01 14:37 - 2012-11-04 18:28 - 00000000 ____D () C:\Users\Carina\Documents\Steuerfälle
2014-07-01 14:20 - 2014-07-01 12:29 - 00023881 _____ () C:\Users\Carina\Desktop\Übersicht Bastelmaus.xlsx
Some content of TEMP:
====================
C:\Users\Carina\AppData\Local\Temp\BackupSetup.exe
C:\Users\Carina\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Carina\AppData\Local\Temp\FileSystemView.dll
C:\Users\Carina\AppData\Local\Temp\LollipopInstaller_notifications.exe
C:\Users\Carina\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Carina\AppData\Local\Temp\tmp3634.exe
C:\Users\Carina\AppData\Local\Temp\tmp7D02.exe
C:\Users\Carina\AppData\Local\Temp\uninst1.exe
C:\Users\Carina\AppData\Local\Temp\update_biller.exe
C:\Users\Carina\AppData\Local\Temp\Webcake-1114.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 12:17
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Carina at 2014-07-31 21:19:25
Running from C:\Users\Carina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.302.109 - ALPS ELECTRIC CO., LTD.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.2.1 - AuthenTec, Inc.)
AutocompletePro (HKLM\...\AutocompletePro2_is1) (Version: - ) <==== ATTENTION
Biller (HKLM\...\Biller) (Version: 1.49 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.08(T) - TOSHIBA CORPORATION)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
eJay Mix CD Producer (HKLM\...\{7AE4987B-33AA-4725-9E47-1B9FBFE7F5CF}) (Version: 5.1.5.0 - eJay)
framily Gestaltungs-Software 4.80 (HKLM\...\{593ED299-14EF-4C0F-92B4-B262E7CD5C2B}_is1) (Version: - framily Gestaltungs-Software)
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK Create@Home Software (für dm) (HKLM\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
PDF24 Creator 5.6.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.63.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.63.02 - RICOH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
t@x 2014 Professional (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Taxpool-Buchhalter Mini 6.23 (HKLM\...\Taxpool-Buchhalter Mini) (Version: 6.23 - psynetic® Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA 180 Degrees Rotation Utility (HKLM\...\InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}) (Version: 1.2.0.0 - TOSHIBA Corporation)
TOSHIBA 180 Degrees Rotation Utility (Version: 1.2.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.0.32 - TOSHIBA Corporation) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.9 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - Ihr Firmenname)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - Ihr Firmenname) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.0 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA SD Memory Boot Utility (HKLM\...\{BBF5493A-05FB-4449-90DE-84A61EB78154}) (Version: 1.3.1.2 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.7 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sicherheits-Assistent (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.6 - TOSHIBA)
Toshiba TEMPRO (HKLM\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.0.12.0 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.2 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
==================== Restore Points =========================
13-06-2014 09:43:03 Windows Update
17-06-2014 07:47:25 Windows Update
28-06-2014 10:14:39 Windows Update
30-06-2014 14:23:06 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:38:09 Steuer-Sparer 2014 wurde entfernt.
03-07-2014 10:41:13 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:51:53 Steuer-Sparer 2014 wurde entfernt.
06-07-2014 17:36:14 Installiert t@x 2014 Professional
30-07-2014 15:30:28 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6DEFD168-9A45-481B-B45B-261AAAF33F5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {80DE133C-4475-4010-8FD2-A95A67007CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {B3DB0360-0C47-40D3-BB3C-682832CA6198} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E65C5599-1A7A-489C-BA85-87166B74BD6A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {E74DB292-F012-4F97-9D03-BA85751ABEAF} - System32\Tasks\OMESupervisor => C:\Users\Carina\AppData\Local\omesuperv.exe <==== ATTENTION
Task: {E9416CC6-9817-4BD6-B4B0-1425F7C5B451} - System32\Tasks\Fifth => C:\Users\Carina\AppData\Roaming\Fifth\Fifth.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 07263544 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-29 15:35 - 2009-07-29 15:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2014-07-06 19:39 - 2014-07-02 10:13 - 00589080 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-07-06 19:37 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00277624 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2009-08-03 18:17 - 2009-08-03 18:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-30 12:26 - 2014-07-30 12:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 10:34 - 2014-07-09 10:34 - 17029808 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2012-09-29 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2014 10:45:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1234
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/30/2014 10:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (07/30/2014 07:22:33 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL: 58P01: could not open directory "c:/alwin6/postgresql/9.0/lib": No such file or directory
HINT: This may indicate an incomplete PostgreSQL installation, or that the file "c:/alwin6/postgresql/9.0/bin/postgres.exe" has been moved away from its proper location.
LOCATION: getInstallationPaths, .\src\backend\postmaster\postmaster.c:1145
Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Laptop-Carina)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Laptop-Carina)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (07/30/2014 05:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/30/2014 05:24:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/30/2014 04:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (07/29/2014 00:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/28/2014 07:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (07/30/2014 10:46:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/30/2014 10:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/30/2014 07:22:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 19:21:21 unerwartet heruntergefahren.
Error: (07/30/2014 06:09:28 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.
Error: (07/30/2014 04:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/30/2014 03:33:30 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.
Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/28/2013 06:40:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 370 seconds with 360 seconds of active time. This session ended with a crash.
Error: (08/24/2013 08:50:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267054 seconds with 240 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 2937.18 MB
Available physical RAM: 941.41 MB
Total Pagefile: 5872.65 MB
Available Pagefile: 3131.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.98 MB
==================== Drives ================================
Drive c: (TI30371300A) (Fixed) (Total:225.78 GB) (Free:157.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (tax2014) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EF83368D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=17)
==================== End Of Log ============================
--- --- ---
FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:31-07-2014 01
Ran by Carina at 2014-07-31 21:19:25
Running from C:\Users\Carina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.202.302.109 - ALPS ELECTRIC CO., LTD.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.0 - Atheros)
AuthenTec Fingerprint Software (HKLM\...\{6B99AF03-2668-4572-BD3D-8C7A5D103065}) (Version: 8.5.2.1 - AuthenTec, Inc.)
AutocompletePro (HKLM\...\AutocompletePro2_is1) (Version: - ) <==== ATTENTION
Biller (HKLM\...\Biller) (Version: 1.49 - )
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v7.00.08(T) - TOSHIBA CORPORATION)
dm-Fotowelt (HKLM\...\dm-Fotowelt) (Version: 5.1.3 - CEWE Stiftung u Co. KGaA)
eJay Mix CD Producer (HKLM\...\{7AE4987B-33AA-4725-9E47-1B9FBFE7F5CF}) (Version: 5.1.5.0 - eJay)
framily Gestaltungs-Software 4.80 (HKLM\...\{593ED299-14EF-4C0F-92B4-B262E7CD5C2B}_is1) (Version: - framily Gestaltungs-Software)
G Data InternetSecurity (HKLM\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1872 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 14.2 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
KODAK Create@Home Software (für dm) (HKLM\...\{43B8BDF6-13EC-44BE-9EDA-F284C4CA19A6}) (Version: 7.8.1392 - Eastman Kodak Company)
LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 ENU CTP1 (HKLM\...\{973805E6-9CDB-43F8-A14E-2161532B56A7}) (Version: 4.0.8854.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
No23 Recorder (HKLM\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
PDF24 Creator 5.6.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ravensburger tiptoi (HKLM\...\Ravensburger tiptoi) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5904 - Realtek Semiconductor Corp.)
RICOH R5U8xx Media Driver ver.3.63.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.63.02 - RICOH)
Steuer-Sparer 2013 (HKLM\...\{0B914F2C-6CC2-4328-B84E-411A81B50FA4}) (Version: 18.09 - Wolters Kluwer Deutschland GmbH)
t@x 2014 Professional (HKLM\...\{2547CF96-DBB7-4EDD-9327-0EFDD0D1FA8A}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Taxpool-Buchhalter Mini 6.23 (HKLM\...\Taxpool-Buchhalter Mini) (Version: 6.23 - psynetic® Software)
TFPU (Version: 1.0.0 - TOSHIBA) Hidden
TOSHIBA 180 Degrees Rotation Utility (HKLM\...\InstallShield_{2E54DAC2-BDF7-49EC-87AF-B38E3B096BC6}) (Version: 1.2.0.0 - TOSHIBA Corporation)
TOSHIBA 180 Degrees Rotation Utility (Version: 1.2.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.23 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.1 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.11-A - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}) (Version: 1.1.10.0 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.10.0 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - Toshiba) Hidden
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.0.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.0.32 - TOSHIBA Corporation) Hidden
TOSHIBA Fingerprint Utility (HKLM\...\TFPU{A7760E07-4C23-4766-A99E-F715F298E99C}) (Version: 1.0.2.9 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.0 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.0.0 - TOSHIBA Corporation) Hidden
TOSHIBA Internal Modem Region Select Utility (HKLM\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.01 - Ihr Firmenname)
TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - Ihr Firmenname) Hidden
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.0.0 - TOSHIBA Corporation)
Toshiba Photo Service - powered by myphotobook (HKLM\...\eu.myphotobook.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.0.0-663 - myphotobook GmbH)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0 - myphotobook GmbH) Hidden
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator Reminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019 - TOSHIBA) Hidden
TOSHIBA SD Memory Boot Utility (HKLM\...\{BBF5493A-05FB-4449-90DE-84A61EB78154}) (Version: 1.3.1.2 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.7 - TOSHIBA)
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Sicherheits-Assistent (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.6 - TOSHIBA)
Toshiba TEMPRO (HKLM\...\{9E4FF410-471F-49E3-9358-74FF0D5E9901}) (Version: 3.06 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.0.12.0 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.2.26 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.2.2 - TOSHIBA Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM\...\{76618402-179D-4699-A66B-D351C59436BC}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinRAR 4.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{20DD1B9E-87C4-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{232E456A-87C3-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{275DBBA0-805A-11CF-91F7-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D8E-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D90-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{38911D92-E448-11D0-84A3-00DD01104159}\InprocServer32 -> C:\windows\system32\comct332.ocx (Microsoft Corporation )
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1}\InprocServer32 -> C:\Users\Carina\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll No File
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6352-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6353-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6354-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6355-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6356-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6357-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{586A6359-87C8-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{603C7E80-87C2-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6262D3A0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{6319EEA0-531B-11CF-91F6-C2863C385E30}\InprocServer32 -> C:\windows\system32\msflxgrd.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{B09DE715-87C1-11D1-8BE3-0000F8754DA1}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2630201904-1804865435-1614418901-1000_Classes\CLSID\{FE38753A-44A3-11D1-B5B7-0000C09000C4}\InprocServer32 -> C:\windows\system32\mscomct2.ocx (Microsoft Corporation)
==================== Restore Points =========================
13-06-2014 09:43:03 Windows Update
17-06-2014 07:47:25 Windows Update
28-06-2014 10:14:39 Windows Update
30-06-2014 14:23:06 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:38:09 Steuer-Sparer 2014 wurde entfernt.
03-07-2014 10:41:13 Steuer-Sparer 2014 wurde installiert.
03-07-2014 10:51:53 Steuer-Sparer 2014 wurde entfernt.
06-07-2014 17:36:14 Installiert t@x 2014 Professional
30-07-2014 15:30:28 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6DEFD168-9A45-481B-B45B-261AAAF33F5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {80DE133C-4475-4010-8FD2-A95A67007CEB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-03-13] (Google Inc.)
Task: {B3DB0360-0C47-40D3-BB3C-682832CA6198} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {E65C5599-1A7A-489C-BA85-87166B74BD6A} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe [2009-09-03] (TOSHIBA CORPORATION)
Task: {E74DB292-F012-4F97-9D03-BA85751ABEAF} - System32\Tasks\OMESupervisor => C:\Users\Carina\AppData\Local\omesuperv.exe <==== ATTENTION
Task: {E9416CC6-9817-4BD6-B4B0-1425F7C5B451} - System32\Tasks\Fifth => C:\Users\Carina\AppData\Roaming\Fifth\Fifth.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files\AAVUpdateManager\aavus.exe
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 07263544 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2009-07-16 15:27 - 2009-07-16 15:27 - 00052536 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-03-12 19:08 - 2009-03-12 19:08 - 00049152 _____ () C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
2006-10-07 12:57 - 2006-10-07 12:57 - 00053248 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-07-29 15:35 - 2009-07-29 15:35 - 00014648 _____ () C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\Toshiba\TFPU\TFPUCommon.dll
2009-08-26 17:55 - 2009-08-26 17:55 - 00520192 _____ () C:\Program Files\Toshiba\TECO\TecoPower.dll
2014-07-06 19:39 - 2014-07-02 10:13 - 00589080 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\taxaktuell.exe
2014-07-06 19:37 - 2014-07-02 10:13 - 09789208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wgui14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00035608 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsdcom48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00309016 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rscorewinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00322840 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsguiwinapi48.dll
2014-07-06 19:37 - 2014-07-02 10:14 - 03880216 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wcore14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 00136472 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\rsodbc48.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02738456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfvie14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 02116376 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wsteu14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01932568 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wreli14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 04326168 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wauff14.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 01043456 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-core.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00094720 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-shared.dll
2014-07-06 19:37 - 2014-02-11 11:53 - 00250368 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\clucene-contribs-lib.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01564952 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wmain14.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 05291288 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae114.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01698584 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae214.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01809688 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae314.dll
2014-07-06 19:36 - 2014-07-02 10:13 - 01627928 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wbae414.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01117976 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau114.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01341208 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\whau214.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01309464 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wwerb14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 07340824 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wkont14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01286936 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wimp14.dll
2014-07-06 19:37 - 2014-07-02 10:13 - 01331480 _____ () C:\Program Files\Buhl finance\tax Steuersoftware 2014\wfabu14.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00277624 ____N () C:\Program Files\Common Files\G Data\AVKProxy\PktIcpt2.dll
2009-08-03 18:17 - 2009-08-03 18:17 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-30 12:26 - 2014-07-30 12:26 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-07-09 10:34 - 2014-07-09 10:34 - 17029808 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
2012-09-29 14:48 - 2011-05-28 22:04 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-20 20:42 - 2009-08-20 20:42 - 00239024 _____ () C:\Program Files\TOSHIBA\TFPU\TFPUCommon.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/30/2014 10:45:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1234
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/30/2014 10:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x71c
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (07/30/2014 07:22:33 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: FATAL: 58P01: could not open directory "c:/alwin6/postgresql/9.0/lib": No such file or directory
HINT: This may indicate an incomplete PostgreSQL installation, or that the file "c:/alwin6/postgresql/9.0/bin/postgres.exe" has been moved away from its proper location.
LOCATION: getInstallationPaths, .\src\backend\postmaster\postmaster.c:1145
Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: Laptop-Carina)
Description: Das lokale Benutzerprofil wurde nicht gefunden. Sie werden mit einem temporären Benutzerprofil angemeldet. Änderungen, die Sie am Benutzerprofil vornehmen, gehen bei der Abmeldung verloren.
Error: (07/30/2014 07:22:29 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: Laptop-Carina)
Description: Dieses Benutzerprofil wurde gesichert. Bei der nächsten Anmeldung dieses Benutzers wird automatisch versucht, dieses gesicherte Profil zu verwenden.
Error: (07/30/2014 05:26:41 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/30/2014 05:24:52 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (07/30/2014 04:30:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: AVKProxy.exe, Version: 1.5.14147.174, Zeitstempel: 0x5383e22a
Name des fehlerhaften Moduls: avkhttp.dll, Version: 25.0.14147.174, Zeitstempel: 0x5383e249
Ausnahmecode: 0xc0000417
Fehleroffset: 0x0008e272
ID des fehlerhaften Prozesses: 0x724
Startzeit der fehlerhaften Anwendung: 0xAVKProxy.exe0
Pfad der fehlerhaften Anwendung: AVKProxy.exe1
Pfad des fehlerhaften Moduls: AVKProxy.exe2
Berichtskennung: AVKProxy.exe3
Error: (07/29/2014 00:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x11a0
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (07/28/2014 07:25:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233
Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x12b8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (07/30/2014 10:46:16 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "G Data AntiVirus Proxy" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (07/30/2014 10:45:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/30/2014 07:22:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 30.07.2014 um 19:21:21 unerwartet heruntergefahren.
Error: (07/30/2014 06:09:28 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.
Error: (07/30/2014 04:31:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "G Data AntiVirus Proxy" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (07/30/2014 03:33:30 PM) (Source: TermDD) (EventID: 50) (User: )
Description: Die RDP-Protokollkomponente X.224 hat einen Fehler im Protokollablauf festgestellt und die Clientverbindung getrennt.
Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:11 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (07/28/2014 10:22:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (09/28/2013 06:40:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 370 seconds with 360 seconds of active time. This session ended with a crash.
Error: (08/24/2013 08:50:03 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 267054 seconds with 240 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 2937.18 MB
Available physical RAM: 941.41 MB
Total Pagefile: 5872.65 MB
Available Pagefile: 3131.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.98 MB
==================== Drives ================================
Drive c: (TI30371300A) (Fixed) (Total:225.78 GB) (Free:157.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (tax2014) (CDROM) (Total:0.49 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 233 GB) (Disk ID: EF83368D)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=226 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=6 GB) - (Type=17)
==================== End Of Log ============================
--- --- --- |
FRST 32-Bit | FRST 64-Bit
WARNUNG an die MITLESER: