Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015 Ran by Toshiba at 2015-02-04 11:30:24 Run:4 Running from C:\Users\Toshiba\Downloads\FRST64 Loaded Profiles: Toshiba (Available profiles: Toshiba) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: S2 1a34a8e0; "C:\Windows\system32\rundll32.exe" "c:\progra~2\SWSvc.dll",service S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] Task: {9878ED9E-C093-4D13-8FA5-79D82730C0A2} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION Task: {CC6610D3-5884-47CC-8A15-A19C9FA18BBA} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2084366123-426833693-2885736349-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2084366123-426833693-2885736349-1000\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=8454047D7B05A2B4&affID=125036&tsp=5027 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/04/08&hid=10677299689271255244&lg=EN&cc=DE&unqvl=51 SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6b354f69-286a-4e70-8ab3-1942f6078358&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=07/01/2014&type=hp1000 SearchScopes: HKLM-x32 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/04/08&hid=10677299689271255244&lg=EN&cc=DE&unqvl=51 SearchScopes: HKU\S-1-5-21-2084366123-426833693-2885736349-1000 -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/04/08&hid=10677299689271255244&lg=EN&cc=DE&unqvl=51 SearchScopes: HKU\S-1-5-21-2084366123-426833693-2885736349-1000 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=6b354f69-286a-4e70-8ab3-1942f6078358&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=07/01/2014&type=hp1000 SearchScopes: HKU\S-1-5-21-2084366123-426833693-2885736349-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?pc=COSP&ptag=D121114-AA9FED7399E21497DA0F&form=CONBDF&conlogo=CT3330947&q={searchTerms} SearchScopes: HKU\S-1-5-21-2084366123-426833693-2885736349-1000 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=34&r=2014/04/08&hid=10677299689271255244&lg=EN&cc=DE&unqvl=51 BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File BHO-x32: No Name -> {93DBF2BB-A2B3-4683-A92E-57E60751F346} -> No File Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File C:\Program Files (x86)\Google C:\Program Files (x86)\JustCloud C:\Program Files (x86)\MyPC Backup C:\Program Files (x86)\Yahoo! C:\ProgramData\Avira C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome C:\Users\Administrator C:\Users\Gast C:\Users\HomeGroupUser$ C:\Users\Toshiba\AppData\Local\Google C:\Users\Toshiba\AppData\Roaming\msregsvv.dll C:\Users\Toshiba\AppData\Roaming\msvcr90-ruby191.dll C:\Users\Toshiba\AppData\Roaming\osu.txt C:\Users\Toshiba\AppData\Roaming\wtgoverride.wdb C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\AAMS.lnk C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard C:\Users\Toshiba\Desktop\Narzedzia\Avira Control Center.lnk C:\Windows\System32\DRIVERS\Trufos.sys Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\starter4g" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Updater" /f Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\Toshiba\AppData\Local CMD: dir /a C:\Users\Toshiba\AppData\LocalLow CMD: dir /a C:\Users\Toshiba\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. 1a34a8e0 => Service deleted successfully. Trufos => Service not found. catchme => Service deleted successfully. hwdatacard => Service deleted successfully. hwusbdev => Service deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9878ED9E-C093-4D13-8FA5-79D82730C0A2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9878ED9E-C093-4D13-8FA5-79D82730C0A2}" => Key deleted successfully. C:\Windows\System32\Tasks\YourFile Update => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile Update" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC6610D3-5884-47CC-8A15-A19C9FA18BBA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC6610D3-5884-47CC-8A15-A19C9FA18BBA}" => Key deleted successfully. C:\Windows\System32\Tasks\BitGuard => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BitGuard" => Key deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. "HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKU\S-1-5-21-2084366123-426833693-2885736349-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKU\S-1-5-21-2084366123-426833693-2885736349-1000\Software\Microsoft\Internet Explorer\Main\\bProtector Start Page => value deleted successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully. HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found. "HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-2084366123-426833693-2885736349-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}" => Key deleted successfully. HKCR\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{93DBF2BB-A2B3-4683-A92E-57E60751F346} => Key not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully. "HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\JustCloud => Moved successfully. C:\Program Files (x86)\MyPC Backup => Moved successfully. C:\Program Files (x86)\Yahoo! => Moved successfully. C:\ProgramData\Avira => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome => Moved successfully. C:\Users\Administrator => Moved successfully. C:\Users\Gast => Moved successfully. "C:\Users\HomeGroupUser$" => File/Directory not found. C:\Users\Toshiba\AppData\Local\Google => Moved successfully. C:\Users\Toshiba\AppData\Roaming\msregsvv.dll => Moved successfully. C:\Users\Toshiba\AppData\Roaming\msvcr90-ruby191.dll => Moved successfully. C:\Users\Toshiba\AppData\Roaming\osu.txt => Moved successfully. C:\Users\Toshiba\AppData\Roaming\wtgoverride.wdb => Moved successfully. C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\AAMS.lnk => Moved successfully. C:\Users\Toshiba\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard => Moved successfully. C:\Users\Toshiba\Desktop\Narzedzia\Avira Control Center.lnk => Moved successfully. "C:\Windows\System32\DRIVERS\Trufos.sys" => File/Directory not found. ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avgnt" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\starter4g" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sweetpacks Communicator" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Updater" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\AboutURLs" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\Search" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchURI" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKCU\Software\Microsoft\Internet Explorer\SearchUrl" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\AboutURLs" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchScopes" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Search" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchURI" /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchUrl" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= dir /a "C:\Program Files" ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Program Files 2015-02-03 08:31 . 2015-02-03 08:31 .. 2014-06-04 20:41 CCleaner 2015-02-03 08:31 Common Files 2013-12-27 20:08 Conduit 2012-04-17 10:25 CONEXANT 2009-07-14 05:54 174 desktop.ini 2012-04-22 18:38 DVD Maker 2012-06-16 12:22 Google 2013-05-26 20:56 Image-Line 2014-09-26 22:30 Intel 2013-12-31 07:48 Internet Explorer 2012-09-05 14:40 iPod 2012-09-05 14:41 iTunes 2011-08-03 11:32 Microsoft Games 2009-07-14 06:32 MSBuild 2014-10-30 20:23 Native Instruments 2012-04-17 10:15 NVIDIA Corporation 2011-08-03 11:34 PlayReady 2009-07-14 06:32 Reference Assemblies 2012-04-17 10:29 Synaptics 2014-09-27 18:09 TOSHIBA 2009-07-14 06:09 Uninstall Information 2015-01-24 16:12 VstPlugIns 2013-12-31 07:48 Windows Defender 2013-12-31 07:48 Windows Journal 2012-04-22 18:41 Windows Mail 2013-12-31 07:47 Windows Media Player 2009-07-14 06:32 Windows NT 2012-04-22 18:41 Windows Photo Viewer 2010-11-21 04:31 Windows Portable Devices 2012-04-22 18:41 Windows Sidebar 2012-09-01 13:15 WinRAR 1 Datei(en), 174 Bytes 32 Verzeichnis(se), 234602962944 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Program Files (x86) 2015-02-04 11:30 . 2015-02-04 11:30 .. 2013-08-30 15:58 Acoustica MP3 Audio Mixer 2013-12-27 20:34 AmiExt 2012-09-05 14:40 Apple Software Update 2013-05-16 12:49 ASIO4ALL v2 2012-04-17 10:28 Atheros 2013-02-11 20:10 AudioToolsFactory 2015-02-04 01:01 Common Files 2009-07-14 05:54 174 desktop.ini 2013-05-26 20:56 DSPRobotics 2014-01-07 01:29 DVDVideoSoft 2013-07-15 14:41 Easy DVD CD Cover Maker 2013-07-15 15:14 Easy Media Cover (Standard Edition) 2014-08-28 23:08 ESTsoft 2015-01-25 17:23 FastStone Capture 2014-04-11 19:13 Free M4a to MP3 Converter 2014-01-06 01:34 GreenTree Applications 2014-12-04 13:35 HP 2014-09-27 01:15 IK Multimedia 2013-05-26 20:56 Image-Line 2012-06-22 19:47 InstallShield Installation Information 2012-04-17 10:18 Intel 2013-12-31 07:48 Internet Explorer 2012-09-05 14:41 iTunes 2015-02-03 08:38 Java 2012-06-22 19:29 McAfee 2012-11-12 00:49 Microsoft Silverlight 2011-08-03 11:40 Microsoft.NET 2014-07-14 17:55 Mobile Partner 2013-08-07 16:51 Mozilla Firefox 2009-07-14 06:32 MSBuild 2012-04-19 20:20 MSXML 4.0 2014-09-15 15:11 Native Instruments 2012-04-17 10:16 NVIDIA Corporation 2013-05-16 12:48 Outsim 2014-08-28 23:34 Pioneer 2012-04-17 10:32 Realtek 2009-07-14 06:32 Reference Assemblies 2012-04-17 10:23 Renesas Electronics 2014-04-08 18:22 Safeweb 2014-04-08 18:24 SNT 2013-10-09 12:22 SweetIM 2014-09-27 18:09 TOSHIBA 2012-06-22 19:20 TOSHIBA Games 2014-08-28 23:14 Twisted Lemon 2009-07-14 05:57 Uninstall Information 2013-12-31 07:48 Windows Defender 2012-06-22 19:23 Windows Live 2012-04-22 18:41 Windows Mail 2013-12-31 07:47 Windows Media Player 2009-07-14 06:32 Windows NT 2012-04-22 18:41 Windows Photo Viewer 2010-11-21 04:31 Windows Portable Devices 2012-04-22 18:41 Windows Sidebar 2015-01-25 20:56 XSManager 2012-08-26 08:35 Yontoo 1 Datei(en), 174 Bytes 56 Verzeichnis(se), 234602958848 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Program Files\Common Files 2015-02-03 08:31 . 2015-02-03 08:31 .. 2012-09-05 14:39 Apple 2012-06-22 19:23 Microsoft Shared 2014-10-30 20:22 Native Instruments 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2014-08-28 23:14 Steinberg 2012-04-22 18:41 System 0 Datei(en), 0 Bytes 9 Verzeichnis(se), 234602958848 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Program Files (x86)\Common Files 2015-02-04 01:01 . 2015-02-04 01:01 .. 2012-09-05 14:40 Apple 2014-06-29 00:00 Digidesign 2014-01-07 01:29 DVDVideoSoft 2014-12-04 13:37 Hewlett-Packard 2014-12-04 13:37 HP 2011-08-03 11:37 InstallShield 2012-06-22 19:14 mcafee 2012-06-22 19:21 microsoft shared 2014-10-30 20:23 Native Instruments 2012-04-17 10:13 postureAgent 2009-07-14 04:20 Services 2009-07-14 04:20 SpeechEngines 2012-04-22 18:41 System 2011-08-03 11:16 Windows Live 0 Datei(en), 0 Bytes 16 Verzeichnis(se), 234602958848 Bytes frei ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\ProgramData 2015-02-04 11:30 . 2015-02-04 11:30 .. 2014-04-17 22:40 398cb68f6355a46d 2015-02-03 08:34 Adobe 2012-09-05 14:40 Apple 2012-09-05 14:40 Apple Computer 2009-07-14 06:08 Application Data [C:\ProgramData] 2012-04-17 10:28 Atheros 2014-08-29 00:00 16 autobk.inc 2012-08-25 10:39 Babylon 2013-11-25 18:06 BitGuard 2009-07-14 06:08 Desktop [C:\Users\Public\Desktop] 2009-07-14 06:08 Documents [C:\Users\Public\Documents] 2012-04-17 10:22 Downloaded Installations 2014-08-28 23:08 ESTsoft 2009-07-14 06:08 Favorites [C:\Users\Public\Favorites] 2012-06-15 18:46 Google 2014-12-04 13:37 HP 2014-12-04 13:39 342 hpzinstall.log 2014-04-08 17:03 InstallMate 2012-12-08 14:48 IsolatedStorage 2014-08-28 23:32 MAGIX 2012-08-25 18:53 McAfee 2013-05-15 18:23 Microsoft 2014-04-21 17:03 Movavi 2012-08-25 11:11 Mozilla 2012-07-04 16:49 Native Instruments 2011-08-03 11:11 Nero 2014-04-20 20:25 NeWSaver 2015-02-04 10:58 306 ntuser.pol 2015-02-04 11:29 NVIDIA 2012-04-17 10:15 NVIDIA Corporation 2014-11-12 21:03 Oracle 2015-02-03 08:36 Package Cache 2012-06-16 12:22 Partner 2013-12-27 20:09 RHelpers 2014-04-08 18:22 Safeweb 2014-04-26 18:14 Skype 2014-04-09 16:28 SNT 2009-07-14 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 2011-08-03 11:38 Sun 2014-04-08 17:03 SuperbApp 2013-10-09 12:22 SweetIM 2014-04-26 18:10 Systweak 2012-08-31 12:35 Tarma Installer 2014-04-08 17:13 TEMP 2009-07-14 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 2014-08-27 20:55 TOSHIBA 2012-04-17 10:52 ToshibaEurope 2014-04-11 19:15 TuneUp Software 2014-11-12 16:06 Updater 2014-09-27 18:11 Websteroids 2012-06-22 19:18 WildTangent 2014-04-09 16:28 YoutubeAdblocker 2014-10-30 20:22 {018F1C44-00D1-417B-B251-92A5634F74AE} 2014-10-30 20:26 {05C334F7-C2A4-418A-9BC8-1542AE38D62B} 2014-09-15 15:27 {13A9B825-42CB-4973-913D-2194B5A4CF94} 2014-06-28 23:39 {32849BA1-784B-4E0B-BB8F-AABEE988E2B0} 2014-10-30 20:23 {4682E4CB-7209-4099-8AA1-580ABCCCE731} 2014-06-28 23:40 {6495CC1D-C10B-40C5-A92B-241A2B2C8D20} 2014-06-28 23:39 {7F3144B7-67AA-4DD7-BC11-CBA9A40B430D} 2012-09-05 14:41 {93E26451-CD9A-43A5-A2FA-C42392EA4001} 2014-10-30 20:22 {B3478C15-588A-4968-AD66-76AA98803A28} 2014-10-30 20:22 {BD26D777-CA21-4BDD-A581-6BCFE4F0F941} 2012-12-10 13:12 {C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2014-06-29 00:00 {F142EE57-68C1-4CB1-8798-C465F706CCDC} 2014-06-28 23:39 {F57C376F-E7ED-4527-9EE2-4D50799418BC} 2014-04-11 19:15 {FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 3 Datei(en), 664 Bytes 65 Verzeichnis(se), 234602954752 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\Toshiba\AppData\Local ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Users\Toshiba\AppData\Local 2015-02-04 11:30 . 2015-02-04 11:30 .. 2012-12-08 14:52 Adobe 2012-04-17 10:51 Anwendungsdaten [C:\Users\Toshiba\AppData\Local] 2012-09-05 14:40 Apple 2012-09-05 14:41 Apple Computer 2013-09-13 23:01 avgchrome 2013-12-27 20:10 cache 2014-04-08 16:56 Comodo 2014-10-03 21:31 Diagnostics 2014-08-28 23:07 ECRSC 2014-12-14 17:01 ElevatedDiagnostics 2015-01-24 02:35 ESET 2015-01-25 17:23 FastStone 2014-10-15 14:12 fontconfig 2014-01-06 01:39 57560 GDIPFONTCACHEV1.DAT 2014-10-15 14:12 gegl-0.2 2014-04-26 19:24 genienext 2014-11-05 22:49 gtk-2.0 2012-08-25 18:54 Macromedia 2013-05-22 20:37 Microsoft 2013-12-27 20:34 Mobogenie 2014-04-21 17:04 Movavi 2012-08-25 11:13 Mozilla 2014-09-15 15:12 Native Instruments 2014-08-28 22:49 PackageAware 2014-04-08 16:57 Packages 2013-08-07 16:18 Programs 2014-11-05 22:49 1764 recently-used.xbel 2014-12-09 02:29 7649 Resmon.ResmonCfg 2014-04-26 19:24 SwvUpdater 2015-02-04 11:30 Temp 2012-04-17 10:51 Temporary Internet Files [C:\Users\Toshiba\AppData\Local\Microsoft\Windows\Temporary Internet Files] 2014-04-08 16:56 Torch 2014-09-27 18:05 Toshiba 2012-04-19 18:33 updater4g 2012-04-17 10:51 Verlauf [C:\Users\Toshiba\AppData\Local\Microsoft\Windows\History] 2013-06-13 13:47 VirtualStore 2012-12-08 14:47 _ 3 Datei(en), 66973 Bytes 36 Verzeichnis(se), 234602950656 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\Toshiba\AppData\LocalLow ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Users\Toshiba\AppData\LocalLow 2014-12-04 10:13 . 2014-12-04 10:13 .. 2012-06-22 19:24 Adobe 2014-08-28 22:42 Apple Computer 2012-11-10 22:37 Microsoft 2013-05-30 22:03 Sun 2014-12-04 10:13 Temp 2014-04-17 22:39 {2F727F5D-B6C7-F23B-F7B8-EB57D20A3CCE} 2014-04-08 18:22 {3AB2C940-2DEE-363B-793F-4AD7615D190C} 2014-04-08 18:24 {A87327CC-7E0B-64BB-B579-3B7F0EBCDBAD} 2014-04-08 18:24 {EB3AAEA5-B11D-EFB6-FB0E-E48AF939406A} 0 Datei(en), 0 Bytes 11 Verzeichnis(se), 234602950656 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\Toshiba\AppData\Roaming ========= Datentrger in Laufwerk C: ist WINDOWS Volumeseriennummer: 8454-CDB3 Verzeichnis von C:\Users\Toshiba\AppData\Roaming 2015-02-04 11:30 . 2015-02-04 11:30 .. 2013-02-12 23:04 Ableton 2012-12-08 14:53 Adobe 2014-06-16 01:08 AdvertismentImages 2012-09-13 09:00 Apple Computer 2013-08-07 16:51 Babylon 2014-08-28 23:32 Best Service 2012-12-08 14:59 com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1 2014-01-07 01:29 DVDVideoSoft 2013-10-09 13:20 DVDVideoSoftIEHelpers 2015-01-23 20:33 Eisenberg 2015-01-24 02:35 ESET 2014-08-28 23:08 ESTsoft 2015-01-25 17:23 FastStone 2014-04-26 19:26 File Scout 2013-10-28 16:22 FlowStone 2012-06-15 18:45 Google 2014-12-04 13:39 HP 2012-04-17 10:53 Identities 2014-08-28 23:59 IK Multimedia 2013-05-26 20:56 Image-Line 2012-06-22 19:27 InstallShield 2014-09-26 22:30 Intel 2012-12-08 14:48 IsolatedStorage 2015-02-03 08:31 LavasoftStatistics 2012-06-19 06:18 Macromedia 2010-11-21 08:16 Media Center Programs 2015-01-24 16:12 Microsoft 2014-08-28 23:00 MixVibes 2013-12-27 20:09 Mozilla 2012-12-10 13:11 MP4 to MP3 Converter 2014-04-26 19:26 newnext.me 2014-04-21 17:08 NVIDIA 2014-04-11 19:13 OpenCandy 2014-08-28 23:31 Pioneer 2014-08-28 23:34 PioneerLog 2014-04-08 16:58 SendSpace 2014-04-26 18:14 Skype 2014-06-06 19:53 SynthMaker 2014-04-26 18:15 Systweak 2014-09-26 22:49 Toshiba 2014-04-28 14:39 TuneUp Software 2013-12-27 20:08 ValueApps 2014-09-26 21:38 WinBatch 2012-09-01 13:15 WinRAR 2014-01-10 03:54 Xilisoft 2015-01-31 13:48 XSManager 2014-12-04 13:38 Yahoo! 2012-08-25 10:48 YourFileDownloader 0 Datei(en), 0 Bytes 50 Verzeichnis(se), 234602946560 Bytes frei ========= End of CMD: ========= EmptyTemp: => Removed 24 MB temporary data. The system needed a reboot. ==== End of Fixlog 11:31:04 ====