Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02 Ran by User at 2015-02-12 10:51:03 Run:1 Running from C:\Users\User\Desktop Loaded Profiles: User (Available profiles: User) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: Task: {3B7C614F-B769-4346-B2C8-91B9E4168FDF} - System32\Tasks\ISFYHFAU => C:\ProgramData\a47887a3756b4d95a8aa4868e99416bd\a47887a3756b4d95a8aa4868e99416bd.exe Task: {5FA968B4-B1BF-41A4-A117-3BFECA39C4F8} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-5.exe <==== ATTENTION Task: {61C05FFB-88CA-41C1-AA28-974146D7F80E} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-09] (globalUpdate) <==== ATTENTION Task: {61CEFD8B-EE35-4F6C-9F9A-67C6F2CC8099} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-11 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-11.exe <==== ATTENTION Task: {691A41AC-A758-407E-8CD0-26DD2BBC732A} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-4 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-4.exe <==== ATTENTION Task: {799F5883-9E77-4C46-B712-DA50B1B2526B} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {8D58BEF3-7C51-460B-97CF-C0D9A45D855C} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-6 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-6.exe <==== ATTENTION Task: {9817BD9D-6952-4F21-98CE-38BC1BEBC7B2} - System32\Tasks\GAFOM => C:\Users\User\AppData\Roaming\GAFOM.exe <==== ATTENTION Task: {9D748169-C0BD-4043-BFA9-6C3972250BFA} - System32\Tasks\OMSJT => C:\Users\User\AppData\Roaming\OMSJT.exe <==== ATTENTION Task: {9D759583-D093-4D62-8787-AA5A33B65F8F} - \ASUS\i-Setup042718 No Task File <==== ATTENTION Task: {B2B16347-B26E-4F47-8718-13A9C5BABCAB} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-02-09] (globalUpdate) <==== ATTENTION Task: {B3286CF6-0675-448A-8ED2-B86A740873C1} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-7 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-1-7.exe <==== ATTENTION Task: {BB8D0E82-5410-4E1C-AEDA-57B44E3E6E99} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {BE1EFF0C-F4AD-4FF3-B4E0-44E50482D72C} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5_user => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-5.exe <==== ATTENTION Task: {DCAE62A9-08A7-459E-A50E-6665E6328A8C} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: {E85FFFAF-A8D9-4E5E-88E2-9D28439BFB93} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-7 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-7.exe <==== ATTENTION Task: {EF9EC2F6-664D-4382-82A9-D7CEFC6FD85E} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {F8BA7363-7EF9-4C23-8836-34AE10F171A6} - System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-6 => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-1-6.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-6.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-1-6.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-7.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-1-7.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-11.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-11.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-4.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-4.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-5.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5_user.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-5.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-6.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-6.exe <==== ATTENTION Task: C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-7.job => C:\Program Files (x86)\HDtubeV1.6V09.02\74ebcf50-6c34-4c7f-959d-67604f150421-7.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\Windows\Tasks\GAFOM.job => C:\Users\User\AppData\Roaming\GAFOM.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\Windows\Tasks\OMSJT.job => C:\Users\User\AppData\Roaming\OMSJT.exe <==== ATTENTION R2 be0fb33b; c:\Program Files (x86)\Supporter\Supporter.dll [4214272 2015-02-09] () [File not signed] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-09] (globalUpdate) [File not signed] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [68608 2015-02-09] (globalUpdate) [File not signed] R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system) R2 Update Techgile; C:\Program Files (x86)\Techgile\updateTechgile.exe [397552 2015-02-10] () [File not signed] R2 Util Techgile; C:\Program Files (x86)\Techgile\bin\utilTechgile.exe [397552 2015-02-10] () [File not signed] R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [487056 2015-02-09] () [File not signed] R2 wpsvc_1.10.0.6; C:\Program Files (x86)\WordProser_1.10.0.6\Service\wpsvc.exe [277584 2015-01-07] () [File not signed] S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe -p "Installium" -c "Installium_Default" -s "PP1" -i "2241879" -g "" [X] S1 wpnfd_1_10_0_6; system32\drivers\wpnfd_1_10_0_6.sys [X] S1 {ab46f924-b0f6-4def-a8e6-edf07f1475f2}Gw64; system32\drivers\{ab46f924-b0f6-4def-a8e6-edf07f1475f2}Gw64.sys [X] HKLM\...\Run: [VIAxHCUtl] => C:\Program Files\VIA XHCI UASP Utility\usb3Monitor HKLM-x32\...\Run: [mbot_de_495] => "C:\Program Files (x86)\mbot_de_495\mbot_de_495.exe" HKLM-x32\...\Run: [gmsd_de_187] => C:\Program Files (x86)\gmsd_de_187\gmsd_de_187.exe [3979408 2015-02-07] () GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hppp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1423475518&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hppp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1423475518&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1423475518&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1423475518&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dspp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dspp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dspp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.better-search.net/?i=53&st=29&src=58&q={searchTerms}&did=11521&ppd=1434,148123,20N9RD1CYufCXkXp1xXpdx1ykKPX000.,,,,spgc-de,,,player.all4search.net&barid=1523567331607694762&terminator=1_sp_ie SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&ts=1423475596&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&ts=1423475596&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=dspp&ts=1423475556&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&q={searchTerms} SearchScopes: HKU\S-1-5-21-3928150652-2756980015-3035233101-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://istart.webssearches.com/web/?utm_source=b&utm_medium=pjr&utm_campaign=install_ie&utm_content=ds&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680&ts=1423475596&type=default&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1423475518&from=pjr&uid=WDCXWD15EADS-00W4B0_WD-WCAVY611368013680 C:\Media Player Classic Home Cinema 32 Bit - CHIP-Installer.exe C:\Program Files (x86)\1ccf7e49-18ed-45cd-8dc4-cb64222cf72f C:\Program Files (x86)\AnyProtectEx C:\Program Files (x86)\Facebook Social Plugin C:\Program Files (x86)\globalUpdate C:\Program Files (x86)\gmsd_de_187 C:\Program Files (x86)\Google C:\Program Files (x86)\HDtubeV1.6V09.02 C:\Program Files (x86)\IGS C:\Program Files (x86)\mbot_de_495 C:\Program Files (x86)\Mozilla Firefox C:\Program Files (x86)\MyPC Backup C:\Program Files (x86)\Supporter C:\Program Files (x86)\Techgile C:\Program Files (x86)\WordProser_1.10.0.6 C:\Program Files (x86)\XTab C:\Program Files (x86)\youtubeadblocker C:\ProgramData\mtbjfghn.xbe C:\ProgramData\11074247383972342202 C:\ProgramData\2db5390800000427 C:\ProgramData\41d6815900005912 C:\ProgramData\a47887a3756b4d95a8aa4868e99416bd C:\ProgramData\dxVxGuHPl C:\ProgramData\eeanojfhjfblikcbfbeacbakaehjjeko C:\ProgramData\FlashBeat C:\ProgramData\FlashBeatData C:\ProgramData\HealthAlert C:\ProgramData\IHProtectUpDate C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY C:\ProgramData\Mozilla C:\ProgramData\WindowsMangerProtect C:\Users\User\AppData\Local\ConvertAd C:\Users\User\AppData\Local\Google C:\Users\User\AppData\Local\globalUpdate C:\Users\User\AppData\Local\gmsd_de_187 C:\Users\User\AppData\Local\HealthAlert C:\Users\User\AppData\Local\igs C:\Users\User\AppData\Local\mbot_de_495 C:\Users\User\AppData\Local\Mozilla C:\Users\User\AppData\Local\SmartWeb C:\Users\User\AppData\Local\wincheck C:\Users\User\AppData\Roaming\CrashDump__20150209_095439.dmp C:\Users\User\AppData\Roaming\AnyProtectEx C:\Users\User\AppData\Roaming\ASPackage C:\Users\User\AppData\Roaming\Mozilla C:\Users\User\AppData\Roaming\smileyswelove C:\Users\User\Downloads\setup*.exe C:\Users\User\Downloads\SweetPlayer_TSA1X4DXH.exe C:\Users\User\Documents\APNSetup.exe C:\Users\User\Documents\Optimizer Pro C:\Windows\patsearch.bin C:\Windows\system32\ColorMedia64.dll C:\Windows\system32\ColorMediaOff.ini C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf C:\Windows\SysWOW64\ColorMedia.ini C:\Windows\SysWOW64\ColorMediaOff.ini Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete HKCU\Software\Google /f Reg: reg delete HKCU\Software\Mozilla /f Reg: reg delete HKCU\Software\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE /f Reg: reg delete HKLM\SOFTWARE\Mozilla /f Reg: reg delete HKLM\SOFTWARE\MozillaPlugins /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f Reg: reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f CMD: sc config WinDefend start= demand CMD: netsh winsock reset CMD: dir /a "C:\Program Files" CMD: dir /a "C:\Program Files (x86)" CMD: dir /a "C:\Program Files\Common Files" CMD: dir /a "C:\Program Files (x86)\Common Files" CMD: dir /a C:\ProgramData CMD: dir /a C:\Users\User\AppData\Local CMD: dir /a C:\Users\User\AppData\LocalLow CMD: dir /a C:\Users\User\AppData\Roaming EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B7C614F-B769-4346-B2C8-91B9E4168FDF}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B7C614F-B769-4346-B2C8-91B9E4168FDF}" => Key deleted successfully. C:\Windows\System32\Tasks\ISFYHFAU => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ISFYHFAU" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FA968B4-B1BF-41A4-A117-3BFECA39C4F8}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FA968B4-B1BF-41A4-A117-3BFECA39C4F8}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-5" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{61C05FFB-88CA-41C1-AA28-974146D7F80E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61C05FFB-88CA-41C1-AA28-974146D7F80E}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{61CEFD8B-EE35-4F6C-9F9A-67C6F2CC8099}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{61CEFD8B-EE35-4F6C-9F9A-67C6F2CC8099}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-11 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-11" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{691A41AC-A758-407E-8CD0-26DD2BBC732A}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{691A41AC-A758-407E-8CD0-26DD2BBC732A}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-4 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-4" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{799F5883-9E77-4C46-B712-DA50B1B2526B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{799F5883-9E77-4C46-B712-DA50B1B2526B}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8D58BEF3-7C51-460B-97CF-C0D9A45D855C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D58BEF3-7C51-460B-97CF-C0D9A45D855C}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-6" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9817BD9D-6952-4F21-98CE-38BC1BEBC7B2}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9817BD9D-6952-4F21-98CE-38BC1BEBC7B2}" => Key deleted successfully. C:\Windows\System32\Tasks\GAFOM => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GAFOM" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D748169-C0BD-4043-BFA9-6C3972250BFA}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D748169-C0BD-4043-BFA9-6C3972250BFA}" => Key deleted successfully. C:\Windows\System32\Tasks\OMSJT => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OMSJT" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D759583-D093-4D62-8787-AA5A33B65F8F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D759583-D093-4D62-8787-AA5A33B65F8F}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS\i-Setup042718" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B2B16347-B26E-4F47-8718-13A9C5BABCAB}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B16347-B26E-4F47-8718-13A9C5BABCAB}" => Key deleted successfully. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B3286CF6-0675-448A-8ED2-B86A740873C1}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3286CF6-0675-448A-8ED2-B86A740873C1}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-7 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-1-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB8D0E82-5410-4E1C-AEDA-57B44E3E6E99}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB8D0E82-5410-4E1C-AEDA-57B44E3E6E99}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE1EFF0C-F4AD-4FF3-B4E0-44E50482D72C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE1EFF0C-F4AD-4FF3-B4E0-44E50482D72C}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5_user => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-5_user" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DCAE62A9-08A7-459E-A50E-6665E6328A8C}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCAE62A9-08A7-459E-A50E-6665E6328A8C}" => Key deleted successfully. C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E85FFFAF-A8D9-4E5E-88E2-9D28439BFB93}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E85FFFAF-A8D9-4E5E-88E2-9D28439BFB93}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-7 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-7" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EF9EC2F6-664D-4382-82A9-D7CEFC6FD85E}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EF9EC2F6-664D-4382-82A9-D7CEFC6FD85E}" => Key deleted successfully. C:\Windows\System32\Tasks\LaunchSignup => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F8BA7363-7EF9-4C23-8836-34AE10F171A6}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8BA7363-7EF9-4C23-8836-34AE10F171A6}" => Key deleted successfully. C:\Windows\System32\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-6 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\74ebcf50-6c34-4c7f-959d-67604f150421-1-6" => Key deleted successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-6.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-1-7.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-11.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-4.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-5_user.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-6.job => Moved successfully. C:\Windows\Tasks\74ebcf50-6c34-4c7f-959d-67604f150421-7.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully. C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully. C:\Windows\Tasks\GAFOM.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully. C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully. C:\Windows\Tasks\OMSJT.job => Moved successfully. be0fb33b => Service deleted successfully. globalUpdate => Service deleted successfully. globalUpdatem => Service deleted successfully. IHProtect Service => Service deleted successfully. Update Techgile => Service deleted successfully. Util Techgile => Service deleted successfully. WindowsMangerProtect => Service deleted successfully. wpsvc_1.10.0.6 => Service deleted successfully. FlashBeat => Service deleted successfully. wpnfd_1_10_0_6 => Service deleted successfully. {ab46f924-b0f6-4def-a8e6-edf07f1475f2}Gw64 => Service deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\VIAxHCUtl => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_de_495 => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_de_187 => value deleted successfully. C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. "HKLM\SOFTWARE\Policies\Google" => Key deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully. "HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully. HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found. "HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. "HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. "HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. "HKU\S-1-5-21-3928150652-2756980015-3035233101-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully. C:\Media Player Classic Home Cinema 32 Bit - CHIP-Installer.exe => Moved successfully. C:\Program Files (x86)\1ccf7e49-18ed-45cd-8dc4-cb64222cf72f => Moved successfully. "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found. "C:\Program Files (x86)\Facebook Social Plugin" => File/Directory not found. C:\Program Files (x86)\globalUpdate => Moved successfully. C:\Program Files (x86)\gmsd_de_187 => Moved successfully. C:\Program Files (x86)\Google => Moved successfully. C:\Program Files (x86)\HDtubeV1.6V09.02 => Moved successfully. C:\Program Files (x86)\IGS => Moved successfully. C:\Program Files (x86)\mbot_de_495 => Moved successfully. C:\Program Files (x86)\Mozilla Firefox => Moved successfully. "C:\Program Files (x86)\MyPC Backup" => File/Directory not found. C:\Program Files (x86)\Supporter => Moved successfully. C:\Program Files (x86)\Techgile => Moved successfully. C:\Program Files (x86)\WordProser_1.10.0.6 => Moved successfully. C:\Program Files (x86)\XTab => Moved successfully. C:\Program Files (x86)\youtubeadblocker => Moved successfully. C:\ProgramData\mtbjfghn.xbe => Moved successfully. C:\ProgramData\11074247383972342202 => Moved successfully. C:\ProgramData\2db5390800000427 => Moved successfully. C:\ProgramData\41d6815900005912 => Moved successfully. C:\ProgramData\a47887a3756b4d95a8aa4868e99416bd => Moved successfully. "C:\ProgramData\dxVxGuHPl" => File/Directory not found. C:\ProgramData\eeanojfhjfblikcbfbeacbakaehjjeko => Moved successfully. "C:\ProgramData\FlashBeat" => File/Directory not found. C:\ProgramData\FlashBeatData => Moved successfully. "C:\ProgramData\HealthAlert" => File/Directory not found. C:\ProgramData\IHProtectUpDate => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP => Moved successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MYBESTOFFERSTODAY => Moved successfully. "C:\ProgramData\Mozilla" => File/Directory not found. C:\ProgramData\WindowsMangerProtect => Moved successfully. "C:\Users\User\AppData\Local\ConvertAd" => File/Directory not found. C:\Users\User\AppData\Local\Google => Moved successfully. C:\Users\User\AppData\Local\globalUpdate => Moved successfully. C:\Users\User\AppData\Local\gmsd_de_187 => Moved successfully. "C:\Users\User\AppData\Local\HealthAlert" => File/Directory not found. "C:\Users\User\AppData\Local\igs" => File/Directory not found. C:\Users\User\AppData\Local\mbot_de_495 => Moved successfully. C:\Users\User\AppData\Local\Mozilla => Moved successfully. "C:\Users\User\AppData\Local\SmartWeb" => File/Directory not found. "C:\Users\User\AppData\Local\wincheck" => File/Directory not found. C:\Users\User\AppData\Roaming\CrashDump__20150209_095439.dmp => Moved successfully. C:\Users\User\AppData\Roaming\AnyProtectEx => Moved successfully. "C:\Users\User\AppData\Roaming\ASPackage" => File/Directory not found. C:\Users\User\AppData\Roaming\Mozilla => Moved successfully. C:\Users\User\AppData\Roaming\smileyswelove => Moved successfully. "C:\Users\User\Downloads\setup*.exe" => File/Directory not found. "C:\Users\User\Downloads\SweetPlayer_TSA1X4DXH.exe" => File/Directory not found. C:\Users\User\Documents\APNSetup.exe => Moved successfully. C:\Users\User\Documents\Optimizer Pro => Moved successfully. C:\Windows\patsearch.bin => Moved successfully. C:\Windows\system32\ColorMedia64.dll => Moved successfully. C:\Windows\system32\ColorMediaOff.ini => Moved successfully. C:\Windows\system32\Drivers\Msft_Kernel_webTinst_01009.Wdf => Moved successfully. C:\Windows\SysWOW64\ColorMedia.ini => Moved successfully. C:\Windows\SysWOW64\ColorMediaOff.ini => Moved successfully. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\Google /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\Mozilla /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKCU\Software\MozillaPlugins /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Mozilla /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\MozillaPlugins /f ========= FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{be0fb33b} /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\Mozilla /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\mozilla.org /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= reg delete HKLM\SOFTWARE\Wow6432Node\MozillaPlugins /f ========= Der Vorgang wurde erfolgreich beendet. ========= End of Reg: ========= ========= sc config WinDefend start= demand ========= [SC] ChangeServiceConfig ERFOLG ========= End of CMD: ========= ========= netsh winsock reset ========= Der Winsock-Katalog wurde zurckgesetzt. Sie mssen den Computer neu starten, um den Vorgang abzuschlieen. ========= End of CMD: ========= ========= dir /a "C:\Program Files" ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Program Files 11.02.2015 23:01 . 11.02.2015 23:01 .. 26.11.2013 12:14 ATI 25.05.2011 03:28 ATI Technologies 10.02.2015 11:20 CCleaner 26.06.2011 21:05 CDBurnerXP 26.11.2013 11:58 Common Files 14.07.2009 05:54 174 desktop.ini 15.07.2013 11:49 DVD Maker 22.04.2012 03:14 Gemeinsame Dateien [C:\Program Files\Common Files] 12.04.2014 12:37 Internet Explorer 02.04.2013 09:12 Microsoft Office 14.07.2009 06:32 MSBuild 10.01.2015 23:13 NVIDIA Corporation 14.07.2009 06:32 Reference Assemblies 14.07.2009 06:09 Uninstall Information 10.02.2015 21:50 VIA XHCI UASP Utility 15.07.2013 12:16 Windows Defender 15.07.2013 12:16 Windows Journal 15.07.2013 11:49 Windows Mail 24.03.2014 20:32 Windows Media Player 22.04.2012 03:14 Windows NT 15.07.2013 11:49 Windows Photo Viewer 15.07.2013 11:49 Windows Portable Devices 15.07.2013 11:49 Windows Sidebar 11.02.2015 23:01 WinRAR 1 Datei(en), 174 Bytes 25 Verzeichnis(se), 1.268.850.696.192 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)" ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Program Files (x86) 12.02.2015 10:51 . 12.02.2015 10:51 .. 10.01.2015 23:13 AGEIA Technologies 09.02.2015 11:02 ATI Technologies 06.02.2015 14:57 Battle.net 26.06.2011 21:03 Bluetooth Suite 10.02.2015 11:45 Common Files 05.02.2015 02:35 D-Link 14.07.2009 05:54 174 desktop.ini 06.02.2015 20:37 Diablo III 05.02.2015 11:09 Electronic Arts 10.02.2015 11:45 G Data 06.02.2015 14:14 Hercules 06.02.2015 14:14 InstallShield Installation Information 30.06.2011 23:28 Intel 12.04.2014 12:37 Internet Explorer 22.04.2012 03:09 ITE 13.04.2014 10:09 Microsoft Application Virtualization Client 02.04.2013 09:12 Microsoft Office 14.07.2013 18:24 Microsoft.NET 14.07.2009 06:32 MSBuild 10.01.2015 23:13 NVIDIA Corporation 10.02.2015 21:34 Opera 26.11.2013 12:20 Realtek 14.07.2009 06:32 Reference Assemblies 25.05.2011 03:25 Renesas Electronics 05.02.2015 10:34 Skype 09.02.2015 11:42 StarCraft II 14.07.2009 05:57 Uninstall Information 20.11.2013 13:36 VIA 09.02.2015 10:57 VideoLAN 15.07.2013 12:16 Windows Defender 15.07.2013 11:49 Windows Mail 24.03.2014 20:32 Windows Media Player 14.07.2009 06:32 Windows NT 15.07.2013 11:49 Windows Photo Viewer 15.07.2013 11:49 Windows Portable Devices 15.07.2013 11:49 Windows Sidebar 1 Datei(en), 174 Bytes 37 Verzeichnis(se), 1.268.850.692.096 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files\Common Files" ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Program Files\Common Files 26.11.2013 11:58 . 26.11.2013 11:58 .. 26.11.2013 11:58 ATI Technologies 13.04.2014 10:09 Microsoft Shared 14.07.2009 04:20 Services 14.07.2009 04:20 SpeechEngines 15.07.2013 11:49 System 0 Datei(en), 0 Bytes 7 Verzeichnis(se), 1.268.850.692.096 Bytes frei ========= End of CMD: ========= ========= dir /a "C:\Program Files (x86)\Common Files" ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Program Files (x86)\Common Files 10.02.2015 11:45 . 10.02.2015 11:45 .. 09.02.2015 11:04 Blizzard Entertainment 02.04.2013 09:12 DESIGNER 10.02.2015 11:45 G Data 20.11.2013 13:35 InstallShield 13.04.2014 10:09 microsoft shared 14.07.2009 04:20 Services 05.02.2015 10:34 Skype 14.07.2009 04:20 SpeechEngines 15.07.2013 11:49 System 0 Datei(en), 0 Bytes 11 Verzeichnis(se), 1.268.850.753.536 Bytes frei ========= End of CMD: ========= ========= dir /a C:\ProgramData ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\ProgramData 12.02.2015 10:51 . 12.02.2015 10:51 .. 22.04.2012 03:14 Anwendungsdaten [C:\ProgramData] 14.07.2009 06:08 Application Data [C:\ProgramData] 05.02.2015 15:44 Battle.net 06.02.2015 14:57 Blizzard Entertainment 05.02.2015 11:33 Canneverbe Limited 14.07.2009 06:08 Desktop [C:\Users\Public\Desktop] 14.07.2009 06:08 Documents [C:\Users\Public\Documents] 22.04.2012 03:14 Dokumente [C:\Users\Public\Documents] 25.05.2011 03:25 Downloaded Installations 22.04.2012 03:14 Favoriten [C:\Users\Public\Favorites] 14.07.2009 06:08 Favorites [C:\Users\Public\Favorites] 10.02.2015 12:27 G Data 05.02.2015 15:32 Microsoft 10.02.2015 11:06 512 ntuser.pol 12.02.2015 10:47 NVIDIA 12.01.2015 15:50 NVIDIA Corporation 26.11.2013 12:14 Package Cache 05.02.2015 10:34 Skype 14.07.2009 06:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 22.04.2012 03:14 Startmen [C:\ProgramData\Microsoft\Windows\Start Menu] 14.07.2009 06:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 24.03.2014 18:59 Virtualized Applications 10.02.2015 12:25 VirtualizedApplications 22.04.2012 03:14 Vorlagen [C:\ProgramData\Microsoft\Windows\Templates] 1 Datei(en), 512 Bytes 25 Verzeichnis(se), 1.268.850.778.112 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\User\AppData\Local ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Users\User\AppData\Local 12.02.2015 10:51 . 12.02.2015 10:51 .. 06.02.2015 14:46 Adobe 22.04.2012 03:15 Anwendungsdaten [C:\Users\User\AppData\Local] 10.02.2015 11:48 Battle.net 06.02.2015 14:57 Blizzard Entertainment 10.02.2015 11:21 CrashDumps 06.02.2015 23:40 Diagnostics 11.02.2015 23:13 ElevatedDiagnostics 09.02.2015 11:03 EmieSiteList 09.02.2015 11:03 EmieUserList 26.11.2013 12:12 58.016 GDIPFONTCACHEV1.DAT 11.02.2015 23:59 2.722.737 IconCache.db 08.02.2015 17:43 Microsoft 10.01.2015 23:14 NVIDIA 12.01.2015 15:50 NVIDIA Corporation 05.02.2015 10:34 Opera Software 20.11.2013 13:35 Programs 05.02.2015 11:27 PunkBuster 05.02.2015 10:34 Skype 12.02.2015 10:51 Temp 22.04.2012 03:15 Temporary Internet Files [C:\Users\User\AppData\Local\Microsoft\Windows\Temporary Internet Files] 22.04.2012 03:15 Verlauf [C:\Users\User\AppData\Local\Microsoft\Windows\History] 05.02.2015 11:27 VirtualStore 2 Datei(en), 2.780.753 Bytes 22 Verzeichnis(se), 1.268.850.778.112 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\User\AppData\LocalLow ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Users\User\AppData\LocalLow 11.02.2015 22:25 . 11.02.2015 22:25 .. 10.02.2015 11:21 EmieSiteList 10.02.2015 11:21 EmieUserList 12.04.2014 11:45 Microsoft 09.02.2015 10:56 smileyswelove 0 Datei(en), 0 Bytes 6 Verzeichnis(se), 1.268.850.778.112 Bytes frei ========= End of CMD: ========= ========= dir /a C:\Users\User\AppData\Roaming ========= Datentrger in Laufwerk C: ist Windows7 Volumeseriennummer: 404C-4BE8 Verzeichnis von C:\Users\User\AppData\Roaming 12.02.2015 10:51 . 12.02.2015 10:51 .. 06.02.2015 14:46 Adobe 06.02.2015 15:01 Battle.net 05.02.2015 11:26 BESTplayer 05.02.2015 11:33 Canneverbe Limited 05.02.2015 02:34 Carambis 22.04.2012 03:15 Identities 05.02.2015 02:35 InstallShield 09.02.2015 12:21 Macromedia 14.07.2009 19:18 Media Center Programs 09.02.2015 10:05 Microsoft 06.02.2015 14:57 NVIDIA 05.02.2015 10:34 Opera Software 05.02.2015 11:27 SecuROM 12.02.2015 10:49 Skype 05.02.2015 10:31 TERA 13.04.2014 10:09 TP 09.02.2015 10:57 vlc 11.02.2015 23:02 WinRAR 24.03.2014 19:00 {90140011-0066-0407-0000-0000000FF1CE} 0 Datei(en), 0 Bytes 21 Verzeichnis(se), 1.268.850.774.016 Bytes frei ========= End of CMD: ========= EmptyTemp: => Removed 200.9 MB temporary data. The system needed a reboot. ==== End of Fixlog 10:53:56 ====