Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2015
Ran by Computer at 2015-03-04 18:39:35 Run:1
Running from C:\_Download
Loaded Profiles: Computer (Available profiles: Computer)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
CreateRestorePoint:
R2 pihofyby; C:\Users\Computer\AppData\Roaming\03000200-1425400332-0500-0006-000700080009\jnsfE9D6.tmp [102912 2015-03-03] () [File not signed]
R2 gixifiry; C:\Users\Computer\AppData\Roaming\03000200-1425400332-0500-0006-000700080009\nsu9357.tmpfs [X]
Task: {3F5FEDE0-5EAC-40C9-98D1-188B7A336EFD} - \Run_Bobby_Browser No Task File <==== ATTENTION
Task: {44A26F4B-8FCE-444C-8985-8E04390D40CB} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe
Task: {A8542528-27A8-45FE-99A3-86323D638835} - System32\Tasks\{99CAF6A5-4855-4B15-B4AA-887BBAA86CEF} => pcalua.exe -a C:\_Download\wmp11-windowsxp-x86-DE-DE.exe -d C:\_Download
Task: {E8A4BF29-7F70-4B39-829E-D116F7EBF7C9} - \gtaUpt No Task File <==== ATTENTION
ShortcutWithArgument: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1425396749&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P
ShortcutWithArgument: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1425396749&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P
ShortcutWithArgument: C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1425396749&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P
ShortcutWithArgument: C:\Users\Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.mystartsearch.com/?type=sc&ts=1425396749&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppp
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P&ts=1425396786&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P&ts=1425396786&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> {5E90F9D5-9EAF-4635-AABE-BF5C76212CC9} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P&ts=1425396786&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.mystartsearch.com/web/?utm_source=b&utm_medium=amt&utm_campaign=install_ie&utm_content=ds&from=amt&uid=SamsungXSSDX840XEVOX250GB_S1DBNSAF674590P&ts=1425396786&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3993077788-801993031-1647673089-1000 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF HKLM-x32\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\w9rjsaln.default\extensions\istart_ffnt@gmail.com
C:\Program Files\shopperz
C:\Program Files (x86)\Opera
C:\Program Files (x86)\Round World
C:\ProgramData\{e698de88-2a3a-27c3-e698-8de882a37a20}
C:\ProgramData\IHProtectUpDate
C:\ProgramData\LolliScan
C:\ProgramData\WindowsMangerProtect
C:\Users\Computer\KMSnano.exe
C:\Users\Computer\AppData\Local\nsi975D.tmp
C:\Users\Computer\AppData\Local\nsg3691.tmp
C:\Users\Computer\AppData\Local\nsrB43E.tmp
C:\Users\Computer\AppData\Roaming\03000200-1425400332-0500-0006-000700080009
C:\Users\Computer\AppData\Roaming\AnyProtectEx
C:\Users\Computer\AppData\Roaming\mystartsearch
C:\Users\Computer\AppData\Roaming\Opera Software
C:\Users\Computer\AppData\Roaming\VOPackage
C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Reg: reg delete HKCU\Software\Google /f
Reg: reg delete HKLM\SOFTWARE\Wow6432Node\Google /f
EmptyTemp:
*****************

Processes closed successfully.
Restore point was successfully created.
pihofyby => Service deleted successfully.
gixifiry => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F5FEDE0-5EAC-40C9-98D1-188B7A336EFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F5FEDE0-5EAC-40C9-98D1-188B7A336EFD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44A26F4B-8FCE-444C-8985-8E04390D40CB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44A26F4B-8FCE-444C-8985-8E04390D40CB}" => Key deleted successfully.
C:\Windows\System32\Tasks\Abelssoft\Updater scan => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Abelssoft\Updater scan" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8542528-27A8-45FE-99A3-86323D638835}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8542528-27A8-45FE-99A3-86323D638835}" => Key deleted successfully.
C:\Windows\System32\Tasks\{99CAF6A5-4855-4B15-B4AA-887BBAA86CEF} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{99CAF6A5-4855-4B15-B4AA-887BBAA86CEF}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8A4BF29-7F70-4B39-829E-D116F7EBF7C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8A4BF29-7F70-4B39-829E-D116F7EBF7C9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gtaUpt" => Key deleted successfully.
C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk => Shortcut argument was removed successfully.
C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument was removed successfully.
C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => Shortcut argument was restored successfully.
C:\Users\Computer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument was removed successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 
HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}" => Key deleted successfully.
HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. 
"HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5E90F9D5-9EAF-4635-AABE-BF5C76212CC9}" => Key deleted successfully.
HKCR\CLSID\{5E90F9D5-9EAF-4635-AABE-BF5C76212CC9} => Key not found. 
"HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}" => Key deleted successfully.
HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. 
"HKU\S-1-5-21-3993077788-801993031-1647673089-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => Key deleted successfully.
HKCR\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => Key not found. 
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\istart_ffnt@gmail.com => value deleted successfully.
C:\Program Files\shopperz => Moved successfully.
C:\Program Files (x86)\Opera => Moved successfully.
C:\Program Files (x86)\Round World => Moved successfully.
C:\ProgramData\{e698de88-2a3a-27c3-e698-8de882a37a20} => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\ProgramData\LolliScan => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Users\Computer\KMSnano.exe => Moved successfully.
C:\Users\Computer\AppData\Local\nsi975D.tmp => Moved successfully.
C:\Users\Computer\AppData\Local\nsg3691.tmp => Moved successfully.
C:\Users\Computer\AppData\Local\nsrB43E.tmp => Moved successfully.
C:\Users\Computer\AppData\Roaming\03000200-1425400332-0500-0006-000700080009 => Moved successfully.
C:\Users\Computer\AppData\Roaming\AnyProtectEx => Moved successfully.
C:\Users\Computer\AppData\Roaming\mystartsearch => Moved successfully.
C:\Users\Computer\AppData\Roaming\Opera Software => Moved successfully.
C:\Users\Computer\AppData\Roaming\VOPackage => Moved successfully.
C:\Users\Computer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully.

========= reg delete HKCU\Software\Google /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Wow6432Node\Google /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========

EmptyTemp: => Removed 125.6 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 18:39:51 ====