﻿Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by User at 2014-09-01 18:44:00 Run:1
Running from C:\Users\User\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-28] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-07] (Microsoft Corporation)
HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-22] (Google Inc.)
HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\...\MountPoints2: {8a44ef58-97d2-11e2-a554-806e6f6e6963} - D:\autorun.exe

BHO-x32: Í¬˛˝Ň»Ľü°˛×°Ö§łÖ -> {F72C8153-7140-4FEE-8F69-CA4579D71195} -> C:\Program Files (x86)\Tongbu\Addin\tbIEAddin.dll (??????)

S2 0fe17f7f7055ca8.exe; C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d\0fe17f7f7055ca8.exe [X]
S2 8466e4bf6f86000.exe; C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5\8466e4bf6f86000.exe [X]
S2 CronDockWord.exe; C:\Users\User\AppData\Local\CronDockWord\CronDockWord.exe [X]
S2 e177f95e8bcdff0.exe; C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b\e177f95e8bcdff0.exe [X]
S2 FirmwareOfficeRecycle.exe; C:\Users\User\AppData\Local\FirmwareOfficeRecycle\FirmwareOfficeRecycle.exe [X]
S2 WinRST; C:\Program Files (x86)\WinRST\WinRST.exe [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 RegFltrX64; \??\C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f\RegFltrX64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d
C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5
C:\Users\User\AppData\Local\CronDockWord
C:\Users\User\AppData\Local\FirmwareOfficeRecycle
C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b
C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f
c:\Program Files (x86)\WinRST
2014-08-31 17:53 - 2014-08-31 17:55 - 00013094 _____ () C:\Users\User\Desktop\FRST.txt
2014-08-31 17:51 - 2014-08-31 17:51 - 00112640 _____ (forum.viry.cz) C:\Users\User\Desktop\FRSTLauncher.exe
2014-08-31 17:24 - 2014-08-31 17:24 - 00000000 ____D () C:\Users\User\AppData\Local\FirmwareOfficeRecycle
2014-08-31 17:22 - 2014-08-31 17:10 - 00024064 _____ () C:\Windows\zoek-delete.exe
2014-08-31 17:11 - 2014-08-31 17:26 - 00008913 _____ () C:\zoek-results.log
2014-08-31 17:07 - 2014-08-31 17:20 - 00000000 ____D () C:\zoek_backup
2014-08-31 17:06 - 2014-08-31 17:07 - 01288704 _____ () C:\Users\User\Desktop\zoek.exe
2014-08-31 17:06 - 2014-08-31 17:06 - 00000000 ____D () C:\Users\User\Desktop\zoek
2014-08-31 17:05 - 2014-08-31 17:05 - 04245477 _____ () C:\Users\User\Desktop\zoek.rar
2014-08-31 16:55 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-31 16:54 - 2014-08-31 16:56 - 00000000 ____D () C:\AdwCleaner
2014-08-31 16:51 - 2014-08-31 16:51 - 01364531 _____ () C:\Users\User\Desktop\adwcleaner_3.308.exe
2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\rsit
2014-08-31 15:33 - 2014-08-31 15:34 - 00000000 ____D () C:\Program Files\trend micro
2014-08-30 22:03 - 2014-08-30 22:03 - 00002962 _____ () C:\Windows\System32\Tasks\{9D266CD5-2D13-4A10-B4EF-C87DC7066080}
2014-08-29 13:13 - 2014-08-29 13:14 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\Temp:56E2E879

REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f

Hosts:
Reboot:
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXMediaServer => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-04-07] (Microsoft Corporation) => Value not found.
HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
"HKU\S-1-5-21-1570955093-1124358558-1990792310-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8a44ef58-97d2-11e2-a554-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{8a44ef58-97d2-11e2-a554-806e6f6e6963}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F72C8153-7140-4FEE-8F69-CA4579D71195}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{F72C8153-7140-4FEE-8F69-CA4579D71195}" => Key deleted successfully.
0fe17f7f7055ca8.exe => Service deleted successfully.
8466e4bf6f86000.exe => Service deleted successfully.
CronDockWord.exe => Service deleted successfully.
e177f95e8bcdff0.exe => Service deleted successfully.
FirmwareOfficeRecycle.exe => Service deleted successfully.
WinRST => Service deleted successfully.
EagleX64 => Service deleted successfully.
RegFltrX64 => Service deleted successfully.
xhunter1 => Service deleted successfully.
"C:\Users\User\AppData\Local\0c8010b42ce9c0896292f9a00871cf6d" => File/Directory not found.
C:\Users\User\AppData\Local\e5a6946aeccac218acdd006c605848c5 => Moved successfully.
C:\Users\User\AppData\Local\CronDockWord => Moved successfully.

"C:\Users\User\AppData\Local\FirmwareOfficeRecycle" directory move:

Could not move "C:\Users\User\AppData\Local\FirmwareOfficeRecycle" directory. => Scheduled to move on reboot.

"C:\Users\User\AppData\Local\5b37c15f318304c12ff7bd21aaf6bc6b" => File/Directory not found.
C:\Users\User\AppData\Local\95e7150cfbe0077d019a301ebb47332f => Moved successfully.
"c:\Program Files (x86)\WinRST" => File/Directory not found.
C:\Users\User\Desktop\FRST.txt => Moved successfully.
"C:\Users\User\Desktop\FRSTLauncher.exe" => File/Directory not found.

"C:\Users\User\AppData\Local\FirmwareOfficeRecycle" directory move:

Could not move "C:\Users\User\AppData\Local\FirmwareOfficeRecycle" directory. => Scheduled to move on reboot.

C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\User\Desktop\zoek.exe => Moved successfully.
C:\Users\User\Desktop\zoek => Moved successfully.
C:\Users\User\Desktop\zoek.rar => Moved successfully.
C:\Windows\SysWOW64\sqlite3.dll => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\User\Desktop\adwcleaner_3.308.exe => Moved successfully.
C:\rsit => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\Windows\System32\Tasks\{9D266CD5-2D13-4A10-B4EF-C87DC7066080} => Moved successfully.
C:\Users\User\Desktop\mbam-setup-2.0.2.1012.exe => Moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1570955093-1124358558-1990792310-1000UA.job => Moved successfully.
C:\ProgramData\Temp => ":56E2E879" ADS removed successfully.

========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam" /f =========

Operace byla dokonźena ŁspŘçnŘ.



========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-09-01 18:45:36)<=

C:\Users\User\AppData\Local\FirmwareOfficeRecycle => Is moved successfully.
C:\Users\User\AppData\Local\FirmwareOfficeRecycle => Is moved successfully.

==== End of Fixlog ====