﻿Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Pavel at 2015-05-23 21:59:11 Run:1
Running from C:\Users\Pavel\Desktop
Loaded Profiles: Pavel (Available Profiles: Pavel)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2403104 2014-07-25] (NVIDIA Corporation)
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\...\Run: [EPLTarget\P0000000000000000] => C:\windows\system32\spool\DRIVERS\x64\3\E_YATINTE.EXE [298560 2014-03-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\...\MountPoints2: F - F:\AutoRun.exe --autorun
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\...\MountPoints2: G - G:\AutoRun.exe --autorun
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\...\MountPoints2: {c13d633a-41b1-11e4-9619-c0cb38e26c3d} - G:\aocsetup.exe /autorun
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\All.lnk [2014-09-06]
ShortcutTarget: All.lnk -> C:\Windows\all.bat ()

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)

U3 BcmSqlStartupSvc; No ImagePath
S1 ElRawDisk; \??\C:\windows\system32\drivers\rsdrvx64.sys [X]
U4 ERSvc; No ImagePath
U3 IGRS; No ImagePath
U2 IviRegMgr; No ImagePath
U2 ReadyComm.DirectRouter; No ImagePath
U2 RichVideo; No ImagePath
U3 SQLWriter; No ImagePath

C:\Program Files (x86)\Enigma Software Group
2015-05-13 10:02 - 2015-05-13 10:03 - 00015249 _____ () C:\Users\Pavel\Desktop\FRST.txt
2015-05-13 10:01 - 2015-05-13 10:01 - 00112640 _____ (forum.viry.cz) C:\Users\Pavel\Desktop\FRSTLauncher.exe
2015-05-12 18:17 - 2015-05-12 18:01 - 00024064 _____ () C:\windows\zoek-delete.exe
2015-05-12 18:02 - 2015-05-12 18:19 - 00011117 _____ () C:\zoek-results.log
2015-05-12 18:01 - 2015-05-12 18:14 - 00000000 ____D () C:\zoek_backup
2015-05-09 22:55 - 2015-05-09 22:58 - 00000000 ____D () C:\Program Files\trend micro
2015-05-09 22:55 - 2015-05-09 22:55 - 00000000 ____D () C:\rsit

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Speed Launcher

Hosts:
EmptyTemp:
Reboot:
End
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NvBackend => value Removed successfully
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => value Removed successfully
HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 => value Removed successfully
"HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => key Removed successfully
"HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G" => key Removed successfully
"HKU\S-1-5-21-1811233722-2306298940-2485246580-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c13d633a-41b1-11e4-9619-c0cb38e26c3d}" => key Removed successfully
HKCR\CLSID\{c13d633a-41b1-11e4-9619-c0cb38e26c3d} => key not found. 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\All.lnk => Moved successfully.
C:\Windows\all.bat => Moved successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => Value restored successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
SpyHunter 4 Service => Service Removed successfully
BcmSqlStartupSvc => Service Removed successfully
ElRawDisk => Service Removed successfully
ERSvc => Service Removed successfully
IGRS => Service Removed successfully
IviRegMgr => Service Removed successfully
ReadyComm.DirectRouter => Service Removed successfully
RichVideo => Service Removed successfully
SQLWriter => Service Removed successfully
C:\Program Files (x86)\Enigma Software Group => Moved successfully.
C:\Users\Pavel\Desktop\FRST.txt => Moved successfully.
"C:\Users\Pavel\Desktop\FRSTLauncher.exe" => File/Folder not found.
C:\windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
"C:\rsit" => File/Folder not found.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM => key Removed successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Speed Launcher => key Removed successfully
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts restored successfully.
EmptyTemp: => Removed 8.5 GB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:01:41 ====