Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-05-2017
Ran by SYSTEM on MININT-P2GI867 (19-05-2017 00:59:33)
Running from F:\
Platform: Windows 7 Ultimate Service Pack 1 (X86) Language: Čeština (Česká republika)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
[b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b]

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-02-02] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5078504 2013-03-21] (ESET)
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1062296 2014-03-17] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [1341664 2013-03-21] (ESET)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [126128 2012-05-17] (Seiko Epson Corporation)
S3 FlexNet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe [1074480 2014-01-28] (Flexera Software LLC)
S2 NSL; C:\Program Files\Norton Safe Web Lite\Engine\1.2.0.7\ccSvcHst.exe [130000 2010-11-24] (Symantec Corporation)
S4 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2011-04-27] (TuneUp Software)
S4 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051968 2010-09-30] (TuneUp Software)
S2 ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [X]
S2 nlsvc; O:\instalPF\Neu\NLSvc.exe [X]
S2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [X]
S3 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [5313536 2010-02-03] (ATI Technologies Inc.)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [171680 2013-02-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [122240 2013-01-10] (ESET)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [150080 2013-01-10] (ESET)
S1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [46056 2013-01-10] (ESET)
S0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [47568 2013-02-14] (ESET)
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S2 npf; C:\Windows\system32\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-12-12] (Duplex Secure Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 cpuz130; \??\C:\Users\Hlavni\AppData\Local\Temp\cpuz130\cpuz_x32.sys [X]
S2 nldrv; \??\O:\instalPF\Neu\nldrv.sys [X]
S5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-19 00:47 - 2017-05-19 00:59 - 00000000 ____D C:\FRST
2017-05-03 03:18 - 2017-05-03 08:07 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2017-05-01 19:53 - 2017-05-14 01:22 - 01075854 _____ C:\Windows\ntbtlog.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-03 07:57 - 2010-03-17 16:48 - 00000000 ____D C:\Users\Hlavni\nokia5310xpressmusic2

Some files in TEMP:
====================
2013-11-03 12:02 - 2010-03-19 03:51 - 0086864 _____ (Microsoft Corporation) C:\Users\Hlavni\AppData\Local\Temp\deletetemp.exe
2014-12-24 17:04 - 2015-07-23 19:20 - 0204800 _____ (Sony DADC Austria AG) C:\Users\Hlavni\AppData\Local\Temp\drm_dyndata_7370014.dll
2013-11-03 12:02 - 2010-03-19 03:51 - 0168272 _____ (Microsoft Corporation) C:\Users\Hlavni\AppData\Local\Temp\htmllite.dll
2013-01-12 22:09 - 2013-01-12 22:09 - 0896424 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
2013-02-07 20:22 - 2013-02-07 20:23 - 0897448 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
2013-02-16 06:00 - 2013-02-16 06:00 - 0897448 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
2013-03-01 21:00 - 2013-03-01 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
2013-04-05 15:44 - 2013-04-05 15:44 - 0904104 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
2013-06-13 16:36 - 2013-06-13 16:36 - 0903592 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
2013-10-08 19:27 - 2013-10-08 19:27 - 0915368 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
2013-12-19 18:06 - 2013-12-19 18:06 - 0921512 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
2014-05-27 17:12 - 2014-05-27 17:12 - 0918440 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
2014-07-28 06:15 - 2014-07-28 06:15 - 0918440 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
2017-01-24 13:38 - 2017-01-24 13:38 - 0739904 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-8u121-windows-au.exe
2015-05-01 00:37 - 2015-05-01 00:37 - 0562272 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-8u45-windows-au.exe
2015-09-25 12:04 - 2015-09-25 12:05 - 0585824 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-8u60-windows-au.exe
2015-11-04 18:59 - 2015-11-04 18:59 - 0585824 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-8u65-windows-au.exe
2015-11-18 21:02 - 2015-11-18 21:02 - 0585824 _____ (Oracle Corporation) C:\Users\Hlavni\AppData\Local\Temp\jre-8u66-windows-au.exe
2013-06-19 15:46 - 2013-05-10 15:45 - 0120400 _____ (RealNetworks, Inc.) C:\Users\Hlavni\AppData\Local\Temp\lowproc.exe
2004-02-13 11:42 - 2004-02-13 11:42 - 0056832 ____R () C:\Users\Hlavni\AppData\Local\Temp\mpegc.dll
2012-12-26 10:39 - 2012-12-26 10:39 - 0001536 _____ () C:\Users\Hlavni\AppData\Local\Temp\NOSEventMessages.dll
2014-02-23 12:16 - 2016-05-12 13:27 - 0192512 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfamcc00001.dll
2014-02-23 12:19 - 2014-02-23 12:19 - 0192512 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfamcc00002.dll
2014-02-23 12:22 - 2014-02-23 12:22 - 0192512 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfamcc00003.dll
2014-02-23 14:09 - 2014-02-23 18:07 - 0192512 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfamcc00004.dll
2014-02-23 18:09 - 2014-02-23 18:09 - 0192512 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfamcc00005.dll
2012-12-16 10:55 - 2012-12-16 10:55 - 0055296 _____ () C:\Users\Hlavni\AppData\Local\Temp\sfextra.dll
2013-06-19 15:46 - 2013-05-10 16:13 - 0090624 _____ (RealNetworks, Inc.) C:\Users\Hlavni\AppData\Local\Temp\stubhelper.dll
2012-12-25 10:19 - 2012-12-25 10:19 - 1263560 _____ (Symantec Corporation) C:\Users\Hlavni\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_N360_7667.exe

==================== Known DLLs (Whitelisted) =========================


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============


==================== Restore Points  =========================


==================== BCD ================================

Spr vce spouçtŘnˇ syst‚mu Windows
--------------------
identifik tor           {bootmgr}
device                  partition=C:
path                    \bootmgr
description             Windows Boot Manager
locale                  cs-CZ
inherit                 {globalsettings}
default                 {default}
resumeobject            {8e752f40-238b-11df-9371-fa7cd663a50f}
displayorder            {8e752f44-238b-11df-9371-fa7cd663a50f}
                        {8e752f45-238b-11df-9371-fa7cd663a50f}
toolsdisplayorder       {memdiag}
timeout                 30

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f39-238b-11df-9371-fa7cd663a50f}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  cs-CZ
inherit                 {bootloadersettings}
recoverysequence        {8e752f3a-238b-11df-9371-fa7cd663a50f}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {8e752f38-238b-11df-9371-fa7cd663a50f}
nx                      OptIn
bootlog                 No

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f3a-238b-11df-9371-fa7cd663a50f}

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f3e-238b-11df-9371-fa7cd663a50f}

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {default}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  cs-CZ
inherit                 {bootloadersettings}
recoverysequence        {8e752f42-238b-11df-9371-fa7cd663a50f}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {8e752f40-238b-11df-9371-fa7cd663a50f}
nx                      OptIn

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f42-238b-11df-9371-fa7cd663a50f}

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f44-238b-11df-9371-fa7cd663a50f}
device                  partition=D:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate (obnoven‚) 
locale                  cs-CZ
osdevice                partition=D:
systemroot              \Windows
resumeobject            {5a32298b-37b3-11e7-9ad9-806e6f6e6963}

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f45-238b-11df-9371-fa7cd663a50f}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Ultimate (obnoven‚) 
locale                  cs-CZ
osdevice                partition=C:
systemroot              \Windows

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f46-238b-11df-9371-fa7cd663a50f}
device                  ramdisk=[D:]\Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\Winre.wim,{8e752f47-238b-11df-9371-fa7cd663a50f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (obnoven‚) 
locale                  
osdevice                ramdisk=[D:]\Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\Winre.wim,{8e752f47-238b-11df-9371-fa7cd663a50f}
systemroot              \windows
winpe                   Yes

Zav dŘcˇ program pro spouçtŘnˇ syst‚mu Windows
-------------------
identifik tor           {8e752f48-238b-11df-9371-fa7cd663a50f}
device                  ramdisk=[C:]\Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\Winre.wim,{8e752f49-238b-11df-9371-fa7cd663a50f}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (obnoven‚) 
locale                  
osdevice                ramdisk=[C:]\Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\Winre.wim,{8e752f49-238b-11df-9371-fa7cd663a50f}
systemroot              \windows
winpe                   Yes

Obnovenˇ z hibernace
---------------------
identifik tor           {5a32298b-37b3-11e7-9ad9-806e6f6e6963}
device                  partition=D:
path                    \Windows\system32\winresume.exe
description             Windows 7 Ultimate (obnoven‚) 
locale                  cs-CZ
inherit                 {resumeloadersettings}
filedevice              partition=D:
filepath                \hiberfil.sys
pae                     No
debugoptionenabled      No

Obnovenˇ z hibernace
---------------------
identifik tor           {8e752f38-238b-11df-9371-fa7cd663a50f}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  cs-CZ
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
pae                     No
debugoptionenabled      No

Obnovenˇ z hibernace
---------------------
identifik tor           {8e752f40-238b-11df-9371-fa7cd663a50f}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  cs-CZ
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
pae                     No
debugoptionenabled      No

Testov nˇ pamŘti syst‚mu Windows
---------------------
identifik tor           {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Diagnostika pamŘti syst‚mu Windows
locale                  cs-CZ
inherit                 {globalsettings}
badmemoryaccess         Yes

Nastavenˇ slu§by EMS
------------
identifik tor           {emssettings}
bootems                 Yes

Nastavenˇ ladicˇho programu
-----------------
identifik tor           {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

Chyby pamŘti RAM
-----------
identifik tor           {badmemory}

Glob lnˇ nastavenˇ
---------------
identifik tor           {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Nastavenˇ spouçtŘcˇho zavadŘźe
--------------------
identifik tor           {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Nastavenˇ hypervisoru
-------------------
identifik tor           {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Nastavenˇ zavadŘźe obnovenˇ
----------------------
identifik tor           {resumeloadersettings}
inherit                 {globalsettings}

Parametry zaýˇzenˇ
--------------
identifik tor           {8e752f3b-238b-11df-9371-fa7cd663a50f}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor           {8e752f3f-238b-11df-9371-fa7cd663a50f}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\8e752f3e-238b-11df-9371-fa7cd663a50f\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor           {8e752f43-238b-11df-9371-fa7cd663a50f}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\8e752f42-238b-11df-9371-fa7cd663a50f\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor           {8e752f47-238b-11df-9371-fa7cd663a50f}
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\boot.sdi

Parametry zaýˇzenˇ
--------------
identifik tor           {8e752f49-238b-11df-9371-fa7cd663a50f}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\8e752f3a-238b-11df-9371-fa7cd663a50f\boot.sdi


==================== Memory info =========================== 

Percentage of memory in use: 15%
Total physical RAM: 3071.24 MB
Available physical RAM: 2596.6 MB
Total Virtual: 3067.47 MB
Available Virtual: 2614.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.88 GB) (Free:15.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:232.88 GB) (Free:29.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Removable) (Total:7.23 GB) (Free:4.87 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6A3117AC)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7.2 GB) (Disk ID: 00770EA2)
Partition 1: (Active) - (Size=7.2 GB) - (Type=07 NTFS)

LastRegBack: 2017-02-22 14:53

==================== End of FRST.txt ============================