Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Filip (administrator) on FILIP-PC on 16-03-2014 19:43:44
Running from C:\Users\Filip\Desktop
Windows 7 Ultimate (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version:
http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version:
http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) X:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) X:\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Piriform Ltd) C:\Program Files\Defraggler\Defraggler64.exe
(Mozilla Corporation) X:\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(forum.viry.cz) C:\Users\Filip\Desktop\FRSTLauncher.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET Smart Security\egui.exe [1923640 2009-10-07] (ESET)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [203928 2009-04-24] (Alcohol Soft Development Team)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\Run: [Steam] - X:\Program Files\Steam\steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3598680 2014-01-31] (Electronic Arts)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_12_0_0_43_Plugin.exe [840072 2014-01-18] (Adobe Systems Incorporated)
HKU\S-1-5-21-1330902678-333504010-4275633657-1000\...\MountPoints2: {efb9267c-7f92-11e3-ab0f-806e6f6e6963} - D:\Autorun.exe
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.89.1.2 193.85.214.17
FireFox:
========
FF ProfilePath: C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\9ok0xkrl.default
FF Homepage: hxxp://
www.seznam.cz/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: DownThemAll! - C:\Users\Filip\AppData\Roaming\Mozilla\Firefox\Profiles\9ok0xkrl.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-01-19]
FF StartMenuInternet: FIREFOX.EXE - X:\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-29] (Advanced Micro Devices, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363616 2014-01-03] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [23296 2009-10-07] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [472280 2009-10-07] (ESET)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-01-31] ()
==================== Drivers (Whitelisted) ====================
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices)
R2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [44944 2009-10-07] (ESET)
R1 easdrv; C:\Windows\System32\DRIVERS\easdrv.sys [54232 2009-10-07] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [82536 2009-10-07] (ESET)
R3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33608 2009-10-07] (ESET)
R1 epfwtdi; C:\Windows\System32\DRIVERS\epfwtdi.sys [68616 2009-10-07] (ESET)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2014-01-18] ()
U3 ap4aqf5r; C:\Windows\System32\Drivers\ap4aqf5r.sys [0 ] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-16 19:43 - 2014-03-16 19:44 - 00009116 _____ () C:\Users\Filip\Desktop\FRST.txt
2014-03-16 19:43 - 2014-03-16 19:43 - 00000000 ____D () C:\FRST
2014-03-16 19:39 - 2014-03-13 04:38 - 02157056 _____ (Farbar) C:\Users\Filip\Desktop\FRST64.exe
2014-03-16 19:39 - 2013-12-05 16:07 - 00112640 _____ (forum.viry.cz) C:\Users\Filip\Desktop\FRSTLauncher.exe
2014-03-16 18:15 - 2014-02-25 20:32 - 00000000 ____D () C:\Users\Filip\Desktop\Electronic Super Joy OST
2014-03-16 17:59 - 2014-02-25 21:15 - 177654958 _____ () C:\Users\Filip\Downloads\Electronic-Super-Joy-OST.rar
2014-03-16 16:45 - 2010-09-20 13:05 - 06664704 _____ (Hazar & Co.) C:\Users\Filip\Desktop\RemoveWAT.exe
2014-03-15 14:27 - 2014-03-16 16:49 - 00000168 _____ () C:\Windows\setupact.log
2014-03-15 14:27 - 2014-03-15 14:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 13:30 - 2014-03-16 16:55 - 00000000 ____D () C:\Program Files\Defraggler
2014-03-15 13:30 - 2014-03-16 08:23 - 00001768 _____ () C:\Users\Filip\Desktop\Defraggler.lnk
2014-02-24 17:47 - 2014-03-15 12:48 - 00000000 ____D () C:\Windows\Minidump
2014-02-16 12:02 - 2014-02-16 12:02 - 00000000 ____D () C:\Users\Filip\AppData\Local\Blizzard Entertainment
==================== One Month Modified Files and Folders =======
2014-03-16 19:44 - 2014-03-16 19:43 - 00009116 _____ () C:\Users\Filip\Desktop\FRST.txt
2014-03-16 19:43 - 2014-03-16 19:43 - 00000000 ____D () C:\FRST
2014-03-16 16:56 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-16 16:56 - 2009-07-14 05:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-16 16:55 - 2014-03-15 13:30 - 00000000 ____D () C:\Program Files\Defraggler
2014-03-16 16:49 - 2014-03-15 14:27 - 00000168 _____ () C:\Windows\setupact.log
2014-03-16 16:49 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 16:47 - 2014-01-17 17:21 - 00366282 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 16:46 - 2009-07-14 00:56 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2014-03-16 16:46 - 2009-07-14 00:52 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2014-03-16 16:46 - 2009-07-14 00:38 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-03-16 16:46 - 2009-07-14 00:36 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll
2014-03-16 16:46 - 2009-07-14 00:24 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-03-16 08:23 - 2014-03-15 13:30 - 00001768 _____ () C:\Users\Filip\Desktop\Defraggler.lnk
2014-03-15 18:10 - 2009-07-14 16:18 - 00665706 _____ () C:\Windows\system32\perfh005.dat
2014-03-15 18:10 - 2009-07-14 16:18 - 00139402 _____ () C:\Windows\system32\perfc005.dat
2014-03-15 18:10 - 2009-07-14 06:13 - 01575230 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-15 14:27 - 2014-03-15 14:27 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-15 13:26 - 2014-01-18 12:44 - 00000000 ____D () C:\Users\Filip\Desktop\Hry
2014-03-15 12:48 - 2014-02-24 17:47 - 00000000 ____D () C:\Windows\Minidump
2014-03-14 21:45 - 2014-01-18 12:04 - 00000000 ____D () C:\Users\Filip\AppData\Roaming\.minecraft
2014-03-14 15:56 - 2014-01-18 17:40 - 00000000 ____D () C:\Users\Filip\AppData\Roaming\Skype
2014-03-13 04:38 - 2014-03-16 19:39 - 02157056 _____ (Farbar) C:\Users\Filip\Desktop\FRST64.exe
2014-03-10 15:27 - 2014-01-18 17:39 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 22:03 - 2014-01-18 11:30 - 00001974 _____ () C:\Users\Filip\Desktop\Software.lnk
2014-02-27 20:05 - 2014-01-31 16:50 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-25 21:15 - 2014-03-16 17:59 - 177654958 _____ () C:\Users\Filip\Downloads\Electronic-Super-Joy-OST.rar
2014-02-25 20:32 - 2014-03-16 18:15 - 00000000 ____D () C:\Users\Filip\Desktop\Electronic Super Joy OST
2014-02-24 17:45 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-17 17:52 - 2014-02-05 14:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 12:02 - 2014-02-16 12:02 - 00000000 ____D () C:\Users\Filip\AppData\Local\Blizzard Entertainment
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: ESET Smart Security 3.0 (Enabled - Up to date) {CB0F8167-5331-BA19-698E-64816B6801A5}
AS: ESET Smart Security 3.0 (Enabled - Up to date) {706E6083-750B-B597-533E-5FF310EF4B18}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall (Enabled) {F3340042-195E-BB41-42D1-CDB495BB46DE}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Users\Filip\Desktop" je 218 MB.
***** Startup Programs *****
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000
==================== End Of Log ==============================
Omlouvam se kolegovi za vstup