Policejní malware
Napsal: 05 říj 2013 11:38
Dobrý den,
můj počítač napadnul "policejní virus".Posílám výstup z FRST. Předem děkuju za radu.
Soubor FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by pmg-local (administrator) on CZPRA6NTB021 on 05-10-2013 12:28:23
Running from C:\Users\pmg-local\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\RServer3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cryptocardRdpM2Mreg] - C:\Windows\System32\rdpM2M.vbs [119 2011-04-19] ()
HKLM\...\Run: [Apoint] - X:\Program Files\DellTPad\Apoint.exe
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7470592 2012-06-14] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [11937552 2010-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKU\&tykam\...\Run: [DellSystemDetect] - C:\Users\&tykam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-05-30] ()
HKU\&tykam\...\Policies\system: [NoDispScrSavPage] 1
HKU\&tykam\...\Policies\system: [SetVisualStyle]
HKU\&tykam\...\Policies\system: [HideLogonScripts] 0
HKU\&tykam\...\Policies\system: [HideLogoffScripts] 0
HKU\straj\...\Run: [Jl3JcfDkW] - C:\Users\straj\AppData\Local\fvJcrgR.exe [233472 2013-10-05] (Корпорация Майкрософт)
HKU\straj\...\Policies\system: [NoDispScrSavPage] 1
HKU\straj\...\Policies\system: [SetVisualStyle]
HKU\straj\...\Policies\system: [HideLogonScripts] 0
HKU\straj\...\Policies\system: [HideLogoffScripts] 0
HKU\veess\...\Policies\system: [Wallpaper] %Systemroot%\System32\pmg.jpg
HKU\veess\...\Policies\system: [WallpaperStyle] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x685E1DF83760CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXc ... atgpc1.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
==================== Services (Whitelisted) =================
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1242480 2010-04-21] (Famatech Corp.)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2012-06-14] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-05-30] (Broadcom Corporation.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [101416 2011-11-25] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-11-25] (Copyright(c) Digitech Systems)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-11-25] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-11-25] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-11-25] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-11-25] (MCCI Corporation)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2010-04-21] (Famatech International Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2011-11-25] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [217856 2011-11-25] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [217856 2011-11-25] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2011-11-25] (Novatel Wireless Inc.)
R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2011-11-25] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2011-11-25] (QUALCOMM Incorporated)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68680 2010-04-21] (Famatech Corp.)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2011-11-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-05 12:27 - 2013-10-05 12:27 - 01954124 _____ (Farbar) C:\Users\pmg-local\Desktop\FRST64.exe
2013-10-05 12:27 - 2013-10-05 12:27 - 00000000 ____D C:\FRST
2013-10-05 12:13 - 2013-10-05 12:13 - 00000000 ____D C:\Users\straj\Tracing
2013-10-05 11:45 - 2013-10-05 11:45 - 00017861 _____ C:\ComboFix.txt
2013-10-05 11:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 11:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 11:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 11:33 - 2013-10-05 11:45 - 00000000 ____D C:\Qoobox
2013-10-05 11:33 - 2013-10-05 11:42 - 00000000 ____D C:\Windows\erdnt
2013-10-05 11:32 - 2013-10-05 11:33 - 05130782 ____R (Swearware) C:\Users\pmg-local\Desktop\ComboFix.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00233472 _____ (Корпорация Майкрософт) C:\Users\straj\AppData\Local\fvJcrgR.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00170346 _____ C:\Users\straj\AppData\Local\db74157d-7d18-4fd5-9263-45c80450ad55
2013-10-04 17:37 - 2013-10-04 17:37 - 00144823 _____ C:\Users\straj\Desktop\!Tabulka najemcu.xlsx
2013-10-03 21:21 - 2013-10-03 22:32 - 00075264 _____ C:\Users\straj\Desktop\LEED - RUSTONKA-130925.xls
2013-10-02 14:28 - 2013-10-02 14:28 - 19048344 _____ C:\Users\straj\Desktop\Debug.rar
2013-10-01 18:36 - 2013-10-02 11:57 - 00000000 ____D C:\Users\straj\AppData\Local\Deployment
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Apps\2.0
2013-10-01 15:33 - 2013-10-01 15:33 - 00000000 ____D C:\Users\straj\Documents\Visual Studio 2005
2013-10-01 09:21 - 2013-10-01 09:21 - 00000232 _____ C:\Users\straj\Documents\plot.log
2013-09-30 18:48 - 2013-09-30 21:45 - 00000000 ____D C:\Users\straj\Desktop\09_2013 - září
2013-09-26 18:03 - 2013-09-26 18:03 - 00000000 ____D C:\Users\straj\Desktop\vyber
2013-09-25 08:56 - 2013-09-24 19:28 - 00129024 _____ C:\Users\straj\Desktop\!Stavba-prejimky.xlsx
2013-09-18 10:42 - 2013-09-19 18:59 - 00032256 _____ C:\Users\straj\Desktop\seznam OJ ke kolaudaci.xls
2013-09-13 15:58 - 2013-09-13 15:58 - 110928927 _____ C:\Users\straj\Desktop\ips-105.zip
2013-09-12 16:30 - 2013-09-12 16:30 - 40353772 _____ C:\Users\straj\Desktop\pøipomínky_HIP.zip
2013-09-05 16:54 - 2013-09-05 16:54 - 00000000 ____D C:\Users\straj\AppData\Local\IsolatedStorage
==================== One Month Modified Files and Folders =======
2013-10-05 12:28 - 2013-05-29 00:11 - 01653530 _____ C:\Windows\WindowsUpdate.log
2013-10-05 12:27 - 2013-10-05 12:27 - 01954124 _____ (Farbar) C:\Users\pmg-local\Desktop\FRST64.exe
2013-10-05 12:27 - 2013-10-05 12:27 - 00000000 ____D C:\FRST
2013-10-05 12:27 - 2013-06-03 10:46 - 00000000 ____D C:\Users\pmg-local\Tracing
2013-10-05 12:26 - 2013-05-29 00:12 - 00000393 _____ C:\Windows\SMSCFG.INI
2013-10-05 12:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 12:25 - 2009-07-14 06:51 - 00046642 _____ C:\Windows\setupact.log
2013-10-05 12:13 - 2013-10-05 12:13 - 00000000 ____D C:\Users\straj\Tracing
2013-10-05 12:13 - 2013-05-29 12:46 - 00000000 ____D C:\Users\straj
2013-10-05 12:11 - 2009-07-14 07:13 - 00799722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 12:11 - 2009-07-14 06:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 12:11 - 2009-07-14 06:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 11:53 - 2010-11-21 05:47 - 00015564 _____ C:\Windows\PFRO.log
2013-10-05 11:45 - 2013-10-05 11:45 - 00017861 _____ C:\ComboFix.txt
2013-10-05 11:45 - 2013-10-05 11:33 - 00000000 ____D C:\Qoobox
2013-10-05 11:45 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-05 11:42 - 2013-10-05 11:33 - 00000000 ____D C:\Windows\erdnt
2013-10-05 11:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-05 11:33 - 2013-10-05 11:32 - 05130782 ____R (Swearware) C:\Users\pmg-local\Desktop\ComboFix.exe
2013-10-05 11:24 - 2012-02-07 14:40 - 00813156 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-05 08:45 - 2013-10-05 08:45 - 00233472 _____ (Корпорация Майкрософт) C:\Users\straj\AppData\Local\fvJcrgR.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00170346 _____ C:\Users\straj\AppData\Local\db74157d-7d18-4fd5-9263-45c80450ad55
2013-10-04 17:37 - 2013-10-04 17:37 - 00144823 _____ C:\Users\straj\Desktop\!Tabulka najemcu.xlsx
2013-10-03 22:32 - 2013-10-03 21:21 - 00075264 _____ C:\Users\straj\Desktop\LEED - RUSTONKA-130925.xls
2013-10-02 14:28 - 2013-10-02 14:28 - 19048344 _____ C:\Users\straj\Desktop\Debug.rar
2013-10-02 11:57 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Deployment
2013-10-02 07:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Apps\2.0
2013-10-01 15:33 - 2013-10-01 15:33 - 00000000 ____D C:\Users\straj\Documents\Visual Studio 2005
2013-10-01 15:33 - 2013-05-29 12:46 - 00000000 ____D C:\Users\straj\AppData\Local\Microsoft Help
2013-10-01 09:21 - 2013-10-01 09:21 - 00000232 _____ C:\Users\straj\Documents\plot.log
2013-10-01 08:29 - 2013-07-01 08:55 - 00193536 _____ C:\Users\straj\Desktop\Timesheet Vlcek 12-06.xls
2013-09-30 21:45 - 2013-09-30 18:48 - 00000000 ____D C:\Users\straj\Desktop\09_2013 - září
2013-09-30 18:51 - 2013-06-05 19:22 - 00000000 ____D C:\Users\straj\AppData\Local\MultiCommander
2013-09-27 14:32 - 2013-05-28 15:32 - 00039216 __RSH C:\ProgramData\ntuser.pol
2013-09-27 14:31 - 2013-05-29 00:10 - 00000304 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-26 18:03 - 2013-09-26 18:03 - 00000000 ____D C:\Users\straj\Desktop\vyber
2013-09-24 19:28 - 2013-09-25 08:56 - 00129024 _____ C:\Users\straj\Desktop\!Stavba-prejimky.xlsx
2013-09-19 18:59 - 2013-09-18 10:42 - 00032256 _____ C:\Users\straj\Desktop\seznam OJ ke kolaudaci.xls
2013-09-13 15:58 - 2013-09-13 15:58 - 110928927 _____ C:\Users\straj\Desktop\ips-105.zip
2013-09-12 16:30 - 2013-09-12 16:30 - 40353772 _____ C:\Users\straj\Desktop\pøipomínky_HIP.zip
2013-09-09 10:54 - 2013-08-01 10:33 - 00000000 ____D C:\Users\straj\Documents\My Received Files
2013-09-05 16:54 - 2013-09-05 16:54 - 00000000 ____D C:\Users\straj\AppData\Local\IsolatedStorage
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 10:14
==================== End Of Log ============================
Soubor Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by pmg-local at 2013-10-05 12:29:07
Running from C:\Users\pmg-local\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
AGRESSO Common Files (x32 Version: 5.5002.222)
AGRESSO Trust (GAC) (x32 Version: 5.5.2000)
AGRESSO VBA Files (x32 Version: 5.5002.144)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686)
Autodesk Navisworks Freedom 2012 English Language Pack (Version: 9.0.69.686)
Bentley View V8i (SELECTseries 2) 08.11.07.440 (x32 Version: 8.11.7.440)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citrix online plug-in - web (x32 Version: 12.1.44.1)
Citrix online plug-in (DV) (x32 Version: 12.1.44.1)
Citrix online plug-in (HDX) (x32 Version: 12.1.44.1)
Citrix online plug-in (USB) (x32 Version: 12.1.44.1)
Citrix online plug-in (Web) (x32 Version: 12.1.44.1)
Configuration Manager Client (x32 Version: 4.00.6487.2000)
CRYPTOCard BlackShield ID Software Tools (Version: 1.04.1000)
CutePDF Writer 2.8
Dell Touchpad (Version: 7.1208.101.116)
DHTML Editing Component (x32 Version: 6.02.0002)
DW WLAN Card Utility (Version: 5.100.82.142)
DWG TrueView 2012 (Version: 18.2.51.0)
FreeCommander 2009.02b (x32 Version: 2009.02)
Google SketchUp 8 (x32 Version: 3.0.4811)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.7.248)
IZArc 4.1.6 (x32 Version: 4.1.6)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Endpoint Protection Management Components (Version: 4.1.0522.0)
Microsoft Forefront Endpoint Protection (Version: 4.1.522.0)
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.1.0522.0)
Microsoft Lync 2010 (Version: 4.0.7577.0)
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.4763.1028)
Microsoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.4763.1030)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Estonian) 2010 (x32 Version: 14.0.4763.1025)
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.4763.1028)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Greek) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hindi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Kannada) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.4763.1025)
Microsoft Office Proof (Korean) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Latvian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Marathi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.4763.1004)
Microsoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.4763.1004)
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.4763.1006)
Microsoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Romanian) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.4763.1030)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.4763.1017)
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.4763.1017)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Tamil) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Telugu) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Thai) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Turkish) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Urdu) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Kit 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing Tools Kit Compilation 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Silverlight (x32 Version: 4.0.60831.0)
Microsoft Visio Viewer 2010 (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Notepad++ (x32 Version: 5.9.8)
PDF-Viewer (Version: 2.5.211.0)
Radmin Server 3.4 (x32 Version: 3.41.0000)
Radmin Viewer 3.4 (x32 Version: 3.41.0000)
Simple PDF Merger 1.0 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32)
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32)
VLC media player 2.0.1 (x32 Version: 2.0.1)
WIDCOMM Bluetooth Software (Version: 6.5.1.4000)
==================== Restore Points =========================
22-08-2013 14:10:11 Windows Update
26-08-2013 06:15:12 Windows Update
29-08-2013 14:10:02 Windows Update
02-09-2013 14:07:21 Windows Update
06-09-2013 10:50:40 Windows Update
10-09-2013 09:17:44 Windows Update
13-09-2013 11:24:03 Windows Update
16-09-2013 14:35:55 Windows Update
19-09-2013 14:51:47 Windows Update
23-09-2013 06:18:37 Windows Update
26-09-2013 14:09:37 Windows Update
30-09-2013 06:52:50 Windows Update
03-10-2013 14:45:39 Windows Update
05-10-2013 09:34:34 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-10-05 11:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {C323CE9C-1861-4A7F-9FB5-30CD73752B34} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-23 15:26 - 2010-03-23 15:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/05/2013 00:25:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:12:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:03:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 11:53:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:34:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:17:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 08:48:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 07:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient) (User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F001Failed to download baseline CI Id ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F00, version 1.00.
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient) (User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C1Failed to download baseline CI Id ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C, version 1.00.
System errors:
=============
Error: (10/05/2013 00:27:37 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
Error: (10/05/2013 00:26:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/05/2013 00:25:44 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:25:32 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PM due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (10/05/2013 00:13:12 PM) (Source: Microsoft-Windows-GroupPolicy) (User: )
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:13:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/05/2013 00:12:32 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:12:20 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PM due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (10/05/2013 00:05:31 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
Error: (10/05/2013 00:04:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
Error: (10/05/2013 00:25:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:12:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:03:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 11:53:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:34:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:17:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 08:48:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 07:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient)(User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F001.00
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient)(User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C1.00
CodeIntegrity Errors:
===================================
Date: 2013-10-05 11:41:36.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-05 11:41:36.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-05-30 14:41:00.540
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:29:01.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:23:57.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:02:15.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:40:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:19:06.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:08:03.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 11:53:48.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 3969.1 MB
Available physical RAM: 2897.66 MB
Total Pagefile: 7936.39 MB
Available Pagefile: 6791.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OSDisk) (Fixed) (Total:465.66 GB) (Free:411.35 GB) NTFS
Drive e: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.58 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1CEC89C4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
můj počítač napadnul "policejní virus".Posílám výstup z FRST. Předem děkuju za radu.
Soubor FRST:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by pmg-local (administrator) on CZPRA6NTB021 on 05-10-2013 12:28:23
Running from C:\Users\pmg-local\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(O2Micro International) C:\Windows\system32\DRIVERS\o2flash.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\RServer3.exe
(Microsoft Corporation) C:\Windows\SysWOW64\CCM\CcmExec.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Famatech Corp.) C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [cryptocardRdpM2Mreg] - C:\Windows\System32\rdpM2M.vbs [119 2011-04-19] ()
HKLM\...\Run: [Apoint] - X:\Program Files\DellTPad\Apoint.exe
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [7470592 2012-06-14] (Dell Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1289704 2012-09-12] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [11937552 2010-10-22] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291280 2012-12-21] (Intel Corporation)
HKU\&tykam\...\Run: [DellSystemDetect] - C:\Users\&tykam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-05-30] ()
HKU\&tykam\...\Policies\system: [NoDispScrSavPage] 1
HKU\&tykam\...\Policies\system: [SetVisualStyle]
HKU\&tykam\...\Policies\system: [HideLogonScripts] 0
HKU\&tykam\...\Policies\system: [HideLogoffScripts] 0
HKU\straj\...\Run: [Jl3JcfDkW] - C:\Users\straj\AppData\Local\fvJcrgR.exe [233472 2013-10-05] (Корпорация Майкрософт)
HKU\straj\...\Policies\system: [NoDispScrSavPage] 1
HKU\straj\...\Policies\system: [SetVisualStyle]
HKU\straj\...\Policies\system: [HideLogonScripts] 0
HKU\straj\...\Policies\system: [HideLogoffScripts] 0
HKU\veess\...\Policies\system: [Wallpaper] %Systemroot%\System32\pmg.jpg
HKU\veess\...\Policies\system: [WallpaperStyle] 0
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x685E1DF83760CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXc ... atgpc1.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
==================== Services (Whitelisted) =================
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22072 2012-09-12] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368896 2012-09-12] (Microsoft Corporation)
R2 RServer3; C:\Windows\SysWOW64\rserver30\RServer3.exe [1242480 2010-04-21] (Famatech Corp.)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE [48128 2012-06-14] (Dell Inc.)
==================== Drivers (Whitelisted) ====================
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-05-30] (Broadcom Corporation.)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [101416 2011-11-25] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-11-25] (Copyright(c) Digitech Systems)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2011-11-25] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2011-11-25] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [411208 2011-11-25] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [419912 2011-11-25] (MCCI Corporation)
R3 mirrorv3; C:\Windows\System32\DRIVERS\rminiv3.sys [5632 2010-04-21] (Famatech International Corp.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2011-11-25] (Novatel Wireless Inc)
S3 NWDellPort; C:\Windows\system32\drivers\nwdelser.sys [217856 2011-11-25] (Novatel Wireless Inc.)
S3 NWDellPort2; C:\Windows\system32\drivers\nwdelser2.sys [217856 2011-11-25] (Novatel Wireless Inc.)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2011-11-25] (Novatel Wireless Inc.)
R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
R3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 qcfilterdl2k; C:\Windows\system32\drivers\qcfilterdl2k.sys [6400 2011-11-25] (QUALCOMM Incorporated)
S3 qcusbserdl2k; C:\Windows\system32\drivers\qcusbserdl2k.sys [230784 2011-11-25] (QUALCOMM Incorporated)
R1 raddrvv3; C:\Windows\SysWOW64\rserver30\raddrvv3.sys [68680 2010-04-21] (Famatech Corp.)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2011-11-25] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-05 12:27 - 2013-10-05 12:27 - 01954124 _____ (Farbar) C:\Users\pmg-local\Desktop\FRST64.exe
2013-10-05 12:27 - 2013-10-05 12:27 - 00000000 ____D C:\FRST
2013-10-05 12:13 - 2013-10-05 12:13 - 00000000 ____D C:\Users\straj\Tracing
2013-10-05 11:45 - 2013-10-05 11:45 - 00017861 _____ C:\ComboFix.txt
2013-10-05 11:34 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-05 11:34 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-05 11:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-05 11:34 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-05 11:33 - 2013-10-05 11:45 - 00000000 ____D C:\Qoobox
2013-10-05 11:33 - 2013-10-05 11:42 - 00000000 ____D C:\Windows\erdnt
2013-10-05 11:32 - 2013-10-05 11:33 - 05130782 ____R (Swearware) C:\Users\pmg-local\Desktop\ComboFix.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00233472 _____ (Корпорация Майкрософт) C:\Users\straj\AppData\Local\fvJcrgR.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00170346 _____ C:\Users\straj\AppData\Local\db74157d-7d18-4fd5-9263-45c80450ad55
2013-10-04 17:37 - 2013-10-04 17:37 - 00144823 _____ C:\Users\straj\Desktop\!Tabulka najemcu.xlsx
2013-10-03 21:21 - 2013-10-03 22:32 - 00075264 _____ C:\Users\straj\Desktop\LEED - RUSTONKA-130925.xls
2013-10-02 14:28 - 2013-10-02 14:28 - 19048344 _____ C:\Users\straj\Desktop\Debug.rar
2013-10-01 18:36 - 2013-10-02 11:57 - 00000000 ____D C:\Users\straj\AppData\Local\Deployment
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Apps\2.0
2013-10-01 15:33 - 2013-10-01 15:33 - 00000000 ____D C:\Users\straj\Documents\Visual Studio 2005
2013-10-01 09:21 - 2013-10-01 09:21 - 00000232 _____ C:\Users\straj\Documents\plot.log
2013-09-30 18:48 - 2013-09-30 21:45 - 00000000 ____D C:\Users\straj\Desktop\09_2013 - září
2013-09-26 18:03 - 2013-09-26 18:03 - 00000000 ____D C:\Users\straj\Desktop\vyber
2013-09-25 08:56 - 2013-09-24 19:28 - 00129024 _____ C:\Users\straj\Desktop\!Stavba-prejimky.xlsx
2013-09-18 10:42 - 2013-09-19 18:59 - 00032256 _____ C:\Users\straj\Desktop\seznam OJ ke kolaudaci.xls
2013-09-13 15:58 - 2013-09-13 15:58 - 110928927 _____ C:\Users\straj\Desktop\ips-105.zip
2013-09-12 16:30 - 2013-09-12 16:30 - 40353772 _____ C:\Users\straj\Desktop\pøipomínky_HIP.zip
2013-09-05 16:54 - 2013-09-05 16:54 - 00000000 ____D C:\Users\straj\AppData\Local\IsolatedStorage
==================== One Month Modified Files and Folders =======
2013-10-05 12:28 - 2013-05-29 00:11 - 01653530 _____ C:\Windows\WindowsUpdate.log
2013-10-05 12:27 - 2013-10-05 12:27 - 01954124 _____ (Farbar) C:\Users\pmg-local\Desktop\FRST64.exe
2013-10-05 12:27 - 2013-10-05 12:27 - 00000000 ____D C:\FRST
2013-10-05 12:27 - 2013-06-03 10:46 - 00000000 ____D C:\Users\pmg-local\Tracing
2013-10-05 12:26 - 2013-05-29 00:12 - 00000393 _____ C:\Windows\SMSCFG.INI
2013-10-05 12:25 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-05 12:25 - 2009-07-14 06:51 - 00046642 _____ C:\Windows\setupact.log
2013-10-05 12:13 - 2013-10-05 12:13 - 00000000 ____D C:\Users\straj\Tracing
2013-10-05 12:13 - 2013-05-29 12:46 - 00000000 ____D C:\Users\straj
2013-10-05 12:11 - 2009-07-14 07:13 - 00799722 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-05 12:11 - 2009-07-14 06:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-05 12:11 - 2009-07-14 06:45 - 00019344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-05 11:53 - 2010-11-21 05:47 - 00015564 _____ C:\Windows\PFRO.log
2013-10-05 11:45 - 2013-10-05 11:45 - 00017861 _____ C:\ComboFix.txt
2013-10-05 11:45 - 2013-10-05 11:33 - 00000000 ____D C:\Qoobox
2013-10-05 11:45 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-10-05 11:42 - 2013-10-05 11:33 - 00000000 ____D C:\Windows\erdnt
2013-10-05 11:42 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-10-05 11:33 - 2013-10-05 11:32 - 05130782 ____R (Swearware) C:\Users\pmg-local\Desktop\ComboFix.exe
2013-10-05 11:24 - 2012-02-07 14:40 - 00813156 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-05 08:45 - 2013-10-05 08:45 - 00233472 _____ (Корпорация Майкрософт) C:\Users\straj\AppData\Local\fvJcrgR.exe
2013-10-05 08:45 - 2013-10-05 08:45 - 00170346 _____ C:\Users\straj\AppData\Local\db74157d-7d18-4fd5-9263-45c80450ad55
2013-10-04 17:37 - 2013-10-04 17:37 - 00144823 _____ C:\Users\straj\Desktop\!Tabulka najemcu.xlsx
2013-10-03 22:32 - 2013-10-03 21:21 - 00075264 _____ C:\Users\straj\Desktop\LEED - RUSTONKA-130925.xls
2013-10-02 14:28 - 2013-10-02 14:28 - 19048344 _____ C:\Users\straj\Desktop\Debug.rar
2013-10-02 11:57 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Deployment
2013-10-02 07:33 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\NDF
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\Users\straj\AppData\Local\Apps\2.0
2013-10-01 15:33 - 2013-10-01 15:33 - 00000000 ____D C:\Users\straj\Documents\Visual Studio 2005
2013-10-01 15:33 - 2013-05-29 12:46 - 00000000 ____D C:\Users\straj\AppData\Local\Microsoft Help
2013-10-01 09:21 - 2013-10-01 09:21 - 00000232 _____ C:\Users\straj\Documents\plot.log
2013-10-01 08:29 - 2013-07-01 08:55 - 00193536 _____ C:\Users\straj\Desktop\Timesheet Vlcek 12-06.xls
2013-09-30 21:45 - 2013-09-30 18:48 - 00000000 ____D C:\Users\straj\Desktop\09_2013 - září
2013-09-30 18:51 - 2013-06-05 19:22 - 00000000 ____D C:\Users\straj\AppData\Local\MultiCommander
2013-09-27 14:32 - 2013-05-28 15:32 - 00039216 __RSH C:\ProgramData\ntuser.pol
2013-09-27 14:31 - 2013-05-29 00:10 - 00000304 _____ C:\Windows\system32\config\netlogon.ftl
2013-09-26 18:03 - 2013-09-26 18:03 - 00000000 ____D C:\Users\straj\Desktop\vyber
2013-09-24 19:28 - 2013-09-25 08:56 - 00129024 _____ C:\Users\straj\Desktop\!Stavba-prejimky.xlsx
2013-09-19 18:59 - 2013-09-18 10:42 - 00032256 _____ C:\Users\straj\Desktop\seznam OJ ke kolaudaci.xls
2013-09-13 15:58 - 2013-09-13 15:58 - 110928927 _____ C:\Users\straj\Desktop\ips-105.zip
2013-09-12 16:30 - 2013-09-12 16:30 - 40353772 _____ C:\Users\straj\Desktop\pøipomínky_HIP.zip
2013-09-09 10:54 - 2013-08-01 10:33 - 00000000 ____D C:\Users\straj\Documents\My Received Files
2013-09-05 16:54 - 2013-09-05 16:54 - 00000000 ____D C:\Users\straj\AppData\Local\IsolatedStorage
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-01 10:14
==================== End Of Log ============================
Soubor Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by pmg-local at 2013-10-05 12:29:07
Running from C:\Users\pmg-local\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AS: Microsoft Forefront Endpoint Protection (Enabled - Up to date) {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 13.2.1)
7-Zip 9.20 (x32)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader X (10.1.0) MUI (x32 Version: 10.1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
AGRESSO Common Files (x32 Version: 5.5002.222)
AGRESSO Trust (GAC) (x32 Version: 5.5.2000)
AGRESSO VBA Files (x32 Version: 5.5002.144)
Autodesk Design Review 2012 (x32 Version: 12.0.0.98)
Autodesk Material Library 2012 (x32 Version: 2.5.0.8)
Autodesk Material Library Base Resolution Image Library 2012 (x32 Version: 2.5.0.8)
Autodesk Navisworks Freedom 2012 (Version: 9.0.69.686)
Autodesk Navisworks Freedom 2012 English Language Pack (Version: 9.0.69.686)
Bentley View V8i (SELECTseries 2) 08.11.07.440 (x32 Version: 8.11.7.440)
Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.7)
Citrix online plug-in - web (x32 Version: 12.1.44.1)
Citrix online plug-in (DV) (x32 Version: 12.1.44.1)
Citrix online plug-in (HDX) (x32 Version: 12.1.44.1)
Citrix online plug-in (USB) (x32 Version: 12.1.44.1)
Citrix online plug-in (Web) (x32 Version: 12.1.44.1)
Configuration Manager Client (x32 Version: 4.00.6487.2000)
CRYPTOCard BlackShield ID Software Tools (Version: 1.04.1000)
CutePDF Writer 2.8
Dell Touchpad (Version: 7.1208.101.116)
DHTML Editing Component (x32 Version: 6.02.0002)
DW WLAN Card Utility (Version: 5.100.82.142)
DWG TrueView 2012 (Version: 18.2.51.0)
FreeCommander 2009.02b (x32 Version: 2009.02)
Google SketchUp 8 (x32 Version: 3.0.4811)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.7.248)
IZArc 4.1.6 (x32 Version: 4.1.6)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Endpoint Protection Management Components (Version: 4.1.0522.0)
Microsoft Forefront Endpoint Protection (Version: 4.1.522.0)
Microsoft Forefront Endpoint Protection 2010 Server Management (Version: 4.1.0522.0)
Microsoft Lync 2010 (Version: 4.0.7577.0)
Microsoft Office 2010 Primary Interop Assemblies (x32 Version: 14.0.4763.1024)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Simplified)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Chinese (Traditional)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (Version: 14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (x32 Version: 14.0.4763.1028)
Microsoft Office Proof (Bulgarian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Catalan) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Chinese (Simplified)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Chinese (Traditional)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Croatian) 2010 (x32 Version: 14.0.4763.1030)
Microsoft Office Proof (Czech) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Danish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Estonian) 2010 (x32 Version: 14.0.4763.1025)
Microsoft Office Proof (Finnish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (x32 Version: 14.0.4763.1028)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Greek) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Gujarati) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hebrew) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hindi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Hungarian) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Kannada) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Kazakh) 2010 (x32 Version: 14.0.4763.1025)
Microsoft Office Proof (Korean) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Latvian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Lithuanian) 2010 (x32 Version: 14.0.4763.1021)
Microsoft Office Proof (Marathi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Norwegian (Bokmål)) 2010 (x32 Version: 14.0.4763.1004)
Microsoft Office Proof (Norwegian (Nynorsk)) 2010 (x32 Version: 14.0.4763.1004)
Microsoft Office Proof (Polish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Portuguese (Portugal)) 2010 (x32 Version: 14.0.4763.1006)
Microsoft Office Proof (Punjabi) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Romanian) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Russian) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Serbian (Latin)) 2010 (x32 Version: 14.0.4763.1030)
Microsoft Office Proof (Slovak) 2010 (x32 Version: 14.0.4763.1017)
Microsoft Office Proof (Slovenian) 2010 (x32 Version: 14.0.4763.1017)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Swedish) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Tamil) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Telugu) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Thai) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proof (Turkish) 2010 (x32 Version: 14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (x32 Version: 14.0.4763.1012)
Microsoft Office Proof (Urdu) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing Kit 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Proofing Tools Kit Compilation 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office ProofMUI (English) 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Silverlight (x32 Version: 4.0.60831.0)
Microsoft Visio Viewer 2010 (x32 Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Notepad++ (x32 Version: 5.9.8)
PDF-Viewer (Version: 2.5.211.0)
Radmin Server 3.4 (x32 Version: 3.41.0000)
Radmin Viewer 3.4 (x32 Version: 3.41.0000)
Simple PDF Merger 1.0 (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32)
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32)
VLC media player 2.0.1 (x32 Version: 2.0.1)
WIDCOMM Bluetooth Software (Version: 6.5.1.4000)
==================== Restore Points =========================
22-08-2013 14:10:11 Windows Update
26-08-2013 06:15:12 Windows Update
29-08-2013 14:10:02 Windows Update
02-09-2013 14:07:21 Windows Update
06-09-2013 10:50:40 Windows Update
10-09-2013 09:17:44 Windows Update
13-09-2013 11:24:03 Windows Update
16-09-2013 14:35:55 Windows Update
19-09-2013 14:51:47 Windows Update
23-09-2013 06:18:37 Windows Update
26-09-2013 14:09:37 Windows Update
30-09-2013 06:52:50 Windows Update
03-10-2013 14:45:39 Windows Update
05-10-2013 09:34:34 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-10-05 11:42 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {C323CE9C-1861-4A7F-9FB5-30CD73752B34} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
==================== Loaded Modules (whitelisted) =============
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-03-23 15:26 - 2010-03-23 15:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/05/2013 00:25:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:12:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:03:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 11:53:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:34:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:17:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 08:48:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 07:46:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient) (User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F001Failed to download baseline CI Id ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F00, version 1.00.
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient) (User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C1Failed to download baseline CI Id ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C, version 1.00.
System errors:
=============
Error: (10/05/2013 00:27:37 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
Error: (10/05/2013 00:26:17 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/05/2013 00:25:44 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:25:32 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PM due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (10/05/2013 00:13:12 PM) (Source: Microsoft-Windows-GroupPolicy) (User: )
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:13:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Error: (10/05/2013 00:12:32 PM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
Error: (10/05/2013 00:12:20 PM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain PM due to the following:
%%1311
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
Error: (10/05/2013 00:05:31 PM) (Source: TermService) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.
Error: (10/05/2013 00:04:09 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}{B292921D-AF50-400C-9B75-0C57A7F29BA1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
Microsoft Office Sessions:
=========================
Error: (10/05/2013 00:25:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:12:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 00:03:31 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 11:53:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:34:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 09:17:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/05/2013 08:48:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 07:46:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient)(User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/AMStatusBaseline_02FC8CFF-7908-44E1-8F93-D53ADD1F8F001.00
Error: (10/04/2013 06:10:00 PM) (Source: SmsClient)(User: )
Description: ScopeId_A9F65DF5-0B17-4903-BA4E-19D981A86D36/DataupBaseline-3064E34E-1AB0-4f61-B7C2-C8B04EA53FAA_1E2B6A7D-5138-4441-A9E1-642773C57B5C1.00
CodeIntegrity Errors:
===================================
Date: 2013-10-05 11:41:36.709
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-10-05 11:41:36.694
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2013-05-30 14:41:00.540
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:29:01.457
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:23:57.576
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-30 13:02:15.726
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:40:57.218
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:19:06.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 12:08:03.125
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
Date: 2013-05-29 11:53:48.289
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 3969.1 MB
Available physical RAM: 2897.66 MB
Total Pagefile: 7936.39 MB
Available Pagefile: 6791.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OSDisk) (Fixed) (Total:465.66 GB) (Free:411.35 GB) NTFS
Drive e: (USB DISK) (Removable) (Total:3.73 GB) (Free:3.58 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1CEC89C4)
Partition 1: (Active) - (Size=99 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
