Prosím o kontrolu logu - nejde nainstalovat žádný program

[yorg]

Dobrý den,
dnes jsem instaloval novou mapu do navigace Garmin a instalace skončila chybou.
Poté jsem chtěl aktualizovat Java (jre-6u18-windows-i586-s.exe) a končí to chybou podle obrázku. Stejně tak není možné nainstalovat žádný jiný program.


nebo

Stejně ale končí i pokus o odinstalaci Java 6-17 a některých dříve nainstalovaných programů, jako je třeba "Asistent pro přihlášení ke službě Windows Live" a další. Často se opakuje hláška Server RPC není k dispozici, přitom služby "lokátor vzdáleného voláni procedur" a "vzdálené voláni procedur" jsou spuštěné.

Obdobně dopadnu u spuštění Windows Update. Ani jedna z nabídnutých aktualizací se nenainstaluje. Picassa a Free download manager, které jsem instaloval včera, ale odinstalovat šly. Tak opravdu nevím odkud fouká vítr.

Kromě toho, když sejmuté obrazovky ukládám přes malování a po uložení souboru vyskočí tato hláška.


sfc /scannow prošel komplet, bez chybových hlášek.

Nevím na 100% jestli to vniklo tou instalací map, ale předtím jsem žádný problém nezaregistroval. Prosím proto o kontrolu logu, jestli tam není něco podezřelého. Počítač jsem po 4 letech provozu asi před měsícem nově instaloval (XP Home). Ihned po instalaci byl instalován Norton Internet Security. Ten ale nic nehlásí. Přesto to zlobí.

Program RSIT nejde spustit, proto přikládám log z Hijack.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22:08, on 30.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\PHP\php-cgi.exe
C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Genie-Soft\Genie Timeline\WebServer\LighttPD\GenieTimelineWebServer.exe
F:\Program Files\TotalCMD\TOTALCMD.EXE
C:\Program Files\TrueCrypt\TrueCrypt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Genie TimeLine Tray] C:\Program Files\Genie-Soft\Genie Timeline\GSTimeLineAgent.exe -auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-57989841-1935655697-839522115-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User '?')
O4 - HKUS\S-1-5-21-57989841-1935655697-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - S-1-5-21-57989841-1935655697-839522115-1004 Startup: frd.exe.lnk = C:\Program Files\FreeRapid\frd.exe (User '?')
O4 - S-1-5-21-57989841-1935655697-839522115-1004 Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (User '?')
O4 - Startup: frd.exe.lnk = C:\Program Files\FreeRapid\frd.exe
O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O9 - Extra button: (no name) - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files\Internet Explorer\Plugins\Drowse\MouseGestures.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0649017031
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Genie Timeline Service (GenieTimelineService) - Genie-Soft - C:\Program Files\Genie-Soft\Genie Timeline\GenieTimelineService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

--
End of file - 8053 bytes

Děkuji předem.

[Rudy]

Zkuste dát log z ComboFix. Pokud by nešel spustit, zkuste v nouz. režimu.

[yorg]

Omlouvám se za zpoždění, ale NIS to skutečně blokoval a nakonec je log až z nouzového režimu.

ComboFix 10-01-29.09 - Administrator 30.01.2010 23:35:55.2.1 - x86 MINIMAL
Spuštěný z: f:\my downloads\ComboFix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-30 )))))))))))))))))))))))))))))))
.

2010-01-30 22:00 . 2010-01-30 21:59 390144 ----a-w- c:\windows\system32\CF24374.exe
2010-01-30 19:52 . 2010-01-30 19:52 -------- d-----w- c:\documents and settings\All Users\GARMIN
2010-01-30 18:53 . 2010-01-30 18:53 -------- d-----w- C:\rsit
2010-01-30 17:28 . 2008-04-14 07:52 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-30 17:28 . 2001-10-24 11:25 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-30 17:28 . 2008-04-14 07:52 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-30 17:28 . 2001-10-24 11:25 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-30 17:28 . 2001-10-24 11:25 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-30 17:26 . 2001-08-17 20:28 64605 -c--a-w- c:\windows\system32\dllcache\vvoice.sys
2010-01-30 17:25 . 2008-04-13 23:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2010-01-30 17:24 . 2001-08-17 19:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-01-30 17:23 . 2001-08-17 20:53 6912 -c--a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-01-30 17:21 . 2001-08-17 20:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-01-30 17:20 . 2001-08-17 20:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-01-30 17:19 . 2001-10-24 10:44 9472 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2010-01-30 17:18 . 2001-08-17 21:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-01-30 17:16 . 2001-08-17 19:19 48768 -c--a-w- c:\windows\system32\dllcache\maestro.sys
2010-01-30 17:15 . 2001-08-18 05:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-30 17:14 . 2001-10-24 11:24 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-30 17:13 . 2001-10-24 11:24 19456 -c--a-w- c:\windows\system32\dllcache\hr1w.dll
2010-01-30 17:12 . 2001-08-17 19:11 11850 -c--a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-01-30 17:11 . 2001-08-17 19:11 29696 -c--a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-01-30 17:10 . 2001-08-17 19:19 42112 -c--a-w- c:\windows\system32\dllcache\crtaud.sys
2010-01-30 17:09 . 2001-08-17 21:05 314752 -c--a-w- c:\windows\system32\dllcache\camdro21.sys
2010-01-30 17:08 . 2001-10-24 11:24 102400 -c--a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-01-30 16:42 . 2010-01-30 16:42 -------- d-----w- c:\program files\Trend Micro
2010-01-30 10:18 . 2010-01-30 17:37 -------- d-----w- c:\program files\Google
2010-01-29 21:22 . 2010-01-29 21:22 -------- d-----w- c:\windows\Sun
2010-01-29 20:26 . 2010-01-30 17:36 -------- d-----w- c:\program files\Software Informer
2010-01-29 20:25 . 2010-01-30 17:02 -------- d-----w- c:\program files\Free Download Manager
2010-01-25 21:11 . 2010-01-25 21:11 -------- d-----w- c:\program files\Common Files\CANON
2010-01-25 21:09 . 1998-11-13 11:58 307200 ----a-w- c:\windows\IsUn0405.exe
2010-01-25 19:31 . 2010-01-25 19:31 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-01-25 19:30 . 2006-06-29 05:29 106496 ----a-w- c:\windows\system32\cnco510.dll
2010-01-25 19:30 . 2006-07-20 06:51 1298432 ----a-w- c:\windows\system32\CNCC510.DLL
2010-01-25 19:30 . 2006-07-20 06:51 57344 ----a-w- c:\windows\system32\CNCI510.DLL
2010-01-25 19:30 . 2006-05-26 01:54 135168 ----a-w- c:\windows\system32\CNCL510.DLL
2010-01-25 19:30 . 2010-01-25 19:30 -------- d--h--w- c:\program files\CanonBJ
2010-01-25 19:28 . 2010-01-25 21:20 -------- d-----w- c:\program files\Canon
2010-01-21 20:32 . 2010-01-21 20:32 -------- d-----w- c:\program files\PSPad editor
2010-01-21 18:25 . 2010-01-21 18:25 -------- d-----w- c:\program files\Zoner
2010-01-07 17:23 . 2010-01-07 21:39 -------- d-----w- c:\program files\CodeStuff
2010-01-03 13:33 . 2010-01-03 13:33 -------- d-----w- c:\program files\MIKSOFT
2010-01-03 12:40 . 2001-10-24 10:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-01-03 12:40 . 2001-10-24 10:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-03 12:40 . 2008-04-14 06:59 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-01-03 12:40 . 2008-04-14 06:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-01-03 12:40 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-01-03 12:40 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-03 12:36 . 2008-04-14 07:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-01-03 12:36 . 2008-04-14 07:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-01-03 12:36 . 2008-04-14 07:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-01-03 12:36 . 2008-04-14 07:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-01-03 12:36 . 2008-04-14 07:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-03 12:36 . 2008-04-14 07:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-01-03 12:26 . 2010-01-03 12:27 -------- d-----w- c:\program files\MyPhoneExplorer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-30 22:38 . 2003-04-16 12:00 79220 ----a-w- c:\windows\system32\perfc005.dat
2010-01-30 22:38 . 2003-04-16 12:00 432272 ----a-w- c:\windows\system32\perfh005.dat
2010-01-30 22:28 . 2009-12-18 05:35 0 ----a-w- C:\OverlayCache.dat
2010-01-30 08:20 . 2009-12-13 09:40 -------- d-----w- c:\program files\FreeRapid
2010-01-19 15:22 . 2009-12-19 14:38 -------- d-----w- c:\program files\KompoZer 0.8a4
2009-12-27 22:24 . 2003-04-16 12:00 24064 ----a-w- c:\windows\system32\ctfmon.exe
2009-12-27 20:32 . 2009-12-13 11:09 -------- d-----w- c:\program files\Unlocker
2009-12-18 20:23 . 2009-12-13 09:47 -------- d-----w- c:\program files\Winamp
2009-12-18 05:35 . 2009-12-18 05:35 262144 ----a-w- c:\windows\system32\default_user_class.dat
2009-12-17 20:23 . 2009-12-17 20:23 -------- d-----w- c:\program files\Genie-Soft
2009-12-14 21:51 . 2009-12-14 21:03 -------- d-----w- c:\program files\LogView V2
2009-12-14 21:21 . 2009-12-14 21:21 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_silabser_01005.Wdf
2009-12-14 21:21 . 2009-12-14 21:21 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-12-14 21:15 . 2009-12-14 21:15 -------- d-----w- c:\program files\iCharger
2009-12-13 18:05 . 2009-12-13 09:27 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-13 14:05 . 2009-12-12 19:29 -------- d-----w- c:\program files\UPHClean
2009-12-13 13:59 . 2009-12-12 19:26 -------- d-----w- c:\program files\Windows Desktop Search
2009-12-13 13:16 . 2009-12-13 13:16 -------- d-----w- c:\program files\Desktop
2009-12-13 12:59 . 2009-12-13 12:59 -------- d-----w- c:\program files\7-Zip
2009-12-13 12:52 . 2009-12-13 12:52 -------- d-----w- c:\program files\Auslogics
2009-12-13 12:41 . 2009-12-13 12:41 -------- d-----w- c:\program files\GFI
2009-12-13 12:21 . 2009-12-13 12:21 -------- d-----w- c:\program files\VideoLAN
2009-12-13 11:10 . 2009-12-13 11:10 -------- d-----w- c:\program files\KeyTweak
2009-12-13 11:00 . 2009-12-13 09:59 -------- d-----w- c:\program files\Garmin
2009-12-13 10:11 . 2009-12-13 10:11 -------- d-----w- c:\program files\Garmin GPS Plugin
2009-12-13 09:59 . 2009-12-13 09:59 -------- d-----w- c:\program files\DIFX
2009-12-13 09:43 . 2009-12-13 09:43 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-12-13 09:43 . 2009-12-13 09:43 -------- d-----w- c:\program files\Volo View Express
2009-12-13 09:36 . 2009-12-13 09:35 -------- d-----w- c:\program files\Common Files\Ahead
2009-12-13 09:36 . 2009-12-13 09:36 -------- d-----w- c:\program files\Nero
2009-12-13 09:25 . 2009-12-13 09:23 -------- d-----w- c:\program files\Common Files\Corel
2009-12-13 09:23 . 2009-12-13 09:23 -------- d-----w- c:\program files\Corel
2009-12-13 09:15 . 2009-12-13 09:14 -------- d-----w- c:\program files\IrfanView
2009-12-13 09:10 . 2009-12-12 22:56 -------- d-----w- c:\program files\TrueCrypt
2009-12-12 22:57 . 2009-12-12 22:57 223440 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-12-12 22:51 . 2009-12-12 22:51 -------- d-----w- c:\program files\MozBackup
2009-12-12 22:47 . 2009-12-12 22:47 0 ----a-w- c:\windows\nsreg.dat
2009-12-12 22:40 . 2009-12-12 22:40 -------- d-----w- c:\program files\Foxit Software
2009-12-12 21:58 . 2009-12-12 21:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-12 21:58 . 2009-12-12 21:58 -------- d-----w- c:\program files\Java
2009-12-12 21:55 . 2009-12-12 20:44 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-12 21:30 . 2009-12-12 19:58 -------- d-----w- c:\program files\Microsoft Works
2009-12-12 20:50 . 2009-12-12 20:50 -------- d-----w- c:\program files\MSBuild
2009-12-12 20:50 . 2009-12-12 20:50 -------- d-----w- c:\program files\Reference Assemblies
2009-12-12 20:17 . 2009-12-12 20:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-12 19:50 . 2009-12-12 19:50 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-12 19:25 . 2009-12-12 19:25 -------- d-----w- c:\program files\MSXML 4.0
2009-12-12 19:21 . 2009-12-12 19:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-12 19:06 . 2009-12-12 19:06 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-12 19:06 . 2009-12-12 19:06 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-12 19:06 . 2009-12-12 19:06 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-12 19:06 . 2009-12-12 19:06 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-12 19:06 . 2009-12-12 19:06 -------- d-----w- c:\program files\Symantec
2009-12-12 19:06 . 2009-12-12 19:06 -------- d-----w- c:\program files\Windows Sidebar
2009-12-12 19:06 . 2009-12-12 19:06 -------- d-----w- c:\program files\Norton Internet Security
2009-12-12 19:06 . 2009-12-12 19:06 -------- d-----w- c:\program files\NortonInstaller
2009-12-12 18:57 . 2009-12-12 18:57 -------- d-----w- c:\program files\Realtek Sound Manager
2009-12-12 18:57 . 2009-12-12 18:57 -------- d-----w- c:\program files\AvRack
2009-12-12 18:56 . 2009-12-12 18:56 -------- d-----w- c:\program files\Realtek AC97
2009-12-12 18:56 . 2009-12-12 18:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-12 18:56 . 2009-12-12 18:54 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-12 18:56 . 2009-12-12 18:56 -------- d-----w- c:\program files\Intel
2009-12-12 18:35 . 2009-12-12 18:19 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-12-12 18:35 . 2009-12-12 18:18 2676 ----a-w- c:\windows\PCHealth\HelpCtr\PackageStore\SkuStore.bin
2009-12-12 18:34 . 2009-12-12 18:19 8972 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cntstore.bin
2009-12-12 18:19 . 2009-12-12 18:19 -------- d-----w- c:\program files\microsoft frontpage
2009-12-12 18:16 . 2009-12-12 18:16 21812 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-21 16:03 . 2003-04-16 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

------- Sigcheck -------

[-] 2009-12-27 22:24 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2009-12-27 22:24 . C3A2915C71AE6F225EB906C25CCD29B5 . 24064 . . [1.0.0.5] . . c:\windows\system32\ctfmon.exe
[-] 2003-04-16 . 8708BE15AC5F27386B5D5FE7A1EBAF26 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-01-30_22.12.33 )))))))))))))))))))))))))))))))))))))))))
.
- 2003-04-16 12:00 . 2010-01-30 16:29 68292 c:\windows\system32\perfc009.dat
+ 2003-04-16 12:00 . 2010-01-30 22:38 68292 c:\windows\system32\perfc009.dat
+ 2003-04-16 12:00 . 2010-01-30 22:38 435396 c:\windows\system32\perfh009.dat
- 2003-04-16 12:00 . 2010-01-30 16:29 435396 c:\windows\system32\perfh009.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-12 149280]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 577536]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2006-10-22 7700480]
"Corel File Shell Monitor"="c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" [2008-01-15 16200]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

c:\documents and settings\admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
frd.exe.lnk - c:\program files\FreeRapid\frd.exe [2009-12-13 35840]
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2009-12-12 908248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100128.001\BHDrvx86.sys [2009-12-05 529456]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\ccHPx86.sys [2009-12-09 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\Ironx86.SYS [2009-11-26 116272]
R2 GenieTimelineService;Genie Timeline Service;c:\program files\Genie-Soft\Genie Timeline\GenieTimelineService.exe [2009-10-06 270976]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-12-12 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100128.002\IDSxpx86.sys [2009-10-28 329592]
R3 silabenm;Junsi iCharger USB Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2008-07-15 17920]
R3 silabser;Junsi iCharger USB Driver;c:\windows\system32\DRIVERS\silabser.sys [2008-07-15 60544]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\SYMDS.SYS [2009-11-05 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\SYMEFA.SYS [2009-11-26 172592]

.
Obsah adresáře 'Naplánované úlohy'

2010-01-30 c:\windows\Tasks\User_Feed_Synchronization-{7801129F-11A7-4D89-A6A0-AD76BCB53944}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-30 23:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-57989841-1935655697-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,e1,4c,fd,d2,31,af,4c,ae,4b,ca,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,e1,4c,fd,d2,31,af,4c,ae,4b,ca,\
.
Celkový čas: 2010-01-30 23:44:35
ComboFix-quarantined-files.txt 2010-01-30 22:44
ComboFix2.txt 2010-01-30 22:15

Před spuštěním: Volných bajtů: 11 617 079 296
Po spuštění: Volných bajtů: 11 579 408 384

- - End Of File - - 80AF1FE18F1AE93DF7FFD22CDD97A4E1

[Rudy]

Ani zde nevidím nic nebezpečného. Zkuste obnovu systému k datu, kdy korektně fungoval.

[yorg]

Děkuji za provedenou kontrolu.

[Rudy]

Nemáte zač!

[yorg]

Mám. Vyloučil jsem tím možnost napadení nějakou havětí a mohl hledat dále.

Chyba byla nakonec odstraněna reinstalací Windows Installer 4.5 Redistributable v nouzovém režimu, a novou registrací msiexec. Povedlo se to ale až po 3. opakovéní téhož postupu. Proč až potřetí, to netuším.

Je to sice mimo téma viry, ale snad by se to někomu mohlo hodit.

[Rudy]

Děkujeme za info!