SSHNAS odstraněn, iNET fail, motivy + LAN + NIS2009 fail

[alex0800]

Po odstranění SSHNAS21.dll a externím proskenováním Avastem5 + KIS2009 PC pomalé, nejede internet, nejdou motivy ani NIS2009(ten pouze ve stavu nouze spustí sken a nic nenajde).
Nelze zobrazit vlastnosti služeb (v Rozšířeném modu ve správci se služby nezobrazí, musím použít Standartní), nelze používat drag n drop, nelze použít schránku (Ctrl+c, Ctrl+V,..).
Při připojení LAN (ADSL s DHCP - gate 10.0.0.138) v
ipconfig /all je
IP a Maska 0.0.0.0
DHCP 192.168.111.254
DNS 89.250.251.33
DNS 62.44.3.3
V síťových připojeních není nic vidět, ve správci HW přirozeně je Gbit LAN..
A mohl bych jmenovat ještě mnohem více.. Reinstal Win XP je nejhorší řešení neboť jde o tiskový "server" s EFI k OKI tiskárně..
Děkuji předem za spolupráci a pomoc..
RSIT: 1month

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ekonoprint at 2010-02-27 16:51:15
WIN_XP Service Pack 3
System drive C: has 402 GB (92%) free of 435 GB
Total RAM: 3327 MB (84% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll [2009-08-22 378736]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
OKI LPR Utility.lnk - C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-12-01 143360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe"="C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe:*:Enabled:EFI_XF_Server"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-27 16:51:15 ----D---- C:\rsit
2010-02-27 16:51:15 ----D---- C:\Program Files\trend micro
2010-02-27 15:33:47 ----A---- C:\ComboFix3.txt
2010-02-27 15:27:38 ----A---- C:\ComboFix.txt
2010-02-27 15:13:45 ----A---- C:\ComboFix2.txt
2010-02-27 14:33:14 ----A---- C:\WINDOWS\MBR.exe
2010-02-27 14:33:13 ----A---- C:\WINDOWS\PEV.exe
2010-02-27 14:25:30 ----D---- C:\Qoobox
2010-02-14 17:37:19 ----D---- C:\Program Files\_evul530
2010-02-14 16:55:53 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-02-14 16:55:53 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-02-14 16:55:53 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-02-14 16:55:53 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-02-14 16:55:52 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-02-14 16:55:52 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-02-14 16:55:52 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-02-14 16:51:09 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-02-14 16:51:09 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-02-14 16:51:09 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-02-14 16:51:09 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-02-14 16:51:09 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-02-14 16:51:08 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-02-14 16:51:08 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-02-14 16:51:08 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2010-02-14 16:51:08 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2010-02-14 16:51:08 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2010-02-14 16:51:07 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2010-02-14 16:51:07 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2010-02-14 16:51:07 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2010-02-14 16:51:07 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2010-02-08 18:15:19 ----D---- C:\Documents and Settings\Ekonoprint\Data aplikací\SUPERAntiSpyware.com
2010-02-08 18:15:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-02-08 18:12:53 ----D---- C:\Program Files\_SUPERAntiSpyware
2010-02-08 17:25:10 ----D---- C:\Program Files\!_.ClamAV

======List of files/folders modified in the last 1 months======

2010-02-27 16:51:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-27 16:51:15 ----RD---- C:\Program Files
2010-02-27 16:46:24 ----A---- C:\WINDOWS\WINCMD.INI
2010-02-27 15:25:58 ----D---- C:\WINDOWS
2010-02-27 15:25:58 ----A---- C:\WINDOWS\system.ini
2010-02-27 15:25:37 ----D---- C:\WINDOWS\Temp
2010-02-27 15:25:10 ----D---- C:\WINDOWS\system32\drivers
2010-02-27 15:25:10 ----D---- C:\WINDOWS\system32
2010-02-27 15:25:10 ----D---- C:\WINDOWS\AppPatch
2010-02-27 15:25:09 ----D---- C:\Program Files\Common Files
2010-02-27 14:40:26 ----D---- C:\WINDOWS\ERDNT
2010-02-27 14:36:17 ----D---- C:\WINDOWS\system32\config
2010-02-22 14:49:53 ----D---- C:\Program Files\Mozilla Firefox
2010-02-22 14:15:16 ----D---- C:\Documents and Settings\Ekonoprint\Data aplikací\plda
2010-02-22 14:07:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-22 14:07:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-22 14:07:40 ----D---- C:\Documents and Settings\Ekonoprint\Data aplikací\Skype
2010-02-22 13:43:24 ----D---- C:\WINDOWS\Prefetch
2010-02-22 13:17:45 ----D---- C:\_PRACE
2010-02-22 11:35:10 ----SD---- C:\WINDOWS\Tasks
2010-02-22 09:45:28 ----D---- C:\Documents and Settings\Ekonoprint\Data aplikací\skypePM
2010-02-22 09:44:10 ----D---- C:\Program Files\FlexLM
2010-02-14 17:07:02 ----D---- C:\Program Files\__JkDefrag-3.34
2010-02-14 16:55:54 ----HD---- C:\WINDOWS\inf
2010-02-14 16:55:43 ----RSD---- C:\WINDOWS\assembly
2010-02-14 16:55:26 ----D---- C:\WINDOWS\system32\DirectX
2010-02-14 16:52:32 ----D---- C:\WINDOWS\Minidump
2010-02-14 16:52:32 ----D---- C:\WINDOWS\Debug
2010-02-14 16:50:52 ----D---- C:\WINDOWS\Microsoft.NET
2010-02-14 16:47:21 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-14 16:40:08 ----D---- C:\Program Files\Windows Doc
2010-02-11 11:07:42 ----SHD---- C:\WINDOWS\Installer
2010-02-11 11:07:36 ----D---- C:\Program Files\Opera
2010-02-01 20:26:20 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100218.001\IDSxpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\_SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\_SUPERAntiSpyware\SASKUTIL.sys []
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1008000.029\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1008000.029\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMTDI.SYS [2009-08-22 217136]
R2 aksfridge;HASP Fridge; C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2008-03-27 350720]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-03-24 331264]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-12-01 3452928]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-07-02 89600]
R3 catchme;catchme; \??\C:\DOCUME~1\EKONOP~1\LOCALS~1\Temp\catchme.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100221.021\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 SASENUM;SASENUM; \??\C:\Program Files\_SUPERAntiSpyware\SASENUM.SYS []
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1008000.029\SYMNDIS.SYS [2009-08-22 36400]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-05-23 245248]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 akshasp;Aladdin HASP Key; C:\WINDOWS\system32\DRIVERS\akshasp.sys [2007-07-05 238976]
S3 akshhl;Aladdin HASP HL Key; C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 46336]
S3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-07-05 14976]
S3 i1;eye-one; C:\WINDOWS\system32\DRIVERS\i1.sys [2006-05-10 26045]
S3 mbr;mbr; \??\C:\DOCUME~1\EKONOP~1\LOCALS~1\Temp\mbr.sys []
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-18 36400]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 atapi;atapi; C:\WINDOWS\system32\drivers\atapi.sys [2008-04-14 96512]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-12-01 598016]
R2 hasplms;HASP License Manager; C:\WINDOWS\system32\hasplms.exe [2008-07-17 2549248]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-12-01 593920]
S2 DebugLog;DebugLog; C:\Program Files\EFI\EFI Colorproof XF\Server\Debuglog.exe [2005-03-31 172032]
S2 EFI License Manager;EFI License Manager; C:\Program Files\FlexLM\lmgrd.exe [2006-06-30 1339392]
S2 EFI XF Server;EFI XF Server; C:\Program Files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe [2008-06-19 1805056]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-19 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-07-25 79136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

[earl]

Zdravim,

vidim,ze byl spusten ComboFix,takze ->

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:



pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120



odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[alex0800]

Tak NIS2009 je zraly na reinstal (error 8504,4).
Jinak nebezi skoro zadne sluzby az na 4 mezi nimiz neni RPC ani COM+
Combofix:

ComboFix 10-02-27.01 - Administrator 27.02.2010 20:08:02.5.4 - x86
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-27 do 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-27 15:51 . 2010-02-27 15:51 -------- d-----w- C:\rsit
2010-02-27 15:51 . 2010-02-27 15:51 -------- d-----w- c:\program files\trend micro
2010-02-14 16:37 . 2010-02-14 16:37 -------- d-----w- c:\program files\_evul530
2010-02-14 15:55 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-02-14 15:55 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-02-14 15:55 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-02-14 15:55 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-02-14 15:55 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-02-14 15:55 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-02-14 15:55 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-02-08 17:12 . 2010-02-27 14:37 -------- d-----w- c:\program files\_SUPERAntiSpyware
2010-02-08 16:25 . 2010-02-08 17:15 -------- d-----w- c:\program files\!_.ClamAV

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 08:44 . 2009-01-07 08:10 -------- d-----w- c:\program files\FlexLM
2010-02-14 16:07 . 2008-12-17 14:48 -------- d-----w- c:\program files\__JkDefrag-3.34
2010-02-14 15:40 . 2008-12-17 10:43 -------- d-----w- c:\program files\Windows Doc
2010-02-11 10:07 . 2009-10-07 10:28 -------- d-----w- c:\program files\Opera
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:09 . 2008-04-14 12:00 668160 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:09 . 2008-04-14 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-17 07:42 . 2008-12-17 08:37 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-15 07:08 . 2008-04-14 12:00 82552 ----a-w- c:\windows\system32\perfc005.dat
2009-12-15 07:08 . 2008-04-14 12:00 437832 ----a-w- c:\windows\system32\perfh005.dat
2009-12-14 07:10 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

------- Sigcheck -------

Chyba šifrovací služby !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\EFI\\EFI Colorproof XF\\Server\\EFI_XF_Server.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-19 717296]
R2 DebugLog;DebugLog;c:\program files\EFI\EFI Colorproof XF\Server\Debuglog.exe [2005-03-31 172032]
R2 EFI License Manager;EFI License Manager;c:\program files\FlexLM\lmgrd.exe [2006-06-30 1339392]
R2 EFI XF Server;EFI XF Server;c:\program files\EFI\EFI Colorproof XF\Server\EFI_XF_Server.exe [2008-06-19 1805056]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R3 i1;eye-one;c:\windows\system32\DRIVERS\i1.sys [2006-05-10 26045]
R3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
R3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
R3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
R3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
R3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
R3 SASENUM;SASENUM;c:\program files\_SUPERAntiSpyware\SASENUM.SYS [2010-02-26 12872]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS [2009-08-22 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys [2009-08-22 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys [2010-02-03 482432]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100218.001\IDSxpx86.sys [2009-10-28 329592]
S1 SASDIFSV;SASDIFSV;c:\program files\_SUPERAntiSpyware\SASDIFSV.SYS [2010-02-26 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\_SUPERAntiSpyware\SASKUTIL.sys [2010-02-26 66632]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]


NETSVCS MUSÍ BÝT OPRAVENY - dosavadní položky jsou:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 16:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 20:10
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1360)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-27 20:11:25
ComboFix-quarantined-files.txt 2010-02-27 19:11
ComboFix2.txt 2010-02-27 14:27
ComboFix3.txt 2010-02-27 13:41

Před spuštěním: Volných bajtů: 421 979 316 224
Po spuštění: Volných bajtů: 421 964 771 328

- - End Of File - - 72DE7959B802D894876AF63DB44EBA68

[earl]

Log je ok po strance infekce.

Dle vsech vami popsanych symptomu bych doporucil opravu instalace z instalacniho media.

Je tam vic veci,ktere je treba dat dohromady.

Oprava instalace Windows XP:

Vlozte cd Windows do mechaniky,restart,mackat Del nebo F2(dle typu
procesoru),vejit do setupu BIOSu,nastavit bootovani z mechaniky,potvrdit
zmeny,restart a po nakopirovani instalacnich souboru do operacni pameti a potvrzeni
koncove licencni smlouvy EULA klavesou F8 zvolit volbu R-opravit stavajici instalaci
Windows.Budou nahrazeny systemove soubory originalnimi verzemi a veskera nastaveni systemu do implicitnich konfiguraci.

[alex0800]

jo, jo.. díky..
tak nejak jsem to tusil.. postup i nasledky znam..
takze repair to resi

[earl]

Drzim palce,at to klapne