prosím o kontrolu, zpomalil se PC

[Caroprd111]

Jak to vypadá s PC

[JAJA]

Tak jsem po delší době zpět, PC stále zlobí. AVG jsem musel přeinstalovat, nějak se to kouslo. Outpost jsem zatím bloknul smazáním klíčů v registrech, protože jsem při nové instalaci spustil AVG firewall. Předpokládám že mám v PC rootkit, ve výpisech třeba z GMER se objevují pokaždé jiné názvy souboru (spbv.sys, spdc.sys, spbr.sys, spqj.sys, spda.sys, sphi.sys ...), zkrátka pokaždé má soubor jiný název. Již jsem zkoušel lecos, ale nedaří se, poraďte prosím čím tu potvoru odstranit. Zde je výpis:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-22 23:49:56
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JAJA\LOCALS~1\Temp\kwrcipow.sys


---- System - GMER 1.0.15 ----

SSDT spbr.sys ZwEnumerateKey [0xF7762CA2]
SSDT spbr.sys ZwEnumerateValueKey [0xF7763030]
SSDT \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS (SandBox File System Access Control by Process Manager/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE2F4310]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 877D31F8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[JAJA]

Spustil jsem to včera v podvečer, ze začátku to jelo asi do 95%, to trvalo tak hodinu, ale pak to leze strašně pomalu za další tři hodiny to popolezlo o jedno procento. Nechal jsem to běžet přes noc, procento žádné již nepřibylo. Přičemž nic to nenašlo, v reportu je pouze "Autoscan:running (events: 1, objects:84467, time:12:45:12) 24.3.2010 17:22:39 Task started". Běží to na disku 15GB, přičemž je 5GB volných. Mám to nechat ještě běžet dál, jdu totiž do práce, nebo to stopnout?

[Caroprd111]

AVPTool zastavte.

Stáhni si MSDaRT pro svůj příslušný operační systém:

Windows XP -> http://www.mediafire.com/?ddsfd2xdndw
Windows Vista -> http://www.mediafire.com/?knvmygelfxy
Windows 7 -> http://www.mediafire.com/?5qmmdkzjeg3

Nainstaluj program dle pokynů staženého instalátoru.
Po dokončení instalace spusť tento soubor: C:\Program Files\Microsoft Diagnostics and Recovery Toolset\ERDC.exe
Klikej postupně na tlačítko Next, nech vytvořit .iso soubor a pomocí průvodce ho vypal na CD.

2) Restartuj počítač, na kterém máš problémy a vlož do jeho mechaniky vypálené CD. Předtím, než se Windows načtou, mačkej libovolnou klávesu a počítač začne bootovat z CD.
Po nabootování jdi přes menu Start - System Tools - System Files Repair.
Spustí se průvodce, který vyhledá virem narušené / poškozené systémové soubory. Všechny soubory, které najde, nech opravit.

Jdi přes menu Start - Log Off - Restart - OK a tvůj počítač se restartuje.

3) Po restartu počítače jdi v OS přes menu Start - Nastavení - Ovládací panely - Přidat nebo odebrat programy - vyber: Microsoft Diagnostics and Recovery Toolset - klikni na Odebrat. Tohle MSDaRT zase odinstaluje.

Napiš výsledky.

[JAJA]

Našlo to jeden poškozený soubor
c:\windows\system32\drivers\tcpip.sys
ta potvora tentokrát s nazvem spji.sys tam je pořád.
Jak dál?

[Caroprd111]

spji.sys je v pořádku. Jak to vypadá s PC

[JAJA]

PC je pořád stejné. Přidává ještě výpis z GMER, ta potvory jsou tm pořád, tentokrá t s názvem spof.sys, co to používá? Při vyhledání to počítač nikde nenajde.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-03-25 18:05:04
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\JAJA\LOCALS~1\Temp\kwrcipow.sys


---- System - GMER 1.0.15 ----

SSDT spof.sys ZwEnumerateKey [0xF7762CA2]
SSDT spof.sys ZwEnumerateValueKey [0xF7763030]
SSDT \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS (SandBox File System Access Control by Process Manager/Agnitum Ltd.) ZwQueryDirectoryFile [0xAE2A4310]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat 877631F8

AttachedDevice \FileSystem\Fastfat \Fat tdrpm228.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )
AttachedDevice \Driver\Tcpip \Device\Ip FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp FILTNT.SYS (Virtual Firewall driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Bude to patřit emulátorům virtuálních mechanik. Dejte nový log z RSIT.

[JAJA]

Máte pravdu, že nějakou virtualní mechaniku mám, ale stejně bych poprosil jak se jí zbavit, moje pátrání bylo bezúspěšné. Ještě jsem zpozoroval že AVG hlásí - databáze je zastaralá, přičemž aktualizace proběhla 25.3.10 18:21. Pokud dám aktualizovat dá to hlášku: Aktualizace selhala. Proto jsem AVG přeinstaloval, ale dělá to znovu. I to mě vedlo k myšlence, že v PC bude nějaký vir. Ještě přikládám ten výpis.

Logfile of random's system information tool 1.06 (written by random/random)
Run by JAJA at 2010-03-25 18:48:49
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (28%) free of 14 GB
Total RAM: 1023 MB (47% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-21 1475864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
"PestPatrol Control Center"=c:\PROGRA~1\PESTPA~1\PPControl.exe [2004-11-15 98304]
"PPMemCheck"=c:\PROGRA~1\PESTPA~1\PPMemCheck.exe [2004-04-02 148480]
"CookiePatrol"=c:\PROGRA~1\PESTPA~1\CookiePatrol.exe [2005-01-10 73728]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2009-03-24 606208]
"Kleptomania"= []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-21 2020120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Kleptomania"=C:\PROGRA~1\KLEPTO~1\k-mania.exe [2007-04-13 294912]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
C:\WINDOWS\OETRN.EXE [2007-12-26 26624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
KYESCAN.lnk - C:\PROGRA~1\ScannerU\KYESCAN.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2010-03-21 12464]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\AVG\AVG9\avgam.exe"="C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe"
"C:\Program Files\AVG\AVG9\avgdiagex.exe"="C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe"
"C:\Program Files\AVG\AVG9\avgemc.exe"="C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Elcomsoft\Distributed Password Recovery\esdprs.exe"="C:\Program Files\Elcomsoft\Distributed Password Recovery\esdprs.exe:*:Enabled:ElcomSoft Distributed Password Recovery Server"
"C:\Program Files\Elcomsoft\Distributed Password Recovery\esdpr.exe"="C:\Program Files\Elcomsoft\Distributed Password Recovery\esdpr.exe:*:Enabled:ElcomSoft Distributed Password Recovery Console"
"C:\Program Files\Elcomsoft\Distributed Password Recovery\esda.exe"="C:\Program Files\Elcomsoft\Distributed Password Recovery\esda.exe:*:Enabled:ElcomSoft Distributed Agent"

======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-03-25 18:48:51 ----D---- C:\Program Files\trend micro
2010-03-25 18:48:49 ----D---- C:\rsit
2010-03-25 17:13:56 ----D---- C:\~ErdUserProfile.$$$
2010-03-24 15:54:37 ----A---- C:\WINDOWS\ntbtlog.txt
2010-03-24 15:52:44 ----A---- C:\WINDOWS\{00000002-00000000-0000000C-00001102-00000004-20021102}.BAK
2010-03-23 00:24:55 ----RASH---- C:\WINDOWS\winstart.bat
2010-03-23 00:23:51 ----D---- C:\Program Files\UnHackMe
2010-03-23 00:12:08 ----A---- C:\RootRepeal report 03-23-10 (00-12-08).txt
2010-03-22 18:19:01 ----D---- C:\_Virtualní mechanika
2010-03-22 06:33:02 ----SHD---- C:\Recycled
2010-03-21 17:26:52 ----HD---- C:\$AVG
2010-03-21 17:00:54 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2010-03-21 17:00:34 ----A---- C:\WINDOWS\system32\avgfwdx.dll
2010-03-21 17:00:33 ----D---- C:\Program Files\AVG
2010-03-21 17:00:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-03-21 15:50:58 ----A---- C:\ComboFix.txt
2010-03-21 10:56:32 ----A---- C:\ComboFix2.txt
2010-03-21 10:37:08 ----D---- C:\WINDOWS\temp
2010-03-21 10:16:24 ----D---- C:\Qoobox
2010-03-20 19:24:40 ----D---- C:\AVGTemp
2010-03-19 06:28:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-17 22:53:50 ----D---- C:\FOUND.000
2010-03-16 21:51:07 ----A---- C:\ComboFix1.txt
2010-03-16 21:28:14 ----A---- C:\WINDOWS\zip.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\SWSC.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\SWREG.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\sed.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\PEV.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\NIRCMD.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\MBR.exe
2010-03-16 21:28:14 ----A---- C:\WINDOWS\grep.exe
2010-03-16 21:27:36 ----D---- C:\WINDOWS\ERDNT
2010-03-16 18:19:54 ----A---- C:\WINDOWS\system32\wscsvc.dll
2010-03-06 14:01:57 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-03-01 18:20:01 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-01 18:19:55 ----N---- C:\WINDOWS\system32\imapi2fs.dll
2010-03-01 18:19:55 ----N---- C:\WINDOWS\system32\imapi2.dll
2010-02-27 17:23:23 ----D---- C:\Program Files\DVD Decrypter

======List of files/folders modified in the last 1 months======

2010-03-25 18:12:36 ----A---- C:\WINDOWS\ODBC.INI
2010-03-25 18:12:10 ----A---- C:\WINDOWS\k-mania.Ini
2010-03-22 23:57:34 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-03-21 15:45:38 ----A---- C:\WINDOWS\system.ini
2010-03-21 14:20:20 ----A---- C:\WINDOWS\wincmd.ini
2010-03-21 10:09:22 ----A---- C:\WINDOWS\TRNCOM.INI
2010-03-09 22:34:26 ----A---- C:\WINDOWS\slt.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2010-03-21 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2010-03-21 28424]
R1 AvgTdiX;AVG Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2010-03-21 360584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 FileDisk;FileDisk; C:\WINDOWS\system32\drivers\FileDisk.sys [2005-10-16 12928]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2010-02-02 3026]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SandBox;Outpost Firewall Sandbox Driver; \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\Sandbox.SYS []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]
R1 VFILT;Outpost Firewall Kernel Driver; \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FILTNT.SYS []
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2009-10-14 44704]
R3 ADBLOCK.DLL;Outpost Firewall PlugIn (ADBLOCK.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ADBLOCK.DLL []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2007-11-30 97216]
R3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\ARP.DLL []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
R3 Avgfwdx;Avgfwdx; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-21 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys []
R3 AVGIDSFilterxpx;AVG9IDSFilter; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys []
R3 AVGIDSShimxpx;AVG9IDSShim; \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys []
R3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\CONTENT.DLL []
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\DNSCACHE.DLL []
R3 EL2000;3Com 3C2000x EtherLink XL Adapter; C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys [2003-06-03 147328]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\FTPFILT.DLL []
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTMLFILT.DLL []
R3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\HTTPFILT.DLL []
R3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\IMAPFILT.DLL []
R3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\MAILFILT.DLL []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
R3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\NNTPFILT.DLL []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-12-19 47360]
R3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\POP3FILT.DLL []
R3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\PROTECT.DLL []
R3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL); \??\C:\Program Files\Agnitum\Outpost Firewall\kernel\SECRET.DLL []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
S2 TinaKey;TinaKey; C:\WINDOWS\system32\drivers\TinaKey.sys []
S3 Avgfwfd;AVG network filter service; C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2010-03-21 30104]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\system32\DRIVERS\k750bus.sys [2005-02-11 55216]
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k750mdfl.sys [2005-02-11 6576]
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k750mdm.sys [2005-02-11 89872]
S3 k750mgmt;Sony Ericsson 750 USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k750mgmt.sys [2005-02-11 81728]
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k750obex.sys [2005-02-11 79488]
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys [2007-11-13 34304]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023k.sys [2002-08-12 11136]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-21 906520]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-21 285392]
R2 avgfws9;AVG Firewall; C:\Program Files\AVG\AVG9\avgfws9.exe [2010-03-21 2304192]
R2 AVGIDSAgent;AVG9IDSAgent; C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-03-21 5832712]
R2 OutpostFirewall;Outpost Firewall Service; C:\Program Files\Agnitum\Outpost Firewall\outpost.exe [2007-04-05 94720]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-08 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-08-13 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-11-10 774144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 AcrSch2Svc;Acronis Služba Plánovač2; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2009-05-19 619224]
S4 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

[Caroprd111]

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Pokračujte podle návodu AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

[JAJA]

Než spustím AVPTool (spustím přes noc), dávám info, že ten sobor sp...sys zmizel. AVG zůstalo stejné a virtuální mechanika zůstala taky, jak ji odstranit nevím.

[Caroprd111]

OK

[JAJA]

PC je OK, děkuji všem co pomohli, hlavně Caroprd111.

[Caroprd111]

Ještě poprosím o nový log z RSIT.