Logfile of HijackThis v1.99.1
Scan saved at 19:37:37, on 22.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
c:\apache\APACHE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
c:\apache\APACHE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Jirka\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bootvis.lnk = C:\Program Files\Microsoft Bootvis\Bootvis_Sleep.exe
O9 - Extra button: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra 'Tools' menuitem: Xstream Radio - {7A0815F1-6B65-4e3a-B198-709807B4042A} - C:\Program Files\XstreamRadio 3.02\RadioHelper.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4A8B3A4-B961-4451-B26E-2C69B2EF1FB7}: NameServer = 192.168.2.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE" --ntservice (file missing)
----------------------------------------------------
MVAW
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "grokster Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "conducent flexpak Spyware/Adware" found in File System! Action Taken: Entries Removed.
Object "ezula Spyware/Adware" found in File System! Action Taken: Entries Removed.
Entry "HKCR\ICQPhone.SipxPhoneManager" refers to invalid object "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Action Taken: Entries Removed.
Entry "HKCR\Microsoft.ActiveXPlugin" refers to invalid object "{06DD38D3-D187-11CF-A80D-00C04FD74AD8}". Action Taken: Entries Removed.
Entry "HKCR\MISB.ThumbnailExtract.2" refers to invalid object "{73228648-6E28-30BC-79DB-FAE954396644}". Action Taken: Entries Removed.
Entry "HKCR\System.HTMLEditor.1" refers to invalid object "{D022531D-9E48-8DEA-E4D4-2BB700BD8739}". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object ""E:\data\cdw32.exe"". Action Taken: Entries Removed.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "E:\data\cdw32.exe". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Adobe Premiere Pro 2.0\DVD Templates\en_US\Sports\Football\". Action Taken: Entries Removed.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Program Files\Adobe\Adobe Premiere Pro 2.0\Presets\Templates\Sports\Football\". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".$$$". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".000". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".7z". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".bin". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dat". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".dbl". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fxV2_Q20_MESH_RIGID_BUMP_SPECULAR_REFLECTION". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".fxV2_Q20_MESH_WEIGHTED_BUMP_PARALLAX_RIMLIGHTING_SPECULAR". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".htaccess". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".logonxp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mcdb". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".md0". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".mix". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pdb". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".psg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".py". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".rlg". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sfv". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".skn". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".srt". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sub". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".tmp". Action Taken: Entries Removed.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".xpi". Action Taken: Entries Removed.
---------------------------------------
RootkitReveal
HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version 19.12.2006 9:33 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6\ProductName 29.9.2006 16:20 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}\DisplayName 4.10.2006 14:49 26 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version 19.12.2006 9:18 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Mirabilis\ICQ\NewOwners\239811671\ICQLite\SRP\NP\CliUsage\BMP\93219548\BIM 22.4.2007 22:19 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Mirabilis\ICQ\NewOwners\239811671\ICQLite\Stats\Stats_SendMessageICQSends 22.4.2007 22:19 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SYSTEM\ControlSet001\Services\a347scsi\Config\jdgg40 10.4.2007 18:01 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}20351.html 22.4.2007 22:21 978 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Jirka\Local Settings\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}5946.html 22.4.2007 22:19 978 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Jirka\Local Settings\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}6222.html 22.4.2007 22:20 978 bytes Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Jirka\Local Settings\Temp\TmpICQMagic_{05736BBE-C20F-4F10-A6DE-4DB1E3564B0E}9237.html 22.4.2007 22:21 978 bytes Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\ALY3S9UT\CA05QVQB.swf 22.4.2007 22:20 12.64 KB Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\ATGNOFYF\icq468x60[1].aspx 22.4.2007 22:21 549 bytes Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\GRK1KTUV\icq468x60[1].aspx 22.4.2007 22:20 531 bytes Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\ODAJWDER\aol[2].swf 22.4.2007 22:21 21.31 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\S5230PMZ 22.4.2007 22:21 0 bytes Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\S5230PMZ\CAQJWXMZ.swf 22.4.2007 22:21 20.76 KB Hidden from Windows API.
C:\Documents and Settings\Jirka\Local Settings\Temporary Internet Files\Content.IE5\S5230PMZ\desktop.ini 22.4.2007 22:21 67 bytes Hidden from Windows API.
------------------------------------------------------------------
FSBL
04/22/07 22:26:03 [Info]: BlackLight Engine 1.0.61 initialized
04/22/07 22:26:03 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/22/07 22:26:03 [Note]: 7019 4
04/22/07 22:26:03 [Note]: 7005 0
04/22/07 22:26:05 [Note]: 7006 0
04/22/07 22:26:05 [Note]: 7011 2304
04/22/07 22:26:05 [Note]: 7026 0
04/22/07 22:26:05 [Note]: 7026 0
04/22/07 22:26:08 [Note]: FSRAW library version 1.7.1021
04/22/07 22:29:30 [Note]: 7007 0
------------------------------------------------------------------------------
DMER
GMER 1.0.12.12244 -
http://www.gmer.net
Rootkit scan 2007-04-22 22:39:35
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT a347bus.sys ZwSetSystemPowerState
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F82A1A5F 6 Bytes JMP B36FCF8C \SystemRoot\system32\drivers\fwdrv.sys
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Systém nemůže nalézt uvedený soubor.
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823D7360
Device \Driver\fwdrv \Device\FWDRV IRP_MJ_READ 816413A0
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 81392008
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 81392008
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 813FF140
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 81392008
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 81392008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_NAMED_PIPE 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_READ 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_WRITE 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_EA 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_EA 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FLUSH_BUFFERS 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DIRECTORY_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_FILE_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SHUTDOWN 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_LOCK_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLEANUP 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE_MAILSLOT 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CHANGE 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_QUERY_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SET_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 813CD480
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 813CD480
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ FF6E1498
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 813F90B8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 813F90B8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 813D49B8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 816B7EB0
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_READ 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_POWER 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 813C24A8
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port3Path0Target0Lun0 IRP_MJ_PNP 813C24A8
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 81589BC8
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 81589BC8
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 81589BC8
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 81589BC8
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 81589BC8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81471A70
---- Modules - GMER 1.0.12 ----
Module _________ F83A2000-F83BA000 (98304 bytes)
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x76 0x30 0x29 0xA5 ...
Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0x76 0x30 0x29 0xA5 ...
---- EOF - GMER 1.0.12 ----
-------------------------------------------------------------------------
Icesword
Process:
System Idle Process
System
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\apache\Apache.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\apache\Apache.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\alg.exe
C:\Documents and Settings\Jirka\Plocha\Icesword_1.20\IceSword120_en\IceSword.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
------------------------------------------------------
Kernel Module:
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
a347bus.sys
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
PCIIde.sys
\WINDOWS\System32\Drivers\PCIIDEX.SYS
intelide.sys
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
iaStor.sys
a347scsi.sys
\WINDOWS\System32\Drivers\SCSIPORT.SYS
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltMgr.sys
sr.sys
PxHelp20.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
speedfan.sys
Mup.sys
giveio.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk51x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtkHDAud.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\Drivers\Aavmker4.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\System32\Drivers\aswMon2.SYS
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\aswRdr.SYS
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv120.sys
\WINDOWS\system32\ntdll.dll
C:\WINDOWS\system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\giveio.sys
C:\WINDOWS\system32\speedfan.sys
----------------
Můžeš si počíst. Třeba něco najdeš.
Po resetu zase volno a postupně ubejvá. Datovej oddíl je v pohodě. co to může být? Všechny testy na havěť jsou zatím negativní - na vyhodnocení toho nejpodrobnějšího zatím čekám... 
Ale docela by mě zajímalo, co to bylo, ale radši snad ani nechci mít další možnost to zjistit. 