VIRY.CZ

Dobry den,
moc Vas chci poprosit o kontrolu logu z COMBOFIX.
Mám notebook s WXP a poslední dobou cca 14 dní
velice často, zejména po restartu bliká LED HDD a PC
je hodně pomalé. Při přechodu do úsporného režimu (zmíčknutím klávesy
Fn-F3) přejde na modrou obrazovku s výpisem, která asi po pul. sek.
zmizí a PC se restartuje. Nejsem schopen zaznamenat, co tam je.

Při spuštění FILEMON – na monitorování procesů jsem zjistil, že
hodně běží ICS.exe

------------------------------
ComboFix 10-05-05.0A - David 06.05.2010 15:06:57.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1007 [GMT 2:00]
Spuštěný z: c:\aaa\combofix\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettings.dll
c:\program files\Dealio Toolbar\SearchSettings.exe
c:\program files\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files\Dealio Toolbar\sscfg.ini
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\windows\system32\APSHook.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wiaservim.log

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-04-09 19:05 . 2010-04-09 19:05 -------- d-----w- c:\program files\VideoLAN
2010-04-06 20:51 . 2010-04-09 18:54 -------- d-----w- c:\program files\DVBPortal

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 14:53 . 2008-06-02 18:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-05 19:14 . 2008-04-29 19:07 -------- d-----w- c:\program files\Opera
2010-04-14 18:50 . 2004-08-18 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 18:50 . 2004-08-18 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 07:52 . 2008-04-29 19:32 -------- d-----w- c:\program files\Google
2010-04-06 20:54 . 2010-04-06 16:06 512 ----a-w- C:\102928384.tmp
2010-04-06 19:30 . 2010-04-06 18:33 512 ----a-w- C:\~Panomax.tmp
2010-04-06 19:28 . 2010-04-06 19:19 512 ----a-w- C:\44206592.tmp
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 22:14 . 2009-11-03 21:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 11:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-01-20 09:34 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-01-20 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2010-02-03 11136360]
"Google Update"="c:\documents and settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-12-21 818288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-09 282624]
"ScheduleSync.Siemens.SmartSync.5.2.exe"="c:\program files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" [2004-08-27 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2245984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-30 834248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [2006-12-30 909312]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-30 66864]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-5-9 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.4.2009 22:55 64288]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1285864]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [29.4.2008 9:37 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [3.7.2008 20:49 46216]
S2 gupdate1c98714f1f63ef4;Google Update Service (gupdate1c98714f1f63ef4);c:\program files\Google\Update\GoogleUpdate.exe [5.2.2009 0:07 133104]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [29.4.2008 10:05 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8.6.2007 9:06 172131]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29.6.2007 2:01 42512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6.10.2004 17:56 173392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:31]

2010-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-29 15:33]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]

2010-05-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-01-20 09:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\zna00hb1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WCL&o=14209&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SearchSettings - c:\program files\Dealio Toolbar\SearchSettings.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 16:48
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???HR????????@???????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\SbHpNp.dll

- - - - - - - > 'explorer.exe'(7356)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msdtc.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Celkový čas: 2010-05-06 17:44:21 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-06 15:41
ComboFix2.txt 2009-04-29 19:32
ComboFix3.txt 2009-04-29 18:27

Před spuštěním: Volných bajtů: 52 841 312 256
Po spuštění: Volných bajtů: 54 387 576 832

- - End Of File - - 30FE69819E9167E07A92D4C4928C5866

Přesuňte C omboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
C:\102928384.tmp
C:\~Panomax.tmp
C:\44206592.tmp

Folder:
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Proces ics.exe ale nikde spuštěný nevidím.

Dobrý den,
děkuji za Vaši pomoc. Nicméně PC je stále pomalejší, vytvoření logu z combofixu trvalo cca 30 minut. Jede tam program IQS.EXE, je to vidět na následujícím posledním výpise COMBOFIX (c:\program files\Java\jre6\bin\jqs.exe). Pravděpodobně tento to zpomaluje, alespoň tak soudím dle FILEMON. Prosím, pomozte mi ještě.
Mockrát Vám děkuji.
David Pejchl

ComboFix 10-05-05.0A - David 06.05.2010 23:06:18.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.1223 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

file zipped: C:\~Panomax.tmp
file zipped: C:\102928384.tmp
file zipped: C:\44206592.tmp
.
Tyto soubory byly během aplikování deaktivovány:
c:\windows\TEMP\logishrd\LVPrcInj01.dll

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\~Panomax.tmp
C:\102928384.tmp
C:\44206592.tmp
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-04-09 19:05 . 2010-04-09 19:05 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-06 21:25 . 2008-06-02 18:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-05 19:14 . 2008-04-29 19:07 -------- d-----w- c:\program files\Opera
2010-04-14 18:50 . 2004-08-18 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 18:50 . 2004-08-18 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 07:52 . 2008-04-29 19:32 -------- d-----w- c:\program files\Google
2010-04-09 18:54 . 2010-04-06 20:51 -------- d-----w- c:\program files\DVBPortal
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 22:14 . 2009-11-03 21:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 11:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2010-02-03 11136360]
"Google Update"="c:\documents and settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-12-21 818288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-09 282624]
"ScheduleSync.Siemens.SmartSync.5.2.exe"="c:\program files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" [2004-08-27 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2245984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-30 834248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [2006-12-30 909312]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-30 66864]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-5-9 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.4.2009 22:55 64288]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1285864]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [29.4.2008 9:37 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 17:13 1558000]
S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [3.7.2008 20:49 46216]
S2 gupdate1c98714f1f63ef4;Google Update Service (gupdate1c98714f1f63ef4);c:\program files\Google\Update\GoogleUpdate.exe [5.2.2009 0:07 133104]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [29.4.2008 10:05 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8.6.2007 9:06 172131]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29.6.2007 2:01 42512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6.10.2004 17:56 173392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:31]

2010-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-29 15:33]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]

2010-05-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-01-20 09:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\zna00hb1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WCL&o=14209&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 23:24
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???HR????????@???????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(624)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\SbHpNp.dll

- - - - - - - > 'explorer.exe'(6740)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-05-07 00:02:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-06 22:01
ComboFix2.txt 2010-05-06 15:44
ComboFix3.txt 2009-04-29 19:32
ComboFix4.txt 2009-04-29 18:27

Před spuštěním: Volných bajtů: 54 383 206 400
Po spuštění: Volných bajtů: 54 372 413 440

- - End Of File - - D734226DCAC3B56292405BC87F104BE7

Ještě připojuji výpis z filemon:
např.
0:11:30 jqs.exe:3612 IRP_MJ_CLEANUP C:\WINDOWS\system32\OLEAUT32.dll SUCCESS
0:11:30 jqs.exe:3612 IRP_MJ_CLOSE C:\WINDOWS\system32\OLEAUT32.dll SUCCESS
0:11:30 jqs.exe:3612 IRP_MJ_CREATE C:\WINDOWS\System32\WSOCK32.dll SUCCESS Options: Open Access: Read
0:11:30 jqs.exe:3612 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\System32\WSOCK32.dll SUCCESS Length: 24576
0:11:30 jqs.exe:3612 IRP_MJ_READ* C:\WINDOWS\System32\WSOCK32.dll SUCCESS Offset: 0 Length: 24576
0:11:30 jqs.exe:3612 IRP_MJ_CLEANUP C:\WINDOWS\System32\WSOCK32.dll SUCCESS
0:11:30 jqs.exe:3612 IRP_MJ_CLOSE C:\WINDOWS\System32\WSOCK32.dll SUCCESS
0:11:30 jqs.exe:3612 IRP_MJ_CREATE C:\WINDOWS\System32\WS2_32.dll SUCCESS Options: Open Access: Read
0:11:30 jqs.exe:3612 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\System32\WS2_32.dll SUCCESS Length: 82432
0:11:30 jqs.exe:3612 IRP_MJ_READ* C:\WINDOWS\System32\WS2_32.dll SUCCESS Offset: 0 Length: 32768

... atd.

Děkuji. David.

Dobry den,
jeste pokracuji, prestoze na PC nic z user aplikaci nejede, stale na plne otacky jede HDD - dle zvuku a stale blikajici LED.
Prace na nem je velice obtizna vzhledem ke zpomaleni.
Zde prikladam vypis z RSIT.
Prosim, pomozte mi jeste.
Dekuji. David.

Logfile of random's system information tool 1.07 (written by random/random)
Run by David at 2010-05-07 05:13:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1919 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:14:34, on 7.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
c:\WINDOWS\system32\ifxspmgt.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Garmin\gStart.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\mom.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Documents and Settings\David\Plocha\RSIT.exe
C:\Program Files\trend micro\David.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [IFXSPMGT] c:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScheduleSync.Siemens.SmartSync.5.2.exe] C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Norton Ghost 14.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ANT Agent] C:\Garmin\ANT Agent\ANT Agent.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CCC.lnk = ?
O4 - Startup: MotionBased Agent.lnk = C:\Program Files\MotionBased\Agent\MBAgent.exe
O4 - Global Startup: Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O20 - Winlogon Notify: OneCard - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\system32\bmwebcfg.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Update Service (gupdate1c98714f1f63ef4) (gupdate1c98714f1f63ef4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - c:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17147 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2008-03-09 824656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-28 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 70928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 124928]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2007-01-02 40960]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-01-10 472776]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-02-26 177456]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-07-24 677144]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"RoxioDragToDisc"=C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [2006-11-08 1116920]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2006-03-09 806912]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-10-09 697976]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-09 282624]
"ScheduleSync.Siemens.SmartSync.5.2.exe"=C:\Program Files\Mobile Phone Manager\SmartSync\ScheduleSync.exe [2004-08-27 45056]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-06-09 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-10-06 161096]
"Norton Ghost 14.0"=C:\Program Files\Norton Ghost\Agent\VProTray.exe [2008-05-07 2245984]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2010-04-30 834248]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam\Quickcam.exe [2008-08-14 2407184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2007-10-18 455968]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-07-30 68856]
"ANT Agent"=C:\Garmin\ANT Agent\ANT Agent.exe [2010-02-03 11136360]
"Google Update"=C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe [2009-12-21 818288]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
"gStart"=C:\Garmin\gStart.exe [2008-08-13 1891416]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\Documents and Settings\David\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
MotionBased Agent.lnk - C:\Program Files\MotionBased\Agent\MBAgent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-10-06 83272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-03-14 74752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\ICQ\Icq.exe"="C:\Program Files\ICQ\Icq.exe:*:Enabled:ICQ"
"C:\Program Files\TightVNC\vncviewer.exe"="C:\Program Files\TightVNC\vncviewer.exe:*:Enabled:vncviewer"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 2 months======

2010-05-07 05:13:57 ----D---- C:\Program Files\trend micro
2010-05-07 05:13:55 ----D---- C:\rsit
2010-05-07 05:04:05 ----SHD---- C:\RECYCLER
2010-05-07 00:03:09 ----A---- C:\ComboFix.txt
2010-05-06 14:54:40 ----A---- C:\WINDOWS\NIRCMD.exe
2010-05-06 14:54:40 ----A---- C:\WINDOWS\MBR.exe
2010-05-06 14:54:39 ----A---- C:\WINDOWS\zip.exe
2010-05-06 14:54:39 ----A---- C:\WINDOWS\SWREG.exe
2010-05-06 14:54:39 ----A---- C:\WINDOWS\sed.exe
2010-05-06 14:54:39 ----A---- C:\WINDOWS\PEV.exe
2010-05-06 14:54:39 ----A---- C:\WINDOWS\grep.exe
2010-05-06 14:54:38 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-05-06 14:54:38 ----A---- C:\WINDOWS\SWSC.exe
2010-04-14 22:57:01 ----D---- C:\Documents and Settings\David\Data aplikací\dvdcss
2010-04-14 20:48:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 20:47:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 20:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 20:38:34 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 20:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 20:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-09 21:10:28 ----D---- C:\Documents and Settings\David\Data aplikací\vlc
2010-04-09 21:05:52 ----D---- C:\Program Files\VideoLAN
2010-04-06 22:51:18 ----D---- C:\Program Files\DVBPortal
2010-03-10 22:13:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 2 months======

2010-05-07 05:13:57 ----RD---- C:\Program Files
2010-05-07 05:13:05 ----A---- C:\WINDOWS\wincmd.ini
2010-05-07 05:12:24 ----D---- C:\aaa
2010-05-07 05:10:01 ----SD---- C:\WINDOWS\Tasks
2010-05-07 00:03:58 ----D---- C:\WINDOWS\system32\drivers
2010-05-07 00:03:42 ----D---- C:\WINDOWS\Temp
2010-05-06 23:56:34 ----D---- C:\Qoobox
2010-05-06 23:40:15 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-06 23:28:06 ----D---- C:\Program Files\Symantec AntiVirus
2010-05-06 23:24:13 ----D---- C:\WINDOWS\Registration
2010-05-06 23:23:16 ----D---- C:\Documents and Settings\David\Data aplikací\Skype
2010-05-06 23:21:25 ----D---- C:\WINDOWS\system32
2010-05-06 23:19:59 ----D---- C:\WINDOWS\SMINST
2010-05-06 23:19:33 ----D---- C:\WINDOWS
2010-05-06 23:19:33 ----A---- C:\WINDOWS\system.ini
2010-05-06 23:18:45 ----SHD---- C:\WINDOWS\CSC
2010-05-06 23:11:10 ----D---- C:\WINDOWS\AppPatch
2010-05-06 23:11:03 ----D---- C:\Program Files\Common Files
2010-05-06 23:05:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-06 17:12:19 ----D---- C:\WINDOWS\ERDNT
2010-05-06 16:47:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-06 07:03:47 ----D---- C:\Program Files\Mozilla Firefox
2010-05-06 06:55:09 ----D---- C:\WINDOWS\Minidump
2010-05-05 21:15:33 ----SHD---- C:\WINDOWS\Installer
2010-05-05 21:14:28 ----D---- C:\Program Files\Opera
2010-04-26 19:39:25 ----HD---- C:\WINDOWS\inf
2010-04-14 20:50:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-14 20:48:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 20:47:50 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 20:47:42 ----A---- C:\WINDOWS\imsins.BAK
2010-04-14 20:35:44 ----D---- C:\WINDOWS\ie8updates
2010-04-14 09:52:37 ----D---- C:\Program Files\Google
2010-04-06 23:59:35 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-06 20:46:17 ----D---- C:\Documents and Settings\David\Data aplikací\skypePM
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-31 23:09:52 ----D---- C:\Garmin
2010-03-31 21:46:52 ----D---- C:\WINDOWS\Prefetch
2010-03-31 21:38:59 ----D---- C:\Program Files\Internet Explorer
2010-03-21 22:17:31 ----D---- C:\TEMP
2010-03-11 09:42:41 ----D---- C:\WINDOWS\system32\wbem
2010-03-10 22:30:53 ----A---- C:\WINDOWS\win.ini
2010-03-10 22:13:55 ----D---- C:\Program Files\Movie Maker
2010-03-10 08:17:40 ----A---- C:\WINDOWS\system32\vbscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43008]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-07-24 38816]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-08-14 5840]
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-06-11 263736]
R1 tcpipBM;Bytemobile Kernel Network Provider; C:\WINDOWS\system32\drivers\tcpipBM.sys [2006-10-23 18688]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-10-26 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-10-26 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-10-26 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-10-26 104536]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-10-26 26296]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-10-26 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-10-26 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-10-26 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R2 v2imount;Symantec V2i Mount Driver; C:\WINDOWS\system32\DRIVERS\v2imount.sys [2008-01-19 38112]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-10-17 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-02-05 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 b57w2k;Broadcom NetLink Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-12-15 160256]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-04-29 1123328]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-05-07 16168]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-07-24 41216]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100505.004\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100505.004\navex15.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-09-02 47360]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S2 DCamUSB20;USB 2.0 Capture; C:\WINDOWS\System32\Drivers\CsMini20.sys [2003-03-19 46216]
S2 Usb20Scan;USB 2.0 Still Image; C:\WINDOWS\System32\Drivers\CresScan.sys [2002-11-05 12692]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-08-28 146560]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 DSI_SiUSBXp_3_1;DSI_SiUSBXp_3_1; C:\WINDOWS\system32\drivers\DSI_SiUSBXp_3_1.sys [2007-09-06 14848]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2009-02-17 57672]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2009-02-17 72520]
S3 grmnusb;Garmin USB Driver; C:\WINDOWS\system32\drivers\grmnusb.sys [2009-04-17 9344]
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam E3500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 mbr;mbr; \??\C:\DOCUME~1\David\LOCALS~1\Temp\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2007-06-29 42512]
S3 Ser2pl;SIEMENS Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2004-03-10 41472]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-06-11 16280]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VProEventMonitor;Symantec Event Monitor Driver; C:\WINDOWS\system32\DRIVERS\vproeventmonitor.sys [2008-01-19 15088]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2005-01-05 6912]
S3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2005-06-06 11264]
S3 WimFltr;WimFltr; C:\WINDOWS\system32\DRIVERS\wimfltr.sys [2008-01-19 128104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 bmwebcfg;Bytemobile Web Configurator; C:\WINDOWS\system32\bmwebcfg.exe [2006-10-23 118784]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-06-09 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-06-09 242808]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-10-06 30024]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-09-06 221184]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe [2008-01-25 148832]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-07-24 677144]
R2 IFXTCS;Trusted Platform Core Service; C:\WINDOWS\system32\IFXTCS.exe [2007-07-24 886040]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-04-30 1285864]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-10-18 79136]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 Norton Ghost;Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [2008-05-07 4314464]
R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-07-24 140568]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-10-06 1275216]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider; C:\WINDOWS\system32\dllhost.exe [2008-04-14 5120]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-02-07 193840]
R3 SymSnapService;SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [2008-05-07 1558000]
S2 gupdate1c98714f1f63ef4;Google Update Service (gupdate1c98714f1f63ef4); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-26 183280]
S2 PCA;PC Angel; C:\WINDOWS\SMINST\PCAngel.exe [2006-01-12 294912]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-05-04 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-06-09 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\WINDOWS\system32\flcdlock.exe [2007-06-08 172131]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2007-09-12 2999664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-06 887544]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2007-06-29 92792]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-10-06 173392]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-06-11 201944]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-11-01 73728]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Udělejte sken IceSword: http://www.viry.cz/forum/viewtopic.php?f=29&t=11394 a dejte logy Process a KernelModule.

Dobry den,
zde je vypis z Kernel a hned pod nim Process.
Dekuji moc za pomoc.

Kernel Module:

\WINDOWS\system32\ntkrnlpa.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
ACPI.sys
\WINDOWS\system32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\system32\DRIVERS\1394BUS.SYS
compbatt.sys
\WINDOWS\system32\DRIVERS\BATTC.SYS
pciide.sys
\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
pcmcia.sys
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
ACPIEC.sys
\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
PartMgr.sys
VolSnap.sys
atapi.sys
SbAlg.sys
disk.sys
\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SbFsLock.sys
sr.sys
Lbd.sys
DRVMCDB.SYS
PxHelp20.sys
symsnap.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
SafeBoot.sys
Mup.sys
hpdskflt.sys
\SystemRoot\system32\DRIVERS\AmdK8.sys
\SystemRoot\system32\DRIVERS\ati2mtag.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\system32\DRIVERS\b57xp32.sys
\SystemRoot\system32\DRIVERS\bcmwl5.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\imapi.sys
\SystemRoot\System32\Drivers\DLACDBHM.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\IFXTPM.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
\SystemRoot\system32\DRIVERS\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\Wdf01000.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\nic1394.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\system32\DRIVERS\cpqbttn.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\btkrnl.sys
\SystemRoot\system32\DRIVERS\audstub.sys
\SystemRoot\System32\Drivers\RootMdm.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\psched.sys
\SystemRoot\system32\DRIVERS\msgpc.sys
\SystemRoot\system32\DRIVERS\ptilink.sys
\SystemRoot\system32\DRIVERS\raspti.sys
\SystemRoot\System32\Drivers\pcouffin.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\btport.sys
\SystemRoot\system32\drivers\btaudio.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\drivers\ADIHdAud.sys
\SystemRoot\system32\drivers\AEAudio.sys
\SystemRoot\system32\DRIVERS\AGRSM.sys
\SystemRoot\System32\drivers\psd.sys
\??\C:\Program Files\Symantec AntiVirus\savrt.sys
\??\C:\Program Files\Symantec\SYMEVENT.SYS
\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100505.004\navex15.sys
\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100505.004\naveng.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\Drivers\DLARTL_M.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\ipsec.sys
\SystemRoot\system32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\SYMTDI.SYS
\SystemRoot\system32\DRIVERS\ipnat.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\arp1394.sys
\SystemRoot\System32\Drivers\tcpipBM.SYS
\SystemRoot\system32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\ws2ifsl.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\System32\Drivers\RsvLock.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati2cqag.dll
\SystemRoot\System32\atikvmag.dll
\SystemRoot\System32\ati3duag.dll
\SystemRoot\System32\ativvaxx.dll
\SystemRoot\System32\Drivers\DRVNDDM.SYS
\SystemRoot\System32\DLA\DLADResM.SYS
\SystemRoot\System32\DLA\DLAIFS_M.SYS
\SystemRoot\System32\DLA\DLAOPIOM.SYS
\SystemRoot\System32\DLA\DLAPoolM.SYS
\SystemRoot\System32\DLA\DLABMFSM.SYS
\SystemRoot\System32\DLA\DLABOIOM.SYS
\SystemRoot\System32\DLA\DLAUDFAM.SYS
\SystemRoot\System32\DLA\DLAUDF_M.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\system32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\system32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\v2imount.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll
-------------------------------------------------------------------
Process:

System Idle Process
System
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\bmwebcfg.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\MotionBased\Agent\MBAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\accelerometerST.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Norton Ghost\Agent\VProTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Documents and Settings\David\Local Settings\Data aplikacˇ\Google\Update\GoogleUpdate.exe
C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Garmin\gStart.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\aaa\IceSword122en\IceSword.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\WINDOWS\system32\msdtc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\WINDOWS\system32\alg.exe

Rootkit v PC nemáte. Obávám se poškození systému. Proveďte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

scan jsem provedl na prednastavene veliciny.
8.5.2010 20:11:47 Untreated: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540002.VBN/CryptZ Skipped by user
8.5.2010 20:11:46 Untreated: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540003.VBN/CryptZ Skipped by user
8.5.2010 20:11:44 Untreated: Trojan.Win32.Inject.sph C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540001.VBN/CryptZ Skipped by user
8.5.2010 20:11:48 Untreated: Trojan.Win32.Agent.cbub C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0001.VBN/CryptZ Skipped by user
8.5.2010 20:11:48 Untreated: Trojan.Win32.Agent.cbub C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0000.VBN/CryptZ Skipped by user
8.5.2010 20:12:32 Untreated: Trojan-Dropper.Win32.HDrop.b C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280002.VBN/CryptZ Skipped by user
8.5.2010 20:11:47 Untreated: Trojan-Dropper.Win32.HDrop.b C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11EC0000.VBN/CryptZ Skipped by user
8.5.2010 20:19:07 Untreated: Trojan-Downloader.JS.ActiveX.cm C:\Documents and Settings\David\Local Settings\Data aplikací\Opera\Opera\profile\cache4\opr12Y1E/packed Write not supported
8.5.2010 20:11:19 Untreated: Exploit.Win32.Pidief.tt C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04100000.VBN/CryptZ/data0001 Write not supported
8.5.2010 20:12:03 Untreated: Exploit.Win32.Pidief.bsw C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1BD80001.VBN/CryptZ Skipped by user
8.5.2010 20:12:02 Untreated: Exploit.Win32.Pidief.bsw C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1BD80000.VBN/CryptZ Skipped by user
8.5.2010 20:12:01 Untreated: Exploit.SWF.Agent.bh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1B040001.VBN/CryptZ/1B040001/Swf2Swc Write not supported
8.5.2010 20:12:01 Untreated: Exploit.SWF.Agent.bh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1B040000.VBN/CryptZ/1B040000/Swf2Swc Write not supported
8.5.2010 20:11:34 Untreated: Exploit.JS.Agent.afh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540000.VBN/CryptZ Skipped by user
8.5.2010 20:11:48 Untreated: Backdoor.Win32.IRCBot.imc C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0002.VBN/CryptZ Skipped by user
8.5.2010 20:11:47 Untreated: Backdoor.Win32.Agent.tzl C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540004.VBN/CryptZ Skipped by user
8.5.2010 19:57:26 Task started
8.5.2010 20:12:42 Disinfected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280001.VBN/CryptZ
8.5.2010 20:12:42 Disinfected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280001.VBN/CryptZ
8.5.2010 20:12:39 Disinfected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280000.VBN/CryptZ
8.5.2010 20:12:39 Disinfected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280000.VBN/CryptZ
8.5.2010 22:08:06 Detected: not-a-virus:AdWare.Win32.MyWay.f C:\System Volume Information\_restore{D609A693-58C3-4BE3-AFB7-265832D4F9ED}\RP524\A0269816.exe/data0014/#/data0005.res
8.5.2010 22:08:06 Detected: not-a-virus:AdWare.Win32.MyWay.f C:\System Volume Information\_restore{D609A693-58C3-4BE3-AFB7-265832D4F9ED}\RP524\A0269816.exe/data0014/data0000.res/data0005.res
8.5.2010 21:35:19 Detected: not-a-virus:AdWare.Win32.MyWay.f C:\install\secure\vypalovani\z CD to MP3\freeripmp3.exe/data0014/#/data0005.res
8.5.2010 21:35:19 Detected: not-a-virus:AdWare.Win32.MyWay.f C:\install\secure\vypalovani\z CD to MP3\freeripmp3.exe/data0014/data0000.res/data0005.res
8.5.2010 22:08:06 Detected: not-a-virus:AdWare.Win32.Excite.a C:\System Volume Information\_restore{D609A693-58C3-4BE3-AFB7-265832D4F9ED}\RP524\A0269816.exe/data0014/#/data0001.res
8.5.2010 22:07:44 Detected: not-a-virus:AdWare.Win32.Excite.a C:\System Volume Information\_restore{D609A693-58C3-4BE3-AFB7-265832D4F9ED}\RP524\A0269816.exe/data0014/data0000.res/data0001.res
8.5.2010 21:59:10 Detected: not-a-virus:AdWare.Win32.Excite.a C:\Qoobox\Quarantine\C\Program Files\MyWay\myBar\1.bin\MY2NS.EXE.vir
8.5.2010 21:35:19 Detected: not-a-virus:AdWare.Win32.Excite.a C:\install\secure\vypalovani\z CD to MP3\freeripmp3.exe/data0014/#/data0001.res
8.5.2010 21:29:31 Detected: not-a-virus:AdWare.Win32.Excite.a C:\install\secure\vypalovani\z CD to MP3\freeripmp3.exe/data0014/data0000.res/data0001.res
8.5.2010 20:12:06 Detected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280001.VBN/CryptZ
8.5.2010 20:12:04 Detected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280000.VBN/CryptZ
8.5.2010 20:11:35 Detected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540003.VBN/CryptZ
8.5.2010 20:11:20 Detected: Virus.Win32.Protector.a C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540002.VBN/CryptZ
8.5.2010 20:10:44 Detected: Trojan.Win32.Inject.sph C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540001.VBN/CryptZ
8.5.2010 20:11:48 Detected: Trojan.Win32.Agent.cbub C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0001.VBN/CryptZ
8.5.2010 20:11:48 Detected: Trojan.Win32.Agent.cbub C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0000.VBN/CryptZ
8.5.2010 20:12:05 Detected: Trojan-Dropper.Win32.HDrop.b C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1E280002.VBN/CryptZ
8.5.2010 20:11:47 Detected: Trojan-Dropper.Win32.HDrop.b C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11EC0000.VBN/CryptZ
8.5.2010 20:19:07 Detected: Trojan-Downloader.JS.ActiveX.cm C:\Documents and Settings\David\Local Settings\Data aplikací\Opera\Opera\profile\cache4\opr12Y1E/packed
8.5.2010 20:10:40 Detected: Exploit.Win32.Pidief.tt C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04100000.VBN/CryptZ/data0001
8.5.2010 20:12:03 Detected: Exploit.Win32.Pidief.bsw C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1BD80001.VBN/CryptZ
8.5.2010 20:12:02 Detected: Exploit.Win32.Pidief.bsw C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1BD80000.VBN/CryptZ
8.5.2010 20:12:01 Detected: Exploit.SWF.Agent.bh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1B040001.VBN/CryptZ/1B040001/Swf2Swc
8.5.2010 20:12:01 Detected: Exploit.SWF.Agent.bh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\1B040000.VBN/CryptZ/1B040000/Swf2Swc
8.5.2010 20:10:43 Detected: Exploit.JS.Agent.afh C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540000.VBN/CryptZ
8.5.2010 20:11:48 Detected: Backdoor.Win32.IRCBot.imc C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12DC0002.VBN/CryptZ
8.5.2010 20:11:46 Detected: Backdoor.Win32.Agent.tzl C:\Documents and Settings\All Users\Data aplikací\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11540004.VBN/CryptZ
8.5.2010 22:08:06 Deleted: not-a-virus:AdWare.Win32.MyWay.f C:\System Volume Information\_restore{D609A693-58C3-4BE3-AFB7-265832D4F9ED}\RP524\A0269816.exe
8.5.2010 21:35:20 Deleted: not-a-virus:AdWare.Win32.MyWay.f C:\install\secure\vypalovani\z CD to MP3\freeripmp3.exe
8.5.2010 21:59:32 Deleted: not-a-virus:AdWare.Win32.Excite.a C:\Qoobox\Quarantine\C\Program Files\MyWay\myBar\1.bin\MY2NS.EXE.vir

Autoscan: completed 4 minutes ago (events: 2, objects: 5761, time: 00:44:27)
8.5.2010 22:38:53 Task started
8.5.2010 23:23:25 Task completed
---------------------------

Nicmene, stav je takovy, ze po restartu PC jede HDD nekolik hodin, nevim, cca 2 hodiny - 4 tak nejak. Pak se aktivita umoudri na cca 1 bliknuti za 1 sek.a situace se normalizuje.
Kdyz si spustim FILEMON, tak vypis vypada bezicich procesu takto:

23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS Offset: 4096 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS Offset: 36864 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS Offset: 45056 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS Offset: 65536 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS Offset: 69632 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: fontmanager.dll
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Length: 339968
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 0 Length: 32768
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\deploy.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Length: 339968
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 303104 Length: 16384
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 4096 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 61440 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 94208 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 126976 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 159744 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 192512 Length: 20480
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 212992 Length: 16384
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 229376 Length: 16384
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 319488 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS Offset: 327680 Length: 4096
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\fontmanager.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: hpi.dll
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Length: 15872
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Offset: 0 Length: 16384
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Length: 15872
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Offset: 9728 Length: 3072
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Offset: 1024 Length: 8704
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Offset: 12800 Length: 512
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS Offset: 13312 Length: 1024
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: java.dll
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.dll SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\java.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\java.dll SUCCESS Length: 126976
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 0 Length: 32768
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\hpi.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\java.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\java.dll SUCCESS Length: 126976
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 77824 Length: 16384
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\java.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 4096 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 36864 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 69632 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 94208 Length: 12288
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 106496 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.dll SUCCESS Offset: 114688 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: java.exe
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.exe SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.exe SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\java.exe SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.exe SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\java.exe SUCCESS Length: 144792
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 0 Length: 32768
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.exe SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\java.exe SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\java.exe SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\java.exe SUCCESS Length: 144792
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\java.exe SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 4096 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 36864 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 69632 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 77824 Length: 16384
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 94208 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 98304 Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\java.exe SUCCESS Offset: 106496 Length: 16384
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: jp2native.dll
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Offset: 0 Length: 8192
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\java.exe SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Length: 8192
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Offset: 3072 Length: 3072
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Offset: 1024 Length: 2048
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Offset: 6144 Length: 512
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS Offset: 6656 Length: 1024
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
23:29:34 jqs.exe:2736 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: jpeg.dll
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Options: Open Access: Read
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Length: 147456
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 0 Length: 32768
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jp2native.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Options: Open Access: Read-Attributes
23:29:34 jqs.exe:2736 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Attributes: A
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Options: Open Access: 00100020
23:29:34 jqs.exe:2736 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Length: 147456
23:29:34 jqs.exe:2736 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 118784 Length: 16384
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:34 services.exe:672 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 4096 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 36864 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 69632 Length: 32768
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 102400 Length: 16384
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 135168 Length: 4096
23:29:34 jqs.exe:2736 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS Offset: 139264 Length: 4096
23:29:34 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\jpeg.dll SUCCESS
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\Garmin\ANT Agent\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\WINDOWS\system\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\Documents and Settings\David\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
23:29:35 ANT Agent.exe:2748 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes

coz mne pripada divne, ale nevim, zalezi na Vas.

Prosim, poradte jak dal. Nerad bych dopadl kompletni preinstalaci vseho

((
Navic nevim, co je v PC spatne a jak to mohlo vzniknout.
Dekuji moc za pomoc.

Aplikoval jsem Vase instrukce z dnesniho poledniho emailu - presunul jsem soubor s textem na ikonu combofixu. Vybehlo okno s "Zkouseli jste CFScript?"a nejaky text typu "mate spatne hlaskovani" s tlacitkem OK a tim doslo k ukonceni celeho behu combofixu. a nic nevypsalo.

1. AVP toho hodně smazal. Vše byly viry.
2. Co se týká toho CF, možná jste chybně uložil skript, nebo v něm máte nějaký znak navíc (mezeru, to je také znak). Zkontrolujte a zkuste znovu.
3. poškození systému je docela reálné.
4. Dále by mne zajímal, kde se vlastně ten ics.exe nachází. Dosud jsme na něj nikde nanarazili.

pripojuji vypis z Combofix dle instrukci:

ComboFix 10-05-05.0A - David 09.05.2010 12:14:29.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1919.972 [GMT 2:00]
Spuštěný z: c:\documents and settings\David\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\David\Plocha\CFscript.txt.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-09 do 2010-05-09 )))))))))))))))))))))))))))))))
.

2010-05-08 21:34 . 2010-05-08 21:34 7168 ----a-w- c:\windows\system32\drivers\utexnjq5.sys
2010-05-08 17:53 . 2009-10-22 11:54 37392 ----a-w- c:\windows\system32\drivers\41098772.sys
2010-05-08 17:53 . 2009-10-09 21:31 315408 ----a-w- c:\windows\system32\drivers\4109877.sys
2010-05-08 17:53 . 2009-09-25 15:59 128016 ----a-w- c:\windows\system32\drivers\41098771.sys
2010-05-07 03:13 . 2010-05-07 03:14 -------- d-----w- c:\program files\trend micro
2010-05-07 03:13 . 2010-05-07 03:14 -------- d-----w- C:\rsit
2010-04-09 19:05 . 2010-04-09 19:05 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 10:32 . 2008-06-02 18:43 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-08 20:32 . 2008-04-28 19:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-05 19:14 . 2008-04-29 19:07 -------- d-----w- c:\program files\Opera
2010-04-27 20:33 . 2009-04-30 17:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-14 18:50 . 2004-08-18 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-04-14 18:50 . 2004-08-18 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-04-14 07:52 . 2008-04-29 19:32 -------- d-----w- c:\program files\Google
2010-04-09 18:54 . 2010-04-06 20:51 -------- d-----w- c:\program files\DVBPortal
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 22:14 . 2009-11-03 21:29 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-16 19:08 . 2004-08-18 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2004-08-17 15:45 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-03-05 11:58 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-10-18 455968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-30 68856]
"ANT Agent"="c:\garmin\ANT Agent\ANT Agent.exe" [2010-02-03 11136360]
"Google Update"="c:\documents and settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-12-21 818288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"AccelerometerSysTrayApplet"="c:\windows\system32\AccelerometerSt.exe" [2007-01-24 124928]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-01-02 40960]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-02-26 177456]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-07-24 677144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-11-08 1116920]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-09 806912]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-10-09 697976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-09 282624]
"ScheduleSync.Siemens.SmartSync.5.2.exe"="c:\program files\Mobile Phone Manager\SmartSync\ScheduleSync.exe" [2004-08-27 45056]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-09 66680]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-10-06 161096]
"Norton Ghost 14.0"="c:\program files\Norton Ghost\Agent\VProTray.exe" [2008-05-07 2245984]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-04-30 834248]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\David\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
MotionBased Agent.lnk - c:\program files\MotionBased\Agent\MBAgent.exe [2006-12-30 909312]
setup_9.0.0.722_08.05.2010_21-25.lnk - c:\documents and settings\David\Plocha\Virus Removal Tool\setup_9.0.0.722_08.05.2010_21-25\startup.exe [2010-5-8 72208]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-30 66864]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-5-9 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 07:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-03-14 04:03 74752 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\ICQ\\Icq.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 41098772;41098772 Boot Guard Driver;c:\windows\system32\drivers\41098772.sys [8.5.2010 19:53 37392]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29.4.2009 22:55 64288]
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [14.8.2007 17:59 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9.10.2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14.6.2007 16:22 13184]
R1 41098771;41098771;c:\windows\system32\drivers\41098771.sys [8.5.2010 19:53 128016]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [24.7.2007 8:21 38816]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [14.8.2007 17:59 5840]
R1 setup_9.0.0.722_08.05.2010_21-25drv;setup_9.0.0.722_08.05.2010_21-25drv;c:\windows\system32\drivers\4109877.sys [8.5.2010 19:53 315408]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [18.8.2004 14:00 14336]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [6.9.2007 13:26 221184]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1285864]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [18.8.2004 14:00 5120]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [29.4.2008 9:37 193840]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [24.7.2007 8:21 41216]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20.12.2007 17:13 1558000]
S2 DCamUSB20;USB 2.0 Capture;c:\windows\system32\drivers\CsMini20.sys [3.7.2008 20:49 46216]
S2 gupdate1c98714f1f63ef4;Google Update Service (gupdate1c98714f1f63ef4);c:\program files\Google\Update\GoogleUpdate.exe [5.2.2009 0:07 133104]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [29.4.2008 10:05 30008]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [8.6.2007 9:06 172131]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [29.6.2007 2:01 42512]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6.10.2004 17:56 173392]
S3 utexnjq5;AVZ Kernel Driver;c:\windows\system32\drivers\utexnjq5.sys [8.5.2010 23:34 7168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 13:25 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-05-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 20:31]

2010-05-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-29 15:33]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 22:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\David\Data aplikací\Mozilla\Firefox\Profiles\zna00hb1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WCL&o=14209&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 12:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe??????????????@? ???HR????????@???????@

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\windows\system32\DeviceNP.dll

- - - - - - - > 'lsass.exe'(688)
c:\windows\SbHpNp.dll

- - - - - - - > 'explorer.exe'(8024)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP3\DragExt.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\bmwebcfg.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\IFXTCS.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Norton Ghost\Agent\VProSvc.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\windows\system32\msdtc.exe
.
**************************************************************************
.
Celkový čas: 2010-05-09 13:21:09 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-09 11:19
ComboFix2.txt 2010-05-06 22:03
ComboFix3.txt 2010-05-06 15:44
ComboFix4.txt 2009-04-29 19:32
ComboFix5.txt 2010-05-09 10:01

Před spuštěním: Volných bajtů: 54 151 495 680
Po spuštění: Volných bajtů: 54 145 662 976

- - End Of File - - A10D839F40F1C4130A3F4DC5C2995A32

p.s. moc dlouho trva vyprodukovani logu, nebot po restartu je vzdy system strsne pomaly.

nevim, zda je to IQS nebo JQS. Podle mne je to schvalne maskovano.
Na PC pod procesy jede JQS
c:\Program Files\Java\jre6\bin\jqs.exe

D.

s tim ICS jsem to v zadani spletl, omloluvam se, jsem z toho uplne hotovej.
Spravne ma byt JQS.EXE
Dekuji za pochopeni.

bezici procesy jsou nasledujici. Ten ANT agent je od garminu a slouzi k bezdratovemu prenosu dat mezi PC a GPS hodinkami (mam je na behani).
Je tam videt ten JQS i dalsi. Kdyby se to podarilo nejak vylecit, preinstalovat SP? Nebo Win XP disketa a opravit system? Jak na to?
Dekuji predem za Vasi ochotu a cas.
David.
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\nio.dll SUCCESS Offset: 1024 Length: 10240
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\nio.dll SUCCESS Offset: 17920 Length: 512
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\nio.dll SUCCESS Offset: 18432 Length: 1024
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\nio.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\nio.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
15:36:27 jqs.exe:2988 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: regutils.dll
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: Read
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Length: 262144
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 0 Length: 32768
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\nio.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\nio.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Length: 262144
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 159744 Length: 16384
15:36:27 services.exe:676 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 4096 Length: 32768
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 36864 Length: 32768
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 69632 Length: 32768
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 102400 Length: 28672
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 131072 Length: 16384
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 147456 Length: 12288
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 176128 Length: 4096
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS Offset: 180224 Length: 16384
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
15:36:27 jqs.exe:2988 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: verify.dll
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\regutils.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: Read
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Length: 31744
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Offset: 0 Length: 32768
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Length: 31744
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Offset: 19456 Length: 8704
15:36:27 services.exe:676 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\verify.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Offset: 1024 Length: 18432
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Offset: 28160 Length: 512
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\verify.dll SUCCESS Offset: 28672 Length: 1024
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\ SUCCESS Options: Open Directory Access: 00100001
15:36:27 jqs.exe:2988 IRP_MJ_DIRECTORY_CONTROL C:\Program Files\Java\jre6\bin\ SUCCESS FileBothDirectoryInformation: zip.dll
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\ SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Options: Open Access: Read
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Length: 47104
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 0 Length: 32768
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 jqs.exe:2988 FASTIO_QUERY_BASIC_INFO C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Attributes: A
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\verify.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CREATE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Options: Open Access: 00100020
15:36:27 jqs.exe:2988 FASTIO_QUERY_STANDARD_INFO C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Length: 47104
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 0 Length: 4096
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 29696 Length: 10240
15:36:27 services.exe:676 IRP_MJ_PNP_POWER C:\Program Files\Java\jre6\bin\zip.dll SUCCESS IRP_MN_QUERY_DEVICE_RELATIONS
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 1024 Length: 28672
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 39936 Length: 4608
15:36:27 jqs.exe:2988 IRP_MJ_READ* C:\Program Files\Java\jre6\bin\zip.dll SUCCESS Offset: 44544 Length: 1024
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Garmin\ANT Agent\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Documents and Settings\David\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\wbem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Hewlett-Packard\IAM\bin\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 jqs.exe:2988 IRP_MJ_CLEANUP C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 jqs.exe:2988 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\bin\zip.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 4096 Length: 4096
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Adobe\AGL\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\QuickTime\QTSystem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 20480 Length: 4096
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Ulead Systems\MPEG\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator Trial\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 16384 Length: 4096
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 8192 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Garmin\ANT Agent\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Documents and Settings\David\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\wbem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Hewlett-Packard\IAM\bin\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 4096 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Adobe\AGL\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\QuickTime\QTSystem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 20480 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Ulead Systems\MPEG\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator Trial\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\setupapi.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\setupapi.dll SUCCESS Attributes: A
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:27 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Length: 16896
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Offset: 0 Length: 20480
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\setupapi.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\setupapi.dll SUCCESS Attributes: A
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Length: 16896
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_READ* C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Offset: 0 Length: 20480
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:27 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\security\cacerts SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\security\java.policy SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\security\java.security SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\security\javaws.policy SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\tzmappings SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\zi\gmt SUCCESS
15:36:27 System:4 IRP_MJ_CLOSE C:\Program Files\Java\jre6\lib\rt.jar SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Garmin\ANT Agent\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Documents and Settings\David\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\wbem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Hewlett-Packard\IAM\bin\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 4096 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Adobe\AGL\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\QuickTime\QTSystem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 20480 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Ulead Systems\MPEG\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator Trial\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 16384 Length: 4096
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 8192 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Garmin\ANT Agent\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Documents and Settings\David\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\wbem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Hewlett-Packard\IAM\bin\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 4096 Length: 4096
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Adobe\AGL\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\QuickTime\QTSystem\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 20480 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Common Files\Ulead Systems\MPEG\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 0 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\Program Files\Ulead Systems\Ulead DVD MovieFactory 3 Disc Creator Trial\libusb0.dll NOT FOUND Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 16384 Length: 4096
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C: SUCCESS Offset: 8192 Length: 4096
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\setupapi.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\setupapi.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Length: 16896
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Offset: 0 Length: 20480
15:36:28 System:4 IRP_MJ_CLOSE C: SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\setupapi.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\setupapi.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\setupapi.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_STANDARD_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Length: 16896
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_READ* C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Offset: 0 Length: 20480
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: Read-Attributes
15:36:28 ANT Agent.exe:3496 FASTIO_QUERY_BASIC_INFO C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Attributes: A
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CREATE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS Options: Open Access: 00100020
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLEANUP C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 ANT Agent.exe:3496 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 System:4 IRP_MJ_CLOSE C:\WINDOWS\system32\cfgmgr32.dll SUCCESS
15:36:28 System:4 IRP_MJ_WRITE* C:\$Mft SUCCESS Offset: 0 Length: 4096
15:36:28 System:4 IRP_MJ_WRITE* C:\$Mft SUCCESS Offset: 5509120 Length: 4096
15:36:28 System:4 IRP_MJ_WRITE* C:\$Mft SUCCESS Offset: 9924608 Length: 4096
15:36:28 System:4 IRP_MJ_WRITE* C:\$Mft SUCCESS Offset: 9932800 Length: 4096
15:36:28 System:4 IRP_MJ_WRITE* C:\$Mft SUCCESS Offset: 17850368 Length: 4096

VIRY.CZ

ics.exe - prosím o kontrolu logu, Děkuji.

ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.

Re: ics.exe - prosím o kontrolu logu, Děkuji.