GMER 1.0.14.14205 - http://www.gmer.net
Rootkit scan 2008-04-04 18:11:59
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT sptd.sys ZwCreateKey [0xF83970D0]
SSDT sptd.sys ZwEnumerateKey [0xF839CE2C]
SSDT sptd.sys ZwEnumerateValueKey [0xF839D1BA]
SSDT sptd.sys ZwOpenKey [0xF83970B0]
SSDT sptd.sys ZwQueryKey [0xF839D292]
SSDT sptd.sys ZwQueryValueKey [0xF839D112]
SSDT sptd.sys ZwSetValueKey [0xF839D324]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\system32\drivers\sptd.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
.text USBPORT.SYS!DllUnload F7FEA62C 5 Bytes JMP 82951780
.text vaxscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F7BFD4D0 48 Bytes [ F0, 18, 96, 32, 4B, A8, 46, ... ]
? C:\WINDOWS\System32\Drivers\vaxscsi.sys Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
? System32\Drivers\achftlql.SYS Systém nemůže nalézt uvedený soubor. !
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[1476] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [ C2, 04, 00, 00 ]
---- Kernel IAT/EAT - GMER 1.0.14 ----
IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F83AD832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83CF892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F83AD886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F8397AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F8397C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F8397B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F8398748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F839861E] sptd.sys
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83ACACA] sptd.sys
---- Devices - GMER 1.0.14 ----
Device \FileSystem\Ntfs \Ntfs 82AD91E8
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \FileSystem\Fastfat \FatCdrom 81F891E8
Device \Driver\usbuhci \Device\USBPDO-0 828F01E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 82A661E8
Device \Driver\dmio \Device\DmControl\DmConfig 82A661E8
Device \Driver\dmio \Device\DmControl\DmPnP 82A661E8
Device \Driver\dmio \Device\DmControl\DmInfo 82A661E8
Device \Driver\usbuhci \Device\USBPDO-1 828F01E8
Device \Driver\usbuhci \Device\USBPDO-2 828F01E8
Device \Driver\usbuhci \Device\USBPDO-3 828F01E8
Device \Driver\usbehci \Device\USBPDO-4 828C31E8
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 82ADB1E8
Device \Driver\atapi \Device\Ide\IdePort0 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 82ADA1E8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 82ADA1E8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8241F430
Device \Driver\NetBT \Device\NetbiosSmb 8241F430
Device \Driver\PCI_NTPNP4304 \Device\0000004e sptd.sys
Device \Driver\PCI_NTPNP4304 \Device\0000004f sptd.sys
Device \Driver\usbuhci \Device\USBFDO-0 828F01E8
Device \Driver\usbuhci \Device\USBFDO-1 828F01E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CDB7F34E-4A5E-4BAA-BF50-CCF50D92FC7F} 8241F430
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 824111E8
Device \Driver\usbuhci \Device\USBFDO-2 828F01E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 824111E8
Device \Driver\usbuhci \Device\USBFDO-3 828F01E8
Device \Driver\usbehci \Device\USBFDO-4 828C31E8
Device \Driver\Ftdisk \Device\FtControl 82ADB1E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 828971E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\achftlql \Device\Scsi\achftlql1 828811E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 828971E8
Device \Driver\vaxscsi \Device\Scsi\vaxscsi1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Fastfat \Fat 81F891E8
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs 823F51E8
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x36 0xD2 0x57 0x77 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -447453770
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1085992225
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xEB 0xDA 0x87 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0D 0xE3 0xA2 0x10 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xB5 0xC7 0x1B 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x5A 0x01 0x9E 0xC4 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFA 0x2A 0x0C 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xDD 0x36 0x42 0x7B ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0v\0e\0l\0k\0é\0) C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes@\f\1e\0r\0n\0é\0 \0u\0k\0a\0z\0a\0t\0e\0l\0e\0 \0(\0n\0e\0j\0v\0\e\1t\0a\1í\0) C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 1ADEB5A964304E5981E8A04DC4C893228561CE91D3AACA43BA2AB5395EBBE47AC14DE87ED8B36E8158D20A405842A545B2B18AC251B7672CA842B7FC3452666C30D02275CC09B2722EB04835757191D810EC98411FB0A86E3500C4AC248073C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555D4A6E7A2D71B2083281AF328A123F1F695FEC80F6306BEECE9E82C0E680AB6C4474659C2582F6F7788A0D6C18EB1DEAF88E31430B81923F3A234DA75525D975597E00F7BE51A45BDB95ABEF7A1CD14C162BB86CE3BAFD309C867BC01A3111A43943274A7904F6530D29A4D064A5497362A1617A7D3B03F876F6BBC0B6134AE587D1B8965972665A860DB376E2488461858A44FBC20E5A54B9E49DAB9C5399BE3859DE31BF3DC2F89663AC5F3858DCFF95B3E4D526F7E1C37CF2FA86FBDF8FAB8D462AAEB509304B2D675D51E74ED38EE165AC3F1478B0BB07272CFD96A2E3AAC08B61A4689CCF40E9CF459BAAC175690DD99F8E9DE04AE216A888964A2F79A1AAE08835733F2E807154056581EDA577A7C3B474924431AF60D0B2642EDD833E04DECCA1293521A0D8E04634C6CEC39CEB0A71C6637862F2328BB09690DBAEBE35B9BE62F269A9914D012B0AD6EE851B
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Error Mode 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs wbsys.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_name msxmlg
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_expand drv
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@file_path C:\WINDOWS\system32\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_name bkfgsbfi
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@reg_id 7237565
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\3@start_function WLEntryPoint
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_name wuapckimc
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_expand nls
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@file_path C:\WINDOWS\TEMP\
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_name gkqcp
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@reg_id 7523455
Reg HKLM\SOFTWARE\Classes\CLSID\{5CF28935-8BA2-D939-F769-92E99DB34A55}\Storage\4@start_function WLEntry
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Nero 7 Ultra Edition\`t@Order 0x08 0x00 0x00 0x00 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@abnplkamdncnpgklkkehbhcmbkjajlmacd 0x61 0x62 0x6C 0x6F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}@bbnplkamdncnpgklkkdhclafidkgmfeimgee 0x61 0x62 0x61 0x70 ...
---- EOF - GMER 1.0.14 ----
Moc prosím o kontrolu logu Vyřešeno
Re: Moc prosím o kontrolu logu
HP ProBook 450 G6
Re: Moc prosím o kontrolu logu
Deckard's System Scanner v20071014.68
Run by uživatel on 2008-04-04 18:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 3.24 GiB (less than 15%) free.
-- File Associations -----------------------------------------------------------
.exe - exefile - shell\open\command - rundll32.exe "C:\WINDOWS\TEMP\wuapckimc.nls" WLEntry %1 %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S3 adusbmdm6501 (AnyDATA CDMA USB Modem Driver (PID 6501)) - c:\windows\system32\drivers\adusbmdm65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 adusbser6501 (AnyDATA CDMA USB Serial Port (PID 6501)) - c:\windows\system32\drivers\adusbser65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 aswArKrn - c:\docume~1\uivate~1\locals~1\temp\aswarkrn.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; USB World; USB Data Cable>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 IviRegMgr - c:\program files\common files\intervideo\regmgr\iviregmgr.exe
R2 LicCtrlService (LicCtrl Service) - rundll32.exe c:\windows\mmfs.dll,service
S4 NOD32krn (NOD32 Kernel Service) - "c:\program files\nod32\nod32krn.exe" (file missing)
-- Files created between 2008-03-04 and 2008-04-04 -----------------------------
2008-04-04 18:06:28 761856 --a------ C:\gmer.exe
2008-04-04 15:45:24 278016 --a------ C:\swreg.exe <Not Verified; SteelWerX; SteelWerX Command Line Registry Editor>
2008-04-04 15:39:22 0 d-------- C:\abc
2008-04-04 15:37:58 65568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-25 19:37:25 97104910 --a------ C:\zalreg.reg
2008-03-23 14:21:53 0 d-------- C:\Program Files\SopCast
2008-03-23 12:11:23 0 d-------- C:\reg
2008-03-22 12:36:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-21 12:20:28 0 d-------- C:\Program Files\Java
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:43:58 0 d-------- C:\WINDOWS\ERUNT
2008-03-16 19:42:43 0 d-------- C:\Program Files\CCleaner
2008-03-15 14:04:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-15 14:04:00 0 d-------- C:\Program Files\DivX
-- Find3M Report ---------------------------------------------------------------
2008-04-03 22:16:37 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2008-04-03 21:45:29 0 d-------- C:\Program Files\Torrents
2008-03-30 15:06:32 393414 --a------ C:\WINDOWS\system32\perfh005.dat
2008-03-30 15:06:32 69836 --a------ C:\WINDOWS\system32\perfc005.dat
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files
2008-03-21 12:19:47 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Sun
2008-03-21 12:14:31 0 d-------- C:\Program Files\Common Files\InterVideo
2008-03-19 18:36:27 0 d-------- C:\Program Files\Ad-Aware 2007
2008-03-16 17:52:13 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-03-15 14:07:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Roxio
2008-03-06 20:48:50 0 d-------- C:\Program Files\Winamp
2008-03-03 18:02:49 0 d-------- C:\Program Files\PeerGuardian2
2008-02-24 10:28:27 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\DMCache
2008-02-23 13:21:54 0 d-------- C:\Program Files\PPMate
2008-02-23 12:45:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 00:46:09 0 d-------- C:\Program Files\SUPER
2008-02-22 23:20:46 0 d-------- C:\Program Files\TVUPlayer
2008-02-21 20:09:50 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Real
2008-02-21 19:00:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\TVU Networks
2008-02-21 18:01:41 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\ppStream
2008-02-21 17:49:30 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\PPMate
2008-02-21 17:48:39 0 d-------- C:\Program Files\Common Files\Synacast
2008-02-18 20:21:41 0 d-------- C:\Program Files\Common Files\InstallerA
2008-02-18 20:13:34 0 d-------- C:\Program Files\Gamenext
2008-02-16 20:46:01 0 d-a------ C:\Program Files\Miranda IM
2008-02-05 12:29:06 4046 --a------ C:\WINDOWS\mozver.dat
2008-02-04 21:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
2008-01-23 19:43:57 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [28.01.2002 14:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20.03.2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20.03.2006 17:34]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20.03.2006 17:34]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20.02.2008 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"AVP"="C:\Documents and Settings\All Users\Plocha\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_15-34.exe" [12.10.2007 16:29]
"nqrflhqs"="C:\WINDOWS\TEMP\vgaslbelr.nls WLEntryPoint" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 15:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 18:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"gmbfi"=rundll32.exe "C:\WINDOWS\system32\cdfkcolkm.sys" WLEntryPoint
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WindowBlinds\wbsrv.dll 20.12.2005 22:57 176128 C:\PROGRA~1\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GPRSpeed Plus Client.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GPRSpeed Plus Client.lnk
backup=C:\WINDOWS\pss\GPRSpeed Plus Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"C:\Program Files\Avast4\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"c:\program files\divx\divx pro codec\gain_trickler_3202.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72c2d0d-4fbc-11db-8aa0-0011098da354}]
AutoRun\command- H:\autorun.exe
*Newly Created Service* - GMER
*Newly Created Service* - SETUP_7.0.0.180_04.04.2008_15-34
-- End of Deckard's System Scanner: finished at 2008-04-04 18:15:11 ------------
Run by uživatel on 2008-04-04 18:13:07
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Drive C: has 3.24 GiB (less than 15%) free.
-- File Associations -----------------------------------------------------------
.exe - exefile - shell\open\command - rundll32.exe "C:\WINDOWS\TEMP\wuapckimc.nls" WLEntry %1 %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys <Not Verified; Protection Technology; StarForce Protection System>
R1 cdrbsdrv - c:\windows\system32\drivers\cdrbsdrv.sys <Not Verified; B.H.A Corporation; B's Recorder GOLD7>
R2 atksgt - c:\windows\system32\drivers\atksgt.sys
R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys
R3 ASAPIW2k - c:\windows\system32\drivers\asapiw2k.sys <Not Verified; Pinnacle Systems GmbH; asapi>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 Pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys
S3 adusbmdm6501 (AnyDATA CDMA USB Modem Driver (PID 6501)) - c:\windows\system32\drivers\adusbmdm65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 adusbser6501 (AnyDATA CDMA USB Serial Port (PID 6501)) - c:\windows\system32\drivers\adusbser65.sys <Not Verified; AnyDATA Corporation; AnyDATA CDMA USB Modem/Serial Device Driver>
S3 aswArKrn - c:\docume~1\uivate~1\locals~1\temp\aswarkrn.sys (file missing)
S3 dtscsi - c:\windows\system32\drivers\dtscsi.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 MSICPL - d:\install4\msicpl.sys (file missing)
S3 NTACCESS - d:\ntaccess.sys (file missing)
S3 pgfilter - c:\program files\peerguardian2\pgfilter.sys
S3 SetupNTGLM7X - d:\ntglm7x.sys (file missing)
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; USB World; USB Data Cable>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 IviRegMgr - c:\program files\common files\intervideo\regmgr\iviregmgr.exe
R2 LicCtrlService (LicCtrl Service) - rundll32.exe c:\windows\mmfs.dll,service
S4 NOD32krn (NOD32 Kernel Service) - "c:\program files\nod32\nod32krn.exe" (file missing)
-- Files created between 2008-03-04 and 2008-04-04 -----------------------------
2008-04-04 18:06:28 761856 --a------ C:\gmer.exe
2008-04-04 15:45:24 278016 --a------ C:\swreg.exe <Not Verified; SteelWerX; SteelWerX Command Line Registry Editor>
2008-04-04 15:39:22 0 d-------- C:\abc
2008-04-04 15:37:58 65568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-25 19:37:25 97104910 --a------ C:\zalreg.reg
2008-03-23 14:21:53 0 d-------- C:\Program Files\SopCast
2008-03-23 12:11:23 0 d-------- C:\reg
2008-03-22 12:36:00 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-21 12:20:28 0 d-------- C:\Program Files\Java
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files\Java
2008-03-19 20:43:58 0 d-------- C:\WINDOWS\ERUNT
2008-03-16 19:42:43 0 d-------- C:\Program Files\CCleaner
2008-03-15 14:04:13 0 d-------- C:\Program Files\Common Files\Roxio Shared
2008-03-15 14:04:00 0 d-------- C:\Program Files\DivX
-- Find3M Report ---------------------------------------------------------------
2008-04-03 22:16:37 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2008-04-03 21:45:29 0 d-------- C:\Program Files\Torrents
2008-03-30 15:06:32 393414 --a------ C:\WINDOWS\system32\perfh005.dat
2008-03-30 15:06:32 69836 --a------ C:\WINDOWS\system32\perfc005.dat
2008-03-21 12:20:26 0 d-------- C:\Program Files\Common Files
2008-03-21 12:19:47 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Sun
2008-03-21 12:14:31 0 d-------- C:\Program Files\Common Files\InterVideo
2008-03-19 18:36:27 0 d-------- C:\Program Files\Ad-Aware 2007
2008-03-16 17:52:13 0 d-------- C:\Program Files\Your Uninstaller 2008
2008-03-15 14:07:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Roxio
2008-03-06 20:48:50 0 d-------- C:\Program Files\Winamp
2008-03-03 18:02:49 0 d-------- C:\Program Files\PeerGuardian2
2008-02-24 10:28:27 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\DMCache
2008-02-23 13:21:54 0 d-------- C:\Program Files\PPMate
2008-02-23 12:45:31 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-23 00:46:09 0 d-------- C:\Program Files\SUPER
2008-02-22 23:20:46 0 d-------- C:\Program Files\TVUPlayer
2008-02-21 20:09:50 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\Real
2008-02-21 19:00:12 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\TVU Networks
2008-02-21 18:01:41 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\ppStream
2008-02-21 17:49:30 0 d-------- C:\Documents and Settings\uživatel\Data aplikací\PPMate
2008-02-21 17:48:39 0 d-------- C:\Program Files\Common Files\Synacast
2008-02-18 20:21:41 0 d-------- C:\Program Files\Common Files\InstallerA
2008-02-18 20:13:34 0 d-------- C:\Program Files\Gamenext
2008-02-16 20:46:01 0 d-a------ C:\Program Files\Miranda IM
2008-02-05 12:29:06 4046 --a------ C:\WINDOWS\mozver.dat
2008-02-04 21:26:34 151040 ---hs---- C:\WINDOWS\system32\VistaUltm.dll
2008-01-23 19:43:57 298104 --a------ C:\WINDOWS\system32\imon.dll <Not Verified; Eset; NOD32 Antivirus System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [28.01.2002 14:48]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [20.03.2006 17:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [20.03.2006 17:34]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [20.03.2006 17:34]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [20.02.2008 12:06]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22.02.2008 05:25]
"AVP"="C:\Documents and Settings\All Users\Plocha\Kaspersky Lab Tool\setup_7.0.0.180_04.04.2008_15-34.exe" [12.10.2007 16:29]
"nqrflhqs"="C:\WINDOWS\TEMP\vgaslbelr.nls WLEntryPoint" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [17.08.2004 15:49]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [13.10.2004 18:24]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"=1 (0x1)
"SynchronousMachineGroupPolicy"=0 (0x0)
"SynchronousUserGroupPolicy"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoRemoteRecursiveEvents"=1 (0x1)
"NoStrCmpLogical"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"gmbfi"=rundll32.exe "C:\WINDOWS\system32\cdfkcolkm.sys" WLEntryPoint
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"=1 (0x1)
"NoRecentDocsHistory"=1 (0x1)
"NoLowDiskSpaceChecks"=1 (0x1)
"MemCheckBoxInRunDlg"=0 (0x0)
"NoAutoTrayNotify"=0 (0x0)
"NoResolveTrack"=0 (0x0)
"NoResolveSearch"=1 (0x1)
"LinkResolveIgnoreLinkInfo"=1 (0x1)
"NoStartBanner"=01000000
"NoWelcomeScreen"=1 (0x1)
"NoRecentDocsNetHood"=1 (0x1)
"NoDesktopCleanupWizard"=1 (0x1)
"NoSharedDocuments"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\WindowBlinds\wbsrv.dll 20.12.2005 22:57 176128 C:\PROGRA~1\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^GPRSpeed Plus Client.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\GPRSpeed Plus Client.lnk
backup=C:\WINDOWS\pss\GPRSpeed Plus Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^RollerCoaster Tycoon 3 Registration.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\RollerCoaster Tycoon 3 Registration.lnk
backup=C:\WINDOWS\pss\RollerCoaster Tycoon 3 Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^uživatel^Nabídka Start^Programy^Po spuštění^Ubisoft register.lnk]
path=C:\Documents and Settings\uživatel\Nabídka Start\Programy\Po spuštění\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
"C:\Program Files\Avast4\ashDisp.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG Free\avgcc.exe /STARTUP
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
"C:\Program Files\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
"C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Trickler]
"c:\program files\divx\divx pro codec\gain_trickler_3202.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NOD32krn"=2 (0x2)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Schedule
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f72c2d0d-4fbc-11db-8aa0-0011098da354}]
AutoRun\command- H:\autorun.exe
*Newly Created Service* - GMER
*Newly Created Service* - SETUP_7.0.0.180_04.04.2008_15-34
-- End of Deckard's System Scanner: finished at 2008-04-04 18:15:11 ------------
HP ProBook 450 G6
Re: Moc prosím o kontrolu logu
Avp log.
- Přílohy
-
- avplog.zip
- (11.87 KiB) Staženo 14 x
HP ProBook 450 G6
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Moc prosím o kontrolu logu
#Krok1:
Bude potřeba si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu:
Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
#Krok2:
Odinstaluj AVPTool
#Krok3:
Po té si stáhni znovu SDFix a AVPTool
#Krok4: - od tohoto kroku by bylo se dobré zase odpojit od internetu.
- použij znovu SDFix v nouzovém režimu a vlož sem pak z něho log.
- nainstaluj zpět AVPTool
#Krok5:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE (nefunguje korektně pod FireFox)
Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fixw.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor
fixw.reg
Spusť soubor Fixw.reg, vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
#Krok6:
Projeď Pc pomocí AVPTool a po jeho skončení pokračuj znovu kroky 8, 10 ,11 a 12 zmíněné v příspěvku ze dne:
Dub 02, 2008
Vlož sem pak tyto logy.
- SDFix
- log z AVPTool
- log z GMER
- log z DSS
Bude potřeba si doinstalovat firewall, můžeš si vybrat některý zde uvedený nebo některý jiný z odkazu:
Přehled osobních firewallů
Firewally zdarma:
Comodo - kvalitní, pokročilý, s mnoha funkcemi, originálně v angličtině
Kerio - přehledný, větší možnosti nastavení, náročnější na systémové prostředky, v češtině
ZoneAlarm - jednoduchý, kompatibilní, nenáročný na systémové prostředky, málo možností nastavení, v angličtině + návod
#Krok2:
Odinstaluj AVPTool
#Krok3:
Po té si stáhni znovu SDFix a AVPTool
#Krok4: - od tohoto kroku by bylo se dobré zase odpojit od internetu.
- použij znovu SDFix v nouzovém režimu a vlož sem pak z něho log.
- nainstaluj zpět AVPTool
#Krok5:
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok)
Zkopíruj do něj následující text označený zeleně:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE (nefunguje korektně pod FireFox)
Kód: Vybrat vše
REGEDIT4
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\rundll32.exe"=-Pak dej Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: fixw.reg
Uložit jako typ: tak tam vyber Všechny soubory
Ulož si daný soubor na plochu
Na ploše by se měl objevit soubor
fixw.regSpusť soubor Fixw.reg, vyskočí hláška kde odklikni Ano poté je další hláška kde odklikni OK
#Krok6:
Projeď Pc pomocí AVPTool a po jeho skončení pokračuj znovu kroky 8, 10 ,11 a 12 zmíněné v příspěvku ze dne:
Dub 02, 2008
Vlož sem pak tyto logy.
- SDFix
- log z AVPTool
- log z GMER
- log z DSS
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Moc prosím o kontrolu logu
Jak odinstaluju Avp? kdyz dam unintal tak hodi tuhle chybu
- Přílohy
-
HP ProBook 450 G6
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Moc prosím o kontrolu logu
Jsou dvě varianty. Buď spustíš program a půjdeš do Settings a tam zrušíš zatržení u volby Enable Self-Defense. Vypneš program a pak ho odinstaluješ jak jsi chtěl.
Jinak původní postup je když spustíš program tak v hlavní okně dole klikni na položku Complete Antivirus Protection a přes ní to odinstaluješ. Jinak to bylo zmíněno na konci návodu
Jinak původní postup je když spustíš program tak v hlavní okně dole klikni na položku Complete Antivirus Protection a přes ní to odinstaluješ. Jinak to bylo zmíněno na konci návodu
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Moc prosím o kontrolu logu
Postupoval sem podle postupu a u každého scanu(sdfix,gmer,dss) hodil počítač tuto chybu nejméně jednou(ale scan se dokončil).
Mam sem dat i tak logy z tech programu?
Mam sem dat i tak logy z tech programu?
- Přílohy
-
- chyba.JPG (10.01 KiB) Zobrazeno 1400 x
HP ProBook 450 G6
Re: Moc prosím o kontrolu logu
A ještě na tohle sem zapomněl. Při přihlášení na mě vyskočí tyhle hlášky, ale všechno normálně funguje
- Přílohy
-
- chyba po spuštění.JPG (20.04 KiB) Zobrazeno 1399 x
HP ProBook 450 G6
Re: Moc prosím o kontrolu logu
No a aby toho nebylo málo tak když chci něco pustit, tak se mi často objevi modra obrazovka- BYLY ZJISTENY POTIZE A SYSTEM WINDOWS BYL UKONCEN ABY NEDOSLO K POSKOZENI POCITACE
DRIVER_IRQL_NOT_LESS_OR_EQUAL.
Toto se mi poprvé objevilo kdyz sem chtel odinstalovat firewall zone alarm. Napodruhe sem ho odinstaloval a nainstaloval Ashampoo Firewall.
DRIVER_IRQL_NOT_LESS_OR_EQUAL.
Toto se mi poprvé objevilo kdyz sem chtel odinstalovat firewall zone alarm. Napodruhe sem ho odinstaloval a nainstaloval Ashampoo Firewall.
HP ProBook 450 G6
-
fredik
- člen Security týmu
-
Master Level 7
- Příspěvky: 4680
- Registrován: červenec 06
- Pohlaví:
- Stav:
Offline
Re: Moc prosím o kontrolu logu
Ty logy sem dej, i když by to asi už chtělo něco aktuálnějšího.
It may take a while to get a response, because the "HJT Team" are very busy. Please, be patient, these people are volunteers. They will help you out, as soon as possible.
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Pokud máte nějaký problém, tak mi neposílejte SZ/PM zprávy s logy a dejte je do fóra. Na tyto SZ není možno odpovědět
Re: Moc prosím o kontrolu logu
SDFix: Version 1.168
Run by uživatel on čt 10.04.2008 at 18:07
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 18:13:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:36,d2,57,77,3e,cc,e6,c9,b0,ab,be,b6,d6,73,df,52,ba,1c,fb,63,03,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:eb,da,87,24,41,db,3b,18,7e,d3,c2,c7,aa,cf,54,96,b4,3e,3a,ed,4d,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e55465b6
"s2"=dword:40baed21
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:eb,da,87,24,41,db,3b,18,7e,d3,c2,c7,aa,cf,54,96,b4,3e,3a,ed,4d,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="1ADEB5A964304E5981E8A04DC4C893228561CE91D3AACA43BA2AB5395EBBE47AC14DE87ED8B36E8158D20A405842A545B2B18AC251B7672CA842B7FC3452666C30D02275CC09B2722EB04835757191D810EC98411FB0A86E3500C4AC248073C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555D4A6E7A2D71B2083281AF328A123F1F695FEC80F6306BEECE9E82C0E680AB6C4474659C2582F6F7788A0D6C18EB1DEAF88E31430B81923F3A234DA75525D975597E00F7BE51A45BDB95ABEF7A1CD14C162BB86CE3BAFD309C867BC01A3111A43943274A7904F6530D29A4D064A5497362A1617A7D3B03F876F6BBC0B6134AE587D1B8965972665A860DB376E2488461858A44FBC20E5A54B9E49DAB9C5399BE3859DE31BF3DC2F89663AC5F3858DCFF95B3E4D526F7E1C37CF2FA86FBDF8FAB8D462AAEB509304B2D675D51E74ED38EE165AC3F1478B0BB07272CFD96A2E3AAC08B61A4689CCF40E9CF459BAAC175690DD99F8E9DE04AE216A888964A2F79A1AAE08835733F2E807154056581EDA577A7C3B474924431AF60D0B2642EDD833E04DECCA1293521A0D8E04634C6CEC39CEB0A71C6637862F2328BB09690DBAEBE35B9BE62F269A9914D012B0AD6EE851B12CE77B5A6BF0281AF77B2815ED67058844EE65A918DFC79493DD7ED9B04AC64B9428F9024B0812D8315211C1B88F0E3A6A69673F4C9B5C08850221EFF1F394C884BCC27E92374C597A6AE0B24544ED67A0AD1E7359A962EE44B982D5A52A0DD90A9A143530CB8DA0EE93CB6EA17E5E822D04558F0A4B384DE767A0B07417D0B426DB40CF4B795DB11C3F19BC1099EB024E57E71BDC2391AB790F8CEE3848D990CF3E2CBA3A5698170705A3AE85557A6133B845E8043AF214745A6A4081AEF22BF023D3278B5C705EA620DB152CD33E1F015BF20AE67E39174A15F4981320BCC36711450A7EE9681AE3EFC306DF9CC13DCC1788559EBD924960B0783065D429A086B1A29D8741DBDE2075F2DB331DE243A5E8B2E67A2F82BF8F43D604A36B030A11D3225DCE8975C62ED995B3EC23D2BB8B6F321EFD685E97258305D22EE4E24C45E70E0CB24C36EED2E5E97204611733706E591DDD6851F061508B2117A6BA38CD84C32DC178F3F9CB8A43BBA7710BBFBD4F124C858EDBEEF9A90A38267A4CA14E64B60C4261568C47D90A7A39CC5A75CE9CD955149E4EB818332F22578D32625C63ECB4AA3B5AD0E68AB7DC4E53887074073D295BC0507B5838C1B05AF0D556028580772921D075C376DC553049694EF161E3F86103DCE44BA49A78129A77DEBCEF9FEA9E93602A679E1D995CD329B2FEA5053DE0D4432AF68927D096E22C60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"NoPopUpsOnBoot"=dword:00000001
"Error Mode"=dword:00000001
"AppInit_DLLs"="wbsys.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}]
"abnplkamdncnpgklkkehbhcmbkjajlmacd"=hex:61,62,6c,6f,69,6a,64,70,68,61,70,68,6f,69,67,6b,64,70,6f,62,68,..
"bbnplkamdncnpgklkkdhclafidkgmfeimgee"=hex:61,62,61,70,6c,62,69,62,6a,67,6d,64,6b,6d,61,68,63,68,67,63,68,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe"="C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe:*:Enabled:FirefoxPortable.exe"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Hry\\Worms Armageddon\\wa.exe"="C:\\Hry\\Worms Armageddon\\wa.exe:*:Enabled:Worms Armageddon"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\SUPER\cygz.dll"
Fri 22 Feb 2008 72,704 ..SHR --- "C:\Program Files\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\SUPER\_Setup.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Tue 17 Aug 2004 1,028,096 ...H. --- "C:\WINDOWS\system32\mfc42.dll"
Sat 20 Jan 2007 945 A.SH. --- "C:\WINDOWS\system32\mmf.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 17 Aug 2004 54,784 ...H. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 25 Oct 2001 565,760 ...H. --- "C:\WINDOWS\system32\msvcp50.dll"
Tue 17 Aug 2004 413,696 ...H. --- "C:\WINDOWS\system32\msvcp60.dll"
Tue 17 Aug 2004 343,040 ...H. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 25 Oct 2001 253,952 ...H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Tue 3 Aug 2004 61,440 ...H. --- "C:\WINDOWS\system32\msvcrt40.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sat 18 Dec 2004 1,005,056 A..H. --- "C:\Hry\P lˇ N m To\Data\PnT.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\SUPER\mencoder\ivvideo.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\SUPER\mencoder\tokr3260.dll"
Finished!
Run by uživatel on čt 10.04.2008 at 18:07
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 18:13:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:36,d2,57,77,3e,cc,e6,c9,b0,ab,be,b6,d6,73,df,52,ba,1c,fb,63,03,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:eb,da,87,24,41,db,3b,18,7e,d3,c2,c7,aa,cf,54,96,b4,3e,3a,ed,4d,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:e55465b6
"s2"=dword:40baed21
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:eb,da,87,24,41,db,3b,18,7e,d3,c2,c7,aa,cf,54,96,b4,3e,3a,ed,4d,..
"p0"="C:\Program Files\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:5a,01,9e,c4,cb,f1,b8,cd,0f,4a,f2,c6,a9,9e,1d,2e,16,97,a1,5b,c3,..
"p0"="C:\Program Files\DAEMON Tools\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:fa,2a,0c,1e,ba,6d,a4,59,b7,6e,0c,e0,20,d6,60,1f,b9,43,54,35,28,..
"a0"=hex:20,01,00,00,bf,f4,61,1e,84,77,d1,2a,53,4b,ec,04,81,b2,9d,af,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dd,36,42,7b,25,6f,38,6e,b4,e8,d7,a2,8b,87,90,5b,74,dd,59,8b,1f,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?é?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?é? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1í?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="1ADEB5A964304E5981E8A04DC4C893228561CE91D3AACA43BA2AB5395EBBE47AC14DE87ED8B36E8158D20A405842A545B2B18AC251B7672CA842B7FC3452666C30D02275CC09B2722EB04835757191D810EC98411FB0A86E3500C4AC248073C7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA6A0AC4980AC7933A2D97226D213B555D4A6E7A2D71B2083281AF328A123F1F695FEC80F6306BEECE9E82C0E680AB6C4474659C2582F6F7788A0D6C18EB1DEAF88E31430B81923F3A234DA75525D975597E00F7BE51A45BDB95ABEF7A1CD14C162BB86CE3BAFD309C867BC01A3111A43943274A7904F6530D29A4D064A5497362A1617A7D3B03F876F6BBC0B6134AE587D1B8965972665A860DB376E2488461858A44FBC20E5A54B9E49DAB9C5399BE3859DE31BF3DC2F89663AC5F3858DCFF95B3E4D526F7E1C37CF2FA86FBDF8FAB8D462AAEB509304B2D675D51E74ED38EE165AC3F1478B0BB07272CFD96A2E3AAC08B61A4689CCF40E9CF459BAAC175690DD99F8E9DE04AE216A888964A2F79A1AAE08835733F2E807154056581EDA577A7C3B474924431AF60D0B2642EDD833E04DECCA1293521A0D8E04634C6CEC39CEB0A71C6637862F2328BB09690DBAEBE35B9BE62F269A9914D012B0AD6EE851B12CE77B5A6BF0281AF77B2815ED67058844EE65A918DFC79493DD7ED9B04AC64B9428F9024B0812D8315211C1B88F0E3A6A69673F4C9B5C08850221EFF1F394C884BCC27E92374C597A6AE0B24544ED67A0AD1E7359A962EE44B982D5A52A0DD90A9A143530CB8DA0EE93CB6EA17E5E822D04558F0A4B384DE767A0B07417D0B426DB40CF4B795DB11C3F19BC1099EB024E57E71BDC2391AB790F8CEE3848D990CF3E2CBA3A5698170705A3AE85557A6133B845E8043AF214745A6A4081AEF22BF023D3278B5C705EA620DB152CD33E1F015BF20AE67E39174A15F4981320BCC36711450A7EE9681AE3EFC306DF9CC13DCC1788559EBD924960B0783065D429A086B1A29D8741DBDE2075F2DB331DE243A5E8B2E67A2F82BF8F43D604A36B030A11D3225DCE8975C62ED995B3EC23D2BB8B6F321EFD685E97258305D22EE4E24C45E70E0CB24C36EED2E5E97204611733706E591DDD6851F061508B2117A6BA38CD84C32DC178F3F9CB8A43BBA7710BBFBD4F124C858EDBEEF9A90A38267A4CA14E64B60C4261568C47D90A7A39CC5A75CE9CD955149E4EB818332F22578D32625C63ECB4AA3B5AD0E68AB7DC4E53887074073D295BC0507B5838C1B05AF0D556028580772921D075C376DC553049694EF161E3F86103DCE44BA49A78129A77DEBCEF9FEA9E93602A679E1D995CD329B2FEA5053DE0D4432AF68927D096E22C60"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
"NoPopUpsOnBoot"=dword:00000001
"Error Mode"=dword:00000001
"AppInit_DLLs"="wbsys.dll"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D55C3C11-C38F-42A9-B461-1791DCA47211}]
"abnplkamdncnpgklkkehbhcmbkjajlmacd"=hex:61,62,6c,6f,69,6a,64,70,68,61,70,68,6f,69,67,6b,64,70,6f,62,68,..
"bbnplkamdncnpgklkkdhclafidkgmfeimgee"=hex:61,62,61,70,6c,62,69,62,6a,67,6d,64,6b,6d,61,68,63,68,67,63,68,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS"
"C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe"="C:\\Program Files\\FirefoxPortable\\FirefoxPortable.exe:*:Enabled:FirefoxPortable.exe"
"C:\\Program Files\\Miranda IM\\miranda32.exe"="C:\\Program Files\\Miranda IM\\miranda32.exe:*:Enabled:Miranda IM"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\Hry\\Worms Armageddon\\wa.exe"="C:\\Hry\\Worms Armageddon\\wa.exe:*:Enabled:Worms Armageddon"
"C:\\Program Files\\PPMate\\ppmate.exe"="C:\\Program Files\\PPMate\\ppmate.exe:*:Enabled:PPMate"
"C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\\Program Files\\PPMate\\ppamnet.exe"="C:\\Program Files\\PPMate\\ppamnet.exe:*:Enabled:PPMate"
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"="C:\\Program Files\\TVUPlayer\\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Disabled:Run a DLL as an App"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\SUPER\cygz.dll"
Fri 22 Feb 2008 72,704 ..SHR --- "C:\Program Files\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\SUPER\_Setup.dll"
Wed 3 May 2006 163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Tue 17 Aug 2004 1,028,096 ...H. --- "C:\WINDOWS\system32\mfc42.dll"
Sat 20 Jan 2007 945 A.SH. --- "C:\WINDOWS\system32\mmf.sys"
Wed 21 Feb 2007 31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Tue 17 Aug 2004 54,784 ...H. --- "C:\WINDOWS\system32\msvcirt.dll"
Thu 25 Oct 2001 565,760 ...H. --- "C:\WINDOWS\system32\msvcp50.dll"
Tue 17 Aug 2004 413,696 ...H. --- "C:\WINDOWS\system32\msvcp60.dll"
Tue 17 Aug 2004 343,040 ...H. --- "C:\WINDOWS\system32\msvcrt.dll"
Thu 25 Oct 2001 253,952 ...H. --- "C:\WINDOWS\system32\msvcrt20.dll"
Tue 3 Aug 2004 61,440 ...H. --- "C:\WINDOWS\system32\msvcrt40.dll"
Mon 17 Dec 2007 27,648 ..SH. --- "C:\WINDOWS\system32\Smab0.dll"
Sat 18 Dec 2004 1,005,056 A..H. --- "C:\Hry\P lˇ N m To\Data\PnT.exe"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\SUPER\mencoder\dspr3260.dll"
Sun 4 Nov 2001 225,280 ...HR --- "C:\Program Files\SUPER\mencoder\ivvideo.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\SUPER\mencoder\tokr3260.dll"
Finished!
HP ProBook 450 G6
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 107 hostů