VIRY.CZ

zkusim tedy ted jeste to mbr, a rano tu opravu win s cd, pak se ozvu jak to vypada, tedy jdu na to mbr

1
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x0950A600 !

2 to se neulozilo tak jsem to opsal
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys
kernel: MBR read successfully
user & kernel MBR OK
PE file found in sector at 0x0950A600 !

ale jo kazda pomoc dobra, rano tam zkusim opravit ty widle a uvidime kdyztak se ozvu.. btw. nevim o tech winech nic, urcite ale neaktualizoval, nehlasil na microsof. nic co vim, takze je asi poradne nelegalizoval ale samolepka tam je tak nechapu, origos cd ale urcite nema, to mam ja od sveho pc

tak tomu nerozumim nepoznam co tam ma a co ne.. jsem z toho trosku mimo, nu rano moudrejsi vecera, diky moc

aha..zajimave, no tak ja to balim a drz mi rano palce at to nejak klapne.. jeste jednou diky chyby se stavaji to neni konec sveta, vzdy je tu moznost format c: i kdyz te se obloukem vyhybam

Tak hlasim ze pc funguje temer stejne jako predtim, jen eset nemuze zapnout firewall.. udelal jsem tedy reinstal winu (tu opravu ne format).. posilam vypis z RSIT... kolega se ted boji cokoli delat, ale me by zajimalo jak to vypada nyni, diky

Logfile of random's system information tool 1.06 (written by random/random)
Run by honza at 2010-01-29 10:33:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 36 GB (52%) free of 69 GB
Total RAM: 1007 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:38, on 29.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Documents and Settings\honza\Plocha\RSIT.exe
C:\Program Files\trend micro\honza.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SWEETIE - {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [searching] Hledání z panelu Adresa
O17 - HKLM\System\CCS\Services\Tcpip\..\{569DF299-4D27-4CDA-9A5D-CC57C84CD6D5}: NameServer = 212.71.169.42,212.71.128.8
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Onyx Updater (OnyxUpdaterService) - Onyx Graphics - C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8421 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eee6c35c-6118-11dc-9c72-001320c79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-02-27 385024]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pevsystemstart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pevsystemstart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\ooeohdjk.exe"="C:\WINDOWS\system32\ooe"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======List of files/folders created in the last 1 months======

2010-01-29 09:37:25 ----A---- C:\WINDOWS\system32\igfxres.dll
2010-01-29 09:33:44 ----D---- C:\WINDOWS\Prefetch
2010-01-29 09:26:40 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-29 09:25:30 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2010-01-29 09:13:49 ----RA---- C:\WINDOWS\SETB2.tmp
2010-01-29 09:13:44 ----RA---- C:\WINDOWS\SETA6.tmp
2010-01-29 09:13:42 ----RA---- C:\WINDOWS\SETA3.tmp
2010-01-29 08:59:45 ----RA---- C:\WINDOWS\SETB1.tmp
2010-01-29 08:59:41 ----RA---- C:\WINDOWS\SETA5.tmp
2010-01-29 08:59:38 ----RA---- C:\WINDOWS\SETA2.tmp
2010-01-29 08:49:26 ----A---- C:\WINDOWS\imsins.BAK
2010-01-29 08:49:07 ----A---- C:\WINDOWS\system32\spxcoins.dll
2010-01-29 08:49:07 ----A---- C:\WINDOWS\system32\irclass.dll
2010-01-29 08:48:41 ----RA---- C:\WINDOWS\SETEC.tmp
2010-01-29 08:48:36 ----RA---- C:\WINDOWS\SETE0.tmp
2010-01-29 08:48:33 ----RA---- C:\WINDOWS\SETDD.tmp
2010-01-29 08:47:27 ----A---- C:\WINDOWS\setuplog.txt
2010-01-28 20:47:32 ----D---- C:\WINDOWS\CSC
2010-01-28 20:17:38 ----D---- C:\_OTL
2010-01-28 19:50:41 ----A---- C:\DDS.txt
2010-01-28 19:39:38 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-28 16:43:17 ----SH---- C:\Boot.bak
2010-01-28 16:43:08 ----RASHD---- C:\cmdcons
2010-01-28 16:41:40 ----A---- C:\WINDOWS\MBR.exe
2010-01-28 16:41:39 ----A---- C:\WINDOWS\NIRCMD.exe
2010-01-28 16:41:35 ----A---- C:\WINDOWS\PEV.exe
2010-01-28 16:41:34 ----A---- C:\WINDOWS\zip.exe
2010-01-28 16:41:34 ----A---- C:\WINDOWS\SWREG.exe
2010-01-28 16:41:33 ----A---- C:\WINDOWS\sed.exe
2010-01-28 16:41:33 ----A---- C:\WINDOWS\grep.exe
2010-01-28 16:41:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-01-28 16:41:32 ----A---- C:\WINDOWS\SWSC.exe
2010-01-28 16:41:23 ----D---- C:\WINDOWS\ERDNT
2010-01-28 16:40:56 ----SD---- C:\ComboFix
2010-01-28 16:39:46 ----D---- C:\Qoobox
2010-01-28 15:28:38 ----D---- C:\Program Files\trend micro
2010-01-28 15:28:36 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2010-01-29 10:33:13 ----D---- C:\WINDOWS\Temp
2010-01-29 10:32:00 ----D---- C:\WINDOWS\system32
2010-01-29 10:30:09 ----D---- C:\WINDOWS\security
2010-01-29 10:30:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-29 10:29:00 ----A---- C:\WINDOWS\wincmd.ini
2010-01-29 09:45:20 ----D---- C:\WINDOWS\system
2010-01-29 09:45:19 ----D---- C:\WINDOWS\system32\Setup
2010-01-29 09:45:17 ----D---- C:\WINDOWS\Help
2010-01-29 09:45:07 ----D---- C:\WINDOWS\system32\usmt
2010-01-29 09:44:56 ----D---- C:\WINDOWS\AppPatch
2010-01-29 09:44:55 ----D---- C:\WINDOWS\ehome
2010-01-29 09:44:54 ----D---- C:\WINDOWS\ime
2010-01-29 09:44:53 ----RSD---- C:\WINDOWS\Fonts
2010-01-29 09:44:52 ----D---- C:\WINDOWS\Media
2010-01-29 09:44:42 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-29 09:44:36 ----D---- C:\WINDOWS\PeerNet
2010-01-29 09:44:18 ----D---- C:\WINDOWS\system32\npp
2010-01-29 09:44:09 ----D---- C:\WINDOWS\msagent
2010-01-29 09:41:38 ----D---- C:\WINDOWS\system32\1029
2010-01-29 09:41:28 ----D---- C:\WINDOWS\twain_32
2010-01-29 09:41:05 ----D---- C:\WINDOWS\system32\icsxml
2010-01-29 09:40:26 ----D---- C:\WINDOWS\system32\ias
2010-01-29 09:40:20 ----D---- C:\WINDOWS\system32\1033
2010-01-29 09:39:52 ----SHD---- C:\Config.Msi
2010-01-29 09:39:51 ----SHD---- C:\WINDOWS\Installer
2010-01-29 09:39:09 ----D---- C:\WINDOWS\Driver Cache
2010-01-29 09:39:08 ----D---- C:\WINDOWS\WinSxS
2010-01-29 09:38:53 ----D---- C:\WINDOWS\Registration
2010-01-29 09:37:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-29 09:37:10 ----HD---- C:\WINDOWS\inf
2010-01-29 09:35:34 ----SHD---- C:\System Volume Information
2010-01-29 09:35:34 ----D---- C:\WINDOWS\system32\Restore
2010-01-29 09:33:44 ----D---- C:\WINDOWS
2010-01-29 09:33:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-29 09:33:01 ----D---- C:\WINDOWS\system32\config
2010-01-29 09:30:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-29 09:26:31 ----A---- C:\WINDOWS\ODBCINST.INI
2010-01-29 09:25:33 ----RD---- C:\WINDOWS\Web
2010-01-29 09:25:33 ----RD---- C:\Program Files
2010-01-29 09:25:21 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-29 09:25:04 ----A---- C:\WINDOWS\win.ini
2010-01-29 09:24:58 ----D---- C:\WINDOWS\system32\oobe
2010-01-29 09:24:55 ----D---- C:\Program Files\Windows Media Player
2010-01-29 09:24:52 ----D---- C:\WINDOWS\system32\drivers
2010-01-29 09:24:52 ----D---- C:\Program Files\Outlook Express
2010-01-29 09:24:52 ----D---- C:\Program Files\Common Files\System
2010-01-29 09:24:47 ----D---- C:\Program Files\Internet Explorer
2010-01-29 09:23:43 ----D---- C:\WINDOWS\system32\Com
2010-01-29 09:23:06 ----D---- C:\WINDOWS\system32\wbem
2010-01-29 09:21:17 ----SH---- C:\boot.ini
2010-01-29 09:14:48 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-29 09:14:13 ----A---- C:\WINDOWS\system.ini
2010-01-29 09:13:56 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2010-01-28 20:18:09 ----SHD---- C:\RECYCLER
2010-01-28 20:17:39 ----SD---- C:\WINDOWS\Tasks
2010-01-28 19:47:56 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 19:43:44 ----D---- C:\Documents and Settings
2010-01-28 09:07:45 ----D---- C:\WINDOWS\Minidump
2010-01-28 08:26:05 ----D---- C:\Documents and Settings\honza\Data aplikací\ICQ
2010-01-27 11:15:34 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-26 18:11:39 ----D---- C:\studiotesa
2010-01-19 10:56:48 ----D---- C:\425075953 JanJalovec
2010-01-13 17:00:22 ----D---- C:\177537017 Zonti
2010-01-05 09:05:06 ----D---- C:\Poptavky_kalkulace
2010-01-04 11:51:43 ----D---- C:\199827426 6eor9e
2010-01-04 08:16:05 ----D---- C:\Program Files\ICQ6.5

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 hardlock;hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-08-03 11868]
R3 aksusb;Aladdin USB Key; C:\WINDOWS\system32\DRIVERS\aksusb.sys [2007-06-15 19968]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys [2004-08-03 1041536]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys [2004-08-03 220032]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 l8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-02-29 63120]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 lmouke;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-02-29 79120]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys [2004-08-03 685056]
S3 epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-05-29 8704]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-05-29 13312]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-05-29 127488]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 NtmlSvc;NtmlSvc; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
R2 OnyxUpdaterService;Onyx Updater; C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe [2005-06-16 73728]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-06-15 72704]
S3 ehttpsrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2007-06-28 68096]
S3 ServiceLayer;ServiceLayer; C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe [2006-06-05 174080]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]

-----------------EOF-----------------

Tak kolega me tam uz nepusti.. moc se boji, jeho vec. Jde z toho logu poznat kolik tam toho jeste je, to me jen tak zajima.. diky

aha aha, tedy jeste jednou dekuji za pomoc, kdyby me tam pustil, tak zde navazu, ale uz nechce, uvidime, chtel nekdy udelat asi cistou instalaci, format c: .. jeste posledni dotaz kdyz treba u tohoto pc zformatuju disk a dam vse na novo, muze nekde zustat nejaka havet nebo ne?