VIRY.CZ

Zdravim mam problem s laptopom.

Namiesto pismen mam znaky nieco ako windings, ked otvorim wordowsky dokument tak aj tam su tie znaky. Aj v TotalCMDeri, nie vsak v exploreri (win+e) tam mozem citat nazvy suborov atd.
Vid http://img33.imageshack.us/img33/4605/desktopfzs.jpg

Istaloval som aj malwarebytes anti-malware naslo Adware.doubleD a Adware.agent
No tie zalezitosti vymazalo problem vsak pretrvava. Nieco som niekde

podobne na nete cital avsak neviem co to presne bolo ani kde to bolo taze nic.

Vdaka za odpoved.

ComboFix Log vyzera nejako takto

ComboFix 10-09-21.03 - walmart . 09. 2010 12:45:31.1.1 - x86
Microsoft« Windows VistaÖ Home Basic 6.0.6001.1.1250.421.1033.18.3061.1995 [GMT 2:00]
Running from: g:\eset\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\walmart\AppData\Roaming\.#
c:\users\walmart\Documents\cc_20100920_181320.reg

.
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.

2010-09-22 10:52 . 2010-09-22 10:52 -------- d-----w- c:\users\walmart\AppData\Local\temp
2010-09-22 10:52 . 2010-09-22 10:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-21 17:50 . 2010-09-21 17:50 -------- d-----w- c:\program files\Trojan Remover
2010-09-21 17:49 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-09-21 17:49 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-09-21 17:49 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-09-21 17:49 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2010-09-21 17:49 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-09-21 17:49 . 2010-09-21 17:50 -------- d-----w- c:\users\walmart\AppData\Roaming\Simply Super Software
2010-09-21 17:49 . 2010-09-21 17:49 -------- d-----w- c:\programdata\Simply Super Software
2010-09-21 05:31 . 2010-09-21 05:31 -------- d-----w- C:\Temp
2010-09-20 15:38 . 2010-09-20 15:38 -------- d-----w- c:\program files\ESET
2010-09-16 06:50 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-09-16 06:50 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-16 06:49 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-16 06:49 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 16:15 . 2009-10-03 09:15 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-16 20:18 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-15 11:50 . 2008-10-27 18:52 -------- d-----w- c:\program files\DesetiPrsty
2010-09-15 10:28 . 2008-09-16 02:02 -------- d-----w- c:\program files\Winamp
2010-09-02 22:46 . 2008-09-15 01:45 -------- d-----w- c:\users\walmart\AppData\Roaming\skypePM
2010-08-30 23:26 . 2008-09-15 01:43 -------- d-----w- c:\users\walmart\AppData\Roaming\Skype
2010-07-29 11:31 . 2009-04-09 13:18 115008 ------w- c:\windows\system32\drivers\ehdrv.sys
2010-06-26 18:58 . 2010-06-26 18:58 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA0D7.tmp.exe
2010-06-26 06:05 . 2010-08-12 16:27 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 16:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-12 16:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-12 16:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-10-04 15:51 . 2009-10-04 09:50 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-10-04 15:51 . 2009-10-04 09:50 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-20 39408]
"googletalk"="c:\users\walmart\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-05 525360]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2008-01-25 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-22 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-22 133656]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-01-04 768520]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-07-21 159744]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"RequireSignedAppInit_DLLs"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileyApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
2008-04-01 01:54 507904 ----a-w- c:\program files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:33 2153472 ----a-w- c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1628647957-2152783990-1629115431-1000]
"EnableNotificationsRef"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-02-07 717296]
S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-09-19 51200]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-04-09 38240]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:58]

2010-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-28 11:58]

2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{7EED0A61-B236-4271-9C67-1F464DB14CE9}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://en.us.acer.yahoo.com
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovaŁ do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\walmart\AppData\Roaming\Mozilla\Firefox\Profiles\081ds4rw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-eRecoveryService - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-22 12:52
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-09-22 12:56:30
ComboFix-quarantined-files.txt 2010-09-22 10:56

Pre-Run: 33á575á133á184 bytes free
Post-Run: 33á519á771á648 bytes free

- - End Of File - - 158A60FDCE995DF11D19830A67958C63

Otevřete
Ovládací panely\Vzhled a přizpůsobení\Písma
a vlevo klikněte na tlačítko Obnovit výchozí nastavení písma.

Pomohlo? Dejte vědět mezitím zkontroluji log.

edit: Log se zdá čistý. Ukázal jen pár drobností.

Zial neviem to najst, mam Vistu eng verziu a neviem ako to bolo prelozene do CZ.
(V XP som sa vedel lepsie orientovat)

Mohli by ste to dat v eng verzii?
Vdaka

Nasiel som Appearance and personalization->Fonts
priecinok vsak nic neobsahuje. Ziadne fonty, to asi nema byt, vsak?

Marek-26 píše:Otevřete
Ovládací panely\Vzhled a přizpůsobení\Písma
a vlevo klikněte na tlačítko Obnovit výchozí nastavení písma.

Pomohlo? Dejte vědět mezitím zkontroluji log.

edit: Log se zdá čistý. Ukázal jen pár drobností.

Tak Hura fotny som stiahol z win2k a pismena nabehli ide to. No je to zvlastne.
Je to priatelkin laptop ale mam pochybnosti ze by fonty odpalkovala do kosa niekde.

Moze to byt ze to spravil nejaky trojan alebo nejaky program?
Vdaka za pomoc. Pekny den

josh379 píše:Nasiel som Appearance and personalization->Fonts
priecinok vsak nic neobsahuje. Ziadne fonty, to asi nema byt, vsak?

Marek-26 píše:Otevřete
Ovládací panely\Vzhled a přizpůsobení\Písma
a vlevo klikněte na tlačítko Obnovit výchozí nastavení písma.

Pomohlo? Dejte vědět mezitím zkontroluji log.

edit: Log se zdá čistý. Ukázal jen pár drobností.

Nejspíše za to může nějaký program který nainstalovala a který změnil systémové fonty.

Klikněte ještě na T-Cleaner v mém podpisu a spusťte ho

Dakujem velmi pekne za pomoc. Fungeje.

Drzte sa a majte pokojny vecer.

Nemáte zač

VIRY.CZ

Mam problem asi nejaky trojsky kon... Prosim Help

Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help

Re: Mam problem asi nejaky trojsky kon... Prosim Help