VIRY.CZ

Potřebuji zjistit, co je příčinou toho, že nefunguje háček na české klávesnici notebooku MSI. Písmena s diakritikou - ě, š, č, atd. fungují normálně, ale pokud chci velké písmeno nebo např. s háčkem, tak se háček po znáčknutí se Shift a následným napsání toho písmena nezobrazí (takže místo t s háčkem napíše jen t). OS je Win Vista Home Premium SP2. V jazykovém nastavení, pokud kliknu na vlastnosti klávesnice, dotyčná klávesa háček a čárku nemá zobrazenu, ani žádná jiná vedle (je to standardní klávesa nad Enterem vedle Backspace, háček je na ní zobrazen). Ve standardním režimu Windows toto nefunguje v žádném programu, v nouzovém režimu to je OK. Projel jsem NB Spybotem (našel 10 kousků, ale žádný keylogger), AVG nenašlo nic. Předpokládám, že to bude nějaká softwarová kravina. Ve většině diskusí byl příčinou nějaký škodlivý software, tak dodávám log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Daniela at 2010-03-09 13:35:05
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 8 GB (16%) free of 51 GB
Total RAM: 2039 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35:51, on 9.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVEO\AveoCap\AveoSTI.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
D:\0Instal\RSIT.exe
C:\Program Files\trend micro\Daniela.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [AveoSTI.exe] C:\Program Files\AVEO\AveoCap\AveoSTI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpdj - Unknown owner - C:\Users\Daniela\AppData\Local\Temp\hpdj.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8570 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{37DBC7C2-59C7-4363-802C-508D016FDE5E}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-03-09 1598744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-04-10 4431872]
"Skytel"=C:\Windows\Skytel.exe [2007-04-04 1822720]
"PSQLLauncher"=C:\Program Files\Protector Suite QL\launcher.exe [2007-03-28 49168]
"AveoSTI.exe"=C:\Program Files\AVEO\AveoCap\AveoSTI.exe [2007-11-06 24576]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-03-09 2059544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-02-11 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus]
C:\Windows\system32\psqlpwd.dll [2007-03-28 90112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoHotStart"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableCAD"=1
"NoHotStart"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{328ada9e-5954-11dd-b1fc-001de08e3973}]
shell\AutoRun\command - setupSNK.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-03-09 13:27:09 ----D---- C:\rsit
2010-03-09 13:27:09 ----D---- C:\Program Files\trend micro
2010-03-09 10:09:20 ----A---- C:\Windows\system32\avgrsstx.dll
2010-03-09 09:13:39 ----HD---- C:\$AVG
2010-03-09 09:12:20 ----D---- C:\ProgramData\avg9
2010-03-09 09:08:27 ----D---- C:\ProgramData\Temp
2010-03-09 08:59:50 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-03-09 08:47:36 ----A---- C:\Windows\ntbtlog.txt
2010-02-24 07:56:52 ----A---- C:\Windows\system32\jscript.dll
2010-02-24 07:56:45 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 07:56:31 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 07:56:30 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 07:56:12 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 07:56:09 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 07:56:09 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 07:56:09 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 07:56:08 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 07:56:08 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 07:56:08 ----A---- C:\Windows\system32\msdrm.dll
2010-02-24 07:56:03 ----A---- C:\Windows\system32\gameux.dll
2010-02-24 07:56:03 ----A---- C:\Windows\system32\Apphlpdm.dll
2010-02-24 07:56:02 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2010-02-19 10:27:19 ----A---- C:\Windows\system32\rmoc3260.dll
2010-02-19 10:27:19 ----A---- C:\Windows\system32\pndx5032.dll
2010-02-19 10:27:19 ----A---- C:\Windows\system32\pndx5016.dll
2010-02-19 10:27:19 ----A---- C:\Windows\system32\pncrt.dll
2010-02-19 10:27:18 ----A---- C:\Windows\avisplitter.ini
2010-02-19 10:27:16 ----A---- C:\Windows\system32\yv12vfw.dll
2010-02-19 10:27:16 ----A---- C:\Windows\system32\xvidvfw.dll
2010-02-19 10:27:16 ----A---- C:\Windows\system32\xvidcore.dll
2010-02-19 10:27:15 ----A---- C:\Windows\system32\qt-dx331.dll
2010-02-19 10:27:15 ----A---- C:\Windows\system32\dpl100.dll
2010-02-19 10:27:15 ----A---- C:\Windows\system32\divx.dll
2010-02-19 10:27:13 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2010-02-19 10:27:13 ----A---- C:\Windows\system32\ff_vfw.dll
2010-02-19 10:27:12 ----D---- C:\Program Files\K-Lite Codec Pack
2010-02-19 10:27:12 ----A---- C:\Windows\system32\msvcp71.dll
2010-02-18 23:48:59 ----D---- C:\Users\Daniela\AppData\Roaming\FreeCommander
2010-02-18 23:48:59 ----D---- C:\Program Files\FreeCommander
2010-02-18 21:25:06 ----D---- C:\Users\Daniela\AppData\Roaming\XnView
2010-02-18 21:24:47 ----D---- C:\Program Files\XnView
2010-02-10 09:49:33 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-02-10 09:49:33 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-02-10 09:49:23 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 09:49:22 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 09:49:22 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 09:49:22 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 09:49:22 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 09:49:22 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 09:49:21 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 09:49:21 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 09:49:21 ----A---- C:\Windows\system32\avifil32.dll

======List of files/folders modified in the last 1 months======

2010-03-09 13:35:38 ----D---- C:\Users\Daniela\AppData\Roaming\Skype
2010-03-09 13:35:00 ----D---- C:\Windows\Temp
2010-03-09 13:27:22 ----D---- C:\Windows\Prefetch
2010-03-09 13:27:09 ----RD---- C:\Program Files
2010-03-09 10:48:38 ----D---- C:\Windows\System32
2010-03-09 10:10:04 ----D---- C:\Windows\system32\drivers
2010-03-09 10:09:35 ----SHD---- C:\System Volume Information
2010-03-09 09:30:24 ----D---- C:\Users\Daniela\AppData\Roaming\skypePM
2010-03-09 09:13:38 ----HD---- C:\ProgramData
2010-03-09 09:12:21 ----D---- C:\Program Files\AVG
2010-03-09 09:11:48 ----SHD---- C:\Windows\Installer
2010-03-09 09:11:47 ----D---- C:\Windows\winsxs
2010-03-09 09:11:31 ----D---- C:\Program Files\Common Files\microsoft shared
2010-03-09 09:10:38 ----SD---- C:\Users\Daniela\AppData\Roaming\Microsoft
2010-03-09 09:10:38 ----D---- C:\Windows
2010-03-09 09:02:11 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-03-02 15:21:30 ----D---- C:\Windows\system32\catroot2
2010-02-27 12:06:40 ----D---- C:\Windows\inf
2010-02-27 12:06:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-26 19:49:39 ----D---- C:\Users\Daniela\AppData\Roaming\ICQ
2010-02-24 21:07:54 ----D---- C:\Windows\rescache
2010-02-24 20:17:57 ----D---- C:\Windows\system32\cs-CZ
2010-02-24 20:17:43 ----RSD---- C:\Windows\Fonts
2010-02-24 20:17:43 ----D---- C:\Windows\AppPatch
2010-02-24 20:00:58 ----D---- C:\Windows\system32\catroot
2010-02-24 09:16:06 ----N---- C:\Windows\system32\MpSigStub.exe
2010-02-19 10:27:38 ----D---- C:\Program Files\Mozilla Firefox
2010-02-17 21:34:04 ----D---- C:\Users\Daniela\AppData\Roaming\Ahead
2010-02-10 22:44:35 ----D---- C:\Program Files\Windows Mail
2010-02-10 09:41:04 ----D---- C:\Windows\system32\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-03-09 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-03-09 29512]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-03-09 242696]
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Ovladač baterie Microsoft ACPI Control Method Battery; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208]
R3 EMSCR;EMSCR; C:\Windows\system32\DRIVERS\EMS7SK.sys [2007-01-31 67584]
R3 ESDCR;ESDCR; C:\Windows\system32\DRIVERS\ESD7SK.sys [2007-01-31 46592]
R3 ESMCR;ESMCR; C:\Windows\system32\DRIVERS\ESM7SK.sys [2007-01-31 61952]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-04-10 1764960]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service; C:\Windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]
R3 NETw4v32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-07 83456]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-04-11 89088]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-08-22 1749760]
R3 TcUsb;TC USB Kernel Driver; C:\Windows\System32\Drivers\tcusb.sys [2007-03-28 46992]
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 Tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys [2008-02-15 131712]
R3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
R3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys [2008-01-31 74240]
R3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
R3 tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-19 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 avg9emc;AVG E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-03-09 916760]
R2 avg9wd;AVG WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-03-09 308064]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2007-06-01 647168]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2007-06-01 327680]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 hpdj;hpdj; C:\Users\Daniela\AppData\Local\Temp\hpdj.exe -servicerunning=true -uninstall=hp deskjet 5100 series -product= []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2010-03-09 800040]

-----------------EOF-----------------

Log vypadá čistý. Udělejte sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Děkuji, pokračování tak za týden, nebo 14 dní, včera odpoledne šel do reklamace kvůli nefunkční kameře, takže mohu pokračovat, až se vrátí zpět.

OK, beru na vědomí.

Zdravím, NB je zpět, můžeme pokračovat.

Log zde, něco bylo nalezeno:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3898
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

22.3.2010 13:08:19
mbam-log-2010-03-22 (13-07-54).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 233739
Uplynulý čas: 1 hour(s), 19 minute(s), 52 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\Daniela\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> No action taken.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> No action taken.

Vše, co MBAM nalezl, smažte.

Odstraněno, ale problém přetrvává.

Nový log zde:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3898
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

23.3.2010 11:39:00
mbam-log-2010-03-23 (11-39-00).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 233393
Uplynulý čas: 1 hour(s), 20 minute(s), 16 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\Daniela\AppData\Roaming\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Dejte ještě log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Log z Combofixu zde:

ComboFix 10-03-23.03 - Daniela 24.03.2010 8:05.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2039.842 [GMT 1:00]
Spuštěný z: c:\users\Daniela\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Daniela\AppData\Roaming\AD ON Multimedia

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-24 do 2010-03-24 )))))))))))))))))))))))))))))))
.

2010-03-24 07:11 . 2010-03-24 07:11 -------- d-----w- c:\users\Daniela\AppData\Local\temp
2010-03-24 07:11 . 2010-03-24 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-22 15:59 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-22 15:59 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-22 15:59 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-22 09:50 . 2010-03-22 09:50 -------- d-----w- c:\users\Daniela\AppData\Roaming\Malwarebytes
2010-03-22 09:50 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 09:50 . 2010-03-22 09:50 -------- d-----w- c:\programdata\Malwarebytes
2010-03-22 09:50 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 09:50 . 2010-03-22 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-09 12:27 . 2010-03-09 12:35 -------- d-----w- c:\program files\trend micro
2010-03-09 12:27 . 2010-03-09 12:27 -------- d-----w- C:\rsit
2010-03-09 09:09 . 2010-03-09 09:09 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-09 09:09 . 2010-03-09 09:09 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-09 09:09 . 2010-03-09 09:09 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-09 09:09 . 2010-03-09 09:09 161800 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-03-09 09:09 . 2010-03-09 09:09 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 09:07 . 2010-03-09 08:12 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-09 09:07 . 2010-03-09 08:12 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-03-09 09:07 . 2010-03-09 08:12 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-03-09 09:07 . 2010-03-09 08:12 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-03-09 08:13 . 2010-03-09 09:48 -------- d-----w- C:\$AVG
2010-03-09 08:12 . 2010-03-09 08:12 -------- d-----w- c:\programdata\avg9
2010-03-09 08:08 . 2010-01-25 12:38 3777816 ----a-w- c:\programdata\Temp\AVG\setup.exe
2010-03-09 07:59 . 2010-03-09 08:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-28 16:29 . 2010-02-28 16:33 -------- d-----w- c:\users\Daniela\Knihy

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-24 06:51 . 2007-01-08 21:09 598838 ----a-w- c:\windows\system32\perfh005.dat
2010-03-24 06:51 . 2007-01-08 21:09 115014 ----a-w- c:\windows\system32\perfc005.dat
2010-03-24 06:47 . 2008-03-29 18:33 -------- d-----w- c:\users\Daniela\AppData\Roaming\Skype
2010-03-24 06:47 . 2008-03-29 18:34 -------- d-----w- c:\users\Daniela\AppData\Roaming\skypePM
2010-03-23 13:47 . 2008-11-24 20:57 1 ----a-w- c:\users\Daniela\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-23 10:39 . 2008-04-02 12:54 -------- d-----w- c:\program files\ICQToolbar
2010-03-23 09:10 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 09:09 . 2008-10-24 16:05 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-09 09:09 . 2008-03-27 12:54 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 09:08 . 2008-03-27 12:54 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 09:08 . 2008-03-27 12:54 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-09 08:12 . 2008-03-27 12:54 -------- d-----w- c:\program files\AVG
2010-03-09 08:02 . 2008-03-27 10:24 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-26 18:49 . 2008-04-02 12:53 -------- d-----w- c:\users\Daniela\AppData\Roaming\ICQ
2010-02-24 19:20 . 2008-03-26 16:09 54928 ----a-w- c:\users\Daniela\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-04 05:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 09:27 . 2010-02-19 09:27 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-02-18 22:49 . 2010-02-18 22:48 -------- d-----w- c:\program files\FreeCommander
2010-02-18 22:48 . 2010-02-18 22:48 -------- d-----w- c:\users\Daniela\AppData\Roaming\FreeCommander
2010-02-18 20:25 . 2010-02-18 20:25 -------- d-----w- c:\users\Daniela\AppData\Roaming\XnView
2010-02-18 20:24 . 2010-02-18 20:24 -------- d-----w- c:\program files\XnView
2010-02-17 20:34 . 2008-03-27 12:26 -------- d-----w- c:\users\Daniela\AppData\Roaming\Ahead
2010-02-09 21:11 . 2010-02-09 21:11 -------- d-----w- c:\program files\Windows Portable Devices
2010-02-09 21:11 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-09 21:11 . 2010-02-09 21:11 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-02-08 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-02-08 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-02-08 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-02-08 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-02-08 19:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-02-08 19:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-02-02 18:00 . 2010-02-19 09:27 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-31 09:59 . 2009-08-19 11:32 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 12:00 . 2010-02-24 06:56 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 06:56 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 06:56 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 06:56 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 06:56 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 06:56 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 06:56 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 06:56 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 06:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:26 . 2010-02-24 06:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39 . 2010-02-24 06:56 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 06:56 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 15:38 . 2010-02-24 06:56 173056 ----a-w- c:\windows\AppPatch\AcXtrnal.dll
2010-01-06 15:38 . 2010-02-24 06:56 542720 ----a-w- c:\windows\AppPatch\AcLayers.dll
2010-01-06 15:38 . 2010-02-24 06:56 458752 ----a-w- c:\windows\AppPatch\AcSpecfc.dll
2010-01-06 15:38 . 2010-02-24 06:56 2159616 ----a-w- c:\windows\AppPatch\AcGenral.dll
2010-01-06 13:30 . 2010-02-24 06:56 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-22 09:25 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 09:25 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 09:25 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 09:25 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 18:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 4431872]
"Skytel"="Skytel.exe" [2007-04-04 1822720]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"AveoSTI.exe"="c:\program files\AVEO\AveoCap\AveoSTI.exe" [2007-11-06 24576]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]

c:\users\Daniela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-10-4 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"NoHotStart"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoHotStart"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 18:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):ca,41,7e,9b,f4,a8,ca,01

S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-09 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-09 216200]
S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-09 242696]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-09 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-09 308064]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{37DBC7C2-59C7-4363-802C-508D016FDE5E}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\users\Daniela\AppData\Roaming\Mozilla\Firefox\Profiles\yvqffq4w.default\
FF - prefs.js: browser.search.selectedEngine - WebHledani
FF - prefs.js: browser.startup.homepage - hxxp://www.centrum.cz/skinit/icq/
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=42&tp=ab&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-24 08:11
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(712)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(1036)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
Celkový čas: 2010-03-24 08:14:01
ComboFix-quarantined-files.txt 2010-03-24 07:13

Před spuštěním: 9 508 913 152
Po spuštění: 9 456 680 960

- - End Of File - - F8DFA1333E60F5B1CD5D557F33AA6B96

Další 2 položky smazány, zbytek logu vypadá čistý. Keylogger, ani jiný šmejd v systému téměř jistě není. Co jste instaloval těsně před tím, než se problém objevil?

Děkuji, alespon máme jistotu, že to není bordelem. Co se tam tehdy instalovalo nevím, protože NB není můj, ale jedné známé mého nadřízeného. Udajně jí to blbne delší dobu, řádově několik měsíců, možná dokonce více než rok. Zjistit, co tam instalovala je dost nereálné. V současné situaci má podle mě 2 možnosti - bud se na to vykašle nebo bude nutno reinstalovat systém. NB jsem jí instaloval já, standardní instalaci, kterou běžně dělám (Windows + drivery + aktualizace, AVG, Spybot, OpenOffice, InfranView, Gimp, Total Commander, Adobe Reader, a podobně - bez komunikátorů jako ICQ nebo Skype). Nikde, kde tyto instalace dělám nebyl tento problém zaznamenáván (ani na stejném typu notebooku).

No, to je opravdu problém. Pokud to není chyba klávesy samotné, bude se to těžko hledat. Určitě to není problém viru, nebo keyloggeru.

Děkuji za pomoc, alespoň jsme vyloučili jednu možnou příčinu. Chyba klávesy to není, v nouzovém režimu funguje, stejně jako z Live CD Ubuntu. Podle mě si majitelka nainstalovala nějaký SW, který způsobuje tento problém, resp. říkala, že ji tam něco naisnatloval její zeť. Ovšem je už to dávněji, těžko dnes dohledávat. Pokud jí to bude moc trápit, řekl jsem jí, že bude nutno Winy reinstalovat.

Možná by stačila oprava z instal. CD, nebo VistaManagerem: http://www.studna.cz/vista-manager-p-6753.html .

VIRY.CZ

Nefunkční háčky na klívesnici - havět?

Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?

Re: Nefunkční háčky na klívesnici - havět?