Trojan sshnas.dll

romiii123 · 21 Marzec 2011 19:51

witam,od pewnego czasu przy uruchamianiu kompa pojawia sie taki komunikat-[wystapil blad podczas ladowania c:\windows\system32\sshnas.dll].Przeczytałem,że to jakis wirus,ale ja jestem niestety laikiem w tych sprawach,dlatego bardzo prosze o pomoc ,bede naprawde bardzo wdzięczny,ponieważ komputer jest mi niezbedny do pracy-pozdrawiam

a to OTL:http://wklej.org/id/497315/

anon1498622 · 21 Marzec 2011 19:56

syfu masz dużo

narazie usuńmy to >>

W (OTL) w "własne opcje skanowania/sktypt wklej: (razem z dwukropkiem)

:OTL PRC - [2011-01-28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) – C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011-01-28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) – C:\Program Files\Application Updater\ApplicationUpdater.exe SRV - File not found [On_Demand | Stopped] – -- (Steam Client Service) O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM…\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found O3 - HKLM…\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM…\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU…\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - File not found O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM…\Run: [startCCC] File not found O4 - HKLM…\Run: [sunJavaUpdateSched] File not found O4 - HKCU…\Run: [EA Core] File not found O4 - HKCU…\Run: [LKGGOPABUH] File not found O4 - HKCU…\Run: [Metropolis] File not found :Commands [emptytemp] [start explorer] [reboot]

kliknij wykonaj skrypt i potwierdź restart

podaj log z usuwania i nowy

Acorus · 21 Marzec 2011 20:12

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL PRC - [2011-01-28 17:36:42 | 000,526,336 | ---- | M] (Spigot, Inc.) – C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2011-01-28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) – C:\Program Files\Application Updater\ApplicationUpdater.exe SRV - File not found [On_Demand | Stopped] – -- (Steam Client Service) SRV - [2011-01-28 17:10:28 | 000,387,072 | ---- | M] (Spigot, Inc.) [Auto | Running] – C:\Program Files\Application Updater\ApplicationUpdater.exe – (Application Updater) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6e51eb30000000000000001e8c793054&tlver=1.4.19.19&affID=17162 IE - HKLM…\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) IE - HKLM…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKLM…\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found IE - HKLM…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss … ffID=17162 IE - HKCU…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found IE - HKCU…\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) IE - HKCU…\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found IE - HKCU…\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultthis.engineName: “ToggleEN Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.3.0244 FF - prefs.js…extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js…extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js…extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js…keyword.URL: “http://search.babylon.com/?babsrc=SP_ss&mntrId=6e51eb30000000000000001e8c793054&tlver=1.4.19.19&instlRef=&affID=17162&q=” [2010-11-28 09:27:23 | 000,000,000 | —D | M] (ToggleEN Toolbar) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions{038cb5c7-48ea-4af9-94e0-a1646542e62b} [2010-02-03 14:59:49 | 000,000,000 | —D | M] (Winamp Toolbar) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010-07-13 11:59:01 | 000,000,000 | —D | M] (Free Lunch Design Toolbar) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} [2010-09-24 18:44:19 | 000,000,000 | —D | M] (Softonic-Polska Toolbar) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions{c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} [2011-02-26 12:28:23 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions\DTToolbar@toolbarnet.com [2011-02-25 16:44:24 | 000,000,000 | —D | M] (Babylon) – C:\Users\wiącki\AppData\Roaming\mozilla\Firefox\Profiles\1n6248g9.default\extensions\ffxtlbr@babylon.com [2010-08-04 09:38:51 | 000,002,565 | ---- | M] () – C:\Users\wiącki\AppData\Roaming\Mozilla\Firefox\Profiles\1n6248g9.default\searchplugins\askcom.xml [2010-11-28 10:20:15 | 000,000,921 | ---- | M] () – C:\Users\wiącki\AppData\Roaming\Mozilla\Firefox\Profiles\1n6248g9.default\searchplugins\conduit.xml [2010-11-27 20:36:16 | 000,002,059 | ---- | M] () – C:\Users\wiącki\AppData\Roaming\Mozilla\Firefox\Profiles\1n6248g9.default\searchplugins\daemon-search.xml [2010-10-07 11:19:50 | 000,010,017 | ---- | M] () – C:\Users\wiącki\AppData\Roaming\Mozilla\Firefox\Profiles\1n6248g9.default\searchplugins\mywebsearch.xml [2010-02-03 16:52:53 | 000,001,196 | ---- | M] () – C:\Users\wiącki\AppData\Roaming\Mozilla\Firefox\Profiles\1n6248g9.default\searchplugins\winamp-search.xml [2011-03-06 15:37:35 | 000,000,000 | —D | M] (pdfforge Toolbar) – C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM…\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (Free Lunch Design Toolbar) - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - File not found O3 - HKLM…\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM…\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKLM…\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKCU…\Toolbar\WebBrowser: (Free Lunch Design Toolbar) - {57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC} - File not found O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSoft.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found O3 - HKCU…\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM…\Run: [startCCC] File not found O4 - HKLM…\Run: [sunJavaUpdateSched] File not found O4 - HKCU…\Run: [EA Core] File not found O4 - HKCU…\Run: [LKGGOPABUH] File not found O4 - HKCU…\Run: [Metropolis] File not found :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Files C:\Users\wiącki\AppData\Local\Temp*.html :Commands [emptytemp]

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

romiii123 · 21 Marzec 2011 21:00

witam,podaje nowy log OTL.txt wykonany metoda,ktora zaproponował bibut

log OTL:http://wklej.org/id/497559/

raport z usuwania:http://wklej.org/id/497561/

a tak na marginesie to serdeczne dzieki chłopaki

djkamil09061991 · 21 Marzec 2011 21:10

Usunięmy te śmieci, wklej w OTL

:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=6e51eb30000000000000001e8c793054&tlver=1.4.19.19&affID=17162 IE - HKLM…\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - Reg Error: Key error. File not found IE - HKLM…\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Reg Error: Key error. File not found IE - HKLM…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss … ffID=17162 IE - HKCU…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found IE - HKCU…\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - Reg Error: Key error. File not found IE - HKCU…\URLSearchHook: {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Reg Error: Key error. File not found IE - HKCU…\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - Reg Error: Key error. File not found IE - HKCU…\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - Reg Error: Key error. File not found FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…keyword.URL: “http://search.babylon.com/?babsrc=SP_ss&mntrId=6e51eb30000000000000001e8c793054&tlver=1.4.19.19&instlRef=&affID=17162&q=” O4 - HKLM…\Run: [] File not found O33 - MountPoints2{78129ef5-1f81-11df-be97-001e8c793054}\Shell - “” = AutoRun O33 - MountPoints2{78129ef5-1f81-11df-be97-001e8c793054}\Shell\AutoRun\command - “” = E:\WM0453F.exe O33 - MountPoints2{e6c19824-162a-11df-a79d-001e8c793054}\Shell\AutoRun\command - “” = I:\9qqigqwf.exe O33 - MountPoints2{e6c19824-162a-11df-a79d-001e8c793054}\Shell\open\Command - “” = I:\9qqigqwf.exe O33 - MountPoints2{fee75720-5ddd-11df-b355-001e8c793054}\Shell - “” = AutoRun O33 - MountPoints2{fee75720-5ddd-11df-b355-001e8c793054}\Shell\AutoRun\command - “” = J:\Startme.exe O33 - MountPoints2\J\Shell - “” = AutoRun O33 - MountPoints2\J\Shell\AutoRun\command - “” = J:\autorun.exe O33 - MountPoints2\L\Shell - “” = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - “” = L:\WM0453F.exe @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A9662AE0 :Files C:\Users\wiącki\AppData\Local\Temp*.html :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]

Oraz podłącz wszystkie urządzenia przenośne pendrivy itp i użyj programu USBFix z opcji DELETION:

http://www.teamxscript.org/usbfixTelechargement.html

i pokaż log

romiii123 · 22 Marzec 2011 09:25

Witam dziś ponownie wszystkich forumowiczów,za wczorajszą radą djkamila09061991 zrobilem tak jak mi polecił i podaje log OTL

log OTL:http://wklej.org/id/497741/

raport z usuwania:http://wklej.org/id/497742/

djkamil09061991 · 22 Marzec 2011 14:17

Jak dla mnie czysto, naciśnij w OTL sprzątanie

romiii123 · 22 Marzec 2011 15:34

Wielkie dzieki-pomogło,dzieki wszystkim,którzy przyczynili sie do tego,żebym mógł spokojnie pracowac na kompie