VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

prosím o pomoc !

https://forum.viry.cz:443/viewtopic.php?t=98011

Stránka 1 z 1

prosím o pomoc !

Napsal: 22 úno 2010 20:18
od tomzel
Dobrý den,při spuštění pc mi vyjede chyba: Chyba při načítáni souboru C:/Windows/system32/sshnas21.dll

Uvedený modul nebyl nalezen.

Prosím poraďte mi někdo jak to odstranit..děkuji

Re: prosím o pomoc !

Napsal: 22 úno 2010 21:02
od Rudy
Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

Re: prosím o pomoc !

Napsal: 22 úno 2010 22:07
od tomzel
Logfile of random's system information tool 1.06 (written by random/random)
Run by tomzel at 2010-02-22 21:52:16
Microsoft® Windows Vista™ Business Service Pack 2
System drive C: has 17 GB (6%) free of 305 GB
Total RAM: 4094 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:20, on 22.2.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\msa.exe
C:\Users\tomzel\AppData\Local\Temp\Lcd.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Microsoft Games\Age of Empires II\Config.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\QIP Infium\infium.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\PROGRA~2\FREEDO~1\fdm.exe
C:\Program Files (x86)\GamePark\gameparkclient.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Users\tomzel\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\tomzel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gamepark.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (file missing)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 216.107.250.194 nprotect.lineage2.com
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll (file missing)
O4 - HKLM\..\Run: [Config] "C:\Program Files (x86)\Microsoft Games\Age Of Empires ii\Config.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\tomzel\AppData\Local\Temp\Lcd.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = tomzel\AppData\Local\Temp\{7111BFA9-0B43-4ED7-B0FC-9DB743935008}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = tomzel\AppData\Local\Temp\{2EC2C931-2406-4BBB-A07F-2727D95ED159}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11543 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{560B86F0-1244-408B-A7CB-D5D63E786019}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}]
FG2CatchUrl - C:\Program Files (x86)\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll [2008-08-19 104016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.2.8.7.dll [2008-08-11 656696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files (x86)\BS_Player\tbBS_P.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NWEReboot"= []
"Config"=C:\Program Files (x86)\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-04 98304]
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe [2007-03-20 36864]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1555968]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"fsm"= []
"EA Core"=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
"LosAlamos"=C:\Windows\system32\sshnas21.dll [2010-02-22 191488]
"TOY5KNQ8OC"=C:\Users\tomzel\AppData\Local\Temp\Lcd.exe [2010-02-22 153600]

C:\Users\tomzel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
RollerCoaster Tycoon 3 Registration.lnk - C:\Users\tomzel\AppData\Local\Temp\{7111BFA9-0B43-4ED7-B0FC-9DB743935008}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
RollerCoaster Tycoon 3_ Wild Registration.lnk - C:\Users\tomzel\AppData\Local\Temp\{2EC2C931-2406-4BBB-A07F-2727D95ED159}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="C:\Program Files (x86)\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe"="C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27663edc-bd9a-11dd-b1fb-001fd05a77bc}]
shell\AutoRun\command - E:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{659fafa8-e61b-11dd-bb52-001fd05a77bc}]
shell\AutoRun\command - F:\autorun.exe


======List of files/folders created in the last 1 months======

2010-02-22 21:52:16 ----D---- C:\rsit
2010-02-22 21:47:57 ----A---- C:\Windows\system32\aswBoot.exe
2010-02-22 20:02:10 ----D---- C:\Program Files (x86)\trend micro
2010-02-22 19:51:00 ----D---- C:\ProgramData\Alwil Software
2010-02-22 19:17:04 ----A---- C:\Windows\msa.exe
2010-02-22 19:17:00 ----RSHD---- C:\RECYCLER
2010-02-22 19:16:58 ----A---- C:\Windows\system32\sshnas21.dll
2010-02-18 21:40:05 ----D---- C:\Users\tomzel\AppData\Roaming\TS3Client
2010-02-18 21:39:17 ----D---- C:\Program Files (x86)\translations
2010-02-18 21:39:17 ----D---- C:\Program Files (x86)\styles
2010-02-18 21:39:17 ----A---- C:\Program Files (x86)\Uninstall.exe
2010-02-18 21:39:16 ----D---- C:\Program Files (x86)\sound
2010-02-18 21:39:16 ----D---- C:\Program Files (x86)\plugins
2010-02-18 21:39:16 ----D---- C:\Program Files (x86)\imageformats
2010-02-18 21:39:16 ----D---- C:\Program Files (x86)\gfx
2010-02-17 23:59:56 ----D---- C:\Program Files (x86)\German Truck Simulator
2010-02-16 21:02:11 ----HD---- C:\$AVG
2010-02-16 19:24:56 ----D---- C:\ProgramData\ESET
2010-02-11 16:45:24 ----A---- C:\Program Files (x86)\klient.exe
2010-02-11 04:16:10 ----A---- C:\Windows\system32\xfcodec.dll
2010-02-10 10:19:16 ----A---- C:\Windows\system32\quartz.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\tsbyuv.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\msyuv.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\msvidc32.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\msvfw32.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\msrle32.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\mciavi32.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\iyuv_32.dll
2010-02-10 10:19:15 ----A---- C:\Windows\system32\avifil32.dll
2010-02-09 16:10:15 ----D---- C:\Program Files (x86)\CSS
2010-02-09 14:24:17 ----D---- C:\Program Files (x86)\Valve
2010-02-08 16:39:29 ----D---- C:\Program Files (x86)\Anglictina - english GTS
2010-02-08 12:38:18 ----D---- C:\ProgramData\Codemasters
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_vml_p4.dll
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_vml_p3.dll
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_vml_def.dll
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_p4.dll
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_p3.dll
2010-02-08 12:36:22 ----A---- C:\Windows\system32\mkl_lapack64.dll
2010-02-08 12:36:21 ----A---- C:\Windows\system32\rapture3d_oal.dll
2010-02-08 12:36:21 ----A---- C:\Windows\system32\mkl_lapack32.dll
2010-02-08 12:36:21 ----A---- C:\Windows\system32\mkl_def.dll
2010-02-08 12:36:21 ----A---- C:\Windows\system32\libguide40.dll
2010-02-08 12:36:20 ----D---- C:\Program Files (x86)\BRS
2010-02-08 12:35:58 ----RA---- C:\Windows\system32\tmpB1A9.tmp
2010-02-08 12:35:58 ----D---- C:\Program Files (x86)\OpenAL
2010-02-08 12:35:58 ----A---- C:\Windows\system32\wrap_oal.dll
2010-02-08 12:35:58 ----A---- C:\Windows\system32\OpenAL32.dll
2010-02-08 12:32:39 ----RA---- C:\Windows\system32\tmpB1A8.tmp
2010-02-08 12:20:48 ----D---- C:\Program Files (x86)\Codemasters
2010-02-08 11:01:24 ----A---- C:\Program Files (x86)\changelog.txt
2010-02-08 11:01:18 ----A---- C:\Program Files (x86)\ts3client_win64.exe
2010-02-08 11:01:00 ----A---- C:\Program Files (x86)\mirrors.ini
2010-02-08 11:01:00 ----A---- C:\Program Files (x86)\apps.ini
2010-01-28 21:26:20 ----D---- C:\ProgramData\FlashFXP
2010-01-26 23:58:49 ----D---- C:\Windows\Symbols
2010-01-26 23:16:49 ----R---- C:\Windows\system32\xRaidSetup.exe
2010-01-26 23:16:49 ----R---- C:\Windows\system32\xRaidAPI.dll
2010-01-26 23:15:55 ----R---- C:\Windows\system32\DifxApi.dll
2010-01-26 23:15:54 ----D---- C:\Windows\RaidTool
2010-01-26 19:02:06 ----D---- C:\Program Files (x86)\SpeedFan
2010-01-26 17:27:37 ----D---- C:\Program Files (x86)\Lavalys
2010-01-26 17:04:40 ----D---- C:\ProgramData\ATI
2010-01-24 17:14:54 ----D---- C:\Program Files (x86)\Lineage II
2010-01-24 17:14:20 ----D---- C:\Users\tomzel\AppData\Roaming\InstallShield

======List of files/folders modified in the last 1 months======

2010-02-22 21:52:18 ----D---- C:\Windows\Temp
2010-02-22 21:51:24 ----D---- C:\Users\tomzel\AppData\Roaming\Free Download Manager
2010-02-22 21:49:20 ----SHD---- C:\Windows\Installer
2010-02-22 21:47:57 ----D---- C:\Windows\SysWOW64
2010-02-22 21:47:29 ----SHD---- C:\System Volume Information
2010-02-22 21:45:43 ----D---- C:\Windows\Tasks
2010-02-22 21:42:56 ----D---- C:\Users\tomzel\AppData\Roaming\Xfire
2010-02-22 20:02:10 ----RD---- C:\Program Files (x86)
2010-02-22 19:55:41 ----D---- C:\Windows\System32
2010-02-22 19:53:05 ----D---- C:\Windows\system32\drivers
2010-02-22 19:53:05 ----D---- C:\Windows
2010-02-22 19:53:02 ----D---- C:\ProgramData
2010-02-22 19:52:12 ----D---- C:\Windows\winsxs
2010-02-22 19:51:19 ----D---- C:\Windows\Prefetch
2010-02-22 19:51:00 ----RD---- C:\Program Files
2010-02-22 10:25:52 ----D---- C:\Downloads
2010-02-21 18:43:50 ----D---- C:\Windows\system32\Macromed
2010-02-21 14:19:08 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-02-21 13:02:28 ----D---- C:\Users\tomzel\AppData\Roaming\teamspeak2
2010-02-21 00:53:10 ----D---- C:\Users\tomzel\AppData\Roaming\Hamachi
2010-02-18 23:06:16 ----D---- C:\ProgramData\Xfire
2010-02-17 09:28:10 ----D---- C:\Program Files (x86)\Xfire
2010-02-16 22:13:28 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-02-16 21:00:32 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-02-14 19:02:49 ----D---- C:\Program Files (x86)\Call of Duty Game of the Year Edition
2010-02-11 16:46:58 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-02-11 16:44:58 ----SD---- C:\Program Files (x86)\HLSW
2010-02-10 11:15:51 ----D---- C:\Program Files (x86)\Windows Mail
2010-02-08 12:34:55 ----RSD---- C:\Windows\assembly
2010-02-02 17:42:57 ----D---- C:\Program Files (x86)\ICQ6.5
2010-02-01 22:40:27 ----D---- C:\bany
2010-01-27 00:52:22 ----D---- C:\Windows\system32\directx
2010-01-27 00:52:17 ----HD---- C:\Windows\msdownld.tmp
2010-01-26 23:17:12 ----A---- C:\Windows\GSetup.ini
2010-01-26 23:16:45 ----D---- C:\Windows\inf
2010-01-26 23:14:18 ----D---- C:\Program Files (x86)\Realtek
2010-01-26 22:01:20 ----D---- C:\Windows\Minidump
2010-01-24 18:18:28 ----D---- C:\ProgramData\InstallShield

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys []
R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys []
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S3 ATICDSDr;ATICDSDr; \??\C:\Users\tomzel\AppData\Local\Temp\ATICDSDr.sys []
S3 az9w8pzx;az9w8pzx; C:\Windows\system32\drivers\az9w8pzx.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; \??\C:\Program Files (x86)\Lineage II\system\GameGuard\dump_wmimmc.sys []
S3 ET5Drv;ET5Drv; \??\C:\Windows\ET5Drv.sys [2007-10-16 36416]
S3 gdrv;gdrv; \??\C:\Windows\gdrv.sys [2010-01-27 20544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [2009-04-06 4682]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 NMSAccessU;NMSAccessU; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-24 75064]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-02-11 40384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-03-30 89920]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S3 GEST Service;GEST Service for program management.; C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe [2007-12-14 47624]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-21 21504]
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []

-----------------EOF-----------------

Re: prosím o pomoc !

Napsal: 22 úno 2010 22:56
od Rudy
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.

Re: prosím o pomoc !

Napsal: 22 úno 2010 23:14
od tomzel
myslite log z MBAM ze sem mam dat ?

Re: prosím o pomoc !

Napsal: 22 úno 2010 23:21
od Rudy
tomzel píše:myslite log z MBAM ze sem mam dat ?
Ano.

Re: prosím o pomoc !

Napsal: 23 úno 2010 07:29
od tomzel
já se moc omlouvám že vám pridelavam praci,ale kde najdu prosim ten log z MBAM?

Re: prosím o pomoc !

Napsal: 23 úno 2010 09:04
od tomzel
uz jsem to našel..tady je ten log :

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

23.2.2010 9:03:22
mbam-log-2010-02-23 (09-03-01).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 369078
Uplynulý čas: 1 hour(s), 4 minute(s), 18 second(s)

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 1
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 5

Infikované procesy v paměti:
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\losalamos (Trojan.FakeAlert) -> No action taken.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Users\tomzel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3P4G4X6B\vzgomuf[1].htm (Trojan.Dropper) -> No action taken.
C:\Users\tomzel\AppData\Local\Temp\snfgtubj.exe (Trojan.Dropper) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.

Re: prosím o pomoc !

Napsal: 23 úno 2010 18:21
od Rudy
Vše smažte.

Re: prosím o pomoc !

Napsal: 23 úno 2010 22:11
od tomzel
vše jsem vymazal a chyba je pryč...děkuji moc
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz