prosim zkontolujete mi log

[TTT_111]

Logfile of HijackThis v1.99.1
Scan saved at 16:50:37, on 21.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\LightSurf\Color Indicator\TICIcon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mv2Player\Mv2PlayerPlus.exe
C:\Documents and Settings\Tran\Plocha\Nová složka (5)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {F3EA9CE6-371B-44F8-9BF5-74329BF3CAF0} - C:\WINDOWS\system32\ddra.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} (AnimatedGif Control) - https://www.mojebanka.cz/jars/confwiz/MVSGif.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1157582203
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v ... b34246.cab
O16 - DPF: {C0F0B627-5D8A-4487-B773-EB33BF1BB43F} (EMSIP Class) - https://break.viphone.cz/SIPEyePPhone.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

[Reklama]

[TTT_111]

kaspersky antivirus mi nasel TRojan.Win32.BHO.abo ale neda se to odstranit - prosim o radu

[Baron Prášil]

kde ho kašpárek hlásí?

toto
C:\WINDOWS\system32\ddra.dll
nech zkontrolovat tady http://www.virustotal.com/flash/index_en.html
nepoužívej "Procházet" ale vlož do okna celou cestu,tučně označenou,k souboru metodou Ctrl+C > Ctrl+V

[TTT_111]

no nic mi to nehlasi co mam delat ted

[TTT_111]

no zkousel jsem dal a nebehlo mi tohle
CO mam delat ted

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 - - Win-Trojan/Bho.84992.C
AntiVir - - TR/BHO.abo.14
Authentium - - -
Avast - - -
AVG - - Generic9.AAVJ
BitDefender - - Trojan.Spy.Bzub.NGP
CAT-QuickHeal - - Trojan.BHO.abo
ClamAV - - Trojan.BHO-1128
DrWeb - - Trojan.DownLoader.37561
eSafe - - Win32.BHO.abo
eTrust-Vet - - Win32/Kvol.I
Ewido - - -
FileAdvisor - - -
Fortinet - - W32/BHO.ABO!tr
F-Prot - - -
F-Secure - - Trojan.Win32.BHO.abo
Ikarus - - Trojan-PWS.Win32.Lmir
Kaspersky - - Trojan.Win32.BHO.abo
McAfee - - -
Microsoft - - TrojanSpy:Win32/Bzub.GB.dll
NOD32v2 - - Win32/BHO.ABO
Norman - - W32/BHO.ATF
Panda - - Adware/AVSystemCare
Prevx1 - - Generic9.AAVJ
Rising - - Trojan.Win32.BHO.abo
Sophos - - Troj/BHO-EE
Sunbelt - - Trojan-Spy.Bzub.NGP
Symantec - - Trojan Horse
TheHacker - - Trojan/BHO.abo
VBA32 - - Trojan.Win32.BHO.abo
VirusBuster - - Trojan.BHO.OU
Webwasher-Gateway - - Trojan.BHO.abo.14
Rozšiřující informace
MD5: e03caddf0d11cdefc35b2127dd030a75

[TTT_111]

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.12.22.10 2007.12.21 Win-Trojan/Bho.84992.C
AntiVir 7.6.0.46 2007.12.21 TR/BHO.abo.14
Authentium 4.93.8 2007.12.21 -
Avast 4.7.1098.0 2007.12.21 -
AVG 7.5.0.503 2007.12.21 Generic9.AAVJ
BitDefender 7.2 2007.12.22 Trojan.Spy.Bzub.NGP
CAT-QuickHeal 9.00 2007.12.22 Trojan.BHO.abo
ClamAV 0.91.2 2007.12.22 Trojan.BHO-1128
DrWeb 4.44.0.09170 2007.12.21 Trojan.DownLoader.37561
eSafe 7.0.15.0 2007.12.20 Win32.BHO.abo
eTrust-Vet 31.3.5395 2007.12.21 Win32/Kvol.I
Ewido 4.0 2007.12.21 Trojan.BHO.abo
FileAdvisor 1 2007.12.22 -
Fortinet 3.14.0.0 2007.12.22 W32/BHO.ABO!tr
F-Prot 4.4.2.54 2007.12.21 -
F-Secure 6.70.13030.0 2007.12.21 Trojan.Win32.BHO.abo
Ikarus T3.1.1.15 2007.12.22 Trojan-PWS.Win32.Lmir
Kaspersky 7.0.0.125 2007.12.22 Trojan.Win32.BHO.abo
McAfee 5191 2007.12.21 -
Microsoft 1.3109 2007.12.22 TrojanSpy:Win32/Bzub.GB.dll
NOD32v2 2740 2007.12.21 Win32/BHO.ABO
Norman 5.80.02 2007.12.21 W32/BHO.ATF
Panda 9.0.0.4 2007.12.22 Adware/AVSystemCare
Prevx1 V2 2007.12.22 Generic9.AAVJ
Rising 20.23.51.00 2007.12.22 Trojan.Win32.BHO.abo
Sophos 4.24.0 2007.12.22 Troj/BHO-EE
Sunbelt 2.2.907.0 2007.12.21 Trojan-Spy.Bzub.NGP
Symantec 10 2007.12.22 Trojan Horse
TheHacker 6.2.9.167 2007.12.21 Trojan/BHO.abo
VBA32 3.12.2.5 2007.12.21 Trojan.Win32.BHO.abo
VirusBuster 4.3.26:9 2007.12.21 Trojan.BHO.OU
Webwasher-Gateway 6.6.2 2007.12.22 Trojan.BHO.abo.14
Rozšiřující informace
File size: 84992 bytes
MD5: e03caddf0d11cdefc35b2127dd030a75
SHA1: 3b5947dac19a83c76b933b71058fdfedb6fdaf6b
PEiD: -
packers: UPX
packers: UPX
packers: PE_Patch.UPX, UPX
Prevx info: http://info.prevx.com/aboutprogramtext. ... 00008AE36E

[Baron Prášil]

nu,tak ho smaž
stáhni si killbox
rozbal,spust a do okýnka zkopíruj tučné
C:\WINDOWS\system32\ddra.dll
zaškrtni Delete on Reboot a Unregister .dll Before Deleting
a klikni na křížek.stroj pude do restartu

po retartu pošli novej hijackthis (stáhni aktuální verzi http://www.trendsecure.com/portal/en-US ... ckThis.exe )

napiš co komp a co ten kaspersky

[TTT_111]

No nejde to vubec odstranit pomocí killbox, co s tim mam delat ted

[TTT_111]

objevi se okno:
PendingFileREnameOperations Registry Data has been Removed by External Process!
ale kdyz zapnu Kasper. tak zase to najde jako trojan ale neda se to smazat

[Baron Prášil]

použij avenger http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=35

a tento skript

Files to delete:
C:\WINDOWS\system32\ddra.dll

všechno potvrď a komp pude do restartu.po něm pošli log z Avengeru

[TTT_111]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yafhnwtd

*******************

Script file located at: \??\C:\WINDOWS\yrhruauo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\ddra.dll for deletion
Deletion of file C:\WINDOWS\system32\ddra.dll failed!

Could not process line:
C:\WINDOWS\system32\ddra.dll
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.

[Baron Prášil]

Stáhni si ComboFix (by sUBs) a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem klávesy 1
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log, který se ti zobrazí, jinak ho najdeš zde: C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah