Trojan Win32:BHO-KD[Trj] wykryty przez awasta

Witam–mam taki Log – czy ktoś pomoże mi rozwiązać problem, ścieżka taka sama jak u kolegów u góry tylko plik inny— CddbCdd.dll

oto log !

ComboFix 08-01-10.2 - Kenti1 2008-01-10 22:15:43.1 - NTFSx86

Running from: C:\Documents and Settings\Kenti1\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Kenti1\ResErrors.log

C:\Program Files\myglobalsearch

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

C:\Program Files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

C:\Program Files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

C:\Program Files\myglobalsearch\bar\1.bin\MGSBAR.DLL

C:\Program Files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

C:\Program Files\myglobalsearch\bar\Cache\0132FC61.bin

C:\Program Files\myglobalsearch\bar\Cache\01331BC0.bin

C:\Program Files\myglobalsearch\bar\Cache\01331F79.bin

C:\Program Files\myglobalsearch\bar\Cache\025BEF0E

C:\Program Files\myglobalsearch\bar\Cache\files.ini

C:\Program Files\myglobalsearch\bar\History\search

C:\Program Files\myglobalsearch\bar\Settings\prevcfg.htm

C:\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M2210NetInstaller.exe

C:\WINDOWS\system32\nst68.dll

.

((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))

.

2008-01-10 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe

2008-01-09 11:19 . 2008-01-09 11:19

2008-01-09 11:19 . 2008-01-09 11:19

2008-01-09 01:26 . 2008-01-09 01:31

2008-01-09 01:26 . 2008-01-09 02:51 30,590 --a------ C:\WINDOWS\system32\pavas.ico

2008-01-08 19:27 . 2008-01-08 20:05

2008-01-07 08:34 . 2008-01-07 08:34

2008-01-05 12:51 . 2008-01-07 17:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-05 12:51 . 2008-01-05 12:51 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-04 10:28 . 2007-10-11 00:52 6,065,664 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2008-01-04 10:28 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat

2008-01-04 10:28 . 2007-07-01 04:36 1,036,288 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui

2008-01-04 10:28 . 2007-10-11 00:52 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2008-01-04 10:28 . 2007-10-11 00:52 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2008-01-04 10:28 . 2007-10-11 00:52 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2008-01-04 10:28 . 2007-10-11 00:52 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll

2008-01-04 10:28 . 2007-10-11 00:52 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2008-01-04 10:28 . 2007-10-10 11:59 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-01-04 10:26 . 2008-01-04 10:29

2008-01-04 10:17 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll

2007-12-25 12:30 . 2007-12-25 12:30

2007-12-25 12:30 . 2007-12-25 12:35

2007-12-25 11:51 . 2001-03-08 18:30 24,064 --a------ C:\WINDOWS\system32\msxml3a.dll

2007-12-24 22:38 . 19,456 C:\WINDOWS\system32\drivers\ipgimksw.dat

2007-12-24 22:36 . 2005-12-07 10:31 84,992 --a------ C:\WINDOWS\system32\CddbCdd.dll

2007-12-18 15:46 . 2007-12-18 15:46 319,488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

2007-12-11 15:59 . 2007-12-11 16:50

2007-12-11 15:57 . 2008-01-07 08:28

2007-12-11 15:57 . 2008-01-07 08:28

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-10 20:08 --------- d-----w C:\Documents and Settings\Kenti1\Dane aplikacji\Skype

2008-01-07 18:13 --------- d—a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP

2008-01-07 18:12 --------- d-----w C:\Program Files\Spyware Doctor

2008-01-02 15:26 --------- d-----w C:\Program Files\Gadu-Gadu

2008-01-01 19:17 --------- d-----w C:\Program Files\Neostrada TP

2007-12-31 16:00 --------- d-----w C:\Program Files\TuneUp Utilities 2006

2007-12-24 14:34 149 ----a-w C:\tmp.dat

2007-12-04 18:08 --------- d-----w C:\Documents and Settings\Kenti1\Dane aplikacji\GanymedeNet

2007-12-04 17:11 --------- d-----w C:\Program Files\Ganymede

2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-12-02 22:06 --------- d-----w C:\Program Files\Hewlett-Packard

2007-12-02 22:00 --------- d-----w C:\Program Files\hp deskjet 3420 series

2007-11-25 22:59 --------- d-----w C:\Program Files\eMule

2007-11-25 21:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2007-11-24 21:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Bluetooth

2007-11-24 21:52 --------- d–h--w C:\Program Files\InstallShield Installation Information

2007-11-24 21:52 --------- d-----w C:\Program Files\IVT Corporation

2007-11-24 20:50 --------- d-----w C:\Program Files\Emapa

2007-11-19 13:58 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Hagel Technologies

2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

2007-12-18 15:46 319488 --a------ C:\WINDOWS\system32\adssite_sidebar.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{266A3562-AB67-480E-9F09-D54604FD817B}]

2007-08-20 18:58 75264 --a------ C:\WINDOWS\system32\ninjaext.dll

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{954A42F2-16E0-4740-8188-41941B50E626}]

2005-12-07 10:31 84992 --a------ C:\WINDOWS\system32\CddbCdd.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11D4-9B18-009027A5CD4F}

{41C29B07-6F91-4966-91BE-2E2841643C83}

{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

{5093EB4C-3E93-40AB-9266-B607BA87BDC8}

[HKEY_CLASSES_ROOT\clsid{41c29b07-6f91-4966-91be-2e2841643c83}]

[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic.1]

[HKEY_CLASSES_ROOT\TypeLib{6B4FA1DD-A353-49F8-A650-79C21D6B4824}]

[HKEY_CLASSES_ROOT\CoolToolBar.IEBarLogic]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 12:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“Power_Gear”=“C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe” [2006-03-14 16:46 90112]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00 79224]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 12:00 15360]

“Spyware Doctor”="" []

“PcSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2006-11-09 16:15 1634304]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

“IETI”=“C:\Program Files\Skype\Phone\IEPlugin\unins000.exe” []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

“NoRecentDocsNetHood”= 1 (0x1)

“EditLevel”= 0 (0x0)

“NoCommonGroups”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

“Net4Switch”=C:\Program Files\ASUS\Net4Switch\Net4Switch.exe

“EdHTML”=C:\Program Files\Binboy\EdHTMLv5.0\EdHTML.exe /none

“CTFMON.EXE”=C:\WINDOWS\system32\ctfmon.exe

“AdobeUpdater”=C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

“Wireless Console 2”=C:\Program Files\Wireless Console 2\wcourier.exe

“NeroFilterCheck”=C:\WINDOWS\system32\NeroCheck.exe

“SMSERIAL”=sm56hlpr.exe

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” -atboottime

“WOOTASKBARICON”=C:\Program Files\Neostrada TP\taskbaricon.exe

“ABLKSR”=C:\WINDOWS\ABLKSR\ABLKSR.exe

“HControl”=C:\WINDOWS\ATK0100\HControl.exe

“WOOWATCH”=C:\PROGRA~1\NEOSTR~1\Watch.exe

“PCSuiteTrayApplication”=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”

“RTHDCPL”=RTHDCPL.EXE

“ASUS Live Update”=C:\Program Files\ASUS\ASUS Live Update\ALU.exe

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

“WooCnxMon”=C:\PROGRA~1\NEOSTR~1\CnxMon.exe

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe”

“SynTPEnh”=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

“hid_start”=C:\WINDOWS\System32\Rundll32.exe “C:\WINDOWS\system32\gzmrotate.dll” DllVerify

“HPDJ Taskbar Utility”=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe

“Control Center”=C:\Program Files\ASUS\WLAN Card Utilities\Center.exe

“RemoteControl”=“C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe”

R0 bzlkeryk;bzlkeryk;C:\WINDOWS\system32\drivers\ipgimksw.dat []

R2 COSIDS_TB;COSIDS_TB;C:\PROGRA~1\COSIDS\BIN\TbMux32.exe [2001-11-20 14:37]

R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 12:00]

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]

R3 SynMini;USB2.0 1.3M WebCam;C:\WINDOWS\system32\Drivers\SynMini.sys [2006-07-02 21:33]

R3 SynScan;USB2.0 1.3M WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2006-06-29 21:40]

S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 16:32]

S3 GTF32BUS;GT F32 BUS;C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-09-01 17:54]

S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-09-01 17:54]

S3 GTSCSER;GT SC SER;C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-08-29 15:45]

S3 ipswuio;ipswuio;C:\WINDOWS\system32\DRIVERS\ipswuio.sys [2006-01-24 09:45]

S3 S3U10Scanner;600 CU Still Image Device Service;C:\WINDOWS\system32\drivers\usbscan.sys [2004-08-03 21:58]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

*Newly Created Service* - PROCEXP90

.

Contents of the ‘Scheduled Tasks’ folder

“2008-01-07 16:17:49 C:\WINDOWS\Tasks\1-Click Maintenance.job”

  • C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe

“2007-04-03 21:18:46 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-10 22:21:23

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-01-10 22:23:47

ComboFix-quarantined-files.txt 2008-01-10 21:23:38

.

2008-01-09 08:42:37 — E O F —

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

Wklej do Notatnika:

File::

C:\WINDOWS\system32\drivers\ipgimksw.dat

C:\WINDOWS\system32\CddbCdd.dll

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\ninjaext.dll


Driver::

bzlkeryk


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266A3562-AB67-480E-9F09-D54604FD817B}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954A42F2-16E0-4740-8188-41941B50E626}]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

witaj–tak wygląda mój log po operacji–mam wątpliwośći czy wykonałem to wszystko poprawnie !!

za zainteresowanie wielkie dzieki !

Przeczytaj uważnie co masz zrobić nic nie zrobione:

Wklej do Notatnika:

File::

C:\WINDOWS\system32\drivers\ipgimksw.dat 

C:\WINDOWS\system32\CddbCdd.dll 

C:\WINDOWS\system32\adssite_sidebar.dll

C:\WINDOWS\system32\adssite_sidebar_uninstall.exe

C:\WINDOWS\system32\CddbCdd.dll


Driver::

bzlkeryk


Registry:

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954A42F2-16E0-4740-8188-41941B50E626}]

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>88953CFScript-createdbyMiekiemoes.gif

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

Witaj–oto ten log ???

http://wklej.org/id/0fe36c2e6b

i co Ty kolego na to ?? Pozdrawiam

No i powinno być ok

Czyszczenie rejestru:

RegCleaner - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=177

możesz rejestr przelecieć albo

jv16 PowerTools - http://www.dobreprogramy.pl/index.php?dz=2&t=29&id=509

Opis RegCleaner - http://www.agavk.p9.pl/strony/progra_regcleaner.php

Zobacz - Obsługa jv16 PowerTools

Dzieki za pomoc w usunięciu tej paskudy…czy ten trojan mógł spowalniać mi prace kompa ?? mam wrażenie ze działa znacznie szybciej(reakcja)

jeszcze raz dzięki za Pomoc i CIERPLIWOŚĆ— pozdro

Trojan czy wirus zawsze spowalnia system :slight_smile: