PDA

View Full Version : partnerBHO or false positive?


eternal
2009-02-19, 04:42
PLEASE HELP me.

I have a new pc (just formatted) with win xp sp3 with all win updates.

I have installed only secure program (java, flash, firefox, spybot, ad aware, mcaffee)


however I scan my pc and spybot find a trojan partner bho :sick:

is it possible? or is a false positive because I' have installed also ad aware and mcafee security center?


The immunize system of spybot also is blocked.

Because of mcaffe?


the logs:


PartnerBHO: [SBI $2FE4A5BE] ID di applicazione (Chiave di registro, nothing done)
HKEY_CLASSES_ROOT\AppID\{28A88B70-D874-4f73-BBBA-9B2B222FB7D6}

PartnerBHO: [SBI $BE743C00] ID di applicazione (Chiave di registro, nothing done)
HKEY_CLASSES_ROOT\AppID\kt_bho_dll.dll

PartnerBHO: [SBI $F3EE08ED] ID di classe (Chiave di registro, nothing done)
HKEY_CLASSES_ROOT\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Classe radice (Root) (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho

PartnerBHO: [SBI $14904C60] Classe radice (Root) (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\kt_bho.KettleBho.1

PartnerBHO: [SBI $14904C60] ID di classe (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $14904C60] Assistente del browser (BHO) (Chiave di registro, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

PartnerBHO: [SBI $6B47FF4E] Libreria dei tipi (Chiave di registro, nothing done)
HKEY_CLASSES_ROOT\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}


--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2009-02-17 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-01-22 Includes\Adware.sbi (*)
2009-01-22 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-22 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-02-10 Includes\Hijackers.sbi (*)
2009-02-10 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2009-02-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-02-10 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-02-10 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-01-28 Includes\Spyware.sbi (*)
2009-01-28 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-02-03 Includes\Trojans.sbi (*)
2009-02-10 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll




Please HELP ME, MY PC IS SAFE?
Baabiouz
2009-02-19, 09:10
Hi :)

Let's see your HijackThis log:

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.