worm/generic.DHT

romdan · 8 Wrzesień 2007 12:00

Do wczoraj nie mialem na PC nic zas dzisiaj rano AVG FREE wersja aktualna na dzis wykryl mi w programie hjt -wersja 2.0.2 wirusa j/w.w wersji hjt poprzedniej 1.99 avg free nic nie wykrywa,hi.po calkowitym usunieciu programu hjt 2.02 z PC i ponownym instalowaniu tegoz programu avg free ponownie wykazuje tegoz wirusa,hi…program sciagam z strony “dobreprogramy”.co jest grane prosze o pomoc i nadmieniam nie jestem informatykiem.dolaczam logi hjt z wczoraj gdy nic nie bylo i dzisiejszy po odinstalowaniu wersji 2.0.2.

1 log to wczorajsza wersja 2.0.2 bez jeszcze wirusa

2.drugi log to juz dzisiejszy po odinstalowaniu calkowicie wersji 2.0.2 z chwila gdy avg free wykryl tego wirusa.

Scan saved at 19:59:45, on 2007-09-07

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\ATI Technologies\ATI.ACE\cli.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

E:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\PROGRA~1\GADU-G~1\gg.exe

E:\Program Files\Pogoda\pogoda.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program Files\iPod\bin\iPodService.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\Winamp\winamp.exe

E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM…\Run: [PRONoMgr.exe] E:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe

O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM…\Run: [ATIPTA] E:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM…\Run: [ATICCC] “E:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime

O4 - HKLM…\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM…\Run: [Google Desktop Search] “E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [Ashampoo FireWall] “E:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” -TRAY

O4 - HKLM…\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe

O4 - HKLM…\Run: [!AVG Anti-Spyware] “E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized

O4 - HKLM…\Run: [QuickTime Task] “E:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “E:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKCU…\Run: [Gadu-Gadu] “E:\PROGRA~1\GADU-G~1\gg.exe” /tray

O4 - HKCU…\Run: [ccleaner] “E:\Program Files\CCleaner\ccleaner.exe” /AUTO

O4 - HKCU…\Run: [tray] E:\Program Files\Pogoda\pogoda.exe /tray

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\Run: [AVG7_Run] E:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: ATI CATALYST – pasek zadań.lnk = E:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A43} (SignActivX Control) - https://www.bph.pl/pi/components/SignActivX.cab

O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

O23 - Service: Apple Mobile Device - Apple, Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: GoogleDesktopManager - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe

O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - E:\Program Files\Intel\NCS\Sync\NetSvc.exe

–

End of file - 5555 bytesLogfile of HijackThis v1.99.1

Scan saved at 08:48:47, on 2007-09-08

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\SOUNDMAN.EXE

E:\Program Files\ATI Technologies\ATI.ACE\cli.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

E:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe

E:\Program Files\Winamp\winampa.exe

E:\Program Files\iTunes\iTunesHelper.exe

E:\PROGRA~1\GADU-G~1\gg.exe

E:\Program Files\Pogoda\pogoda.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe

E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

E:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

E:\Program Files\iPod\bin\iPodService.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\hijackthis 1.99.0\HijackThis.exe