Win32/Heur i Win32/Tanatos.H, P i J

IP: *.neoplus.adsl.tpnet.pl 30.01.09, 16:34
Mam problem z laptopem. Dziś AVG pokazało kilkadziesiąt plików
zainfekowanych ww. wirusami.

Nic się nie otwiera, ani internet, ani gry, nic. Pojawia się jedynie
komunikat: "Windows cannot access the specified device, path or
file. You may not have the appropriate permission to the item".

Co robić???

Poniżej hijackthis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:21:16 PM, on 1/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\DoubleDesktop\dd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\XPPRESP3\Desktop\hijackthis\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
search.conduit.com?SearchSource=10&ctid=CT2004933
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-
98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-
4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-
5164760863C6} - C:\Program Files\Common Files\Microsoft
Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-
79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-
CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-
98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Peer2Peer-EN Toolbar - {da21bd13-ca22-42e3-a071-
98f08f1ca1e7} - C:\Program Files\Peer2Peer-EN\tbPeer.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-
79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32
Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware
Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-
Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462
\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Odkurzacz-MCD] C:\Program
Files\Odkurzacz\odk_mcd.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry
Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32
advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_03] rundll32
advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_04] rundll32
advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Help\Tours" (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_05] cmd.exe /c md "%USERPROFILE%
\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_06] cmd.exe /C move /Y "%
SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32
\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32
advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL
SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] rundll32
advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32
advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\eHome" (User 'NETWORK
SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DoubleDesktop.lnk = C:\Program
Files\DoubleDesktop\dd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-
0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-
B5C9-0050045C3C96} - C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-
FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32
\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies
CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ,
s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner -
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program
Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program
Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner -
C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Unknown owner - C:\Program Files\Hewlett-
Packard\Shared\hpqwmiex.exe
O23 - Service: Office Source Engine (ose) - Unknown owner -
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools -
C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: Windows Driver Foundation - User-mode Driver
Framework (WudfSvc) - Unknown owner - hex
(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00
,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73
,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00
,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69
,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)

--
End of file - 7037 bytes
    • Gość: ninnaa <a href="http://wklej.org/hash/98fe572f1d/" target="_blank">wk IP: *.neoplus.adsl.tpnet.pl 30.01.09, 16:40
      sorry, nie doczytalam, ze trzeba wklejac - moze poprawcie FAQ

      wklej.org/hash/98fe572f1d/
      • Gość: Kolobos Re: <a href="<a href="http://wklej.org/hash/98fe572f1d" target IP: *.escom.net.pl 30.01.09, 16:58
        Zrob skan przy pomocy Dr.Web CureIt oraz Malwarebytes Anti-Malware, nastepnie daj log z combofix (nie zaszkodza tez logi z dr.web i malwarebytes).
Pełna wersja