SpanTool.Agent.NAR i Agent.NTJ

IP: *.internetdsl.tpnet.pl 17.04.08, 13:37
Nod jesty wykrywa, ale nic poza tym, non się pojawiają,
co z tym zrobić???
    • Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 17.04.08, 13:40
      Zapytaj wrozki, a jak chcesz pomocy na forum to muisz dac wymagane logi, podac nazwy zainfekowanych plikow oraz ich lokalizacje na dysku.
      • Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 17.04.08, 15:07
        zainfekowane pliki to praktycznie dowolnie, rozne exe na dyskach,
        ale głównie pojawiające sie na bierząco w tmp w document and
        seatings, o nazwach typu np. 1d778ef9.exe. Nod je usuwa (kwarantanna)
        ale pojawiają się znowu.
        • Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 17.04.08, 15:59
          Coz, nie ma logow, nie ma pomocy.
          • Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 18.04.08, 09:44
            Logfile of Trend Micro HijackThis v2.0.2
            Scan saved at 09:39:59, on 2008-04-18
            Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
            Boot mode: Normal

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\spoolsv.exe
            C:\Program Files\ESET\ESET Smart Security\ekrn.exe
            C:\WINDOWS\system32\cba\pds.exe
            C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
            C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe
            C:\PVSW\bin\w3sqlmgr.exe
            C:\PVSW\bin\ntbtrv.exe
            C:\PVSW\bin\NTDBSMGR.EXE
            C:\WINDOWS\System32\snmp.exe
            C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
            C:\WINDOWS\system32\MsgSys.EXE
            C:\WINDOWS\system32\ams_ii\iao.exe
            C:\WINDOWS\system32\cba\xfr.exe
            C:\WINDOWS\system32\Ati2evxx.exe
            C:\WINDOWS\Explorer.EXE
            C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
            C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
            C:\WINDOWS\system32\NWTRAY.EXE
            C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0
            \webapps\Toolbox\StatusClient\StatusClient.exe
            C:\Program Files\F-Secure\Common\FSM32.EXE
            C:\Program Files\ESET\ESET Smart Security\egui.exe
            C:\Program Files\Messenger\msmsgs.exe
            C:\Program Files\Microsoft ActiveSync\wcescomm.exe
            C:\PROGRA~1\MICROS~4\rapimgr.exe
            C:\WINDOWS\system32\ctfmon.exe
            D:\totalcmd\TOTALCMD.EXE
            C:\Program Files\Outlook Express\msimn.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
            C:\Program Files\Internet Explorer\iexplore.exe
            C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
            C:\WINDOWS\system32\HPBPRO.EXE

            R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
            www.superwebsearch.com/ie/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.google.pl/
            R1 - HKCU\Software\Microsoft\Internet
            Explorer\Search,SearchAssistant = www.superwebsearch.com/ie/
            R0 - HKCU\Software\Microsoft\Internet
            Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-
            7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-
            784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
            \ActiveX\AcroIEHelper.dll
            O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no
            file)
            O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
            C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
            O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-
            0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
            O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog
            Devices\SoundMAX\SMax4PNP.exe
            O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog
            Devices\SoundMAX\Smax4.exe" /tray
            O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program
            Files\Corel\Corel Graphics 12
            \Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics
            Suite 12" /date=032105 serial=DR12WTX-9999998-YSP lang=EN
            O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32
            \spool\drivers\w32x86\3\hpztsb07.exe
            O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI
            Control Panel\atiptaxx.exe
            O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
            Files\Java\jre1.6.0_01\bin\jusched.exe"
            O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
            O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
            O4 - HKLM\..\Run: [ScanRegistry] C:\W
            O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI
            Technologies\ATI.ACE\cli.exe" runtime -Delay
            O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
            O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-
            Packard\Toolbox2.0\Apache Tomcat 4.0
            \webapps\Toolbox\StatusClient\StatusClient.exe /auto
            O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-
            Packard\Toolbox2.0\hpbpsttp.exe
            O4 - HKLM\..\Run: [ABCBACKUP] C:\PROGRA~1\ABCBAC~1\ABCBAC~1.EXE 1
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [Seagull Drivers] ssdal_nc.exe startup
            O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon
            Secure Antivirus\moontray.exe"
            O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan
            Elite\TJEnder.exe :NO
            O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
            Shared\ccApp.exe"
            O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
            O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-
            Secure\Common\FSM32.EXE" /splash
            O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-
            Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
            O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart
            Security\egui.exe" /hide /waitservice
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program
            Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [WN2000] C:\WN2000\wn32pl.exe
            O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program
            Files\Microsoft ActiveSync\wcescomm.exe"
            O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
            O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program
            Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
            O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
            \CTFMON.EXE (User 'USŁUGA LOKALNA')
            O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
            \CTFMON.EXE (User 'USŁUGA SIECIOWA')
            O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
            \CTFMON.EXE (User 'SYSTEM')
            O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32
            \CTFMON.EXE (User 'Default user')
            O8 - Extra context menu item: &Block this popup - C:\Program Files\F-
            Secure\Anti-Spyware\blockpopups.htm
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-
            00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
            O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-
            00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
            O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-
            070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
            O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-
            A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
            O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-
            A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
            O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
            • Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 18.04.08, 09:46
              O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan
              Object) -
              www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab
              O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
              Advantage Validation Tool) - go.microsoft.com/fwlink/?
              linkid=39204
              O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl
              Class) - mks.com.pl/skaner/SkanerOnline.cab
              O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32-
              bit (Windowed) ActiveX Control v4.00) -
              212.109.149.253/LNetCam.cab
              O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView
              Control) - 192.168.0.3/ActiveView.cab
              O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline
              Class) - www.mks.com.pl/skaner/SkanerOnline.cab
              O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
              Installer Class) -
              acs.pandasoftware.com/activescan/as5free/asinst.cab
              O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player
              Version 1.x) - www.o2c.de/download/O2CPlayer.CAB
              O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) -
              192.168.0.89/DvsView.cab
              O17 - HKLM\System\CCS\Services\Tcpip\..\{77D50793-DFED-475A-A52F-
              462EAC8A39CA}: NameServer = 194.204.152.34,194.204.159.1
              O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD76659-9154-4EE1-A1D8-
              6C34DDE78F7C}: NameServer = 194.204.159.1,194.204.152.34
              O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
              Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
              O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
              C:\WINDOWS\system32\Ati2evxx.exe
              O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32
              \ati2sgag.exe
              O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates
              International Inc. - C:\Program
              Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe
              O23 - Service: Client Update Service for Novell (cusrvc) - Novell,
              Inc. - C:\WINDOWS\system32\cusrvc.exe
              O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program
              Files\ESET\ESET Smart Security\EHttpSrv.exe
              O23 - Service: Eset Service (ekrn) - ESET - C:\Program
              Files\ESET\ESET Smart Security\ekrn.exe
              O23 - Service: F-Secure Network Request Broker - F-Secure
              Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
              O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
              Corporation - C:\Program Files\Common Files\InstallShield\Driver\11
              \Intel 32\IDriverT.exe
              O23 - Service: InstallShield Licensing Service -
              Macrovision -
              C:\Program Files\Common Files\InstallShield
              Shared\Service\InstallShield Licensing Service.exe
              O23 - Service: Intel Alert Handler - Intel® Corporation -
              C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
              O23 - Service: Intel Alert Originator - Intel® Corporation -
              C:\WINDOWS\system32\ams_ii\iao.exe
              O23 - Service: Intel File Transfer - Intel® Corporation -
              C:\WINDOWS\system32\cba\xfr.exe
              O23 - Service: Intel PDS - LANDesk Software Ltd. -
              C:\WINDOWS\system32\cba\pds.exe
              O23 - Service: Event Log Watch (LogWatch) - Unknown owner -
              C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file
              missing)
              O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner -
              C:\Program Files\Moon Secure Antivirus\msavcore.exe
              O23 - Service: Ethernet Packet Service (npacketservice) - Nokia -
              C:\WINDOWS\system32\npacketsvc.exe
              O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA
              Corporation - C:\WINDOWS\system32\nvsvc32.exe
              O23 - Service: Pervasive IDS - Unknown owner -
              C:\PVSW\Bin\dataserv.exe (file missing)
              O23 - Service: Pervasive.SQL (relational) - Pervasive Software Inc. -
              C:\PVSW\bin\w3sqlmgr.exe
              O23 - Service: Pervasive.SQL (transactional) - Unknown owner -
              C:\PVSW\bin\ntbtrv.exe
              O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32
              \HPZipm12.exe
              O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service
              (default)) - Analog Devices, Inc. - C:\Program Files\Analog
              Devices\SoundMAX\SMAgent.exe
              • Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 18.04.08, 11:08
                Chyba potrafisz czytac ze zrozumieniem? forum.gazeta.pl/forum/72,2.html?f=430&w=76799955
Pełna wersja