Gość: ja IP: *.internetdsl.tpnet.pl 17.04.08, 13:37 Nod jesty wykrywa, ale nic poza tym, non się pojawiają, co z tym zrobić??? Odpowiedz Link Zgłoś czytaj wygodnie posty
Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 17.04.08, 13:40 Zapytaj wrozki, a jak chcesz pomocy na forum to muisz dac wymagane logi, podac nazwy zainfekowanych plikow oraz ich lokalizacje na dysku. Odpowiedz Link Zgłoś
Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 17.04.08, 15:07 zainfekowane pliki to praktycznie dowolnie, rozne exe na dyskach, ale głównie pojawiające sie na bierząco w tmp w document and seatings, o nazwach typu np. 1d778ef9.exe. Nod je usuwa (kwarantanna) ale pojawiają się znowu. Odpowiedz Link Zgłoś
Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 17.04.08, 15:59 Coz, nie ma logow, nie ma pomocy. Odpowiedz Link Zgłoś
Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 18.04.08, 09:44 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:39:59, on 2008-04-18 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\cba\pds.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft SQL Server\MSSQL$WHATSUP\Binn\sqlservr.exe C:\PVSW\bin\w3sqlmgr.exe C:\PVSW\bin\ntbtrv.exe C:\PVSW\bin\NTDBSMGR.EXE C:\WINDOWS\System32\snmp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ams_ii\hndlrsvc.exe C:\WINDOWS\system32\MsgSys.EXE C:\WINDOWS\system32\ams_ii\iao.exe C:\WINDOWS\system32\cba\xfr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0 \webapps\Toolbox\StatusClient\StatusClient.exe C:\Program Files\F-Secure\Common\FSM32.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\WINDOWS\system32\ctfmon.exe D:\totalcmd\TOTALCMD.EXE C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\HPBPRO.EXE R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.superwebsearch.com/ie/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.superwebsearch.com/ie/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51- 7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D- 784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0 \ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F- 0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12 \Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=032105 serial=DR12WTX-9999998-YSP lang=EN O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32 \spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe O4 - HKLM\..\Run: [ScanRegistry] C:\W O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett- Packard\Toolbox2.0\Apache Tomcat 4.0 \webapps\Toolbox\StatusClient\StatusClient.exe /auto O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett- Packard\Toolbox2.0\hpbpsttp.exe O4 - HKLM\..\Run: [ABCBACKUP] C:\PROGRA~1\ABCBAC~1\ABCBAC~1.EXE 1 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Seagull Drivers] ssdal_nc.exe startup O4 - HKLM\..\Run: [Moon Secure Antivirus] "C:\Program Files\Moon Secure Antivirus\moontray.exe" O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F- Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F- Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [WN2000] C:\WN2000\wn32pl.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32 \CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32 \CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32 \CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32 \CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Block this popup - C:\Program Files\F- Secure\Anti-Spyware\blockpopups.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307- 00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307- 00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2- 070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45- A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45- A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) Odpowiedz Link Zgłoś
Gość: ja Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.internetdsl.tpnet.pl 18.04.08, 09:46 O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - www.kaspersky.pl/resources/virusscanner/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/? linkid=39204 O16 - DPF: {5A09E43F-A0A7-4ABF-AF80-11367CF1DC8F} (MainControl Class) - mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {5DA9D8E0-5A57-11CF-9E36-00C0930198C0} (Pegasus ImagN' 32- bit (Windowed) ActiveX Control v4.00) - 212.109.149.253/LNetCam.cab O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} (ActiveView Control) - 192.168.0.3/ActiveView.cab O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - www.mks.com.pl/skaner/SkanerOnline.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {BF3CD111-6278-11D2-9EA3-00A0C9251384} (O2C-Player Version 1.x) - www.o2c.de/download/O2CPlayer.CAB O16 - DPF: {F255050F-988C-4683-AAEB-2523A2CE885D} (DVSView Control) - 192.168.0.89/DvsView.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{77D50793-DFED-475A-A52F- 462EAC8A39CA}: NameServer = 194.204.152.34,194.204.159.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{ACD76659-9154-4EE1-A1D8- 6C34DDE78F7C}: NameServer = 194.204.159.1,194.204.152.34 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32 \ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\\lic98rmt.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11 \Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\cba\pds.exe O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (file missing) O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Program Files\Moon Secure Antivirus\msavcore.exe O23 - Service: Ethernet Packet Service (npacketservice) - Nokia - C:\WINDOWS\system32\npacketsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pervasive IDS - Unknown owner - C:\PVSW\Bin\dataserv.exe (file missing) O23 - Service: Pervasive.SQL (relational) - Pervasive Software Inc. - C:\PVSW\bin\w3sqlmgr.exe O23 - Service: Pervasive.SQL (transactional) - Unknown owner - C:\PVSW\bin\ntbtrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32 \HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Odpowiedz Link Zgłoś
Gość: Kolobos Re: SpanTool.Agent.NAR i Agent.NTJ IP: *.escom.net.pl 18.04.08, 11:08 Chyba potrafisz czytac ze zrozumieniem? forum.gazeta.pl/forum/72,2.html?f=430&w=76799955 Odpowiedz Link Zgłoś