Wolny net

Dla specjalistów Bezpieczeństwo
#1

Bardzo zwolnil mi net z niewiadmoych przyczyn…

posaidam internet z Netii 1.3 mb/s … Limitu nie ma. Oto log z Hijacka:)

Logfile of HijackThis v1.99.1

Scan saved at 22:49:58, on 2007-05-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\msantis.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\mks_vir_2007\bin\MksFwall.exe

C:\Program Files\mks_vir_2007\bin\MksPC.exe

C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\system32\hphmon05.exe

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\mks_vir_2007\bin\mksregmon.exe

C:\Program Files\mks_vir_2007\bin\mks_mail.exe

C:\Program Files\mks_vir_2007\bin\mkstray.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Netia\Net\netianet.exe

C:\Program Files\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Kuba\Pulpit\hijackthis_sfx.exe

C:\Documents and Settings\Kuba\Pulpit\hijackthis_sfx.exe

C:\Program Files\HijackThis\HijackThis.exe


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.travian3.pl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\lxnt.exe

O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe

O4 - HKLM\..\Run: [wmploc] C:\WINDOWS\msantis.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [MKSRegmon] C:\Program Files\mks_vir_2007\bin\mksregmon.exe

O4 - HKLM\..\Run: [mks_mail] C:\Program Files\mks_vir_2007\bin\mks_mail.exe

O4 - HKLM\..\Run: [mkstray] C:\Program Files\mks_vir_2007\bin\mkstray.exe

O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NETIANET] C:\Program Files\Netia\Net\netianet.exe

O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU\..\Run: [Windows Portable Device Drivers] C:\WINDOWS\system32\drivers\MSKSVRVS.EXE

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\RunServices: [Windows Portable Device Drivers] C:\WINDOWS\system32\drivers\MSKSVRVS.EXE

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\mks_vir_2007\bin\\mkslsp.dll

O15 - Trusted Zone: http://mks.com.pl

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1180378376312

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1180104561127

O17 - HKLM\System\CCS\Services\Tcpip\..\{339895B3-8EB9-4EF2-A502-9473C7FB8893}: NameServer = 83.238.255.76 213.241.79.37

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O23 - Service: Local Service - Unknown owner - C:\WINDOWS\msantis.exe

O23 - Service: MksFwall - MKS Sp z o.o. - C:\Program Files\mks_vir_2007\bin\MksFwall.exe

O23 - Service: MksPC - Unknown owner - C:\Program Files\mks_vir_2007\bin\MksPC.exe

O23 - Service: MksUpdate - MKS Sp. z o. o. - C:\Program Files\mks_vir_2007\bin\mksupdate.exe

O23 - Service: mks_vir file monitor (MksVirMonSvc) - Unknown owner - C:\Program Files\mks_vir_2007\bin\mksvirmonsvc.exe

O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\mks_vir_2007\bin\mks_scan.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Prosze sprawdzic i powiedziec czy jest tu jakas przyczyna…

#2

popielniczka

Ważny komunikat dotyczący tytułowania tematów

Na Forum używamy polskich znaków.

Proszę poprawić temat na konkretny, mówiący o problemie, oraz pisownię w opisie problemu.

W celu edycji swojego posta proszę skorzystać z przycisku icon_edit.gif

Zignorowanie prośby będzie skutkowało usunięciem tematu do Kosza.

Temat przenoszę do właściwego działu.

#3

Pobierz Windows Worms Doors Cleaner, ustaw znaczki na zielono, Netbios może być na żółto.

Po użyciu narzędzia wymagany jest restart.

Start > uruchom > cmd > wpisz:

sc stop "Local Service"

sc delete "Local Service"

Ściągasz Pocket Killbox,

zaznaczasz Delete on reboot , w polu full path of file wklej ścieżkę:

C:\WINDOWS\System32\lxnt.exe

C:\WINDOWS\system32\drivers\MSKSVRVS.EXE

C:\WINDOWS\msantis.exe

i naciskasz X czerwony. Program poprosi o reset kompa, pozwalasz dopiero po wklejeniu ostatniej ścieżki.

Usuń w HJT.

Daj log z Combofix