CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo poproszę analizę

poproszę analizę

Objaw mam taki, źe ostatnio mi internet ostro zwolnił ( z 160 do ok 60 kbps ) często teź jakby zawiesza się IE w ten sposób, źe po kliknięciu na odnośnik nie podejmuje transferu danych, lub rozpoczyna transfer po długim czasie oczekiwania, dopiero ponowne uruchomienie IE usuwa problem.



Logfile of HijackThis v1.99.0
Scan saved at 00:04:11, on 2004–12–30
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
D:PROGRAMYNarzędziaoneAlarmzlclient.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesNetropaMultimedia KeyboardTrayMon.exe
C:Program FilesNetropaOnscreen DisplayOSD.exe
C:Program FilesNetropaMultimedia Keyboard hksrv.exe
C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
C:WINDOWSsystem32cisvc.exe
C:Program FilesNorton AntiVirus avapsvc.exe
C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
C:PROGRA~1NORTON~2SPEEDD~1 opdb.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32ONELABSvsmon.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
C:Program FilesNorton AntiVirusSAVScan.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32cidaemon.exe
C:Program FilesInternet ExplorerIEXPLORE.EXE
D:PROGRAMYNarzędziaHijackThisHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet Explorer,SearchURL = http://www.google.pl
R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page_bak = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,AutoConfigURL = http://www.aster.pl/aster.pac
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,TGBRFV_
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – D:PROGRAMYUźytkiAdobeAcrobat_60ReaderActiveXAcroIEHelper.dll
O2 – BHO: CNavExtBho Class – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton AntiVirusNavShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32NeroCheck.exe
O4 – HKLM..Run: [MULTIMEDIA KEYBOARD] C:Program FilesNetropaMultimedia KeyboardMMKeybd.exe
O4 – HKLM..Run: [Zone Labs Client] "D:PROGRAMYNarzędziaoneAlarmzlclient.exe"
O4 – HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 – HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://D:PROGRA~1MSOFFI~1OFFICE11EXCEL.EXE/3000
O8 – Extra context menu item: Otwórz w przeglądarce GetRight – D:PROGRAMYUźytkiGetRightGRbrowse.htm
O8 – Extra context menu item: Pobierz za pomocą GetRight – D:PROGRAMYUźytkiGetRightGRdownload.htm
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – D:PROGRA~1MSOFFI~1OFFICE11REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:Program FilesMessengermsmsgs.exe
O16 – DPF: DigiChat Applet – http://63.208.2.51/DigiChat/DigiClasses/Client_IE.cab
O16 – DPF: {10000000–1000–0000–1000–000000000000} – ms–its:mhtml:file://C:foo.mht!http://www.free32.com/POP.CHM::/sp.exe
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) – http://www.cult3d.com/download/cult.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Symantec Event Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
O23 – Service: Symantec Password Validation – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccPwdSvc.exe
O23 – Service: Symantec Settings Manager – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedccSetMgr.exe
O23 – Service: Usługa Auto Protect programu Norton AntiVirus – Symantec Corporation – C:Program FilesNorton AntiVirus avapsvc.exe
O23 – Service: Netropa NHK Server – Unknown – C:Program FilesNetropaMultimedia Keyboard hksrv.exe
O23 – Service: Norton Unerase Protection – Symantec Corporation – C:Program FilesNorton SystemWorksNorton UtilitiesNPROTECT.EXE
O23 – Service: SAVScan – Symantec Corporation – C:Program FilesNorton AntiVirusSAVScan.exe
O23 – Service: ScriptBlocking Service – Symantec Corporation – C:PROGRA~1COMMON~1SYMANT~1SCRIPT~1SBServ.exe
O23 – Service: Speed Disk service – Symantec Corporation – C:PROGRA~1NORTON~2SPEEDD~1 opdb.exe
O23 – Service: SymWMI Service – Symantec Corporation – C:Program FilesCommon FilesSymantec SharedSecurity CenterSymWSC.exe
O23 – Service: TrueVector Internet Monitor – Zone Labs Inc. – C:WINDOWSsystem32ONELABSvsmon.exe

Odpowiedzi: 2

dzięki wins – jest lepiej
drfly
Dodano
30.12.2004 14:13:22
Fix tego co ponizej

F2 – REG:system.ini: UserInit=C:WINDOWSsystem32userinit.exe,TGBRFV_
O16 – DPF: {10000000–1000–0000–1000–000000000000} – ms–its:mhtml:file://C:foo.mht!http://www.free32.com/POP.CHM::/sp.exe
wins
Dodano
30.12.2004 01:29:42
drfly
Dodano:
30.12.2004 01:13:20
Komentarzy:
2
Strona 1 / 1