problem z netem – kto sprawdzi log?
Hej! Operatorem mojego neta jest siec tv kablowej. System Windows XP Home Edition. Od początku po ok. 5–10 min. pokazuje sie komunikat "przekroczono limit czasu" i nie moge otworzyc nastepnych stron dopóki nie zrestartuję laptopa. Tak samo jest na explorerze i firefoxie. GG, Skype, czat działa cały czas. Nie pomaga "naprawianie" przesyłu ani skanowanie. Czy moźe ktoś sprawdzic loga ?
Logfile of HijackThis v1.99.1
Scan saved at 20:36:58, on 2005–11–24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andrzej\Local Settings\Temp\Temporary Directory 1 for _reconst.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 – HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" –r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 – HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk580YYPL
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 – Winlogon Notify: Sebring – c:\WINDOWS\System32\LgNotify.dll
O23 – Service: AVK Service (AVKService) – Unknown owner – C:\Program Files\AntiVirenKit\AVKService.exe
O23 – Service: AVK Monitor (AVKWCtl) – Unknown owner – C:\Program Files\AntiVirenKit\AVKWCtl.exe
Z góry dziekuję.
Logfile of HijackThis v1.99.1
Scan saved at 20:36:58, on 2005–11–24
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\AntiVirenKit\AVKService.exe
C:\Program Files\AntiVirenKit\AVKWCtl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andrzej\Local Settings\Temp\Temporary Directory 1 for _reconst.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshibadirect.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
F2 – REG:system.ini: Shell=explorer.exe
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – (no file)
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 – HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" –r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 – HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [AVKBar] "C:\Program Files\AntiVirenKit\AVKBar.exe"
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk580YYPL
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Real.com – {CD67F990–D8E9–11d2–98FE–00C0F0318AFE} – C:\WINDOWS\System32\Shdocvw.dll
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 – IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitialSetup1.0.0.8–2.cab
O20 – Winlogon Notify: igfxcui – C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 – Winlogon Notify: Sebring – c:\WINDOWS\System32\LgNotify.dll
O23 – Service: AVK Service (AVKService) – Unknown owner – C:\Program Files\AntiVirenKit\AVKService.exe
O23 – Service: AVK Monitor (AVKWCtl) – Unknown owner – C:\Program Files\AntiVirenKit\AVKWCtl.exe
Z góry dziekuję.
Odpowiedzi: 4
Zwracam honor, wiedza zostaje :mrgreen:
ZCfgSvc.exe – narzedzie od radiowej karty sieciowej Intela, zostaje.
My Web Search teź do dziabnięcia
+
Reszta wątpliwości OK
+
C:\WINDOWS\system32\ZCfgSvc.exe
Reszta wątpliwości OK
usuń:
Co do tego mam wątpliwości
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 – Hosts: 217.96.35.130 auto.search.msn.com
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – (no file)
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.html?p=ZNxmk580YYPL
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei–2/SmileyCentralFWBInitial Setup1.0.0.8–2.cab
Co do tego mam wątpliwości
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.toshiba.com/search
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: MyWebSearch Search Assistant BHO – {00A6FAF1–072E–44cf–8957–5838F569A31D} – C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Strona 1 / 1