Problem z winlogon.exe

Hrdcr (Adamlor) 2008-07-22 19:39:43 UTC #1

witam!

Mam problem mianowicie wchodzac do menadzera w XP patrze a tam zuzycie proca (komp jak w sygnie) caly czas min 60%, patzre dalej co tak go obciaza a tam proces winlogon.exe non stop ma min 58%

co sie dzieje eset nic nie wykrywa;/

huber2t (Huber2t) 2008-07-22 19:41:14 UTC #2

Podaj log z Hijackthis

Hrdcr (Adamlor) 2008-07-22 19:45:02 UTC #3

Logfile of HijackThis v1.99.1 Scan saved at 21:43:33, on 2008-07-22 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\IoctlSvc.exe D:\WINDOWS\system32\PnkBstrA.exe D:\WINDOWS\Explorer.EXE D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe D:\Program Files\DAP\DAP.EXE D:\Program Files\D-Tools\daemon.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Gadu-Gadu\gg.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Gigabyte\ET5\GUI.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Mozilla Firefox\firefox.exe C:\totalcmd\TOTALCMD.EXE D:\Program Files\foobar2000\foobar2000.exe D:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\Rar$EX00.282\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O4 - HKLM..\Run: [EasyTuneV] D:\Program Files\Gigabyte\ET5\ETcall.exe O4 - HKLM..\Run: [nwiz] nwiz.exe /install O4 - HKLM..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM..\Run: [DownloadAccelerator] "D:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKLM..\Run: [Resume copy] copyfstq.exe /startup O4 - HKLM..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU..\Run: [skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download with Rapget - G:\aukcja\rapget.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=www.actina.pl O17 - HKLM\System\CCS\Services\Tcpip..{5A7D9618-94D4-4840-BD9D-F4F4B09EBD84}: NameServer = 1.1.1.1,1.5.4.7 O17 - HKLM\System\CCS\Services\Tcpip..{D99AA5DC-E3F8-4738-9657-BD1706F7DE27}: NameServer = 213.25.34.2,34.2.2.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DL O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - D:\WINDOWS\system32\IoctlSvc.exe O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

nic z tego nie wiem

ps. nie wiem nawet czy dobry dzial jesli nie to przepraszam i prosze moda o przeniesienie

huber2t (Huber2t) 2008-07-22 19:48:14 UTC #4

Log ok

Podaj log z Combofix

Hrdcr (Adamlor) 2008-07-22 20:17:23 UTC #5

ComboFix 08-07-21.2 - Administrator 2008-07-22 22:00:56.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1423 [GMT 2:00] Running from: D:\Documents and Settings\Administrator\Moje dokumenty\My Completed Downloads\Combo-Fix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED . ((((((((((((((((((((((((( Files Created from 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))) . 2008-07-22 21:58 . 2008-07-22 21:59 2008-07-22 18:32 . 2008-07-22 18:37 2008-07-22 17:49 . 2008-07-22 17:49 2008-07-22 17:49 . 2008-07-22 17:49 2008-07-19 16:32 . 2008-07-19 16:32 2008-07-19 16:32 . 2008-07-19 16:32 2008-07-16 21:25 . 2008-07-22 16:09 2008-07-16 21:25 . 2008-07-16 21:25 32 --a------ D:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat 2008-07-16 21:24 . 2008-07-22 21:57 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-16 21:23 . 2008-07-16 21:23 2008-07-15 18:21 . 2008-07-15 18:21 4 --a------ D:\WINDOWS\system32\proc-503976190.bin 2008-07-15 15:05 . 2008-07-15 15:05 2008-07-15 15:05 . 2002-01-01 03:28 860,211 --a-s---- D:\WINDOWS\system32\XSIFtk-3.6.2.1.dll 2008-07-13 13:47 . 2008-07-15 18:21 2008-07-13 13:46 . 2008-07-13 13:47 2008-07-11 23:38 . 2008-07-11 23:38 2008-07-07 15:13 . 2000-05-22 22:58 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx 2008-07-06 11:38 . 2008-07-18 13:15 22,328 --a------ D:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-07-06 11:38 . 2008-07-06 11:38 22,328 --a------ D:\Documents and Settings\Administrator\Dane aplikacji\PnkBstrK.sys 2008-07-06 11:28 . 2004-08-22 16:31 155,136 --a------ D:\WINDOWS\system32\drivers\d347bus.sys 2008-07-06 11:28 . 2004-08-22 16:31 5,248 --a------ D:\WINDOWS\system32\drivers\d347prt.sys 2008-07-06 11:27 . 2008-07-06 11:27 2008-07-06 10:26 . 2008-07-06 10:26 2008-07-06 10:25 . 2008-07-06 10:25 262,144 --a------ D:\WINDOWS\system32\wrap_oal.dll 2008-07-06 10:25 . 2008-07-06 10:25 86,016 --a------ D:\WINDOWS\system32\OpenAL32.dll 2008-07-01 19:31 . 2008-07-01 19:32 2008-07-01 19:31 . 2008-07-01 19:31 2008-07-01 19:31 . 2008-07-01 19:31 2008-07-01 19:31 . 2008-07-01 19:31 2008-06-30 09:20 . 2008-07-22 12:48 2008-06-28 19:23 . 2008-06-28 19:24 2008-06-28 19:13 . 2008-06-30 09:19 2008-06-28 17:16 . 2008-07-06 11:27 2008-06-28 13:52 . 2008-06-28 13:52 2008-06-28 12:24 . 2008-07-07 15:13 2008-06-26 17:03 . 2008-06-26 17:03 8,192 --ahs---- D:\WINDOWS\Thumbs.db 2008-06-26 12:38 . 2008-06-26 12:38 720,896 --a------ D:\WINDOWS\iun6002.exe 2008-06-26 12:38 . 2008-06-26 12:38 18,004 --a------ D:\WINDOWS\irunin.ini 2008-06-26 12:38 . 2008-06-26 12:38 15,938 --a------ D:\WINDOWS\irunin.lng 2008-06-26 12:38 . 2008-06-26 12:38 9,694 --a------ D:\WINDOWS\irunin.dat 2008-06-26 12:38 . 2008-06-26 12:38 8,134 --a------ D:\WINDOWS\irunin.bmp 2008-06-26 10:22 . 2008-06-30 09:20 2008-06-26 10:22 . 2008-06-26 10:22 479,298 --a------ D:\WINDOWS\system32\wbocx.ocx 2008-06-26 10:22 . 2008-06-26 10:22 172,032 --a------ D:\WINDOWS\system32\AniGIF.ocx 2008-06-26 10:22 . 2008-06-26 10:22 50,688 --a------ D:\WINDOWS\system32\wbhelp2.dll 2008-06-25 23:08 . 2008-06-26 09:31 2008-06-25 14:28 . 2008-06-25 14:28 2008-06-25 14:28 . 2008-07-01 22:52 2008-06-25 13:39 . 2008-06-25 13:39 2008-06-25 13:39 . 2004-10-25 20:02 21,664 --a------ D:\WINDOWS\system32\drivers\Entech.sys 2008-06-25 13:39 . 1999-11-02 10:01 6,173 --a------ D:\WINDOWS\system32\drivers\Entech.vxd 2008-06-25 13:39 . 2004-06-22 15:44 5,632 --a------ D:\WINDOWS\system32\drivers\Entech64.sys 2008-06-25 13:39 . 2001-11-19 19:05 3,972 --a------ D:\WINDOWS\system32\drivers\PciBus.sys 2008-06-25 13:38 . 2008-06-25 13:38 2008-06-24 23:50 . 2008-06-24 23:50 2008-06-24 23:48 . 2008-06-24 23:49 2008-06-24 23:46 . 2008-06-24 23:46 2008-06-24 23:46 . 2008-07-22 17:49 2008-06-24 22:08 . 2008-06-28 22:48 2008-06-24 22:08 . 2008-06-27 21:51 2008-06-24 22:08 . 2008-06-24 22:08 2008-06-24 20:45 . 2008-06-24 20:45 417,792 --a------ D:\Documents and Settings\Administrator\GL4JavbJauGljJNI14.dll 2008-06-24 20:44 . 2008-06-24 20:44 2008-06-24 19:08 . 2008-06-24 19:08 2008-06-24 19:08 . 2008-06-24 19:08 2008-06-24 19:08 . 2008-03-25 02:37 69,632 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-06-24 19:05 . 2008-06-24 19:05 2008-06-24 18:12 . 2008-06-24 18:12 0 --a------ D:\WINDOWS\nsreg.dat 2008-06-24 18:05 . 2008-07-22 16:32 3,875 --a------ D:\WINDOWS\wincmd.ini 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\UC.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\RAR.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKZIP.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\PKUNZIP.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\NOCLOSE.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\LHA.PIF 2008-06-24 18:05 . 2007-09-14 07:02 545 --a------ D:\WINDOWS\ARJ.PIF 2008-06-24 18:05 . 2008-07-20 21:49 191 --a------ D:\WINDOWS\wcx_ftp.ini 2008-06-24 18:03 . 2008-06-24 18:03 87 --a------ D:\WINDOWS\system32\EpfwUser.dat 2008-06-24 17:08 . 2008-06-24 17:08 2008-06-24 17:08 . 2008-06-24 17:08 2008-06-24 17:01 . 2004-08-03 22:31 20,992 --a------ D:\WINDOWS\system32\drivers\RTL8139.sys 2008-06-24 17:01 . 2004-08-03 22:31 20,992 --a--c--- D:\WINDOWS\system32\dllcache\rtl8139.sys 2008-06-24 12:48 . 2008-06-14 20:01 273,024 --------- D:\WINDOWS\system32\drivers\bthport.sys 2008-06-24 12:48 . 2008-06-14 20:01 273,024 -----c--- D:\WINDOWS\system32\dllcache\bthport.sys 2008-06-24 12:41 . 2008-06-24 12:41 2008-06-24 12:27 . 2008-07-09 14:35 2008-06-24 12:10 . 2008-06-24 12:10 2008-06-24 12:10 . 2008-07-22 22:00 2008-06-24 11:47 . 2008-06-24 11:47 2008-06-24 11:47 . 2001-03-02 10:41 634 --a------ D:\WINDOWS\system32\MAPISVC.INF 2008-06-24 11:43 . 2008-06-24 11:43 2008-06-24 11:43 . 2007-03-07 13:27 4,245,008 --a------ D:\WINDOWS\system32\qtp-mt334.dll 2008-06-24 11:43 . 2007-03-07 13:27 247,824 --a------ D:\WINDOWS\system32\prgiso.dll 2008-06-24 11:43 . 2007-03-07 13:27 38,448 --a------ D:\WINDOWS\system32\drivers\hotcore3.sys 2008-06-24 11:43 . 2007-03-07 13:27 13,840 --a------ D:\WINDOWS\system32\wnaspi32.dll 2008-06-24 11:09 . 2008-03-03 14:25 5,702 --ah----- D:\WINDOWS\nod32restoretemdono.reg 2008-06-24 11:09 . 2008-03-03 18:21 568 --ah----- D:\WINDOWS\nod32fixtemdono.reg 2008-06-23 01:14 . 2008-06-23 01:14 2008-06-23 01:14 . 2008-06-23 01:14 2008-06-23 01:14 . 2008-06-17 19:13 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll 2008-06-23 01:14 . 2008-06-17 19:13 348,160 --a------ D:\WINDOWS\system32\msvcr71.dll 2008-06-23 01:14 . 2008-06-17 19:13 60,273 --a------ D:\WINDOWS\system32\pthreadGC2.dll 2008-06-23 01:14 . 2008-06-17 19:13 7,680 --a------ D:\WINDOWS\system32\ff_vfw.dll 2008-06-23 01:14 . 2008-06-17 19:13 547 --a------ D:\WINDOWS\system32\ff_vfw.dll.manifest 2008-06-23 01:10 . 2008-06-23 01:10 2008-06-23 01:10 . 2008-07-22 14:46 69 --a------ D:\WINDOWS\NeroDigital.ini 2008-06-23 01:09 . 2008-06-23 01:09 2008-06-23 01:09 . 2004-08-03 23:08 26,496 --a--c--- D:\WINDOWS\system32\dllcache\usbstor.sys (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-18 11:15 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe 2008-07-06 09:37 669,184 ----a-w D:\WINDOWS\system32\pbsvc.exe 2008-07-06 09:37 66,872 ----a-w D:\WINDOWS\system32\PnkBstrA.exe 2008-06-28 15:18 --------- d--h--w D:\Program Files\InstallShield Installation Information 2008-06-24 09:47 --------- d-----w D:\Program Files\Common Files\InstallShield 2008-06-20 17:42 246,784 ----a-w D:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w D:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w D:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w D:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-19 13:47 --------- d-----w D:\Program Files\Guitar Pro 5 2008-06-18 19:05 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\DVD Shrink 2008-06-18 18:02 --------- d-----w D:\Program Files\NeroInstall.bak 2008-06-18 18:02 --------- d-----w D:\Documents and Settings\Administrator\Dane aplikacji\Nero 2008-06-18 18:01 --------- d-----w D:\Program Files\Nero 2008-06-18 18:01 --------- d-----w D:\Program Files\Common Files\Nero 2008-06-18 18:01 --------- d-----w D:\Documents and Settings\All Users\Dane aplikacji\Nero 2008-06-18 17:55 --------- d-----w D:\Program Files\DVD Shrink 2008-06-18 01:11 --------- d-----w D:\Program Files\Gigabyte 2008-06-18 01:09 15,600 ----a-w D:\WINDOWS\gdrv.sys 2008-06-17 21:37 315,392 ----a-w D:\WINDOWS\HideWin.exe 2008-06-17 21:37 --------- d-----w D:\Program Files\Realtek 2008-06-17 21:36 --------- d-----w D:\Program Files\DIFX 2008-06-17 21:36 --------- d-----w D:\Documents and Settings\Administrator\Dane aplikacji\InstallShield 2008-06-17 21:35 --------- d-----w D:\Program Files\Yahoo! 2008-06-17 19:35 --------- d-----w D:\Program Files\microsoft frontpage 2008-06-17 19:33 --------- d-----w D:\Program Files\Usługi online 2008-06-10 16:56 34,312 ----a-w D:\WINDOWS\system32\drivers\epfwtdir.sys 2008-06-10 16:48 53,256 ----a-w D:\WINDOWS\system32\drivers\easdrv.sys 2008-06-10 16:47 39,944 ----a-w D:\WINDOWS\system32\drivers\eamon.sys 2008-05-07 05:16 1,291,264 ----a-w D:\WINDOWS\system32\quartz.dll 2008-04-30 15:27 442,368 ----a-w D:\WINDOWS\system32\NVUNINST.EXE . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360] "Gadu-Gadu"="D:\Program Files\Gadu-Gadu\gg.exe" [2007-11-14 12:54 2131392] "Skype"="D:\Program Files\Skype\Phone\Skype.exe" [2007-12-12 15:23 21686568] [HKEY\_LOCAL\_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyTuneV"="D:\Program Files\Gigabyte\ET5\ETcall.exe" [2007-08-14 14:10 20480] "NeroFilterCheck"="D:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 09:59 570664] "egui"="D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 18:52 1447168] "SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "DownloadAccelerator"="D:\Program Files\DAP\DAP.EXE" [2008-06-26 10:22 3053056] "DAEMON Tools-1033"="D:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920] "NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-03 05:46 13529088] "nwiz"="nwiz.exe" [2008-05-03 05:46 1630208 D:\WINDOWS\system32\nwiz.exe] "Resume copy"="copyfstq.exe" [2002-03-24 12:54 46080 D:\WINDOWS\COPYFSTQ.EXE] [HKEY\_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360] D:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\ Adobe Gamma.lnk - D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] [HKEY\_LOCAL\_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] D:\WINDOWS\system32\dumprep 0 -k [X] [HKEY\_LOCAL\_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 13:06 40048 D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2008-02-28 17:07 1828136 D:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2008-02-18 16:29 2221352 D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-05-03 05:46 13529088 D:\WINDOWS\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-05-03 05:46 86016 D:\WINDOWS\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 D:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 12:43 69632 D:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-03 09:52 16841216 D:\WINDOWS\RTHDCPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\totalcmd\TOTALCMD.EXE"= "D:\Program Files\DAP\DAP.exe"= "F:\Gry\TDU\TestDriveUnlimited.exe"= "D:\Program Files\Gadu-Gadu\gg.exe"= "F:\Gry\crysis\Bin32\Crysis.exe"= "F:\Gry\crysis\Bin32\CrysisDedicatedServer.exe"= "D:\WINDOWS\system32\PnkBstrA.exe"= "D:\WINDOWS\system32\PnkBstrB.exe"= "E:\do spr\stary\Szpol\Wolf\Nowy folder\ETDED.exe"= "E:\do spr\stary\Szpol\Wolf\Nowy folder\ET.exe"= "D:\Program Files\Skype\Phone\Skype.exe"= R0 hotcore3;hotcore3;D:\WINDOWS\system32\drivers\hotcore3.sys [2007-03-07 13:27] R1 epfwtdir;epfwtdir;D:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 18:56] S2 NOD32FiXTemDono;Eset Nod32 Boot;D:\WINDOWS\system32\regedt32.exe [2004-08-04 14:00] *Newly Created Service* - CATCHME *Newly Created Service* - NTMSSVC *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-amva - D:\WINDOWS\system32\amvo.exe MSConfigStartUp-Rapget - G:\aukcja\rapget.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.yahoo.com R0 -: HKLM-Main,Start Page = hxxp://www.yahoo.com O8 -: Clean Traces - D:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 -: Download with DAP - D:\Program Files\DAP\dapextie.htm O8 -: Download all with DAP - D:\Program Files\DAP\dapextie2.htm O8 -: Download with Rapget - G:\aukcja\rapget.htm O17 -: HKLM\CCS\Interface{5A7D9618-94D4-4840-BD9D-F4F4B09EBD84}: NameServer = 1.1.1.1,1.5.4.7 O17 -: HKLM\CCS\Interface{D99AA5DC-E3F8-4738-9657-BD1706F7DE27}: NameServer = 213.25.34.2,34.2.2.2 O18 -: Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - D:\PROGRA~1\DAP\dapie.dll O18 -: Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - D:\PROGRA~1\DAP\dapie.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-22 22:01:43 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-07-22 22:02:16 ComboFix-quarantined-files.txt 2008-07-22 20:02:12 Pre-Run: 10,317,615,104 bajtów wolnych Post-Run: 10,320,646,144 bajtów wolnych 249 --- E O F --- 2008-07-09 22:08:03 teraz to juz calkiem nic nie wiem ps. warto inwestowac w nod32?

huber2t (Huber2t) 2008-07-22 20:23:57 UTC #6

Log ok

Hrdcr (Adamlor) 2008-07-22 20:27:05 UTC #7

to czemu winlogon.exe zre 60% proca?

skitles01 (Mskitek) 2008-07-22 21:22:33 UTC #8

To ci jakoś obciąża pracę czy nic nie odczuwasz? Przypadkowo to zauważyłeś?

Dawno robiłeś Format/Defragmentację? Wyczyść dyski i rejestr jakimś programikiem np. Odkurzacz, Ccleaner albo jakiś inny... lepszy

Kloss-J23 (Klossj23) 2008-07-22 22:06:45 UTC #9

Pobierz i uruchom program Process Exporer. W zakładce Process rozwiń '+' na lewo od Winlogon.exe, następnie services.exe i zobacz co najbardziej obciąża procesor. Jeśli któryś z svchost.exe - przytrzymaj dłużej na nim kursor i sprawdź co on faktycznie uruchomił.

Hrdcr (Adamlor) 2008-07-23 07:56:09 UTC #10

Problem sie narazie sam rozwiazal:) po 4 restarcie z rana pomoglo dzieki za pomoc

ps. jest na tym forum funkcja "pomogl"?

huber2t (Huber2t) 2008-07-23 07:59:00 UTC #11

Nie stety nie ma takiej funkcji

Ale problem może jeszcze powrócić więc sprawdź te porady które napisali koledzy wyżej

Oparte na Discourse, najlepiej oglądać z włączonym JavaScriptem