Winlogon.exe - wysokie użycie w procesach

gsm-moto · 20 Grudzień 2007 00:02

Ostatnio zauważyłęm że winlogon.exe używa zbyt dużo pamięci 32 mb, co zrobić żeby obniżyć pobór pamięci?

Załanczam log z HijackThis

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:52:15, on 2007-12-20 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\MyPortal\Speed-X\SpeedX.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe D:\Zainstalowane programy\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Zainstalowane programy\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\ZAINST~2\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Zainstalowane programy\FlashGet\getflash.dll O4 - HKLM…\Run: [AVP] “D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User ‘Default user’) O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet’a - D:\Zainstalowane programy\FlashGet\jc_link.htm O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet’a - D:\Zainstalowane programy\FlashGet\jc_all.htm O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Statystyki ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Zainstalowane programy\FlashGet\FlashGet.exe O9 - Extra ‘Tools’ menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Zainstalowane programy\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ZAINST~2\SPYBOT~1\SDHelper.dll O9 - Extra ‘Tools’ menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\ZAINST~2\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip…{F8E14CE4-F8CE-46D7-9B85-0E7C07E9A6DD}: NameServer = 91.192.0.1,91.192.0.2 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\ZAINST~2\KASPER~1\KASPER~1.0\adialhk.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - D:\Zainstalowane programy\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - D:\Zainstalowane programy\Raxco\PerfectDisk\PDEngine.exe – End of file - 4864 bytes

Ciuci · 20 Grudzień 2007 10:23

Usuń w HJT.Przeskanuj jeszcze Combo Fix’em i wklej loga.

gsm-moto · 20 Grudzień 2007 17:38

winlogon.exe zajmuje w procesach teraz 4,3 mb

na prośbe usera ciuci załanczam loga z Combo Fix’a

ComboFix 07-12-20.1 - zio 2007-12-20 16:00:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.313 [GMT 1:00] Running from: C:\Documents and Settings\zio\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))) . 2007-12-19 19:03 . 2004-08-03 23:08 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-12-19 13:58 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-12-19 13:58 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-12-18 20:25 . 2007-12-18 20:25 25,992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe 2007-12-17 21:43 . 2007-12-17 21:43 2007-12-17 21:42 . 2007-12-17 21:42 2007-12-17 21:41 . 2007-12-17 21:41 0 --ah----- C:\WINDOWS\system32\sx.inf 2007-12-17 21:40 . 2007-12-17 21:40 2007-12-17 21:36 . 2007-12-17 21:36 2007-12-17 21:36 . 2007-12-17 21:36 2007-12-17 21:34 . 2007-12-17 21:34 2007-12-17 21:28 . 2007-12-17 23:45 2007-12-17 21:25 . 2007-12-17 21:25 2007-12-17 21:24 . 2007-12-17 21:24 2007-12-17 21:19 . 2007-12-17 21:22 2007-12-17 21:18 . 2007-12-17 21:18 2007-12-17 21:18 . 2007-12-17 21:18 2007-12-17 21:11 . 2007-12-17 21:12 2007-12-17 21:11 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-17 20:54 . 2007-12-17 20:54 2007-12-17 20:54 . 2007-12-17 20:55 2007-12-17 20:54 . 2007-12-17 20:54 2007-12-17 20:03 . 2007-12-17 20:03 100 --a------ C:\WINDOWS\lexstat.ini 2007-12-17 20:02 . 2007-12-17 20:02 2007-12-17 20:00 . 2004-08-03 23:10 85,376 --a------ C:\WINDOWS\system32\drivers\NABTSFEC.sys 2007-12-17 19:59 . 2004-08-04 00:44 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax 2007-12-17 19:59 . 2004-08-04 00:44 91,136 --a–c— C:\WINDOWS\system32\dllcache\kswdmcap.ax 2007-12-17 19:59 . 2004-08-04 00:44 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax 2007-12-17 19:59 . 2004-08-04 00:44 61,952 --a–c— C:\WINDOWS\system32\dllcache\kstvtune.ax 2007-12-17 19:59 . 2004-08-04 00:44 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll 2007-12-17 19:59 . 2004-08-04 00:44 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-12-17 19:59 . 2004-08-04 00:44 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax 2007-12-17 19:59 . 2004-08-04 00:44 43,008 --a–c— C:\WINDOWS\system32\dllcache\ksxbar.ax 2007-12-17 19:58 . 2005-01-26 15:45 349,472 --a------ C:\WINDOWS\WindowsXP-KB822603-x86.exe 2007-12-17 19:58 . 2006-01-06 13:57 344,064 --a------ C:\WINDOWS\vsnp2std.exe 2007-12-17 19:58 . 2006-01-06 17:39 110,592 --a------ C:\WINDOWS\tsnp2std.exe 2007-12-17 19:58 . 2004-08-09 17:43 94,208 --a------ C:\WINDOWS\amcap.exe 2007-12-17 19:58 . 2005-11-11 16:46 24,960 --a------ C:\WINDOWS\system32\drivers\sncamd.sys 2007-12-17 19:58 . 2005-12-06 13:08 20,480 --a------ C:\WINDOWS\FixCamera.exe 2007-12-17 19:58 . 2004-12-09 17:23 15,497 --a------ C:\WINDOWS\snp2std.ini 2007-12-17 19:58 . 2004-12-09 17:23 13,022 --a------ C:\WINDOWS\snp2std.src 2007-12-17 19:57 . 2007-12-17 19:58 2007-12-17 19:57 . 2006-01-04 17:42 10,219,904 --a------ C:\WINDOWS\system32\drivers\snp2sxp.sys 2007-12-17 19:57 . 2005-12-21 14:06 147,456 --a------ C:\WINDOWS\rsnp2std.dll 2007-12-17 19:57 . 2006-01-03 19:04 61,440 --a------ C:\WINDOWS\vsnp2std.dll 2007-12-17 19:57 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\system32\csnp2std.dll 2007-12-17 19:54 . 2007-12-17 19:54 2007-12-17 19:39 . 2007-12-17 21:11 2007-12-17 19:39 . 2007-12-17 19:39 2007-12-17 19:28 . 2007-12-17 19:28 2007-12-17 18:41 . 2007-12-17 18:41 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-17 18:28 . 2007-12-17 18:28 2007-12-17 18:28 . 2007-04-11 14:35 331,184 --------- C:\WINDOWS\system32\difxapi.dll 2007-12-17 18:27 . 2007-12-17 18:27 2007-12-17 18:27 . 2002-07-30 16:42 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-12-17 00:43 . 2007-12-17 00:43 2007-12-17 00:02 . 2007-12-17 00:04 2007-12-17 00:00 . 2000-05-22 09:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx 2007-12-17 00:00 . 1999-10-11 02:00 41,984 --------- C:\WINDOWS\Ctregrun.exe 2007-12-16 23:53 . 2000-02-24 13:49 1,048,576 --a------ C:\WINDOWS\system32\CT1MGM.ROM 2007-12-16 23:53 . 2002-02-20 04:00 331,776 --------- C:\WINDOWS\system32\CTMEDENG.DLL 2007-12-16 23:53 . 2001-09-18 03:00 139,264 --a------ C:\WINDOWS\system32\Video.skn 2007-12-16 23:53 . 2001-03-30 02:00 62,976 --a------ C:\WINDOWS\system32\CTDetres.dll 2007-12-16 23:53 . 1999-12-13 02:01 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE 2007-12-16 23:53 . 1999-11-18 02:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE 2007-12-16 23:53 . 2000-04-20 01:00 24,576 --a------ C:\WINDOWS\system32\CTMERes.DLL 2007-12-16 23:53 . 1998-09-17 01:52 17,350 --a------ C:\WINDOWS\system32\CTDetect.hlp 2007-12-16 23:53 . 1998-09-17 01:52 641 --a------ C:\WINDOWS\system32\CTDetect.cnt 2007-12-16 23:53 . 2007-12-16 23:53 72 --a------ C:\WINDOWS\SBWIN.INI 2007-12-16 23:51 . 2007-12-17 19:57 2007-12-16 23:51 . 2007-12-17 00:00 2007-12-16 23:51 . 2004-02-18 09:52 176,128 --a------ C:\WINDOWS\system32\USBAudio.cpl 2007-12-16 23:51 . 2004-01-05 15:10 135,168 --a------ C:\WINDOWS\system32\USBAudio.crl 2007-12-16 23:51 . 2003-11-27 13:54 45,390 --a------ C:\WINDOWS\system32\usbaudio.chm 2007-12-16 23:51 . 2003-03-05 12:19 15,840 --a------ C:\WINDOWS\system32\drivers\PfModNT.sys 2007-12-16 23:51 . 2003-04-01 19:38 692 --a------ C:\WINDOWS\system32\USBAudio.cpl.manifest . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-20 15:02 3,799,072 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2007-12-20 15:02 191,264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2007-12-20 13:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab 2007-12-20 00:06 57,404 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2007-12-20 00:06 20,876 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2007-12-17 17:28 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-12-16 21:56 --------- d-----w C:\Documents and Settings\zio\Dane aplikacji\eMule 2007-12-16 21:54 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles 2007-12-16 21:45 90,980 ----a-w C:\WINDOWS\system32\drivers\klin.dat 2007-12-16 21:45 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat 2007-12-16 21:37 --------- d-----w C:\Documents and Settings\zio\Dane aplikacji\Gadu-Gadu 2007-12-16 21:36 --------- d-----w C:\Program Files\Gadu-Gadu 2007-12-16 21:26 --------- d-----w C:\Program Files\Opera 2007-12-16 20:36 --------- d-----w C:\Program Files\microsoft frontpage 2007-12-16 20:34 --------- d-----w C:\Program Files\Usługi online 2007-11-06 07:37 227,592 ----a-w C:\WINDOWS\system32\PDBoot.exe 2007-10-22 04:33 68,624 ----a-w C:\WINDOWS\system32\drivers\DefragFs.sys 2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll 2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll 2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll 2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll 2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll 2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll 2004-09-28 03:00 26,240 ----a-w C:\WINDOWS\inf\RAMDSK.SYS . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “AVP”=“D:\Zainstalowane programy\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe” [2007-03-09 20:50] “NvCplDaemon”=“RUNDLL32.exe” [2004-08-04 00:44 C:\WINDOWS\system32\rundll32.exe] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] “AppInit_DLLs”=D:\ZAINST~2\KASPER~1\KASPER~1.0\adialhk.dll R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-03-29 10:36] R3 P17;Sound Blaster Live! 24-bit;C:\WINDOWS\system32\drivers\P17.sys [2004-06-04 09:27] R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-01-04 17:42] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . ************************************************************************** catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-20 16:02:59 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-20 16:04:00

Gutek · 20 Grudzień 2007 21:02

Pobierz program SDFix

gsm-moto · 22 Grudzień 2007 12:26

wszystko jest wporządku dziękuje:)