CentrumXP Forum Tematyka portalu CentrumXP.pl Bezpieczeństwo Analiza loga.

Analiza loga.

Jak ktoś mógłby...


Logfile of HijackThis v1.99.0
Scan saved at 21:38:56, on 2005–01–27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:ProgramyAvast4aswUpdSv.exe
C:ProgramyAvast4ashServ.exe
C:WINDOWSSystem32 vsvc32.exe
C:ProgramyAvast4ashDisp.exe
C:Program FilesJavajre1.5.0injusched.exe
C:program filesonflowuninstall onflow.exe
C:ProgramyAvast4ashMaiSv.exe
C:ProgramyGadu–Gadugg.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:ProgramyWinampwinamp.exe
C:Program FilesInternet Exploreriexplore.exe
D:instalkiHijackThis.exe

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.onet.pl/
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyServer = w3cache.duna.pl:8080
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:ProgramyAcrobat 5.0 CEReaderActiveXAcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O4 – HKLM..Run: [avast!] C:ProgramyAvast4ashDisp.exe
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0injusched.exe
O4 – HKLM..Run: [DAEMON Tools–1033] "C:ProgramyD–Toolsdaemon.exe" –lang 1033 –noicon
O4 – HKLM..Run: [ElbyCheckElbyCDFL] C:ProgramyCloneCDElbyCheck.exe /L ElbyCDFL
O4 – HKLM..Run: [TimeSink Ad Client] "C:Program FilesTimeSinkAdGateway sadbot.exe"
O4 – HKLM..Run: [Onflow] "C:program filesonflowuninstall onflow.exe" –ofpid
O4 – HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:Program FilesJavajre1.5.0in pjpi150.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:WINDOWSweb elated.htm
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 – Service: avast! iAVS4 Control Service – Unknown – C:ProgramyAvast4aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown – C:ProgramyAvast4ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:ProgramyAvast4ashMaiSv.exe
O23 – Service: NVIDIA Display Driver Service – NVIDIA Corporation – C:WINDOWSSystem32 vsvc32.exe

Odpowiedzi: 19

Co sie tak pieklisz
W logu nie widze niczego co rzucało by sie w oczy
Proces explorer.exe w tasku non stop zajmuje 90–100% CPU czy tylko od czasu do czasu "podskakuje" ??
Bobi
Dodano
28.01.2005 17:35:10
no co z tym logiem?
kaczors
Dodano
28.01.2005 16:29:05
Dobra macie tu kod, a ja tymczasem ide spac:P Jutro dokoczymy porzadki;)

Dzięki
kaczors
Dodano
28.01.2005 00:44:49

Process PID CPU Description Company Name
System Idle Process 0 79
Interrupts n/a 4 Hardware Interrupts
DPCs n/a Deferred Procedure Calls
System 4
SMSS.EXE 444 Windows NT Session Manager Microsoft Corporation
CSRSS.EXE 508 2 Client Server Runtime Process Microsoft Corporation
WINLOGON.EXE 560 Aplikacja logowania systemu Windows NT Microsoft Corporation
SERVICES.EXE 604 1 Usługi i aplikacja Kontroler Microsoft Corporation
SVCHOST.EXE 780 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 832 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 912 Generic Host Process for Win32 Services Microsoft Corporation
SVCHOST.EXE 928 Generic Host Process for Win32 Services Microsoft Corporation
SPOOLSV.EXE 1120 Spooler SubSystem App Microsoft Corporation
aswUpdSv.exe 1244
ashServ.exe 1256 avast! antivirus service
NVSVC32.EXE 1508 NVIDIA Driver Helper Service, Version 61.77 NVIDIA Corporation
ashMaiSv.exe 1988 avast! e–Mail Scanner Service ALWIL Software
SVCHOST.EXE 1760 Generic Host Process for Win32 Services Microsoft Corporation
LSASS.EXE 616 1 LSA Shell (Export Version) Microsoft Corporation
taskmgr.exe 1912 Menedźer zadań systemu Windows Microsoft Corporation
EXPLORER.EXE 1384 1 Eksplorator Windows Microsoft Corporation
ashDisp.exe 1764 avast! service GUI component
firefox.exe 1324 1 Firefox Mozilla
winamp.exe 1536 3 Winamp Nullsoft
gg.exe 356 1 Gadu–Gadu – program glowny sms–express.com
procexp.exe 524 7 Sysinternals Process Explorer Sysinternals

Process: EXPLORER.EXE Pid: 1384

Type Name
Desktop Default
Directory Windows
Directory BaseNamedObjects
Directory KnownDlls
Event BaseNamedObjectsuserenv: User Profile setup event
Event BaseNamedObjectsmixercallback
Event BaseNamedObjectsShellReadyEvent
Event BaseNamedObjectsHPlugEjectEvent
Event BaseNamedObjectscrypt32LogoffEvent
Event BaseNamedObjectshardwaremixercallback
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:Documents and SettingsAdministratorPulpit
File C:Documents and SettingsAll UsersPulpit
File C:Documents and SettingsAdministratorUstawienia lokalneDane aplikacjiMicrosoftNagrywanie dysków CD
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceNamedPipeAudioSrv
File DeviceKSENUM#00000005{9B365890–165F–11D0–A195–0020AFD156E4}
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:Documents and SettingsAdministratorDane aplikacjiMicrosoftInternet ExplorerQuick Launch
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceNamedPipe tsvcs
File Dfs
File C:Documents and SettingsAdministratorPrintHood
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceKsecDD
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceTcp
File DeviceTcp
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceIp
File DeviceIp
File DeviceIp
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:Documents and SettingsAll UsersMenu Start
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5index.dat
File C:Documents and SettingsAdministratorCookiesindex.dat
File C:Documents and SettingsAdministratorUstawienia lokalneHistoriaHistory.IE5index.dat
File C:Documents and SettingsAdministratorUstawienia lokalneHistoriaHistory.IE5MSHist012005012720050128index.dat
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File DeviceWMIDataDevice
File DeviceWMIDataDevice
File C:Documents and SettingsAdministratorMenu Start
File C:Documents and SettingsAdministratorRecent
File DeviceAfdEndpoint
File DeviceUdp
File DeviceAfdAsyncConnectHlp
File C:WINDOWSWinSxSX86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:Documents and SettingsAdministratorUlubione
File C:Documents and SettingsAdministratorUlubione\r File DeviceAfdEndpoint
File DeviceTcp
File C:WINDOWSsystem32mshtml.tlb
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5AH16RM54 oday_download;pos=banner;sec=today_download;pc=1494;c=1494;c=1427;sz=728x90;tile=2;ord=481201122[1].htm
File DeviceNamedPipeROUTER
File DeviceTcp
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
File C:WINDOWSsystem32iepeers.dll
File DeviceTcp
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5AH16RM54superstitial;pos=unicast;sz=1x1;tile=9;ord=481201122[1].htm
File DeviceTcp
File C:WINDOWSsystem32stdole2.tlb
File DeviceAfdEndpoint
File DeviceTcp
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE526TBQB9Q oday_download;pos=textbox;sec=today_download;pc=1494;c=1494;c=1427;sz=160x42;tile=25;ord=481201122[1].htm
File DeviceTcp
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5EZUNMPUZ oday_download;pos=button;sec=today_download;pc=1494;c=1494;c=1427;sz=160x60;tile=7;ord=481201122[1].htm
File DeviceTcp
File DeviceAfdEndpoint
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5FM16YCYC oday_download;pos=fourth;sec=today_download;pc=1494;c=1494;c=1427;sz=160x600;tile=6;ord=481201122[1].htm
File DeviceAfdEndpoint
File C:Documents and SettingsAdministratorUstawienia lokalneTemporary Internet FilesContent.IE5M48YSQRU oday_download;pos=billboard;sec=today_download;pc=1494;c=1494;c=1427;sz=336x280;tile=35;ord=481201122[1].htm
File DeviceTcp
File C:\r File D:instalki
File C:WINDOWSWinSxSx86_Microsoft.Windows.Common–Controls_6595b64144ccf1df_6.0.0.0_x–ww_1382d70a
Key HKCUSoftwareMicrosoftPlus!ThemesApply
Key HKCUControl PanelAppearanceNew Schemes
Key HKCUControl PanelAppearanceNew Schemes21
Key HKCUControl PanelAppearanceNew Schemes21
Key HKCUControl PanelAppearanceNew Schemes21Sizes
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAkcesoriaUłatwienia dostępu
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Global
Key HKCRhttpshell
Key HKLMSYSTEMControlSet001ControlNlsLocale
Key HKLMSYSTEMControlSet001ControlNlsLocaleAlternate Sorts
Key HKLMSYSTEMControlSet001ControlNlsLanguage Groups
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftActive SetupInstalled Components{89820200–ECBD–11cf–8B85–00AA005B4383}
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerFileExts
Key HKLM
Key HKCUSoftwareClasses
Key HKU
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Sites
Key HKCUSoftwareClassesCLSID
Key HKCUSoftwareMicrosoftWindowsShell
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsShellNoRoam
Key HKCUSoftwareMicrosoftWindowsShellNoRoamMUICache
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart Menu
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{75048700–EF1F–11D0–9888–006097DEACF9}Count
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerUserAssist{5E6AB780–7743–11CF–A12B–00AA004AE837}Count
Key HKCUSoftwareClasses
Key HKLMSYSTEMControlSet001ServicesTcpipParameters
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSYSTEMControlSet001ServicesNetBTParametersInterfaces
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftWindows NTCurrentVersionDrivers32
Key HKLMSYSTEMControlSet001ServicesTcpipLinkage
Key HKLMSYSTEMControlSet001ServicesNetBTParameters
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsP3PHistory
Key HKCU
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU
Key HKCUSoftwareClasses
Key HKLMSYSTEMControlSet001ControlNetworkProviderHwOrder
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSYSTEMSetup
Key HKLMSYSTEMControlSet001ServicesWinSock2ParametersNameSpace_Catalog5
Key HKLMSYSTEMControlSet001ServicesWinSock2ParametersProtocol_Catalog9
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerFindExtensions
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Global
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAutostart
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftWindowsShell
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsMozilla Firefox
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerFindExtensionsStaticShellSearch2
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderFavorites
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindows NTCurrentVersionWindows
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuPrograms
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerFindExtensionsStaticShellSearch1
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorer
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Sites
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerFindExtensionsStaticShellSearch1
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerFindExtensionsStaticShellSearch2
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKLMSOFTWAREMicrosoftTracingRASAPI32
Key HKLMSYSTEMControlSet001Hardware Profiles001
Key HKCR
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAkcesoriaNarzędzia systemowe
Key HKCUSoftwareMicrosoftInternet ExplorerTypedURLs
Key HKCUSoftwareClasses
Key HKLMSYSTEMControlSet001ControlNlsCodePage
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAkcesoriaKomunikacja
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAkcesoria
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsavast! Antivirus
Key HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBitBucket
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerBitBucket
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerMenuOrderStart MenuProgramsAkcesoriaRozrywka
Key HKCUSoftwareMicrosoftInternet ExplorerTypedURLs
Key HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{c95fe080–8f5d–11d2–a20b–00aa003c157a}
Key HKLMSOFTWAREMicrosoftCOM3
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKCUSoftwareClasses
Key HKU
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerRunMRU
Key HKCUSoftwareClasses
Key HKCU
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Global
Key HKCR
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsoneMap
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsShellNoRoamBags4Shell
Key HKCUSoftwareMicrosoftWindowsShellNoRoamBags4Shell
Key HKCUSoftwareMicrosoftInternet ExplorerSecurityP3Sites
Key HKLMSOFTWAREMicrosoftInternet ExplorerExtensions{08B0E5C0–4FCB–11CF–AAA5–00401C608501}
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings
Key HKU
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftCOM3
Key HKCRApplications otepad.exe
Key HKCRFrontPage.Editor.Document.4.0
Key HKCUSoftwareClasses
Key HKCUSoftwareClasses
Key HKLMSOFTWAREMicrosoftCOM3
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsShellNoRoamDUIBagsShellFolders{F3364BA0–65B9–11CE–A9BA–00AA004AE837}
Key HKCRCLSID
Key HKCR
Key HKLMSOFTWAREMicrosoftCOM3
Key HKU
Key HKLMSOFTWAREMicrosoftCOM3
Key HKLMSOFTWAREMicrosoftCOM3
Key HKCRCLSID
Key HKCUSoftwareClasses
Key HKCUSoftwareMicrosoftWindowsCurrentVersionExplorer
Key HKCUSoftwareClasses
KeyedEvent KernelObjectsCritSecOutOfMemoryEvent
Mutant NlsCacheMutant
Mutant BaseNamedObjectsWininetStartupMutex
Mutant BaseNamedObjects\_SHuassist.mtx
Mutant BaseNamedObjects\_!MSFTHISTORY!_
Mutant BaseNamedObjectsRasPbFile
Mutant BaseNamedObjectsMSUIM.MarshalInterfaceMutex.TMD
Mutant BaseNamedObjectsc:!documents and settings!administrator!ustawienia lokalne!temporary internet files!content.ie5!
Mutant BaseNamedObjectsc:!documents and settings!administrator!cookies!
Mutant BaseNamedObjectsc:!documents and settings!administrator!ustawienia lokalne!historia!history.ie5!
Mutant BaseNamedObjectsWininetConnectionMutex
Mutant BaseNamedObjectsWininetProxyRegistryMutex
Mutant BaseNamedObjectsoleacc–msaa–loaded
Mutant BaseNamedObjectsonesCacheCounterMutex
Mutant BaseNamedObjectsonesCounterMutex
Mutant BaseNamedObjectsMSUIM.GlobalCompartment.Mutex
Mutant BaseNamedObjectsMSUIM.GlobalLangBarEventSink.Mutex
Mutant BaseNamedObjectsExplorerIsShellMutex
Mutant BaseNamedObjects\_!SHMSFTHISTORY!_
Mutant BaseNamedObjectsMSUIM.Layouts.Mutex
Mutant BaseNamedObjectsMidiMapper_Configure
Mutant BaseNamedObjectsMidiMapper_modLongMessage_RefCnt
Mutant BaseNamedObjectsShimCacheMutex
Mutant BaseNamedObjectsMSUIM.Assembly.Mutex
Mutant BaseNamedObjectsc:!documents and settings!administrator!ustawienia lokalne!historia!history.ie5!mshist012005012720050128!
Port RPC ControlOLEB62356396FD8401FAC09598C929B
Process EXPLORER.EXE(1384)
Section BaseNamedObjectsMSIMGSIZECacheMap
Section BaseNamedObjectsmmGlobalPnpInfo
Section BaseNamedObjectsC:_Documents and Settings_Administrator_Cookies_index.dat_65536
Section BaseNamedObjectsC:_Documents and Settings_Administrator_Ustawienia lokalne_Temporary Internet Files_Content.IE5_index.dat_5734400
Section BaseNamedObjectsC:_Documents and Settings_Administrator_Ustawienia lokalne_Historia_History.IE5_index.dat_49152
Section BaseNamedObjectsWDMAUD_Path_Size
Section BaseNamedObjectsWDMAUD_Path_Size
Section BaseNamedObjectsUrlZonesSM_Administrator
Section BaseNamedObjectsC:_Documents and Settings_Administrator_Ustawienia lokalne_Historia_History.IE5_MSHist012005012720050128_index.dat_49152
Section BaseNamedObjectsWDMAUD_Callbacks
Section BaseNamedObjectsSENS Information Cache
Section BaseNamedObjectsShimSharedMemory
Section BaseNamedObjectsCiceroSharedMemDefault
Section BaseNamedObjectsRotHintTable
Section BaseNamedObjects\__R_000000000007_SMem__
Semaphore BaseNamedObjectsshell.{A48F1A32–A340–11D1–BC6B–00A0C90312E1}
Semaphore BaseNamedObjectsshell.{7CB834F0–527B–11D2–9D1F–0000F805CA57}
Semaphore BaseNamedObjectsPowerProfileRegistrySemaphore
Semaphore BaseNamedObjectsshell.{A48F1A32–A340–11D1–BC6B–00A0C90312E1}
Semaphore BaseNamedObjectsshell._ie_sessioncount
Semaphore BaseNamedObjectsshell.{6D5313C0–8C62–11D1–B2CD–006097DF8C11}
Semaphore BaseNamedObjects2nViewShellGlobalLock
Semaphore BaseNamedObjectsshell.{210A4BA0–3AEA–1069–A2D9–08002B30309D}
Semaphore BaseNamedObjectsshell.BitBucket.NumDeleters
Semaphore BaseNamedObjectsshell.BitBucket.GlobalDirtyCount
Semaphore BaseNamedObjectsshell.{090851A5–EB96–11D2–8BE4–00C04FA31A66}
Thread EXPLORER.EXE(1384): 1388
Thread EXPLORER.EXE(1384): 1448
Thread EXPLORER.EXE(1384): 1460
Thread EXPLORER.EXE(1384): 1464
Thread EXPLORER.EXE(1384): 1472
Thread EXPLORER.EXE(1384): 1752
Thread EXPLORER.EXE(1384): 1752
Thread EXPLORER.EXE(1384): 1908
Thread EXPLORER.EXE(1384): 988
Thread EXPLORER.EXE(1384): 500
Thread EXPLORER.EXE(1384): 992
Thread EXPLORER.EXE(1384): 408
Thread EXPLORER.EXE(1384): 1024
Thread EXPLORER.EXE(1384): 1024
Thread EXPLORER.EXE(1384): 1064
Thread EXPLORER.EXE(1384): 1064
Thread EXPLORER.EXE(1384): 884
Thread EXPLORER.EXE(1384): 320
Thread EXPLORER.EXE(1384): 1048
Thread EXPLORER.EXE(1384): 500
Thread EXPLORER.EXE(1384): 904
Thread EXPLORER.EXE(1384): 1820
Token ZARZĄDZANIE NTSYSTEM
Token KACZOROWAdministrator
Token ZARZĄDZANIE NTSYSTEM
Token KACZOROWAdministrator
WindowStation WindowsWindowStationsWinSta0
WindowStation WindowsWindowStationsWinSta0
kaczors
Dodano
28.01.2005 00:32:44
kaczors:
w menadzeze zadan??

Bobi_robert:
Sciagnij Process Explorer
EL NINO
Dodano
28.01.2005 00:29:40
no jak?!

w menadzeze zadan?? jest tylko :Nowe zadanie i zakonc prace menagera...nie ma zpapisz
kaczors
Dodano
28.01.2005 00:27:11
kaczors:
A jak zrobic te biblioteki?

Nie zrobic a przejrzec
Klikasz na explorer.exe poznie File/Save As
Bobi
Dodano
28.01.2005 00:20:42
Narazie zrzut menadźera, w stanie spoczynku... chyba tam nic nie ma...
A jak zrobic te biblioteki?

I jeszcze: Czy Avast duzo kompa obciąźa???
System sie odpala długawo... ok 1minuty...
kaczors
Dodano
28.01.2005 00:13:41
I tu moze być klucz do rozwiazania
Chodzi o problem z EXPLORER.EXE

Sciagnij Process Explorer i zerknij jakie biblioteki sa podpiete pod explorera
Zrob log (Plik/Save As), wklej go na forum do posta
Jeszcze zrob screena z menagera, załacz do posta
Bobi
Dodano
28.01.2005 00:04:47
Dobrze zrobiles wylaczajac poslanca.

Zrob zrzut wszystkich procesow. Rozciagnij tak, zeby wszystkie bylo widac, Alt+PrtnSc, wklej do Painta, zapisz jako .jpg i dodaj do posta.
EL NINO
Dodano
28.01.2005 00:02:55
Upierdliwy bede:P
Jakie uzycie pamieci i CPU nalezy uznac zbyt duze?
mam Duron800 i 256MB ram.

Najwiecej: firefox.exe 25996K
ashServ.exe 23348K

a CPU to EXPLORER.EXE skacze czasami pod 90...

wiec jak miszczu?

aha pytanie: Usluga poslanie informujaca mnie o wirusie typi Spyware na moim kompie to cos powaznego?:P Akualnie wylaczylem ta uslluge...
kaczors
Dodano
27.01.2005 23:56:44
Powtorze to juz setny raz chyba
Otworz sbie menagera zadan i podczas tego mulenia obserwuj zachowanie poszczegolnych procesow
Moze ktorys nienaturalnie pozera CPU i pamieć
Moze cos podpieło sie pod systemowy proces
Bobi
Dodano
27.01.2005 23:45:36
yyy...
Menadzer zadań? chyba nie... a po co?
chyba jakis tourtial by sie przydal... :(
kaczors
Dodano
27.01.2005 23:36:50
Przegladałes menadzer zadań podczas tego "cięcia" ??
Bobi
Dodano
27.01.2005 23:29:16
Przegladałes menadzer zadań podczas tego "cięcia" ??
Bobi
Dodano
27.01.2005 23:29:16
no ludzie poratujcie:P
co to moze byc!? tnie się potwornie...
kaczors
Dodano
27.01.2005 23:22:26
Moźesz wywalić to.


O4 – HKLM..Run: [TimeSink Ad Client] "C:Program FilesTimeSinkAdGateway sadbot.exe"
O4 – HKLM..Run: [Onflow] "C:program filesonflowuninstall onflow.exe" –ofpid
MarcinX
Dodano
27.01.2005 22:54:49
Kurde,
komp mi sie tnie strasznie, dlugo sie odpala, antywir nic nie wykrywa... Czy takie cos moze byc spowodowane mechanicznym uszkodzeniem dysku?
kaczors
Dodano
27.01.2005 22:50:55
IMO jest ok
gieras
Dodano
27.01.2005 22:45:48
kaczors
Dodano:
27.01.2005 22:40:57
Komentarzy:
19
Strona 2 / 2