winlogon.exe 100% CPU – przywieszanie sie kompa :(
Dlaczego tak sie dzieje ? i jaka jest tego przyczyna ??? jak moge to naprawic ?? LUkajcie mojego loga z HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 23:04:11, on 2005–11–26
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Instalki\antyvirus\Wykrywanko robakow\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{92621E71–5A09–41CB–A357–B6D718FC80F0}: NameServer = 192.168.0.1,0.0.0.0
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 23:04:11, on 2005–11–26
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
D:\Instalki\antyvirus\Wykrywanko robakow\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{92621E71–5A09–41CB–A357–B6D718FC80F0}: NameServer = 192.168.0.1,0.0.0.0
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 13
tak oba winlogon uruchamiane przez system, chyba zrezygnuje z naprawy tego i poprostu przeinstaluje windowsa, ale tym razem z sp2.
Pisales ze sa dwa winlogony. Oba uruchamiane przez SYSTEM ?lopezz88:
dalej mi wywala winlogon.exe 100% CPU
Sprawdz czy masz na dysku i jesli tak, usun:Kurcze u mnie teź nici.
saap.exe
sais.exe
%programfilesdir%\180solutions\SA\saap.exe
%windir%\downloaded program files\saap.exe
saap.exe
%systemdir%\saie.exe
%systemdir%\saie.log
%systemdir%\saie_kyf.dat
%systemdir%\saiehook.dll
saieau.dat
%windir%\dqxezyl.exe
180ax.exe
%tempdir%\salm.exe
%windir%\msbb.exe
%windir%\FLEOK\msbb.exe
salm.exe
%windir%\salm_kyf.dat
%windir%\salmbundle.exe
%windir%\salmau.dat
%windir%\salm.exe
cjczuf.exe
salmhook.dll
%windir%\salm.log
salm_gdf.dat
%windir%\UJKD.EXE
UJKD.EXE.TMP
U6F6UFTUC.EXE
Usun rowniez O16 z http://static.windupdates.com...
W Dodaj/usun nie ma "180solutions" ?
tak samo u mnie jest, jak Ci sie tak zacznie robic odlacz kabel sieciowy na chwilke i podlacz od nowa i bedzie dziala dobrze... przynajmniej jakis czas :) mam nadzieje ze ktos nam pomoze cos z tym zrobic
Kurcze u mnie teź nici. jedyne co sie polepszyło to nie stoi cały czas na 100% tylko sobie skacze co parenaście sekund na 100 to znów na 5–10 i znów na 100.
:(( kurcze problem powtarza sie :(( dalej mi wywala winlogon.exe 100% CPU :(( Chyba czeka mnie reinstalka systemu tak czuje :(
W czym ?...ale nie umiem sobie poradzić.
Otworz rejestr, wyszukaj "_{02EE5B04–F144–47BB–83FB–A60BD91B74A9}" i usun.
Przepraszam,źe sie wcinam, ale nie umiem sobie poradzić. Mój log wygląda tak:
Scan saved at 18:34:15, on 2005–11–27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Documents and Settings\MAMA\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{02EE5B04–F144–47BB–83FB–A60BD91B74A9} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [DAEMON Tools–1033] "F:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/180solutions/ie/bridge–c282.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – http://dd.xo.pl/avicodec.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Scan saved at 18:34:15, on 2005–11–27
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Documents and Settings\MAMA\Pulpit\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{02EE5B04–F144–47BB–83FB–A60BD91B74A9} – (no file)
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [DAEMON Tools–1033] "F:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe"
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – Global Startup: GetRight – Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 – Global Startup: Kalendarz XP.lnk = C:\Program Files\Kalendarz XP\Kalendarz.exe
O8 – Extra context menu item: E&ksport do programu Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 – Extra button: Badanie – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/180solutions/ie/bridge–c282.cab
O16 – DPF: {C68AE9C0–0909–4DDC–B661–C1AFB9F5AE53} – http://dd.xo.pl/avicodec.ocx
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_23.cab
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Autodesk Licensing Service – Autodesk, Inc. – C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 – Service: Ulead Burning Helper (UleadBurningHelper) – Ulead Systems, Inc. – C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Otworzybys sobie jeszcze wlasciwosci polaczenia sieciowego, wszedlbys do wlasciwosci TCP/IP i usunal DNS o numerze 0.0.0.0
Dzieki wielkie zrobilem to co zaleciliscie, usunalem to co mowiliscie. Teraz czekam tylko czy problem bedzie sie powtarzal czy juz bedzie chodzic dobrze :) Mam nadzieje ze to pomoglo i bedzie wszystko dobrze chodzic :D
A to moj aktualny log:
Logfile of HijackThis v1.99.1
Scan saved at 17:01:41, on 2005–11–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Instalki\antyvirus\Wykrywanko robakow\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{92621E71–5A09–41CB–A357–B6D718FC80F0}: NameServer = 192.168.0.1,0.0.0.0
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
A to moj aktualny log:
Logfile of HijackThis v1.99.1
Scan saved at 17:01:41, on 2005–11–27
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MKS\Bin\NetMonSV.exe
C:\Program Files\MKS\Bin\mksmonsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\MKS\Bin\mks_scan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\MKS\Bin\mks_menu.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Instalki\antyvirus\Wykrywanko robakow\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: Shell=explorer.exe
O2 – BHO: DownloadRedirect Class – {00000000–6CB0–410C–8C3D–8FA8D2011D0A} – C:\Program Files\iMesh\iMesh5\iMeshBHO.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: bho2gr Class – {31FF080D–12A3–439A–A2EF–4BA95A3148E8} – C:\Program Files\GetRight\xx2gr.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 – HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
O4 – HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: Download with GetRight – C:\Program Files\GetRight\GRdownload.htm
O8 – Extra context menu item: Open with GetRight Browser – C:\Program Files\GetRight\GRbrowse.htm
O17 – HKLM\System\CCS\Services\Tcpip\..\{92621E71–5A09–41CB–A357–B6D718FC80F0}: NameServer = 192.168.0.1,0.0.0.0
O23 – Service: ArcaBit NetMonitor (ABNetMon) – ArcaBit sp. z o.o. – C:\Program Files\MKS\Bin\NetMonSV.exe
O23 – Service: MkSUpdateInt – MkS Sp. z o. o. – C:\Program Files\MKS\bin\MkSUpdateInt.exe
O23 – Service: MkS_Vir Monitor (MksVirMonSvc) – Unknown owner – C:\Program Files\MKS\Bin\mksmonsv.exe
O23 – Service: MkS_Scan – Unknown owner – C:\Program Files\MKS\Bin\mks_scan.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Mam taki sam problem.
Winlogon.exe poźera 100% CPU.
I teź jak odłączę kabel sieciowy to jest OK, ale jak tylko podepnę zpowrotem to od razu jest 100%.
Winlogon.exe poźera 100% CPU.
I teź jak odłączę kabel sieciowy to jest OK, ale jak tylko podepnę zpowrotem to od razu jest 100%.
skanowalem programikiem "szczepionbki" ze strony gdata .pl
A log jest poprawny ???? bo ja zastanawiam sie czy nie trzeba usunac:
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
ale nie znam sie na tym tak dobrze i nie wiem czy jak to usune to mi sie komp nie zrypie ???
A log jest poprawny ???? bo ja zastanawiam sie czy nie trzeba usunac:
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
ale nie znam sie na tym tak dobrze i nie wiem czy jak to usune to mi sie komp nie zrypie ???
A sprawdziłeś kompa antiwirusami (innymi niź mks), antyszpiegami itd? http://support.microsoft.com/default.aspx?scid=kb;pl;329897
Posty edytuje się, klikając na ikonkę ZMIEŃ w prawym górnym rogu posta.
Posty edytuje się, klikając na ikonkę ZMIEŃ w prawym górnym rogu posta.
nie wiem jak sie edytuje posty.. takze napisze nowa wiadomosc.....
A mianowicie dojrzalem jeszcze ze w procesach uruchamia sie (tylko nie wiem kiedy i dlaczego) dwurgi proces winlogon.exe i przy przycinaniu sie windowsa jeden z winlogon.exe ma 100% CPU, nie wiem dlaczego tak sie dzieje, a i jeszcze jedno reset nic nie pomaga, ale jezeli odlaczy sie kabel od sieci i podlaczy po chwili to wszystko dziala dobrze, ale na jakis czas po paru godzinach problem powtarza sie :(( Czekam na odpowiedz mam nadzieje ze ktos mi pomorze
A mianowicie dojrzalem jeszcze ze w procesach uruchamia sie (tylko nie wiem kiedy i dlaczego) dwurgi proces winlogon.exe i przy przycinaniu sie windowsa jeden z winlogon.exe ma 100% CPU, nie wiem dlaczego tak sie dzieje, a i jeszcze jedno reset nic nie pomaga, ale jezeli odlaczy sie kabel od sieci i podlaczy po chwili to wszystko dziala dobrze, ale na jakis czas po paru godzinach problem powtarza sie :(( Czekam na odpowiedz mam nadzieje ze ktos mi pomorze
Strona 1 / 1