prosze o sprawdzenie loga
jest to log mojego kolegi zwalnia mu system i przy uruchamianiu kompa wlancza mu sie jakis sexy screen server
Logfile of HijackThis v1.99.1
Scan saved at 20:42:17, on 2005–04–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\servicetask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\Keyboard\Ikeymain.exe
E:\Programy\D–Tools\daemon.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\Media Access\MediaAccess.exe
E:\test\Gadu–Gadu\gg.exe
E:\programy\foobar2000\foobar2000.exe
E:\gry\Starcraft\Starcraft.exe
E:\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.205.121.222:3128
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:\Program Files\SurfSideKick 2\SskBho.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 – HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Programy\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [lujeled] C:\WINDOWS\lujeled.exe
O4 – HKLM\..\RunServices: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKCU\..\Run: [Steam] E:\gry\hl\Steam.exe –silent
O4 – HKCU\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKCU\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] servicetask.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093891038124
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697514} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
Logfile of HijackThis v1.99.1
Scan saved at 20:42:17, on 2005–04–03
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\servicetask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\PROGRA~1\Keyboard\Ikeymain.exe
E:\Programy\D–Tools\daemon.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\Media Access\MediaAccess.exe
E:\test\Gadu–Gadu\gg.exe
E:\programy\foobar2000\foobar2000.exe
E:\gry\Starcraft\Starcraft.exe
E:\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 195.205.121.222:3128
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:\Program Files\SurfSideKick 2\SskBho.dll
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
O4 – HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 – HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 – HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 – HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 – HKLM\..\Run: [DAEMON Tools–1033] "E:\Programy\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\Run: [lujeled] C:\WINDOWS\lujeled.exe
O4 – HKLM\..\RunServices: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKCU\..\Run: [Steam] E:\gry\hl\Steam.exe –silent
O4 – HKCU\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKCU\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] servicetask.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 – Extra button: Research – {92780B25–18CC–41C8–B9BE–3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093891038124
O16 – DPF: {C5E28B9D–0A68–4B50–94E9–E8F6B4697514} (NsvPlayX Control) – http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd – C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: PACSPTISVR – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 – Service: Sony SPTI Service (SPTISRV) – Sony Corporation – C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
Odpowiedzi: 1
Odinstalowac z Dodaj/usun co sie da, wylaczyc procesy, zaznaczyc w HJ, nacisnac Fix..., wyszukac dla pewnosci pliki na dysku, usunac. Usunac foldery z Program files.
C:\Program Files\Common Files\WinTools\WToolsA.exe
C:\Program Files\Common Files\WinTools\WSup.exe
C:\WINDOWS\System32\servicetask.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\msnmsg.exe
C:\WINDOWS\System32\ap9h4qmo.exe
C:\Program Files\Media Access\MediaAccess.exe
R3 – URLSearchHook: (no name) – {CA0E28FA–1AFD–4C21–A8DC–70EB5BE2F076} – C:\Program Files\SurfSideKick 2\SskBho.dll
O2 – BHO: (no name) – {87766247–311C–43B4–8499–3D5FEC94A183} – C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O4 – HKLM\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 – HKLM\..\Run: [lujeled] C:\WINDOWS\lujeled.exe
O4 – HKLM\..\RunServices: [Microsoft Server Applacations] msnmsg.exe
O4 – HKLM\..\RunServices: [sysPersonalFirewall] servicetask.exe
O4 – HKLM\..\RunOnce: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe /boot
O4 – HKCU\..\Run: [sysPersonalFirewall] servicetask.exe
O4 – HKCU\..\Run: [SurfSideKick 2] C:\Program Files\SurfSideKick 2\Ssk.exe
O4 – HKCU\..\Run: [Microsoft Server Applacations] msnmsg.exe
O4 – HKCU\..\RunOnce: [sysPersonalFirewall] servicetask.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
Strona 1 / 1