

 
	
 
   
  
 
 

 
	
Logfile of HijackThis v1.99.1
Scan saved at 16:23:02, on 2005-04-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\AVK9\HelperService.exe
C:\Programy\AVK9\AvkServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Kwenlru\Pbcpwb.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\Olt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKLM\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKCU\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKCU\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKCU\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKCU\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKCU\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKCU\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: AVK HilfsService (AVKHelper) - Unknown owner - C:\Programy\AVK9\HelperService.exe 
	
typerek napisał(a):paytime.exe
typerek napisał(a):R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
typerek napisał(a):O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
typerek napisał(a):O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
 
 

 
	
Jak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
 
 

 
	
D!eselek 1.9T napisał(a):Chlopak ja nie mam zamiaru nabijac sobie postow w tym temacie i wogoleJak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
Jak zrobisz naprawde wszystko to dopiero oczekuj dalszych wskazowe....I czytaj uwaznie co sie do Ciebie pisze, a nie tak po lepkach....Haslo rzucone typerek leci, a le wstecz juz nie spojrzy....Jasna ta metafora??
PZDR
 musze zrobic formata, ... u kogos kto ma Windows XP bo jak nie to nie da rady ...
  musze zrobic formata, ... u kogos kto ma Windows XP bo jak nie to nie da rady ...
 
	
      C:\Program Files\Media Access\MediaAccK.exe           Nasty
Nasty         running process. (MediaAccK.exe)
AdWare.ToolBar.Azesearch         This is a nasty process! You should fix it and try to delete it manually! C:\Program Files\Internet Optimizer\optimize.exe           Nasty
Nasty         running process. (optimize.exe)
Internet Optimizer Malware         This is a nasty process! You should fix it and try to delete it manually! 
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe           Nasty
Nasty         AdWare.ToolBar.Azesearch
Hit rate: 99 % (result)         Must be fixed!
     O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"         Nasty
Nasty         Internet connection optimizer. Malware.
Hit rate: 99 % (result)         Must be fixed!O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe           Unknown
Unknown         
Hit rate: 10 % (result)         Unknown application.
     O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe         Unknown
Unknown         
Hit rate: 8 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe         Unknown
Unknown         
Hit rate: -1 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe         Unknown
Unknown         
Hit rate: 13 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe         Unknown
Unknown         
Hit rate: 13 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe         Unknown
Unknown         
Hit rate: -1 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe         Unknown
Unknown         
Hit rate: -1 % (result)         Unknown application.
     O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe         Unknown
Unknown         
C:\Program Files\Kwenlru\Pbcpwb.exe           Unknown
Unknown         running process. (Pbcpwb.exe)
        This is a unknown process.
     C:\WINDOWS\System32\paytime.exe         Unknown
Unknown         running process. (paytime.exe)
        This is a unknown process.
     C:\WINDOWS\Olt.exe         Unknown
Unknown         running process. (Olt.exe)
        This is a unknown process.    C:\WINDOWS\System32\paytime.exe           Unknown
Unknown         running process. (paytime.exe)
        This is a unknown process. O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll           Unknown
Unknown         Entries found in this registry zone are potentially nasty. This application ([A0269420-A638-4509-889C-8FC3CC85DA7E] - Result: ) has been checked. Hit rate: -1 %         Unknown application.O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1           Possibly nasty
Possibly nasty         If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too.         Do you know the IP or Domain '194.204.152.34,194.204.159.1'? If not, fix this entry. 
	
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1 
 
	
typerek napisał(a):Zrobilem formata i jak narazie jest spokoj
typerek napisał(a):i jak narazie jest spokoj

 
 

 
	

 
	
kemot301 napisał(a):Ładnie. Kliknąłem w pierwszy link i z mety wskoczył do systemy wirus - Bloodhound.Explolit.6

 
	
Robertj napisał(a):Tomek piszesz o tym linku co podałem? Bo Avast nic nie znalazł.
 
 

 
	

 
	
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 5 gości