Logfile of HijackThis v1.99.1
Scan saved at 16:23:02, on 2005-04-06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programy\AVK9\HelperService.exe
C:\Programy\AVK9\AvkServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Kwenlru\Pbcpwb.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\Olt.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKLM\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [Gsh] C:\WINDOWS\Olt.exe
O4 - HKCU\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe
O4 - HKCU\..\Run: [Kns] C:\WINDOWS\Int.exe
O4 - HKCU\..\Run: [Umr] C:\WINDOWS\Ulq.exe
O4 - HKCU\..\Run: [Dth] C:\WINDOWS\Hdd.exe
O4 - HKCU\..\Run: [Afr] C:\WINDOWS\Vqa.exe
O4 - HKCU\..\Run: [Tqh] C:\WINDOWS\Miu.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1
O23 - Service: AVK HilfsService (AVKHelper) - Unknown owner - C:\Programy\AVK9\HelperService.exe
typerek napisał(a):paytime.exe
typerek napisał(a):R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
typerek napisał(a):O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
typerek napisał(a):O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
Jak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
D!eselek 1.9T napisał(a):Chlopak ja nie mam zamiaru nabijac sobie postow w tym temacie i wogoleJak napisalem wczesniej, tryb awaryjny, sprawdz msconfig i te podejrzane procesy w task'u[ctrl+alt+delete]
przelec system ad-aware, spybot'em i porzadnym regcleanerem
Jak zrobisz naprawde wszystko to dopiero oczekuj dalszych wskazowe....I czytaj uwaznie co sie do Ciebie pisze, a nie tak po lepkach....Haslo rzucone typerek leci, a le wstecz juz nie spojrzy....Jasna ta metafora??
PZDR
C:\Program Files\Media Access\MediaAccK.exe Nasty
Nasty running process. (MediaAccK.exe)
AdWare.ToolBar.Azesearch This is a nasty process! You should fix it and try to delete it manually!
C:\Program Files\Internet Optimizer\optimize.exe Nasty
Nasty running process. (optimize.exe)
Internet Optimizer Malware This is a nasty process! You should fix it and try to delete it manually!
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe Nasty
Nasty AdWare.ToolBar.Azesearch
Hit rate: 99 % (result) Must be fixed!
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe" Nasty
Nasty Internet connection optimizer. Malware.
Hit rate: 99 % (result) Must be fixed!
O4 - HKLM\..\Run: [Meyox] C:\Program Files\Kwenlru\Pbcpwb.exe Unknown
Unknown
Hit rate: 10 % (result) Unknown application.
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe Unknown
Unknown
Hit rate: 8 % (result) Unknown application.
O4 - HKLM\..\Run: [Gsh] C:\WINDOWS\Olt.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Rrn] C:\WINDOWS\System32\Bka.exe Unknown
Unknown
Hit rate: 13 % (result) Unknown application.
O4 - HKLM\..\Run: [Kns] C:\WINDOWS\Int.exe Unknown
Unknown
Hit rate: 13 % (result) Unknown application.
O4 - HKLM\..\Run: [Umr] C:\WINDOWS\Ulq.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Dth] C:\WINDOWS\Hdd.exe Unknown
Unknown
Hit rate: -1 % (result) Unknown application.
O4 - HKLM\..\Run: [Afr] C:\WINDOWS\Vqa.exe Unknown
Unknown
C:\Program Files\Kwenlru\Pbcpwb.exe Unknown
Unknown running process. (Pbcpwb.exe)
This is a unknown process.
C:\WINDOWS\System32\paytime.exe Unknown
Unknown running process. (paytime.exe)
This is a unknown process.
C:\WINDOWS\Olt.exe Unknown
Unknown running process. (Olt.exe)
This is a unknown process.
C:\WINDOWS\System32\paytime.exe Unknown
Unknown running process. (paytime.exe)
This is a unknown process.
O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll Unknown
Unknown Entries found in this registry zone are potentially nasty. This application ([A0269420-A638-4509-889C-8FC3CC85DA7E] - Result: ) has been checked. Hit rate: -1 % Unknown application.
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1 Possibly nasty
Possibly nasty If this Domain does not belong to your ISP, or your firms network, these entries should be fixed. 'SearchList' entries should be fixed too. Do you know the IP or Domain '194.204.152.34,194.204.159.1'? If not, fix this entry.
O17 - HKLM\System\CCS\Services\Tcpip\..\{855DAB22-377A-46F6-88A4-747E8FD95B76}: NameServer = 194.204.152.34,194.204.159.1
typerek napisał(a):Zrobilem formata i jak narazie jest spokoj
typerek napisał(a):i jak narazie jest spokoj
kemot301 napisał(a):Ładnie. Kliknąłem w pierwszy link i z mety wskoczył do systemy wirus - Bloodhound.Explolit.6
Robertj napisał(a):Tomek piszesz o tym linku co podałem? Bo Avast nic nie znalazł.
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 5 gości