Bardzo proszę o sprawdzenie loga

[diana.ol]

Logfile of HijackThis v1.99.1
Scan saved at 22:52:51, on 09.02.2006
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\apijf32.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet
Security\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\sdkxf32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Diana\Pulpit\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = ??cza
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit
C:\pav.reg,C:\WINDOWS\System32\userinit.exe,userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {0F1C73A3-D00A-5B50-277B-29E122FC2D80} - C:\WINDOWS\netoq32.dll
O2 - BHO: Class - {10CD072E-A68D-DA55-AC5C-4CADA122CDB1} -
C:\WINDOWS\system32\apiha.dll
O2 - BHO: (no name) - {248316A5-BA51-D1E4-0604-9652D4733BAA} - (no file)
O2 - BHO: (no name) - {291F3D73-FEAF-2E39-F0F9-7652DDA707CA} - (no file)
O2 - BHO: (no name) - {37364764-29A5-3B85-572E-2E433D2CE1F4} - (no file)
O2 - BHO: Class - {38F529FF-1EDC-01E9-83E9-DD82ED68EC0D} -
C:\WINDOWS\system32\d3lu.dll
O2 - BHO: (no name) - {50869ABA-33E9-4196-7AEE-75E885433BAA} - (no file)
O2 - BHO: (no name) - {509EE3A1-0DA3-E6F6-847A-4CAFDBB2C0DB} - (no file)
O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
O2 - BHO: (no name) - {64093E2C-B6EF-B1DE-9C87-E7AD64BF980D} - (no file)
O2 - BHO: (no name) - {69E4F856-7366-6EE5-EE1F-71F0E5F51F33} - (no file)
O2 - BHO: Class - {71E94D83-8173-542B-9A66-5DEB602D769D} - C:\WINDOWS\ipon32.dll
O2 - BHO: (no name) - {7F9872AA-D844-3BA5-05C2-D4D77CABA699} - (no file)
O2 - BHO: (no name) - {84C0F02B-6633-E1F2-AEAB-B7E959784788} - (no file)
O2 - BHO: (no name) - {8674F6CD-EB6E-CD07-FBE1-506F82436CC8} - (no file)
O2 - BHO: Class - {8853708A-2E5C-80FC-1A5C-B410077C3BE1} -
C:\WINDOWS\system32\ipqj.dll
O2 - BHO: (no name) - {983C713A-7709-AF4C-D26B-38F787430CE6} - (no file)
O2 - BHO: (no name) - {A1448DC6-7406-B068-210E-D3F294FB1FA8} - (no file)
O2 - BHO: Class - {A1BD0FEA-E869-CA1B-02CB-8C740277D910} -
C:\WINDOWS\system32\sdkoe.dll
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {C20427B5-F4CC-E04E-6477-FCAF3C116979} - (no file)
O2 - BHO: Class - {CAF47898-C983-EDC8-AA16-D3DD2ABB41F8} - C:\WINDOWS\d3vo.dll
O2 - BHO: (no name) - {D4EFC592-3458-DFCE-9A65-8A24EF11D290} - (no file)
O2 - BHO: (no name) - {DEC23984-57DA-169D-2ABC-89B52CDC9100} - (no file)
O2 - BHO: Class - {DF9CB6C3-8E7D-6253-4FD4-7C38D013948E} - C:\WINDOWS\msht32.dll
O2 - BHO: Class - {E07D9064-AD32-E4F4-6A8B-A5DBD4D56770} -
C:\WINDOWS\system32\javain32.dll
O2 - BHO: (no name) - {F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} - (no file)
O2 - BHO: (no name) - {FD064786-0540-EDEF-EB58-211A5DA521D0} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE
Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"
-lang 1033
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [sdkxf32.exe] C:\WINDOWS\system32\sdkxf32.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) -
67.15.101.3/g_bin/pl/roulette_2_0_0_17.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) -
67.15.101.3/g_bin/pl/slots90_2_0_0_26.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) -
67.15.101.3/g_bin/pl/slots70_2_0_0_26.cab
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
217.73.66.1/minidialler/mddl/PL/910134_nocreditcardneeded_.exe
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) -
67.15.101.3/g_bin/pl/words_2_0_0_38.cab
O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) -
67.15.101.3/g_bin/pl/slots80_2_0_0_26.cab
O20 - Winlogon Notify: iexplore - 0rf0m.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - Unknown
owner - C:\WINDOWS\apijf32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner -

[barracuda7110]

To tniesz:
> C:\WINDOWS\apijf32.exe (wywal wpis w hijackthis i skasuj plik z dysku)

> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:bl
> ank
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
> R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
> res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net

Wywal wszystko co zaczyna się od 02 np:
> O2 - BHO: (no name) - {248316A5-BA51-D1E4-0604-9652D4733BAA} - (no file)

Później skan ad-aware i spybot; instalacja poprawek do systemu:
www.windowsupdate.com

do barracuda7110

[diana.ol]

Wycięłam wszystko co trzeba,ale (przepraszam,słabo si ę znam na komputerach:( )
nie wiem jeki plik mam skasować i na jakim dysku,D czy C?
No i co dalej z tym?Później skan ad-aware i spybot; instalacja poprawek do systemu:
> www.windowsupdate.com



>
>

[neder]

pytasz na jakim dysku, a przeciez masz jasno napisane co i gdzie usunąć:

> C:\WINDOWS\apijf32.exe


poza tym wystarczy uruchomic wyszukiwanie i po kłopocie



> No i co dalej z tym?Później skan ad-aware i spybot; instalacja poprawek do syst
> emu:
> > www.windowsupdate.com
>

dalej to DOKŁADNIE to co napisane, czyli skan adaware, spybot (choć polecałabym
Microsoft Antispyware) oraz aktualizujesz system.

Powyższe programy oczywiście ściągasz z internetu jesli ich nei masz i nie
zapominasz przed skanowaniem o aktualizacji (w wersji angielskie 'update' -
uprzedzam pytanie...)
pzdr
pzdr

[barracuda7110]

Jeszcze to wygląda na zbędne:
O20 - Winlogon Notify: iexplore - 0rf0m.dll (file missing)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - Unknown
owner - C:\WINDOWS\apijf32.exe

Poszukaj programu xp-antispy i powyłączaj w nim zbędne usługi.

...cd

[diana.ol]

Wywaliłam wszystko na O2
A gdzi szukać xp antyspy i ską wiadomo które usługi są zbędne?
Sorki że zadaje nie zbyt mądre pytania...

> Jeszcze to wygląda na zbędne:
> O20 - Winlogon Notify: iexplore - 0rf0m.dll (file missing)
> O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - Unkno
> wn
> owner - C:\WINDOWS\apijf32.exe
>
> Poszukaj programu xp-antispy i powyłączaj w nim zbędne usługi.
>

[barracuda7110]

xp-antispy:
xp-antispy.org/index.php?option=com_remository&func=sellang&iso=pl
ad-aware: www.download.com/3000-2144-10045910.html
spybot: www.safer-networking.org/pl/download/index.html

na przyszłość: www.google.pl :)

[kolobos]

Na poczatek uruchom menadzer zadan (prawoklik na pasku start lub w
alt+ctrl+del) i zamknij w nim te procesy:

C:\WINDOWS\apijf32.exe
C:\WINDOWS\system32\sdkxf32.exe
C:\Program Files\TBONBin\tbon.exe
Plik usun z dysku oraz katalog TBONBin

W hijackthis usun:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
res://C:\WINDOWS\clzza.dll/sp.html#47254%resultposition.net
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit
C:\pav.reg,C:\WINDOWS\System32\userinit.exe,userinit.exe <- Start->Uruchom-
>regedit i wyszukaj userinit z podanym wpisem i usun wszystko zostawiajac taki
wpis:
UserInit=C:\Windows\System32\userinit.exe,
O2 - BHO: Class - {0F1C73A3-D00A-5B50-277B-29E122FC2D80} -
C:\WINDOWS\netoq32.dll <- usun plik
O2 - BHO: Class - {10CD072E-A68D-DA55-AC5C-4CADA122CDB1} -
C:\WINDOWS\system32\apiha.dll <- usun plik
O2 - BHO: (no name) - {248316A5-BA51-D1E4-0604-9652D4733BAA} - (no file)
O2 - BHO: (no name) - {291F3D73-FEAF-2E39-F0F9-7652DDA707CA} - (no file)
O2 - BHO: (no name) - {37364764-29A5-3B85-572E-2E433D2CE1F4} - (no file)
O2 - BHO: Class - {38F529FF-1EDC-01E9-83E9-DD82ED68EC0D} -
C:\WINDOWS\system32\d3lu.dll <- usun plik
O2 - BHO: (no name) - {50869ABA-33E9-4196-7AEE-75E885433BAA} - (no file)
O2 - BHO: (no name) - {509EE3A1-0DA3-E6F6-847A-4CAFDBB2C0DB} - (no file)
O2 - BHO: (no name) - {59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} - (no file)
O2 - BHO: (no name) - {64093E2C-B6EF-B1DE-9C87-E7AD64BF980D} - (no file)
O2 - BHO: (no name) - {69E4F856-7366-6EE5-EE1F-71F0E5F51F33} - (no file)
O2 - BHO: Class - {71E94D83-8173-542B-9A66-5DEB602D769D} -
C:\WINDOWS\ipon32.dll <- usun plik
O2 - BHO: (no name) - {7F9872AA-D844-3BA5-05C2-D4D77CABA699} - (no file)
O2 - BHO: (no name) - {84C0F02B-6633-E1F2-AEAB-B7E959784788} - (no file)
O2 - BHO: (no name) - {8674F6CD-EB6E-CD07-FBE1-506F82436CC8} - (no file)
O2 - BHO: Class - {8853708A-2E5C-80FC-1A5C-B410077C3BE1} -
C:\WINDOWS\system32\ipqj.dll <- usun plik
O2 - BHO: (no name) - {983C713A-7709-AF4C-D26B-38F787430CE6} - (no file)
O2 - BHO: (no name) - {A1448DC6-7406-B068-210E-D3F294FB1FA8} - (no file)
O2 - BHO: Class - {A1BD0FEA-E869-CA1B-02CB-8C740277D910} -
C:\WINDOWS\system32\sdkoe.dll <- usun plik
O2 - BHO: (no name) - {C0C935B6-982E-AA23-A228-EE3A265350F0} - (no file)
O2 - BHO: (no name) - {C20427B5-F4CC-E04E-6477-FCAF3C116979} - (no file)
O2 - BHO: Class - {CAF47898-C983-EDC8-AA16-D3DD2ABB41F8} - C:\WINDOWS\d3vo.dll
<- usun plik
O2 - BHO: (no name) - {D4EFC592-3458-DFCE-9A65-8A24EF11D290} - (no file)
O2 - BHO: (no name) - {DEC23984-57DA-169D-2ABC-89B52CDC9100} - (no file)
O2 - BHO: Class - {DF9CB6C3-8E7D-6253-4FD4-7C38D013948E} -
C:\WINDOWS\msht32.dll <- usun plik
O2 - BHO: Class - {E07D9064-AD32-E4F4-6A8B-A5DBD4D56770} -
C:\WINDOWS\system32\javain32.dll <- usun plik
O2 - BHO: (no name) - {F52B4B29-EAA0-A4B2-3FF3-0A8EE5DB6566} - (no file)
O2 - BHO: (no name) - {FD064786-0540-EDEF-EB58-211A5DA521D0} - (no file)
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe <- opis
usuwania tutaj:
www.searchengines.pl/phpbb203/index.php?showtopic=31936&st=15&p=240377&#entry240377

O4 - HKLM\..\Run: [sdkxf32.exe] C:\WINDOWS\system32\sdkxf32.exe <- usun plik
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
217.73.66.1/minidialler/mddl/PL/910134_nocreditcardneeded_.exe
O20 - Winlogon Notify: iexplore - 0rf0m.dll (file missing) <- tutaj look2me
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·şÄÖ`I) - Unknown
owner - C:\WINDOWS\apijf32.exe <- Start->Uruchom->cmd i tam wpisz:
sc stop 11Fßä#·şÄÖ`I
sc delete 11Fßä#·şÄÖ`I
(najlepiej wklej bo sama nie wpiszesz)

Zrob skan tym:
ftp://download.hirekmedia.hu/ssfsetup1_0.exe <- zrob update przed skanowaniem,
po przeskanowaniu odinstaluj.
download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
przeskanowaniu odinstaluj.
Zamknij porty w wwdc:
www.firewallleaktester.com/tools/wwdc.exe
Zmien przegladarke na Opere lub Firefox i nie uzywaj IE.

Uzyj:
www.simplytech.it/L2MRemover/index_e.htm
www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/Killme.shtml
www.trojaner-info.de/files/SpSeHjfix112.exe
downloads.subratam.org/AboutBuster.zip

Po wszystkim wklej nowy log.