Błagam pomocy kto mi sprawdzi loga ?? pliss :(

Jestem troszke ciemna i nie wiem o co w tym chodzi :P Bardzo prosze zeby ktos mi pomogl i to sprawdzil... z góry dziekuje :)

Logfile of HijackThis v1.99.1
Scan saved at 20:13:25, on 2005–07–30
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\WINupdate.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lechu\Ustawienia lokalne\Temp\Katalog tymczasowy 7 dla hijackThis.zip\HijackThis.exe

R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 – REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 – BHO: &EliteSideBar – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 – HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 – HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 – HKLM\..\Run: [Microsoft Games] gamemanager.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 – HKLM\..\Run: [winupdaterx] WINupdate.exe
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\eliteuxm32.exe
O4 – HKLM\..\Run: [5YpA] C:\WINDOWS\nulydwh.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\RunServices: [Microsoft Games] gamemanager.exe
O4 – HKLM\..\RunServices: [winupdaterx] WINupdate.exe
O4 – HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\PROGRA~1\GADU–G~1\gg.exe" /tray
O4 – HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 – Extra context menu item: &Google Search – res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 – Extra context menu item: Backward Links – res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 – Extra context menu item: Translate into English – res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:\Recycled\Q330995.exe
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab

co ja bym bez was zrobiła..:) Jestescie super! Dzieki! =]

Helcia

Dodano: 31.07.2005 00:17:47

Uźyj teź tego:
http://www.softpedia.com/get/Internet/Popup–Ad–Spyware–Blockers/EliteToolbar–Remover.shtml
Po czynnościach nowy log.

boczi

Dodano: 30.07.2005 23:08:40

Usun troche wiecej. Zaznacz w HiJacku i nacisnij FIX:

C:\WINDOWS\System32\userinit32.exe
C:\WINDOWS\System32\WINupdate.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchmiracle.com/sp.php
F2 – REG:system.ini: UserInit=userinit.exe,userinit32.exe
O2 – BHO: &EliteSideBar – {ED103D9F–3070–4580–AB1E–E5C179C1AE41} – C:\WINDOWS\EliteSideBar\EliteSideBar 08.dll (file missing)
O4 – HKLM\..\Run: [Microsoft Games] gamemanager.exe
O4 – HKLM\..\Run: [winupdaterx] WINupdate.exe
O4 – HKLM\..\Run: [checkrun] C:\windows\system32\eliteuxm32.exe
O4 – HKLM\..\Run: [5YpA] C:\WINDOWS\nulydwh.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\RunServices: [Microsoft Games] gamemanager.exe
O4 – HKLM\..\RunServices: [winupdaterx] WINupdate.exe
O4 – HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O15 – Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:\Recycled\Q330995.exe

EL NINO

Dodano: 30.07.2005 22:52:27

Jejku bardzo dziekuje za pomoc !! moze jakos sobie poradze zobaczymy :) jeszcze raz dzieki :*

Helcia

Dodano: 30.07.2005 22:28:46

Błagam pomocy kto mi sprawdzi loga ?? pliss :(

Odpowiedzi: 4