prosze o sprawdzenie loga hj

IP: 87.192.19.* 21.05.07, 19:29
probowalem sprawdzac loga na hijackthis.de a tam wyglada ze wszytko jest w
porzadku. Tyle tylko ze nigdy nie mialem tak dlugiej listy w hj.

poza tym nie moge uruchomic ewido bo za kazdym razem jest komunikat o bledzie
zgodnosci.

co moge usunac z autostartu?


Logfile of HijackThis v1.99.1
Scan saved at 18:15:06, on 2007-05-21
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Przemek\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Users\Przemek\AppData\Local\Temp\Temp2_hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
uk.rd.yahoo.com/customize/ycomp/defaults/sp/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
pl.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
pl.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} -
C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -
C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management -
{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering
Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} -
C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dll
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) -
Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner -
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
ccCommon (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program
Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT -
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering
Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering
Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. -
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner -
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common
Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility
Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program
Files\Eset\nod32krn.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner -
%windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner -
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown
owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Securom User Access for Windows 2000 and Windows XP a
technology by Sony DADC (UserAccess) - Unknown owner - C:\Program Files\Common
Files\YDP\UserAccessManager\useraccess.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering
Technology\ePower\ePowerSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101
(WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media
Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. -
C:\Windows\
    • Gość: Kolobos Re: prosze o sprawdzenie loga hj IP: *.escom.net.pl 21.05.07, 19:44
      Doklej w kolejnym poscie reszte, ktora sie obciela.
      Zamiast ewido zainstaluj SuperAntiSpyware, a jak chcesz ewido to sciagnij nowa
      wersje AVG AntiSpyware.
      • Gość: przemek Re: prosze o sprawdzenie loga hj IP: 87.192.19.* 21.05.07, 20:54
        Przelecialem SuperAntiSpyware ale prawie nic nie bylo.

        Ostatnia linijka ktorej urwalo kawalek w poprzednim poscie:

        O23 - Service: XAudioService - Conexant Systems, Inc. -
        C:\Windows\system32\DRIVERS\xaudio.exe

        co moge wylaczyc z autostartu?
        • Gość: Kolobos Re: prosze o sprawdzenie loga hj IP: *.escom.net.pl 21.05.07, 22:22
          W hjt usun:
          R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
          uk.rd.yahoo.com/customize/ycomp/defaults/sp/*uk.yahoo.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
          pl.intl.acer.yahoo.com
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
          go.microsoft.com/fwlink/?LinkId=54896
          R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
          go.microsoft.com/fwlink/?LinkId=54896
          R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
          pl.intl.acer.yahoo.com
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
          R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
          R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
          uk.rd.yahoo.com/customize/ycomp/defaults/su/*uk.yahoo.com
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
          R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
          C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll <- klikasz na olowek na
          pasku yahoo i uninstall.
          O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
          C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
          C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
          O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
          O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
          C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
          O13 - Gopher Prefix:

          O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows
          Defender\MSASCui.exe -hide <- Defendera mozna wylaczyc w
          Start->Uruchom->services.msc + wylaczyc w centrum zabezpieczen.

          To mozesz wylaczyc w msconfig (nie usuwaj w hjt!):
          O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
          O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
          /autoRun <- wylaczenie sidebaru wylaczy sidebar wiec jak go uzywasz/potrzebujesz
          to zostaw wlaczone.

          Ta usluge mozesz wylaczyc w services.msc:
          O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown
          owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h
          ccCommon (file missing)

          Jak cos z tego co podalem jest Ci potrzebne to oczywiscie tego nie wylaczaj/usuwaj.

          > Przelecialem SuperAntiSpyware ale prawie nic nie bylo.

          System jest czysty wiec to chyba normalne.
Pełna wersja