Proszę o sprawdzenie loga

z tego względu iż ostatnio zaczął mi zamulać lapek umieszczam log’a z HijackThis:

z góry dzięki za pomoc

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17:11, on 2009-01-11

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16764)

Boot mode: Normal

Running processes:

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Toshiba\SmoothView\SmoothView.exe

C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\DAEMON Tools Lite\daemon.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\PLAY ONLINE\PLAY ONLINE.exe

c:\PROGRA~1\mcafee\msc\mcuimgr.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\mobsync.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: My Global Search Bar BHO - {37B85A21-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll

O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe”

O4 - HKLM…\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM…\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM…\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM…\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM…\Run: [iTSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START

O4 - HKLM…\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM…\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM…\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM…\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup

O4 - HKLM…\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [Camera Assistant Software] “C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe” /start

O4 - HKLM…\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM…\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM…\Run: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM…\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM…\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKCU…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep”

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘USŁUGA SIECIOWA’)

O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User ‘Default user’)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/red … &site=home (file missing)

O13 - Gopher Prefix:

O17 - HKLM\System\CCS\Services\Tcpip…{5A1D0E6C-08A7-4D03-A02E-DC553383D8C6}: NameServer = 89.108.195.20 89.108.195.21

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

End of file - 9379 bytes

Logi wklejasz na wklej.org lub wklej.to, a w poście dajesz link !!

Wywal śmieć Bonjour. http://www.searchengines.pl/Jak-usunac- … 03177.html

Fix w HiJackThis: ( Do a system scan only - zaznaczasz pola przy podanych niżej wpisach - Fix checked )

Pobierz The Avenger i uruchom.

Skopiuj ten tekst:

Folders to delete:

C:\Program Files\MyGlobalSearch

W oknie The Avengera klikasz Paste Script from Clipboard , wybierasz Execute i zgadzasz się na restart.

Po restarcie kasujesz plik C:\Avenger\backup.zip i dajesz tutaj do sprawdzenia raport C:\avenger.txt

Pokaż logi z OTL

(Na Windows Vista uruchamiamy program z menu Uruchom jako Administrator… )

oraz GMER.

Proces z The Avenger zrobiony.

Plik Bonjour nie chce mi sie wynalesc :confused:

a GMER pod koniec skanowania wywala mi blad :confused:

logi z OTL: http://wklej.org/id/120449/

to problem z MyGlobarSarch?

przez ten “My global sarch”

w C:\Wolumine information czy jakoś tak mam 10 wirów na dzień