[Problem] trojan - system awaryjny nie dziala

czy jest jakis sposob oprocz formata na usuniecie trojana? vista sie nie uruchamia a kiedy chce usunac go w trybie awaryjnym, to ten restartuje system po jednej minucie tak ze nie zdaze nic zrobic..bardzo zalezy mi na danych na laptopie i nie chcialabym instalowac systemu od nowa....

Zdążysz zrobić log z hijacka i wysłać?? Jeśli tak, to mógłbyś go rzucić, bo nie wiemy z jakim trojanem mamy doczynienia...

Logfile of HijackThis v1.99.1Scan saved at 18:02:48, on 2008-10-10Platform: Unknown Windows (WinNT 6.00.1905 SP1)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Running processes:C:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.wp.pl/"]http://www.wp.pl/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.google.pl"]http://www.google.pl[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl"]http://www.google.pl[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twext.exe,O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEO4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exeO4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\oPiJCtqn.dll,#1O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exeO4 - HKLM\..\RunOnce: [WLuSetup] C:\Program Files\Symantec\LiveUpdate\luupdate.exe -p wlumsp.mspO4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXEO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Wyœlij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyœlij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - [url="http://rover.ebay.com/rover/1/4908-44618-9400-3/4"]http://rover.ebay.com/rover/1/4908-44618-9400-3/4[/url] (file missing)O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - [url="http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home"]http://www.amazon.co.uk/exec/obidos/redire...1&site=home[/url] (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO11 - Options group: [INTERNATIONAL] International*O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/Facebo...toUploader5.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dllO23 - Service: Harmonogram automatycznej us³ugi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

udalo sie, tym razem awaryjny sie nie wylaczyl...
blagam o jak najszybsza odpowiedz.dziekiiiii

Logfile of HijackThis v1.99.1Scan saved at 19:54:45, on 2008-10-10Platform: Unknown Windows (WinNT 6.00.1905 SP1)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Running processes:C:\Windows\system32\csrss.exeC:\Windows\system32\csrss.exeC:\Windows\system32\wininit.exeC:\Windows\system32\winlogon.exeC:\Windows\system32\services.exeC:\Windows\system32\lsass.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exeC:\Windows\system32\twext.exeC:\Windows\Explorer.EXEC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.wp.pl/"]http://www.wp.pl/[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.google.pl"]http://www.google.pl[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl"]http://www.google.pl[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twext.exe,O1 - Hosts: ::1 localhostO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exeO4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exeO4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXEO4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exeO4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exeO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\oPiJCtqn.dll,#1O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exeO4 - HKLM\..\RunOnce: [WLuSetup] C:\Program Files\Symantec\LiveUpdate\luupdate.exe -p wlumsp.mspO4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXEO4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /trayO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dllO9 - Extra button: Wyœlij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Wyœlij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - [url="http://rover.ebay.com/rover/1/4908-44618-9400-3/4"]http://rover.ebay.com/rover/1/4908-44618-9400-3/4[/url] (file missing)O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - [url="http://www.amazon.co.uk/exec/obidos/redirect-home?tag=Toshibaukbholink-21&site=home"]http://www.amazon.co.uk/exec/obidos/redire...1&site=home[/url] (file missing)O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dllO10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dllO11 - Options group: [INTERNATIONAL] International*O13 - Gopher Prefix: O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - [url="http://upload.facebook.com/controls/FacebookPhotoUploader5.cab"]http://upload.facebook.com/controls/Facebo...toUploader5.cab[/url]O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab"]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLLO20 - Winlogon Notify: igfxcui - C:\Windows\SYSTEM32\igfxdev.dllO23 - Service: Harmonogram automatycznej us³ugi LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exeO23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXEO23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exeO23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exeO23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exeO23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exeO23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeO23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

wklejam nowego..poprzedni nie byl pelny...czy kots jest w stanie mi pomoc?? wiem na pewno ze problemem jest twext.exe ale chce wiedziec w jakiej kolejnosci postepowac zeby calkowicie pozbyc sie tego szitu...

odpal hjt wybierz opcję do a system scan only i zrobi Ci się log i zaznacz kwadraty obok poniższych wisów i daj fix

O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\oPiJCtqn.dll,#1
O9 - Extra button: eBay - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/4908-44618-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redire...1&site=home (file missing)

dodatkowo usuń np killboxem poniższe pliki

C:\Windows\system32\oPiJCtqn.dll,#1
C:\Windows\System32\rs32net.exe


instrukcja użycia killboxa:

1.Po ściągnięciu wybierz obrazek na prawo od rączki w celu wybrania powyższych plików
2.Po wybraniu ich kliknij na czerwony strzał.

Po wykonaniu tego wszytkiego nowy log z combofix.Jak zrobić znajdziesz u mnie w podpisie.

F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twext.exe,
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\oPiJCtqn.dll,#1
O4 - HKLM\..\Run: [rs32net] C:\Windows\System32\rs32net.exe

Najpierw te powyższe wpisy sfiksuj"
>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Potem, po restarcie, ściągnij ComboFix (linki do wyboru):>ComboFix
>ComboFix
>ComboFix
Wklej do Notatnika:

File::
C:\Windows\system32\twext.exe,
C:\Windows\system32\oPiJCtqn.dll
C:\Windows\System32\rs32net.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
"rs32net"=-

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.
Po restarcie usuń ręcznie folder C:\Qoobox.

EDIT:
Chyba pisałem w czasie, gdy dostałaś już odpowiedź od @wncvirusa.

ordynat

ComboFix 08-10-10.01 - Taszka 2008-10-11 15:18:18.1 - NTFSx86 NETWORKMicrosoft® Windows Vista™ Home Premium   6.0.6001.1.1250.1.1045.18.1704 [GMT 2:00]Uruchomiony z: C:\Users\Taszka\Desktop\ComboFix.exeU¿yto nastêpuj¹cych komend :: C:\Users\Taszka\Desktop\CFScript.txtFILE ::C:\Windows\system32\oPiJCtqn.dllC:\Windows\System32\rs32net.exeC:\Windows\system32\twext.exe,.(((((((((((((((((((((((((((((((((((((((   Usuniêto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\d.exeC:\Windows\system32\oPiJCtqn.dllC:\Windows\System32\rs32net.exeC:\Windows\system32\twain_32C:\Windows\system32\twain_32\[u]0[/u]0179655.ufC:\Windows\system32\twain_32\local.dsC:\Windows\system32\twain_32\user.ds.(((((((((((((((((((((((((   Pliki utworzone od 2008-09-11 do 2008-10-11  ))))))))))))))))))))))))))))))).Nie utworzono ¿adnych nowych plików w tym okresie.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-10 20:21	---------	d-----w	C:\ProgramData\PrevxCSI2008-10-10 18:32	---------	d-----w	C:\Program Files\Alwil Software2008-10-10 18:30	26,424	----a-w	C:\Windows\system32\drivers\pxark.sys2008-10-10 18:30	---------	d-----w	C:\Program Files\PrevxCSI2008-10-10 17:30	---------	d-----w	C:\Users\Taszka\AppData\Roaming\U32008-10-10 16:36	---------	d-----w	C:\ProgramData\Lavasoft2008-10-10 16:19	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard2008-10-09 12:23	---------	d-----w	C:\Program Files\Norton AntiVirus2008-10-09 12:22	52,224	----a-w	C:\ydsopm.exe2008-10-09 12:22	34,816	----a-w	C:\Windows\System32\cbXNGxxw.dll2008-10-09 12:22	103,394	----a-w	C:\Windows\system32\drivers\glaide32.sys2008-10-09 12:22	0	----a-w	C:\d2.exe2008-10-09 12:22	---------	d-----w	C:\ProgramData\Symantec2008-10-09 12:22	---------	d-----w	C:\Program Files\Common Files\Symantec Shared2008-10-09 12:03	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF2008-10-09 12:03	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS2008-10-09 12:03	10,563	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT2008-10-09 12:03	---------	d-----w	C:\Program Files\Symantec2008-10-09 11:35	---------	d-----w	C:\ProgramData\McAfee2008-10-08 23:58	---------	d-----w	C:\Program Files\DC++2008-10-08 22:20	---------	d-----w	C:\Program Files\<a href="http://www.download.net.pl/105/K-Lite-Codec-Pack/">K-Lite Codec Pack</a>2008-10-08 22:18	---------	d-----w	C:\Program Files\Google2008-10-08 22:17	---------	d-----w	C:\Program Files\Media Player Classic2008-10-08 22:13	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Media Player Classic2008-10-08 21:44	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Skype2008-10-08 15:34	---------	d-----w	C:\Users\Taszka\AppData\Roaming\skypePM2008-09-30 20:34	174	--sha-w	C:\Program Files\desktop.ini2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Sidebar2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Photo Gallery2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Mail2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Journal2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Defender2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Collaboration2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Calendar2008-09-30 19:57	82,432	----a-w	C:\Windows\System32\axaltocm.dll2008-09-30 19:57	101,888	----a-w	C:\Windows\System32\ifxcardm.dll2008-09-11 23:45	---------	d-----w	C:\Program Files\Common Files\Adobe2008-09-10 12:26	---------	d-----w	C:\ProgramData\Microsoft Help2008-09-06 09:07	---------	d-----w	C:\Program Files\Skype2008-09-04 09:36	---------	d-----w	C:\Program Files\Odkurzacz2008-09-02 12:54	---------	d-----w	C:\Program Files\DAEMON Tools Toolbar2008-09-02 12:51	---------	d-----w	C:\Program Files\Microsoft Works2008-09-02 12:50	---------	d-----w	C:\Program Files\MSBuild2008-09-02 12:49	---------	d-----w	C:\Program Files\Microsoft.NET2008-09-02 12:48	---------	d-----w	C:\Program Files\Microsoft Visual Studio 82008-09-02 12:36	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys2008-09-02 12:35	---------	d-----w	C:\Users\Taszka\AppData\Roaming\DAEMON Tools2008-09-01 16:26	---------	d-----w	C:\Users\Taszka\AppData\Roaming\PeerNetworking2008-08-26 18:07	---------	d-----w	C:\Users\Taszka\AppData\Roaming\ACD Systems2008-08-26 18:05	9,856	----a-w	C:\Windows\system32\drivers\pfc.sys2008-08-26 18:05	---------	d-----w	C:\ProgramData\ACD Systems2008-08-26 18:05	---------	d-----w	C:\Program Files\Common Files\ACD Systems2008-08-26 18:05	---------	d-----w	C:\Program Files\ACD Systems2008-08-26 17:30	269,312	----a-w	C:\Windows\System32\es.dll2008-08-26 11:59	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Ulead Systems2008-08-25 20:59	---------	d-----w	C:\Users\Taszka\AppData\Roaming\TOSHIBA2008-08-25 20:20	---------	d-----w	C:\ProgramData\WinZip2008-08-25 20:10	---------	d-----w	C:\ProgramData\Skype2008-08-25 20:10	---------	d-----w	C:\Program Files\Common Files\Skype2008-08-25 19:54	61,440	----a-w	C:\Windows\System32\winipsec.dll2008-08-25 19:54	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL2008-08-25 19:54	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll2008-08-25 19:54	272,896	----a-w	C:\Windows\System32\polstore.dll2008-08-25 19:51	2,048	----a-w	C:\Windows\System32\tzres.dll2008-08-25 19:44	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll2008-08-25 19:42	827,392	----a-w	C:\Windows\System32\wininet.dll2008-08-25 19:40	988,216	----a-w	C:\Windows\System32\winload.exe2008-08-25 19:40	927,288	----a-w	C:\Windows\System32\winresume.exe2008-08-25 19:40	615,992	----a-w	C:\Windows\System32\ci.dll2008-08-25 19:40	6,656	----a-w	C:\Windows\System32\kbd106n.dll2008-08-25 19:40	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll2008-08-25 19:40	40,960	----a-w	C:\Windows\System32\srclient.dll2008-08-25 19:40	378,368	----a-w	C:\Windows\System32\srcore.dll2008-08-25 19:40	318,464	----a-w	C:\Windows\System32\rstrui.exe2008-08-25 19:40	19,000	----a-w	C:\Windows\System32\kd1394.dll2008-08-25 19:40	14,848	----a-w	C:\Windows\System32\srdelayed.exe2008-08-25 19:39	295,936	----a-w	C:\Windows\System32\gdi32.dll2008-08-25 19:39	2,032,128	----a-w	C:\Windows\System32\win32k.sys2008-08-25 19:39	14,848	----a-w	C:\Windows\System32\wshrm.dll2008-08-25 19:39	113,664	----a-w	C:\Windows\system32\drivers\rmcast.sys2008-08-25 19:38	84,480	----a-w	C:\Windows\System32\INETRES.dll2008-08-25 19:38	738,304	----a-w	C:\Windows\System32\inetcomm.dll2008-08-25 19:38	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll2008-08-25 19:38	1,695,744	----a-w	C:\Windows\System32\gameux.dll2008-08-25 19:38	1,314,816	----a-w	C:\Windows\System32\quartz.dll2008-08-25 19:36	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Gadu-Gadu2008-08-25 19:31	---------	d-----w	C:\Program Files\Gadu-Gadu2008-08-25 19:22	---------	d-----w	C:\Program Files\Java2008-08-25 18:49	428,544	----a-w	C:\Windows\System32\EncDec.dll2008-08-25 18:49	293,376	----a-w	C:\Windows\System32\psisdecd.dll2008-08-25 18:46	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Winamp2008-08-25 18:36	---------	d-----w	C:\Program Files\Winamp2008-08-25 17:23	---------	d-----w	C:\ProgramData\TOSHIBA2008-08-25 17:20	---------	d-----w	C:\ProgramData\ToshibaEurope2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Ulubione2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Szablony2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Pulpit2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Menu Start2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Dokumenty2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Dane aplikacji.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyœlne, prawid³owe wpisy nie s¹ pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-25 141848]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-25 154136]"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-25 129560]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"GrpConv"="grpconv -o" [X]"WLuSetup"="C:\Program Files\Symantec\LiveUpdate\luupdate.exe" [2008-08-01 636280][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnkbackup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnkbackup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Taszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]path=C:\Users\Taszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkbackup=C:\Windows\pss\TRDCReminder.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]--a------ 2007-10-25 17:41 413696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]--a------ 2007-10-31 23:01 54608 C:\Program Files\Toshiba\TBS\HSON.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]--a------ 2007-09-28 17:03 75136 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]--a------ 2007-05-04 12:05 571024 C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3744156645-2657655034-445147232-1000]"EnableNotificationsRef"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{ACCE14DC-FAEF-4742-9726-2A43D2216075}"= C:\Program Files\Skype\Phone\Skype.exe:Skype"{C29CF4F3-F8F8-47C2-B59B-86B062831278}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{F40E5E89-37BB-4FFD-9792-5529913E41BF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{AAAD07E4-A964-4F10-A91F-CE1F65C5460D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{45A11336-020C-496C-8025-A4CA6B1C2E07}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{075E8B16-E64A-4FE5-B92D-14E08EEE049A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]S1 glaide32;glaide32;C:\Windows\system32\drivers\glaide32.sys [2008-10-09 103394]S1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]S2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]S2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-10 877624]S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 41008][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]\shell\AutoRun\command - D:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]\shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c54287-79c5-11dd-ba4f-00037a82f7a4}]\shell\AutoRun\command - LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8da22e7-78eb-11dd-9689-00037a82f7a4}]\shell\AutoRun\command - D:\SETUP.EXE\shell\configure\command - D:\SETUP.EXE\shell\install\command - D:\SETUP.EXE.Zawartoœæ folderu 'Zaplanowane zadania'2008-10-09 C:\Windows\Tasks\Norton AntiVirus - Uruchom pe³ne skanowanie systemu - Taszka.job- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05].- - - - USUNIÊTO PUSTE WPISY - - - -HKCU-Run-TOSCDSPD - TOSCDSPD.EXEHKLM-Run-NDSTray.exe - NDSTray.exeHKLM-RunOnce-<NO NAME> - (no file)ShellExecuteHooks-{0574D50F-C261-490D-BF39-4E91183C4EFB} - C:\Windows\system32\oPiJCtqn.dllMSConfigStartUp-Desktop SMS - C:\Program Files\IDM\Desktop SMS\DesktopSMS.exeMSConfigStartUp-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exeMSConfigStartUp-topi - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-10-11 15:23:51Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... skanowanie pomyœlnie ukoñczoneukryte pliki: 0**************************************************************************.Czas ukoñczenia: 2008-10-11 15:25:02Przed: System nie mo¿e znaleŸæ komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.Po: 75,466,985,472 bajtów wolnych260	--- E O F ---	2008-10-01 09:32:56

postepowalam zgodnie z waszymi instrukcjami tylko ze juz wczesniej sfiksowalam niektore wpisy stad te wzmianki o brakach komunikatow..bo plik cfscript dalam taki jaki mi zaproponowaliscie..licze na szybki odzew..

Wklej do Notatnika:

File::
C:\Windows\system32\drivers\glaide32.sys
C:\ydsopm.exe
C:\Windows\System32\cbXNGxxw.dll
C:\d2.exe

Driver::
glaide32

>>Plik>>Zapisz jako... >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
-->
Ma się rozpocząć usuwanie. (i powstanie log).
Daj ten log, który powstanie w trakcie usuwania.

ordynat

ComboFix 08-10-10.01 - Taszka 2008-10-11 21:32:02.2 - NTFSx86 NETWORKMicrosoft&reg; Windows Vista™ Home Premium   6.0.6001.1.1250.1.1045.18.1694 [GMT 2:00]Uruchomiony z: C:\Users\Taszka\Desktop\ComboFix.exeUżyto następujących komend :: C:\Users\Taszka\Desktop\CFScript.txtFILE ::C:\d2.exeC:\Windows\System32\cbXNGxxw.dllC:\Windows\system32\drivers\glaide32.sysC:\ydsopm.exe.(((((((((((((((((((((((((((((((((((((((   Usunięto   ))))))))))))))))))))))))))))))))))))))))))))))))).C:\d2.exeC:\Windows\System32\cbXNGxxw.dllC:\Windows\system32\drivers\glaide32.sysC:\ydsopm.exe.(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   ))))))))))))))))))))))))))))))))))))))))))))))))).-------\Service_glaide32(((((((((((((((((((((((((   Pliki utworzone od 2008-09-11 do 2008-10-11  ))))))))))))))))))))))))))))))).2008-10-11 21:39 . 2008-10-11 21:39	0	--ah-----	C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf2008-10-11 15:17 . 2008-10-11 15:17	<DIR>	d--------	C:\ERDNT2008-10-10 20:32 . 2008-10-10 20:32	<DIR>	d--------	C:\Program Files\Alwil Software2008-10-10 20:32 . 2008-07-19 16:36	51,280	--a------	C:\Windows\System32\drivers\aswMonFlt.sys2008-10-10 20:30 . 2008-10-10 22:21	<DIR>	d--------	C:\Users\All Users\PrevxCSI2008-10-10 20:30 . 2008-10-10 22:21	<DIR>	d--------	C:\ProgramData\PrevxCSI2008-10-10 20:30 . 2008-10-10 20:30	<DIR>	d--------	C:\Program Files\PrevxCSI2008-10-10 20:30 . 2008-10-11 21:45	26,424	--a------	C:\Windows\System32\drivers\pxark.sys2008-10-10 19:30 . 2008-10-10 20:25	<DIR>	d--------	C:\!KillBox2008-10-10 18:36 . 2008-10-10 18:36	<DIR>	d--------	C:\Users\All Users\Lavasoft2008-10-10 18:36 . 2008-10-10 18:36	<DIR>	d--------	C:\ProgramData\Lavasoft2008-10-10 18:19 . 2008-10-10 18:19	<DIR>	d--------	C:\Program Files\Common Files\Wise Installation Wizard2008-10-09 14:22 . 2008-10-09 14:22	2	--a------	C:\13472864172008-10-09 14:03 . 2008-10-09 14:23	<DIR>	d--------	C:\Program Files\Norton AntiVirus2008-10-09 14:02 . 2008-10-09 14:03	<DIR>	d--------	C:\Program Files\Symantec2008-10-09 14:02 . 2008-10-09 14:03	123,952	--a------	C:\Windows\System32\drivers\SYMEVENT.SYS2008-10-09 14:02 . 2008-10-09 14:03	10,563	--a------	C:\Windows\System32\drivers\SYMEVENT.CAT2008-10-09 14:02 . 2008-10-09 14:03	805	--a------	C:\Windows\System32\drivers\SYMEVENT.INF2008-10-09 13:58 . 2008-10-09 14:22	<DIR>	d--------	C:\Users\All Users\Symantec2008-10-09 13:58 . 2008-10-09 14:22	<DIR>	d--------	C:\ProgramData\Symantec2008-10-09 13:58 . 2008-10-09 14:22	<DIR>	d--------	C:\Program Files\Common Files\Symantec Shared2008-10-09 13:37 . 2003-03-18 22:20	1,060,864	--a------	C:\Windows\System32\MFC71.dll2008-10-09 13:37 . 2003-03-18 21:14	499,712	--a------	C:\Windows\System32\MSVCP71.dll2008-10-09 00:20 . 2008-10-09 00:20	<DIR>	d--------	C:\Program Files\K-Lite Codec Pack2008-10-09 00:13 . 2008-10-09 00:13	<DIR>	d--------	C:\Users\Taszka\AppData\Roaming\Media Player Classic2008-10-09 00:13 . 2008-10-09 00:17	<DIR>	d--------	C:\Program Files\Media Player Classic2008-10-07 10:52 . 2008-10-09 01:58	<DIR>	d--------	C:\Program Files\DC++2008-10-01 11:32 . 2007-11-08 11:04	11,967,524	--a------	C:\Windows\System32\korwbrkr.lex2008-10-01 11:31 . 2008-05-27 07:17	6,103,040	--a------	C:\Windows\System32\chtbrkr.dll2008-10-01 11:31 . 2008-05-27 07:17	1,671,680	--a------	C:\Windows\System32\chsbrkr.dll2008-10-01 11:31 . 2008-05-27 07:21	1,582,592	--a------	C:\Windows\System32\tquery.dll2008-10-01 11:31 . 2008-05-27 07:21	1,418,240	--a------	C:\Windows\System32\mssrch.dll2008-10-01 11:31 . 2008-05-27 07:18	670,208	--a------	C:\Windows\System32\mssvp.dll2008-10-01 11:31 . 2008-05-27 07:18	439,808	--a------	C:\Windows\System32\SearchIndexer.exe2008-10-01 11:31 . 2008-05-27 07:18	350,208	--a------	C:\Windows\System32\mssph.dll2008-10-01 11:31 . 2008-05-27 07:18	203,776	--a------	C:\Windows\System32\mssphtb.dll2008-10-01 11:31 . 2008-05-27 07:18	184,832	--a------	C:\Windows\System32\SearchProtocolHost.exe2008-09-30 22:23 . 2008-09-30 22:23	<DIR>	d--------	C:\PerfLogs2008-09-30 19:42 . 2008-01-19 09:38	4,595,712	--a------	C:\Windows\System32\AuthFWSnapin.dll2008-09-30 19:41 . 2008-01-19 09:33	8,139,264	--a------	C:\Windows\System32\ssBranded.scr2008-09-30 19:40 . 2008-01-19 09:35	3,072,000	--a------	C:\Windows\System32\networkmap.dll2008-09-30 19:39 . 2008-01-19 09:32	5,714,432	--a------	C:\Windows\System32\logon.scr2008-09-30 19:38 . 2008-01-19 09:35	376,832	--a------	C:\Windows\System32\mspbde40.dll2008-09-30 19:37 . 2008-01-19 08:06	8,147,456	--a------	C:\Windows\System32\wmploc.DLL2008-09-30 19:36 . 2008-01-19 09:36	357,888	--a------	C:\Windows\System32\wbemcomn.dll2008-09-30 19:35 . 2008-01-19 09:36	704,512	--a------	C:\Windows\System32\SmiEngine.dll2008-09-30 19:35 . 2008-01-19 09:36	139,264	--a------	C:\Windows\System32\SmiInstaller.dll2008-09-30 19:34 . 2008-01-19 09:36	218,624	--a------	C:\Windows\System32\wdscore.dll2008-09-30 19:34 . 2008-01-19 09:33	130,560	--a------	C:\Windows\System32\PkgMgr.exe2008-09-30 19:33 . 2008-01-19 09:34	305,152	--a------	C:\Windows\System32\msdelta.dll2008-09-30 19:33 . 2008-01-19 09:34	258,560	--a------	C:\Windows\System32\dpx.dll2008-09-30 19:33 . 2008-01-19 09:34	246,784	--a------	C:\Windows\System32\drvstore.dll2008-09-30 19:33 . 2008-01-19 09:35	35,328	--a------	C:\Windows\System32\mspatcha.dll2008-09-24 16:18 . 2008-09-24 16:18	98	--a------	C:\Windows\WirelessFTP.INI2008-09-16 14:20 . 2008-07-19 05:44	1,524,736	--a------	C:\Windows\System32\wucltux.dll2008-09-16 14:20 . 2008-07-19 07:10	53,448	--a------	C:\Windows\System32\wuauclt.exe2008-09-16 14:20 . 2008-07-19 07:10	45,768	--a------	C:\Windows\System32\wups2.dll2008-09-16 14:19 . 2008-07-19 07:09	1,811,656	--a------	C:\Windows\System32\wuaueng.dll2008-09-16 14:19 . 2008-07-19 07:09	563,912	--a------	C:\Windows\System32\wuapi.dll2008-09-16 14:19 . 2008-07-18 22:08	163,904	--a------	C:\Windows\System32\wuwebv.dll2008-09-16 14:19 . 2008-07-19 05:44	83,456	--a------	C:\Windows\System32\wudriver.dll2008-09-16 14:19 . 2008-07-19 07:10	36,552	--a------	C:\Windows\System32\wups.dll2008-09-16 14:19 . 2008-07-18 20:44	31,232	--a------	C:\Windows\System32\wuapp.exe2008-09-12 01:44 . 2008-09-12 01:45	<DIR>	d--------	C:\Program Files\Common Files\Adobe.((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-10-10 17:30	---------	d-----w	C:\Users\Taszka\AppData\Roaming\U32008-10-09 11:35	---------	d-----w	C:\ProgramData\McAfee2008-10-08 22:18	---------	d-----w	C:\Program Files\Google2008-10-08 21:44	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Skype2008-10-08 15:34	---------	d-----w	C:\Users\Taszka\AppData\Roaming\skypePM2008-09-30 20:34	174	--sha-w	C:\Program Files\desktop.ini2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Sidebar2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Photo Gallery2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Mail2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Journal2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Defender2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Collaboration2008-09-30 20:26	---------	d-----w	C:\Program Files\Windows Calendar2008-09-30 19:57	82,432	----a-w	C:\Windows\System32\axaltocm.dll2008-09-30 19:57	101,888	----a-w	C:\Windows\System32\ifxcardm.dll2008-09-10 12:26	---------	d-----w	C:\ProgramData\Microsoft Help2008-09-06 09:07	---------	d-----w	C:\Program Files\Skype2008-09-04 09:36	---------	d-----w	C:\Program Files\Odkurzacz2008-09-02 12:54	---------	d-----w	C:\Program Files\DAEMON Tools Toolbar2008-09-02 12:51	---------	d-----w	C:\Program Files\Microsoft Works2008-09-02 12:50	---------	d-----w	C:\Program Files\MSBuild2008-09-02 12:49	---------	d-----w	C:\Program Files\Microsoft.NET2008-09-02 12:48	---------	d-----w	C:\Program Files\Microsoft Visual Studio 82008-09-02 12:36	717,296	----a-w	C:\Windows\system32\drivers\sptd.sys2008-09-02 12:35	---------	d-----w	C:\Users\Taszka\AppData\Roaming\DAEMON Tools2008-09-01 16:26	---------	d-----w	C:\Users\Taszka\AppData\Roaming\PeerNetworking2008-08-26 18:07	---------	d-----w	C:\Users\Taszka\AppData\Roaming\ACD Systems2008-08-26 18:05	9,856	----a-w	C:\Windows\system32\drivers\pfc.sys2008-08-26 18:05	---------	d-----w	C:\ProgramData\ACD Systems2008-08-26 18:05	---------	d-----w	C:\Program Files\Common Files\ACD Systems2008-08-26 18:05	---------	d-----w	C:\Program Files\ACD Systems2008-08-26 17:30	269,312	----a-w	C:\Windows\System32\es.dll2008-08-26 11:59	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Ulead Systems2008-08-25 20:59	---------	d-----w	C:\Users\Taszka\AppData\Roaming\TOSHIBA2008-08-25 20:20	---------	d-----w	C:\ProgramData\WinZip2008-08-25 20:10	---------	d-----w	C:\ProgramData\Skype2008-08-25 20:10	---------	d-----w	C:\Program Files\Common Files\Skype2008-08-25 19:54	61,440	----a-w	C:\Windows\System32\winipsec.dll2008-08-25 19:54	361,984	----a-w	C:\Windows\System32\IPSECSVC.DLL2008-08-25 19:54	28,672	----a-w	C:\Windows\System32\FwRemoteSvr.dll2008-08-25 19:54	272,896	----a-w	C:\Windows\System32\polstore.dll2008-08-25 19:51	2,048	----a-w	C:\Windows\System32\tzres.dll2008-08-25 19:44	9,892,864	----a-w	C:\Windows\System32\NlsLexicons000a.dll2008-08-25 19:42	827,392	----a-w	C:\Windows\System32\wininet.dll2008-08-25 19:40	988,216	----a-w	C:\Windows\System32\winload.exe2008-08-25 19:40	927,288	----a-w	C:\Windows\System32\winresume.exe2008-08-25 19:40	615,992	----a-w	C:\Windows\System32\ci.dll2008-08-25 19:40	6,656	----a-w	C:\Windows\System32\kbd106n.dll2008-08-25 19:40	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll2008-08-25 19:40	40,960	----a-w	C:\Windows\System32\srclient.dll2008-08-25 19:40	378,368	----a-w	C:\Windows\System32\srcore.dll2008-08-25 19:40	318,464	----a-w	C:\Windows\System32\rstrui.exe2008-08-25 19:40	19,000	----a-w	C:\Windows\System32\kd1394.dll2008-08-25 19:40	14,848	----a-w	C:\Windows\System32\srdelayed.exe2008-08-25 19:39	295,936	----a-w	C:\Windows\System32\gdi32.dll2008-08-25 19:39	2,032,128	----a-w	C:\Windows\System32\win32k.sys2008-08-25 19:39	14,848	----a-w	C:\Windows\System32\wshrm.dll2008-08-25 19:39	113,664	----a-w	C:\Windows\system32\drivers\rmcast.sys2008-08-25 19:38	84,480	----a-w	C:\Windows\System32\INETRES.dll2008-08-25 19:38	738,304	----a-w	C:\Windows\System32\inetcomm.dll2008-08-25 19:38	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll2008-08-25 19:38	1,695,744	----a-w	C:\Windows\System32\gameux.dll2008-08-25 19:38	1,314,816	----a-w	C:\Windows\System32\quartz.dll2008-08-25 19:36	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Gadu-Gadu2008-08-25 19:31	---------	d-----w	C:\Program Files\Gadu-Gadu2008-08-25 19:22	---------	d-----w	C:\Program Files\Java2008-08-25 18:49	428,544	----a-w	C:\Windows\System32\EncDec.dll2008-08-25 18:49	293,376	----a-w	C:\Windows\System32\psisdecd.dll2008-08-25 18:46	---------	d-----w	C:\Users\Taszka\AppData\Roaming\Winamp2008-08-25 18:36	---------	d-----w	C:\Program Files\Winamp2008-08-25 17:23	---------	d-----w	C:\ProgramData\TOSHIBA2008-08-25 17:20	---------	d-----w	C:\ProgramData\ToshibaEurope2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Ulubione2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Szablony2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Pulpit2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Menu Start2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Dokumenty2008-08-25 17:14	---------	d-sh--w	C:\ProgramData\Dane aplikacji2008-08-25 17:14	---------	d-----w	C:\Program Files\Common Files\Toshiba Shared2008-08-25 17:10	0	--sha-r	C:\Windows\system32\drivers\TOSHIBA_Satellite A300_06345-PL_PSAJ0E-00W00.MRK2008-08-25 17:10	---------	d-----w	C:\Program Files\Camera Assistant Software for Toshiba2008-08-25 17:07	0	---ha-w	C:\Windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf2008-08-25 17:06	---------	d-----w	C:\Program Files\Synaptics2008-08-25 17:06	---------	d-----w	C:\Program Files\Intel2008-08-25 17:04	17,408	----a-w	C:\Windows\System32\rpcnetp.dll2008-08-25 17:02	17,408	----a-w	C:\Windows\System32\rpcnetp.exe2008-08-02 03:26	36,864	----a-w	C:\Windows\System32\cdd.dll2008-07-31 03:32	460,288	----a-w	C:\Windows\AppPatch\AcSpecfc.dll2008-07-31 03:32	28,160	----a-w	C:\Windows\System32\Apphlpdm.dll2008-07-31 03:32	2,154,496	----a-w	C:\Windows\AppPatch\AcGenral.dll2008-07-31 03:32	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll2008-07-31 01:13	4,240,384	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll2008-07-25 08:34	81,920	----a-w	C:\Windows\System32\dpl100.dll2008-07-25 08:34	683,520	----a-w	C:\Windows\System32\divx.dll2008-07-23 16:50	3,596,288	----a-w	C:\Windows\System32\qt-dx331.dll.(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))..*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-01-25 141848]"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-01-25 154136]"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-01-25 129560]"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 51048]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"EnableLUA"= 0 (0x0)"EnableUIADesktopToggle"= 0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm"VIDC.YV12"= yv12vfw.dll[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnkbackup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnkbackup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartupbackupExtension=.CommonStartup[HKLM\~\startupfolder\C:^Users^Taszka^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TRDCReminder.lnk]path=C:\Users\Taszka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnkbackup=C:\Windows\pss\TRDCReminder.lnk.StartupbackupExtension=.Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]--a------ 2007-10-25 17:41 413696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]--a------ 2007-10-31 23:01 54608 C:\Program Files\Toshiba\TBS\HSON.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]--a------ 2007-09-28 17:03 75136 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Toshiba Registration]--a------ 2007-05-04 12:05 571024 C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]--a------ 2008-08-04 01:02 36352 C:\Program Files\Winamp\winampa.exe[HKEY_LOCAL_MACHINE\software\microsoft\security center]"UacDisableNotify"=dword:00000001"InternetSettingsDisableNotify"=dword:00000001"AutoUpdateDisableNotify"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]"DisableMonitoring"=dword:00000001[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3744156645-2657655034-445147232-1000]"EnableNotificationsRef"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]"{ACCE14DC-FAEF-4742-9726-2A43D2216075}"= C:\Program Files\Skype\Phone\Skype.exe:Skype"{C29CF4F3-F8F8-47C2-B59B-86B062831278}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook"{F40E5E89-37BB-4FFD-9792-5529913E41BF}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{AAAD07E4-A964-4F10-A91F-CE1F65C5460D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove"{45A11336-020C-496C-8025-A4CA6B1C2E07}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote"{075E8B16-E64A-4FE5-B92D-14E08EEE049A}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]"EnableFirewall"= 0 (0x0)[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]"EnableFirewall"= 0 (0x0)R0 pxark;pxark;C:\Windows\system32\drivers\pxark.sys [2008-10-11 26424]R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20081003.001\IDSvix86.sys [2008-09-12 270384]R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]R2 ConfigFree Service;ConfigFree Service;C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]R2 CSIScanner;CSIScanner;C:\Program Files\PrevxCSI\prevxcsi.exe [2008-10-10 877624]R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-01-25 149864]R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-03 126976]R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDART.sys [2008-02-01 187904]R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]R3 QIOMem;Generic IO & Memory Access;C:\Windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 41008]R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 298496]S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;C:\Windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]\shell\AutoRun\command - D:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]\shell\AutoRun\command - G:\LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9c54287-79c5-11dd-ba4f-00037a82f7a4}]\shell\AutoRun\command - LaunchU3.exe -a[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8da22e7-78eb-11dd-9689-00037a82f7a4}]\shell\AutoRun\command - D:\SETUP.EXE\shell\configure\command - D:\SETUP.EXE\shell\install\command - D:\SETUP.EXE*Newly Created Service* - PXARK.Zawartość folderu 'Zaplanowane zadania'2008-10-11 C:\Windows\Tasks\Norton AntiVirus - Uruchom pełne skanowanie systemu - Taszka.job- C:\Program Files\Norton AntiVirus\Navw32.exe [2008-02-07 08:05].**************************************************************************catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url]Rootkit scan 2008-10-11 21:45:46Windows 6.0.6001 Service Pack 1 NTFSskanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ...skanowanie ukrytych plików ... C:\Program Files\Common Files\Symantec Shared\SPBBC\2008-10-11-2dc7.kc 278056 bytesskanowanie pomyślnie ukończoneukryte pliki: 1**************************************************************************.------------------------ Pozostałe uruchomione procesy ------------------------.C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exeC:\Windows\System32\audiodg.exeC:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil Software\Avast4\ashServ.exeC:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exeC:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exeC:\Windows\System32\TODDSrv.exeC:\Program Files\Toshiba\Power Saver\TosCoSrv.exeC:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeC:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exeC:\Windows\System32\drivers\XAudio.exeC:\Program Files\Alwil Software\Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\Windows\System32\WUDFHost.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\System32\conime.exeC:\Windows\System32\msiexec.exeC:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe.**************************************************************************.Czas ukończenia: 2008-10-11 21:48:23 - komputer został uruchomiony ponowniePrzed: System nie może znaleźć komunikatu dla numeru komunikatu 0x2379 w pliku komunikatów dla Application.Po: 73,185,693,696 bajtów wolnych333	--- E O F ---	2008-10-01 09:32:56

udalo sie uruchomic po raz pierwszy w normalnym trybie..

2008-10-09 14:22 . 2008-10-09 14:22 2 --a------ C:\1347286417

W poprzednim logu tego nie było, choć powinno być widoczne, sądząc po dacie.
Sprawdź go na --> http://virusscan.jotti.org/albo nahttp://www.virustotal.com/en/indexf.html.
Jeśli okaże się "zły", to usuniesz go Killboxem, którego masz.

ordynat

dzieki wielkie...wszystko smiga jak nalezy!! jestem mega wdzieczna za pomoc.
pzdr