Problem z drwtsn.exe i explorer.exe

[milosznik]

Jeżeli się coś pojawi, to zrobię zrzut ekranu. Na razie jest ok.

[erwues]

Witam, otóż tak samo jak przedmówca mam problem z explorer.exe i drwtsn.exe. Otóż kiedy próbujęwejść na dysk c wyskakuje błąd, że aplikacja explorer.exe zostanie zamknięta. Bardzo proszę o pomoc!!! Wklejam log z HijackThis i ComboFix:

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:20:24, on 2008-09-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: stx.tbl - {7E61BB38-A952-40BA-98F0-0AD229658CB7} - C:\WINDOWS\system32\cfax32x.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 3381 bytes



ComboFix:

ComboFix 08-09-01.05 - AlexXx 2008-09-03 18:23:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.338 [GMT 2:00]
Running from: C:\Documents and Settings\AlexXx\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-03 to 2008-09-03 )))))))))))))))))))))))))))))))
.

2008-09-03 18:20 . 2008-09-03 18:20 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-03 18:14 . 2008-09-03 18:14 755 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-09-03 18:12 . 2008-09-03 18:12 <DIR> d--h-c--- C:\WINDOWS\ie8
2008-09-03 18:11 . 2008-09-03 18:11 <DIR> d-------- C:\WINDOWS\LastGood
2008-09-03 17:56 . 2008-09-03 17:56 <DIR> d-------- C:\Program Files\Yahoo!
2008-09-03 17:56 . 2008-09-03 17:56 <DIR> d-------- C:\Program Files\CCleaner
2008-09-03 17:47 . 2001-08-17 21:28 771,581 --a--c--- C:\WINDOWS\system32\dllcache\winacisa.sys
2008-09-03 17:46 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-03 17:45 . 2001-10-26 16:47 286,272 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-09-03 17:44 . 2001-10-26 17:29 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll
2008-09-03 17:43 . 2001-10-26 17:28 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-03 17:42 . 2001-10-26 17:01 899,530 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-03 17:41 . 2004-08-04 00:39 2,016,768 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-03 17:40 . 2004-08-04 00:38 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-09-03 17:39 . 2004-08-04 00:44 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-09-03 17:39 . 2004-08-03 23:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-09-03 17:39 . 2001-08-17 22:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-09-03 17:39 . 2004-08-03 23:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-09-03 17:39 . 2001-08-17 21:52 17,280 --a--c--- C:\WINDOWS\system32\dllcache\mraid35x.sys
2008-09-03 17:39 . 2001-08-17 21:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-09-03 17:37 . 2001-10-26 17:29 242,176 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-09-03 17:36 . 2004-08-04 00:44 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-09-03 17:35 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-09-03 17:33 . 2001-10-26 17:29 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-03 17:32 . 2001-10-26 16:52 634,198 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-09-03 17:31 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-03 17:30 . 2001-10-26 16:57 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys
2008-09-03 17:29 . 2001-10-26 16:55 715,082 --a--c--- C:\WINDOWS\system32\dllcache\cbmdmkxx.sys
2008-09-03 17:28 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-03 17:27 . 2001-08-17 21:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-09-03 17:26 . 2001-10-26 17:29 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-09-03 17:25 . 2004-08-04 00:38 2,149,888 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-03 16:23 . 2008-09-03 16:23 24,064 --a------ C:\WINDOWS\system32\cfax32x.dll
2008-09-03 16:22 . 2008-09-03 16:22 24,064 --a------ C:\WINDOWS\system32\cfax32i.dll
2008-09-03 16:10 . 2008-09-03 16:10 <DIR> d-------- C:\Documents and Settings\AlexXx\Dane aplikacji\ESET
2008-09-03 16:03 . 2008-09-03 16:03 <DIR> d-------- C:\Program Files\ESET
2008-09-03 16:03 . 2008-09-03 16:03 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\ESET
2008-09-03 15:30 . 2008-09-03 15:30 <DIR> d-------- C:\Program Files\Gadu-Gadu
2008-09-03 15:30 . 2008-09-03 15:30 <DIR> d-------- C:\Documents and Settings\AlexXx\Gadu-Gadu
2008-09-03 14:02 . 2008-09-03 18:24 <DIR> d--h----- C:\Documents and Settings\Ewa Bebo\Ustawienia lokalne
2008-09-03 14:02 . 2008-09-03 14:02 <DIR> dr------- C:\Documents and Settings\Ewa Bebo\Ulubione
2008-09-03 14:02 . 2008-08-24 12:26 <DIR> d--h----- C:\Documents and Settings\Ewa Bebo\Szablony
2008-09-03 14:02 . 2008-08-24 14:17 <DIR> d-------- C:\Documents and Settings\Ewa Bebo\Pulpit
2008-09-03 14:02 . 2008-09-03 14:02 <DIR> dr------- C:\Documents and Settings\Ewa Bebo\Moje dokumenty
2008-09-03 14:02 . 2008-08-24 14:17 <DIR> dr------- C:\Documents and Settings\Ewa Bebo\Menu Start
2008-09-03 14:02 . 2008-09-03 14:17 <DIR> dr-h----- C:\Documents and Settings\Ewa Bebo\Dane aplikacji
2008-09-03 14:02 . 2008-09-03 14:02 <DIR> d-------- C:\Documents and Settings\Ewa Bebo
2008-08-28 20:56 . 2008-09-03 16:52 <DIR> d-------- C:\Program Files\ffdshow
2008-08-28 20:56 . 2008-08-28 20:56 <DIR> d-------- C:\Program Files\DirectShow Pack
2008-08-28 20:36 . 2008-08-28 20:36 <DIR> d-------- C:\Program Files\SubEdit-Player
2008-08-28 20:29 . 2008-08-28 20:29 <DIR> d-------- C:\Program Files\MarBit
2008-08-26 16:08 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-08-26 16:08 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-08-26 15:35 . 2008-08-26 15:35 <DIR> d-------- C:\Program Files\CAPCOM
2008-08-26 12:27 . 2008-08-26 12:36 <DIR> d-------- C:\Documents and Settings\AlexXx\Dane aplikacji\Moje pliki gry Władca Pierścieni, Król Nazguli
2008-08-25 17:29 . 2008-08-25 17:29 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-25 17:29 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-08-25 17:29 . 2003-03-18 21:14 499,712 --a------ C:\WINDOWS\system32\MSVCP71.dll
2008-08-25 17:29 . 2003-02-21 05:42 348,160 --a------ C:\WINDOWS\system32\MSVCR71.dll
2008-08-25 17:28 . 2008-08-25 17:28 0 --a------ C:\WINDOWS\nsreg.dat
2008-08-25 17:27 . 2008-09-03 14:19 2,921 --a------ C:\WINDOWS\mozver.dat
2008-08-25 17:13 . 2008-08-25 17:13 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-25 17:06 . 2008-08-25 17:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-08-25 17:06 . 2008-08-25 17:08 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-25 13:55 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-08-25 13:13 . 2005-12-05 07:12 20,640 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-08-25 13:12 . 2008-08-25 13:56 <DIR> d-------- C:\Program Files\Winamp
2008-08-25 13:12 . 2008-08-25 13:12 714 --a------ C:\WINDOWS\unins000.dat
2008-08-24 22:13 . 2008-08-24 22:25 <DIR> d-------- C:\Documents and Settings\AlexXx\Dane aplikacji\Moje pliki Bitwy o Śródziemie™ II
2008-08-24 17:44 . 2008-08-24 17:44 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-24 15:30 . 2008-08-24 15:30 1,867,373 --a------ C:\WINDOWS\Recorder.reg
2008-08-24 15:30 . 2008-08-24 15:30 2,423 --a------ C:\WINDOWS\NewRecorder.reg
2008-08-24 15:25 . 2008-08-24 15:39 <DIR> d-------- C:\WINDOWS\NV412892.TMP
2008-08-24 15:25 . 2004-07-12 10:50 3,740,032 -ra------ C:\WINDOWS\system32\SET3E.tmp
2008-08-24 15:25 . 2004-07-12 10:50 286,720 -ra------ C:\WINDOWS\system32\nvwrsesm.dll
2008-08-24 15:25 . 2004-07-12 10:50 188,416 -ra------ C:\WINDOWS\system32\nvrsesm.dll
2008-08-24 15:22 . 2004-05-02 10:47 23,040 -ra------ C:\WINDOWS\system32\drivers\GVCplDrv.sys
2008-08-24 15:19 . 2008-08-26 15:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-08-24 15:19 . 2008-08-24 15:19 <DIR> d-------- C:\Program Files\Analog Devices
2008-08-24 15:17 . 2008-08-26 15:34 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-24 15:17 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-08-24 15:17 . 2008-08-24 15:17 3,540 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-08-24 13:18 . 2008-08-24 13:18 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-22 03:16 . 2008-08-22 03:16 637,984 --a--c--- C:\WINDOWS\system32\dllcache\SET22.tmp
2008-08-22 03:15 . 2008-08-22 03:15 1,216,512 --------- C:\WINDOWS\system32\ieframe.dll.mui
2008-08-22 03:14 . 2008-08-22 03:14 10,240 --------- C:\WINDOWS\system32\advpack.dll.mui
2008-08-22 03:09 . 2008-08-22 03:09 5,699,584 --a------ C:\WINDOWS\system32\SET7F.tmp
2008-08-22 03:09 . 2008-08-22 03:09 5,699,584 --a--c--- C:\WINDOWS\system32\dllcache\SET2A.tmp
2008-08-22 03:07 . 2008-08-22 03:07 755,200 --a--c--- C:\WINDOWS\system32\dllcache\SET3A.tmp
2008-08-22 03:07 . 2008-08-22 03:07 193,536 --a------ C:\WINDOWS\system32\SET84.tmp
2008-08-22 03:07 . 2008-08-22 03:07 193,536 --a--c--- C:\WINDOWS\system32\dllcache\SET2F.tmp
2008-08-22 03:07 . 2008-08-22 03:07 116,224 --a------ C:\WINDOWS\system32\SET86.tmp
2008-08-22 03:07 . 2008-08-22 03:07 116,224 --a--c--- C:\WINDOWS\system32\dllcache\SET31.tmp
2008-08-22 03:07 . 2008-08-22 03:07 105,984 --a------ C:\WINDOWS\system32\SET8D.tmp
2008-08-22 03:07 . 2008-08-22 03:07 105,984 --a--c--- C:\WINDOWS\system32\dllcache\SET37.tmp
2008-08-22 03:07 . 2008-08-22 03:07 18,944 --a------ C:\WINDOWS\system32\SET60.tmp
2008-08-22 03:07 . 2008-08-22 03:07 18,944 --a--c--- C:\WINDOWS\system32\dllcache\SET16.tmp
2008-08-22 03:05 . 2008-08-22 03:05 630,272 --a------ C:\WINDOWS\system32\SET85.tmp
2008-08-22 03:04 . 2008-08-22 03:04 1,659,392 --a------ C:\WINDOWS\system32\SET80.tmp
2008-08-22 03:04 . 2008-08-22 03:04 1,659,392 --a--c--- C:\WINDOWS\system32\dllcache\SET2B.tmp
2008-08-22 03:04 . 2008-08-22 03:04 66,560 --a------ C:\WINDOWS\system32\SET8B.tmp
2008-08-22 03:04 . 2008-08-22 03:04 66,560 --a--c--- C:\WINDOWS\system32\dllcache\SET36.tmp
2008-08-22 03:04 . 2008-08-22 03:04 45,568 --a------ C:\WINDOWS\system32\SET7E.tmp
2008-08-22 03:04 . 2008-08-22 03:04 45,568 --a--c--- C:\WINDOWS\system32\dllcache\SET29.tmp
2008-08-22 03:00 . 2008-08-22 03:00 68,608 --a--c--- C:\WINDOWS\system32\dllcache\SET19.tmp
2008-08-22 02:57 . 2008-08-22 02:57 156,160 --a------ C:\WINDOWS\system32\SET83.tmp
2008-08-22 02:57 . 2008-08-22 02:57 156,160 --a--c--- C:\WINDOWS\system32\dllcache\SET2E.tmp
2008-08-22 02:49 . 2008-08-22 02:49 56,413 --a------ C:\WINDOWS\system32\SET74.tmp
2008-08-05 17:55 . 2008-08-05 17:55 265,720 --a------ C:\WINDOWS\system32\msdbg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 15:30 12,528 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-08-24 10:31 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-24 10:29 --------- d-----w C:\Program Files\Usługi online
2008-08-22 01:14 2,651,968 ----a-w C:\WINDOWS\inf\SET41.tmp
2008-08-22 01:08 878,592 ----a-w C:\WINDOWS\system32\SET93.tmp
2008-08-22 01:08 43,008 ----a-w C:\WINDOWS\system32\SET7A.tmp
2008-08-22 01:08 385,024 ----a-w C:\WINDOWS\system32\SET63.tmp
2008-08-22 01:08 236,544 ----a-w C:\WINDOWS\system32\SET90.tmp
2008-08-22 01:08 1,415,680 ----a-w C:\WINDOWS\system32\SET76.tmp
2008-08-22 01:08 1,206,784 ----a-w C:\WINDOWS\system32\SET8E.tmp
2008-08-22 01:05 70,656 ----a-w C:\WINDOWS\system32\SET81.tmp
2008-08-22 01:05 48,640 ------w C:\WINDOWS\system32\PrivacIE.dll
2008-08-22 01:05 48,128 ----a-w C:\WINDOWS\system32\SET82.tmp
2008-08-22 01:05 45,056 ----a-w C:\WINDOWS\system32\SET87.tmp
2008-08-22 01:05 35,840 ----a-w C:\WINDOWS\system32\SET75.tmp
2008-08-22 01:05 346,624 ----a-w C:\WINDOWS\system32\SET61.tmp
2008-08-22 01:05 217,088 ----a-w C:\WINDOWS\system32\SET62.tmp
2008-08-22 01:05 186,880 ----a-w C:\WINDOWS\system32\SET6F.tmp
2008-08-07 15:55 748,818 ----a-w C:\WINDOWS\Help\SET40.tmp
2008-08-07 15:55 13,874 ----a-w C:\WINDOWS\Help\SET3F.tmp
2008-08-07 15:55 12,593 ----a-w C:\WINDOWS\Help\SET3E.tmp
2008-06-12 09:27 54,279 ----a-w C:\WINDOWS\Help\SET3D.tmp
2008-06-12 09:27 474,112 ----a-w C:\WINDOWS\system32\SET8A.tmp
2008-06-12 09:27 26,144 ----a-w C:\WINDOWS\system32\spupdsvc.exe
2008-06-12 09:27 26,112 ----a-w C:\WINDOWS\system32\idndl.dll
2008-06-12 09:27 24,576 ----a-w C:\WINDOWS\system32\nlsdl.dll
2008-06-12 09:27 23,552 ----a-w C:\WINDOWS\system32\normaliz.dll
2008-06-12 09:27 1,497,088 ----a-w C:\WINDOWS\system32\SET89.tmp
2008-06-12 09:27 1,022,976 ----a-w C:\WINDOWS\system32\SET5F.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7E61BB38-A952-40BA-98F0-0AD229658CB7}]
2008-09-03 16:23 24064 --a------ C:\WINDOWS\system32\cfax32x.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadu-Gadu"="C:\Program Files\Gadu-Gadu\gg.exe" [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRTCLK"="C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 4112384]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-07-12 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a------ 2003-07-30 09:08 143360 C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2006-03-10 19:45 35328 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-07-12 10:50 843776 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Gry\\Cyanide\\GameCenter\\GameCenter.exe"=
"D:\\Program Files\\Gry\\Electronic Arts\\Bitwa o Śródziemie II\\game.dat"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\Gry\\Electronic Arts\\Król Nazguli\\game.dat"=

S3 ALI5261;Sterownik NT ALi Based Ethernet;C:\WINDOWS\system32\DRIVERS\ALI5261.SYS [2001-08-17 27678]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\AlexXx\Dane aplikacji\Mozilla\Firefox\Profiles\c11xdv5d.default\
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-03 18:24:24
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-03 18:25:45
ComboFix-quarantined-files.txt 2008-09-03 16:25:42

Pre-Run: 22,398,910,464 bajtów wolnych
Post-Run: 22,453,764,096 bajtów wolnych

208


Jeszcze raz bardzo proszę o pomoc, gdyż ten problem jest bardzo uciążliwy. Z góry dzięki!

[LucaS]

Piszę w imieniu huber2t. Jemu net muli i nie może wysłać.



fix w hijackthis

O2 - BHO: stx.tbl - {7E61BB38-A952-40BA-98F0-0AD229658CB7} - C:\WINDOWS\system32\cfax32x.dll
O4 - HKLM\..\RunOnce: [NoIE4StubProcessing] C:\WINDOWS\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f

Pobierz ComboFix, ale nie uruchamiaj
Wklej do notatnika:

Kod: Zaznacz wszystko

File::
C:\WINDOWS\system32\cfax32x.dll


Plik zapisz jako CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)
Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.eu  a w poście dajesz tylko link

[huber2t]

Podpisuję się pod tym

Podaj po tym loga z usuwania