szczep222
(Dorime1)
24 Listopad 2009 17:25
#1
Witam.To mój pierwszy post na tym forum.Otóż mam problem z explorerem.exe.Co chwila wyskakuje mi błąd.Po błędzie, usuwa mi tapete i pisze : Przywróc pulpit Active Desktop.Skanowałem komputer Antywirusem, i nic nie wykryło.Nie wiem jak zrobić screen, ale bład nazywa się tak : Wystąpił problem z aplikacja explorer.exe i zostanie ona zamknieta.Przepraszamy za klopoty.Sygnaturka bledu:
AppName:explorer.exe
AppVer:6.0.2900.2180
ModName:unknow
ModVer:0.0.0.0
Offset:00000001
krzysiekx
(krzysiekx)
24 Listopad 2009 17:30
#2
Screena robi się tak:
Na klawiaturze klikasz klawisz Print Screen (jest to nad strzałkami)
Otwierasz np. Paita i wklejasz (Ctrl + V)
Plik - Zapisz jako
Zapisałeś
Otwierasz np. tą stronę
W polu Bild auswählen:* klikasz Wybierz i wybierasz wcześniej zapisany obrazek
W polu Regeln akzeptiert:* zaznaczasz Ja i później wybierasz hochladen
Wrzucasz linka na forum
Wstaw logi:
szczep222
(Dorime1)
24 Listopad 2009 18:12
#3
Tutaj HijackThis :
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:48:29, on 2009-11-24 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\bin32\nSvcAppFlt.exe C:\Program Files\bin32\nSvcIp.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ipla\ipla.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Electronic Arts\EADM\Core.exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\taskmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\dos32.pif C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\G DATA\AntiVirus\AVK\avk.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing) O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_14\bin\ssv.dll (file missing) O2 - BHO: IEPluginBHO - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Documents and Settings\Administrator\Dane aplikacji\Nowe Gadu-Gadu_userdata\ggbho.1.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\AntiVirus\Webfilter\AvkWebIE.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing) O4 - HKLM…\Run: [startCCC] “C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” MSRun O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon O4 - HKLM…\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G DATA\AntiVirus\AVKTray\AVKTray.exe O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe” O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM…\Run: [1] c:\dos32.pif O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_14\bin\jusched.exe” O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM…\Run: [LCheck] C:\Program Files\Beniamin\LCheck.exe /check O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU…\Run: [ALLUpdate] “C:\Program Files\ALLPlayer\ALLUpdate.exe” “sleep” O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe O4 - HKCU…\Run: [iPLA!] C:\Program Files\ipla\ipla.exe /autorun O4 - HKCU…\Run: [AlcoholAutomount] “C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe” /automount O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun O4 - HKCU…\Run: [MECA] C:\Program Files\Meca\Meca.exe O4 - HKCU…\Run: [uTorrent] “C:\Program Files\uTorrent\uTorrent.exe” O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized O4 - HKCU…\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent O4 - HKCU…\Run: [Nowe Gadu-Gadu] “C:\Program Files\Nowe Gadu-Gadu\gg.exe” O4 - HKCU…\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’) O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’) O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’) O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’) O4 - Startup: taskmgr.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\npjpi150_14.dll (file missing) O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_14\bin\npjpi150_14.dll (file missing) O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing) O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip…{9BAE85D0-D362-4057-B35E-35A6EAEFCBBF}: NameServer = 194.204.159.1 194.204.152.34 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software - C:\Program Files\G DATA\AntiVirus\AVK\AVKService.exe O23 - Service: Strażnik AntiVirus (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA\AntiVirus\AVK\AVKWCtl.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\bin32\nSvcAppFlt.exe O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\bin32\nSvcIp.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O24 - Desktop Component 0: (no name) - http://www.ksgry.pl/images/gry.gif – End of file - 9017 bytes
Ustawiłem w OTL Processes i Modules na Use SafeList, bo tak bylo w poradniku na podanym przez ciebie linku.
Właśnie sie skanuje zaraz wstawie.
– Dodane 24.11.2009 (Wt) 19:33 –
Sorry, nie moge wstawić OTL, bo za długi log.Mógłbym skrócic, ale nie można.
deFco247
(deFco247)
24 Listopad 2009 18:42
#4
Logi wklejasz na wklej.org lub wklej.to , a w poście dajesz link.
szczep222
(Dorime1)
25 Listopad 2009 17:38
#5
Aha.Sorrry.Już wstawiam.
– Dodane 25.11.2009 (Śr) 18:44 –
OTL
http://www.wklej.org/id/215686/
HijackThis
http://www.wklej.org/id/215690/
deFco247
(deFco247)
25 Listopad 2009 18:04
#6
Niezła kolekcja infekcji Cię dopadła… :?
W białe dolne okno Custom Scans/Fixes w OTL wklej:
:Processes Explorer.EXE :Services ASKUpgrade :OTL PRC - [2009-08-18 19:53:30 | 01,445,478 | -HS- | M] ( ) – c:\dos32.pif FF - prefs.js…browser.search.defaultenginename: “Ask” FF - prefs.js…browser.search.order.1: “Ask” FF - prefs.js…keyword.URL: “http://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q= ” [2009-08-18 19:55:35 | 00,000,687 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\1y4xeyzs.default\searchplugins\ask.xml [2009-07-28 21:18:29 | 00,002,399 | ---- | M] () – C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\1y4xeyzs.default\searchplugins\daemon-search.xml O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKLM…\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll File not found O3 - HKCU…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM…\Run: [1] c:\dos32.pif ( ) O4 - HKCU…\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe File not found O4 - HKCU…\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe File not found O4 - HKCU…\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe () O4 - HKCU…\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe File not found O4 - Startup: C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\taskmgr.exe () O28 - HKLM ShellExecuteHooks: {B03A4BE6-5E5A-483E-B9B3-C484D4B20B72} - C:\WINDOWS\system32\softqq1.dll () O28 - HKLM ShellExecuteHooks: {BB4C402F-882A-4526-8C08-51278EA437C1} - C:\WINDOWS\system32\e8main0.dll () O28 - HKLM ShellExecuteHooks: {BD344AF4-67AB-4E19-A630-7435587D320B} - C:\WINDOWS\system32\ahndoor0.dll () O32 - AutoRun File - [2009-11-24 17:44:10 | 00,000,059 | RHS- | M] () - C:\autorun.inf – [NTFS] O32 - AutoRun File - [2009-11-24 17:44:10 | 00,000,059 | RHS- | M] () - D:\autorun.inf – [NTFS] O33 - MountPoints2{24bedb55-8273-11de-aeaa-4d6564696130}\Shell\AutoRun\command - “” = K:\m9ma.exe – File not found O33 - MountPoints2{24bedb55-8273-11de-aeaa-4d6564696130}\Shell\explore\Command - “” = K:\m9ma.exe – File not found O33 - MountPoints2{24bedb55-8273-11de-aeaa-4d6564696130}\Shell\open\Command - “” = K:\m9ma.exe – File not found O33 - MountPoints2{379d89ca-b40a-11de-af89-4d6564696130}\Shell\AutoRun\command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{379d89ca-b40a-11de-af89-4d6564696130}\Shell\explore\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{379d89ca-b40a-11de-af89-4d6564696130}\Shell\open\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{961eb339-b297-11de-af80-4d6564696130}\Shell\AutoRun\command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{961eb339-b297-11de-af80-4d6564696130}\Shell\explore\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{961eb339-b297-11de-af80-4d6564696130}\Shell\open\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{9ee2f3d4-9d3a-11de-af1f-4d6564696130}\Shell\AutoRun\command - “” = K:\9b9w3.exe – File not found O33 - MountPoints2{9ee2f3d4-9d3a-11de-af1f-4d6564696130}\Shell\open\Command - “” = K:\9b9w3.exe – File not found O33 - MountPoints2{cde46f34-9bb8-11de-af1a-4d6564696130}\Shell\AutoRun\command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{cde46f34-9bb8-11de-af1a-4d6564696130}\Shell\explore\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{cde46f34-9bb8-11de-af1a-4d6564696130}\Shell\open\Command - “” = J:\m9ma.exe – File not found O33 - MountPoints2{e1103b18-74f7-11de-ae83-4d6564696130}\Shell\AutoRun\command - “” = J:\yudald.bat – File not found O33 - MountPoints2{e1103b18-74f7-11de-ae83-4d6564696130}\Shell\open\Command - “” = J:\yudald.bat – File not found O33 - MountPoints2\C\Shell\AutoRun\command - “” = C:\yudald.bat – [2009-11-19 17:44:43 | 00,116,812 | RHS- | M] () O33 - MountPoints2\C\Shell\open\Command - “” = C:\yudald.bat – [2009-11-19 17:44:43 | 00,116,812 | RHS- | M] () O33 - MountPoints2\D\Shell\AutoRun\command - “” = D:\yudald.bat – [2009-11-19 17:44:43 | 00,116,812 | RHS- | M] () O33 - MountPoints2\D\Shell\open\Command - “” = D:\yudald.bat – [2009-11-19 17:44:43 | 00,116,812 | RHS- | M] () [2009-11-09 15:27:12 | 00,000,000 | -HSD | C] – C:\Documents and Settings\Administrator\Dane aplikacji.# [2009-11-24 17:43:43 | 00,075,928 | RHS- | M] () – C:\WINDOWS\System32\nmdfgds0.dll [2009-11-24 16:01:01 | 00,101,600 | ---- | M] () – C:\WINDOWS\System32\c.exe [2009-11-24 13:47:38 | 00,084,992 | RHS- | M] () – C:\WINDOWS\System32\gasretyw0.dll [2009-11-17 19:41:32 | 00,017,920 | ---- | M] () – C:\WINDOWS\System\smss.exe [2009-11-17 19:41:31 | 00,034,820 | ---- | M] () – C:\WINDOWS\System\iexplore.exe [2009-11-18 16:07:48 | 00,827,392 | ---- | C] () – C:\WINDOWS\System32\bnmndrv.dll [2009-11-08 22:00:20 | 01,084,238 | -H-- | C] () – C:\WINDOWS\System32\ie5unit.exe [2009-11-07 22:02:06 | 00,398,869 | ---- | C] () – C:\WINDOWS\systems.exe [2009-08-18 19:26:24 | 00,012,800 | ---- | C] () – C:\WINDOWS\System32\sknc.dll :Files C:\0qw6vege.exe C:\9g86.exe C:\vk0w.exe C:\l61yyp.exe C:\v1cbvsmq.exe C:\9b9w3.exe D:\0qw6vege.exe D:\9g86.exe D:\vk0w.exe D:\l61yyp.exe D:\v1cbvsmq.exe D:\9b9w3.exe :Commands [emptytemp] [start explorer]
Run Fix . Restart, jeśli będzie potrzebny.
Potem log z usuwania oraz nowy log robiony opcją Run Scan .
Doklej logi z GMER i System Repair Engineer .
W GMER nic nie zmieniamy -> wciskamy Szukaj (skan potrwa kilkadziesiąt minut) -> po skanie Kopiuj .
W przypadku restartu w czasie skanowania odznacz Urządzenia.
szczep222
(Dorime1)
27 Listopad 2009 22:14
#7
Niestety.Nie pomogło.Zrobiłem formata i już dobrze, temat do zamknięcia.Dzięki za chęci.