Error explorer
Lahko se je pofedlal IE, v tem primeru pomaga odstranitev in ponovna namestitev IE.
Bolj verjetno pa je, da si fasala kak spyware zaradi katerega se potem dogajajo take neumnosti. Namesti Spybot S&D in/ali Adware SE, mogoče celo HijackThis in napopaj log semle.
Tretja varjanta pa je ta, da si fasala kak virus, npr Blaster je že počel take neumnosti. Preveri mašinco z antivirusom.
Za vse programe najdeš linke na tem forumu, če boš imela težave pa povej.
hvala za odgovor,
sem odstranila IE in ga ponovno naložila…napaka se še vedno pojavlja.
z Adware SE sem pregledala in odstranila spyware…napaka se še vedno pojavlja.
z Pando sem preverila…stanje nespremenjeno, napaka se pojavlja.
HijackThis pa tole vrže ven:
Logfile of HijackThis v1.99.1
Scan saved at 11:13:23, on 10.6.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Igor\Local Settings\Temp\Začasen imenik 5 za hijackthis.zip\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dwwin.exe
O2 – BHO: SearchToolbar – {08BEC6AA-49FC-4379-3587-4B21E286C19E} – C:\WINDOWS\System32\ie2cltr.dll
O2 – BHO: IE SP2 AddOn – {113ABD9A-7B83-4ED2-9517-F3706ED85274} – C:\WINDOWS\System32\spafg.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: MSN Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Toolbar\01.01.2607.0\sl-si\msntb.dll
O4 – HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE” /s
O4 – HKLM\..\Run: [WinUpdate] C:\windows\p385.hta
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O8 – Extra context menu item: Add to AD Black List – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Block All Images from the Same Server – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Blokiraj vse slike s tega strežnika – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj na seznam reklam za blokiranje – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Highlight – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Išči – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Open All Links in This Page… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Opri vse povezave na tej strani… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Poudari – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Search – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Raziskovanje – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) – http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{EFEF9559-6A71-4245-ACF8-A4D3E756CD23}: NameServer = 69.50.184.84,195.225.176.37
O20 – Winlogon Notify: style2 – C:\WINDOWS\q13176316_disk.dll
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda anti-virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
1000 x hvala
Lp tina
Maš kar nekej solate tukej gor, ki je sigurno kriva za dogajanje na tvojem mlinčku.
O2 – BHO: SearchToolbar – {08BEC6AA-49FC-4379-3587-4B21E286C19E} – C:\WINDOWS\System32\ie2cltr.dll
O2 – BHO: IE SP2 AddOn – {113ABD9A-7B83-4ED2-9517-F3706ED85274} – C:\WINDOWS\System32\spafg.dll
O4 – HKLM\..\Run: [WinUpdate] C:\windows\p385.hta
Posebej tale 2 sta verjetno vzrok tvojim težavam
O20 – Winlogon Notify: style2 – C:\WINDOWS\q13176316_disk.dll
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe
Po odstranitvi izklopi system restore in fizično pobriši datoteke
C:\windows\p385.hta
C:\WINDOWS\q13176316_disk.dll
C:\WINDOWS\svcproc.exe
Če boš pa imela probleme z odstranitvijo, ker kar tako se ne bojo dal tile, pa povej in bomo bolj natančno povedali.
Aja tale
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
se mi tud zdi sumljiv, ampak ne vem kaj bi tale bil zaen, upam, da še kdo kakšno reče o temlele.
Za p385.hta, poglej če nimaš nastavljeno, naj ti ne pokaže skritih datotek.
Sicer pa pustiva zdaj to, sej tam v HJT si ga zbrisala, ne?
Bova tole nardila tako, da bo čim bolj enostavno.
Najprej si potegni dol program KillBox
ga odzipaj in zaženi.
Pod Full Path to File to Delete vpiši c:/WINDOWS/q13176316_disk.dll, nato namalaj pikico pri Replace on Reboot in kljukico pod Use Dummy box.
Nato tam, kjer si prekopirala ime datoteke, čisto desno poišči ikono z rdečim krogom in belim X (Delete File). Ko te vpraša za Delete on Reboot, klikni Yes in za Pending Operations klikni No.
Ko se ti mašina reštarta, še enkrat zaženi HJT in sedaj ga bo pustil zbrisat.
Nato zbriši še datoteko, še en reštart in nato zopet HJT, naredi log in ga napopaj semle, da vidmo če smo zmagal.
ZMAGALI SMO….
1000 TI HVALA ALI VAM HVALA
Evo še HJT log (napisana je vseeno vrstica O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe samo zdraven piše (file missing), je to OK???
Logfile of HijackThis v1.99.1
Scan saved at 15:36:17, on 10.6.2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Panda Software\Panda Antivirus Titanium\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Igor\Local Settings\Temp\Začasen imenik 8 za hijackthis.zip\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: MSN Toolbar – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Toolbar\01.01.2607.0\sl-si\msntb.dll
O4 – HKLM\..\Run: [APVXDWIN] “C:\Program Files\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE” /s
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe” /background
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O8 – Extra context menu item: Add to AD Black List – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Block All Images from the Same Server – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Blokiraj vse slike s tega strežnika – C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 – Extra context menu item: Dodaj na seznam reklam za blokiranje – C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 – Extra context menu item: Highlight – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 – Extra context menu item: Išči – C:\Program Files\Avant Browser\Search.htm
O8 – Extra context menu item: Open All Links in This Page… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Opri vse povezave na tej strani… – C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 – Extra context menu item: Poudari – C:\Program Files\Avant Browser\Highlight.htm
O8 – Extra context menu item: Search – C:\Program Files\Avant Browser\Search.htm
O9 – Extra button: Raziskovanje – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 – DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} – http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/PopularScreenSaversFWBInitialSetup1.0.0.8-2.cab
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) – http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll
O16 – DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 – DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 – DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) – http://www5.incredimail.com/contents/setup/downloader/imloader.cab
O16 – DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{EFEF9559-6A71-4245-ACF8-A4D3E756CD23}: NameServer = 69.50.184.84,195.225.176.37
O23 – Service: LexBce Server (LexBceS) – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda anti-virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Antivirus Titanium\Pavsrv51.exe
O23 – Service: System Startup Service (SvcProc) – Unknown owner – C:\WINDOWS\svcproc.exe (file missing)
LP Tina
‘Aja tale
O4 – HKLM\..\Run: [lrlplk] c:\windows\system32\vrwevrt.exe
se mi tud zdi sumljiv, ampak ne vem kaj bi tale bil zaen, upam, da še kdo kakšno reče o temlele.’
Ta je tudi meni sumljiv. Glede na to, da ga še nismo videli in da o njem tudi ni nobene pametne dokumentacije, po moje ne bo nobene škode, če se ne bo na začetku zaganjal (če drugim dela brez tega…?). Poskusi ga izklopit. Če pa kaj ne bo v redu, ga pa še vedno lahko nazaj vključiš.
V tem primeru pa le povej kaj se ti je zgodilo – bomo vsi malo več vedeli.
Forum je zaprt za komentiranje.