[win2k] wyłączający się explorer.exe
Witam
oto mój problem:
podczas startu wina pojawia sie komunikat błędu:
"explorer.exe wygenerował błędy i zostanie zamknięty. uruchom program ponownie"
po czym czy kliknie OK czy nie on sie zamyka i znowu włacza i poawia sie znowu ten komunikat i tak dopuki do nie zamkne przez menadźer zdarzeń.
log z hijackathisa:
Logfile of HijackThis v1.99.1
Scan saved at 23:19:15, on 05–07–15
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\rundll32.exe
C:\Downloads\rafal\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {D21734C7–7C7D–458B–A22A–031D43166A37} – C:\WINNT\System32\pggp.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINNT\System32\msdxm.ocx
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [Kernel32] C:\WINNT\SYSTEM\Kernel32.dll
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [velnvcbf] C:\WINNT\System32\velnvcbf.exe
O4 – HKLM\..\Run: [msxct] msxct.exe
O4 – HKLM\..\Run: [rabpdseg] c:\winnt\system32\rabpdseg.exe
O4 – HKLM\..\Run: [Rimhsv] C:\Program Files\Rrahyut\Uesowh.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 – HKCU\..\Run: [qdstqlqr] C:\WINDOWS\qdstqlqr.exe
O4 – HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 – Startup: folder.htt
O4 – Global Startup: folder.htt
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c5.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/2/mailcfg.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {CDCBE0F1–D13A–4F86–A963–3A272D3ABA7E} (VacPro.internazionale_ver15) – http://advnt01.com/dialer/internazionale_ver15.CAB
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{089201FB–A9B4–45AF–8337–9F665F858E87}: NameServer = 195.205.252.2
O17 – HKLM\System\CCS\Services\Tcpip\..\{CE4EBB10–C6B6–49FD–BE2C–662B8F8D7F1D}: NameServer = 195.205.252.2
O17 – HKLM\System\CCS\Services\Tcpip\..\{FFD6FE98–1AE2–47D4–9D50–C97EF50FF9FE}: NameServer = 195.205.252.2
O18 – Filter: text/html – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O18 – Filter: text/plain – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O20 – AppInit_DLLs: w2gyvc6sdcn.tlb
O20 – Winlogon Notify: style2 – C:\WINNT\q922957_disk.dll
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: MATLAB Server (matlabserver) – Unknown owner – C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 – Service: NeroSVC – ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49–7248–911–888
e–mail: info@ahead.de – C:\Program Files\ahead\Nero\Misc\NeroSVC.exe
oto mój problem:
podczas startu wina pojawia sie komunikat błędu:
"explorer.exe wygenerował błędy i zostanie zamknięty. uruchom program ponownie"
po czym czy kliknie OK czy nie on sie zamyka i znowu włacza i poawia sie znowu ten komunikat i tak dopuki do nie zamkne przez menadźer zdarzeń.
log z hijackathisa:
Logfile of HijackThis v1.99.1
Scan saved at 23:19:15, on 05–07–15
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\rundll32.exe
C:\Downloads\rafal\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – (no file)
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:\Program Files\Spybot – Search & Destroy\SDHelper.dll
O2 – BHO: IeCatch2 Class – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {D21734C7–7C7D–458B–A22A–031D43166A37} – C:\WINNT\System32\pggp.dll
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: @msdxmLC.dll,–1@1045,&Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINNT\System32\msdxm.ocx
O4 – HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 – HKLM\..\Run: [Kernel32] C:\WINNT\SYSTEM\Kernel32.dll
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" –osboot
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [velnvcbf] C:\WINNT\System32\velnvcbf.exe
O4 – HKLM\..\Run: [msxct] msxct.exe
O4 – HKLM\..\Run: [rabpdseg] c:\winnt\system32\rabpdseg.exe
O4 – HKLM\..\Run: [Rimhsv] C:\Program Files\Rrahyut\Uesowh.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 – HKCU\..\Run: [qdstqlqr] C:\WINDOWS\qdstqlqr.exe
O4 – HKCU\..\Run: [Konnekt] "C:\Program Files\Konnekt\konnekt.exe" /autostart
O4 – Startup: folder.htt
O4 – Global Startup: folder.htt
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\flashget.exe
O12 – Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c5.cab
O16 – DPF: {37A49D66–2735–4BB9–8503–82BA5E2333D0} (MailCfg Control) – http://poczta.wp.pl/2/mailcfg.ocx
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {CDCBE0F1–D13A–4F86–A963–3A272D3ABA7E} (VacPro.internazionale_ver15) – http://advnt01.com/dialer/internazionale_ver15.CAB
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{089201FB–A9B4–45AF–8337–9F665F858E87}: NameServer = 195.205.252.2
O17 – HKLM\System\CCS\Services\Tcpip\..\{CE4EBB10–C6B6–49FD–BE2C–662B8F8D7F1D}: NameServer = 195.205.252.2
O17 – HKLM\System\CCS\Services\Tcpip\..\{FFD6FE98–1AE2–47D4–9D50–C97EF50FF9FE}: NameServer = 195.205.252.2
O18 – Filter: text/html – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O18 – Filter: text/plain – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O20 – AppInit_DLLs: w2gyvc6sdcn.tlb
O20 – Winlogon Notify: style2 – C:\WINNT\q922957_disk.dll
O23 – Service: Usługa administracyjna Menedźera dysków logicznych (dmadmin) – VERITAS Software Corp. – C:\WINNT\System32\dmadmin.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: MATLAB Server (matlabserver) – Unknown owner – C:\MATLABR11\webserver\bin\matlabserver.exe (file missing)
O23 – Service: NeroSVC – ahead software gmbh
im stoeckmaedle 6
76307 karlsbad, germany
Fax: ++49–7248–911–888
e–mail: info@ahead.de – C:\Program Files\ahead\Nero\Misc\NeroSVC.exe
Odpowiedzi: 2
dzieki!!! juz wszystko smiga jak przedtem!!!
Raczej bezsprzecznie to wina badziewia w systemie wiec temat leci do bezpieczeństwa.
Sciagnij SpSeHjfix112 i uruchom go.
Opróznij Tempy
Usun wpisy, pogrubione pliki/katalogi usun z dysku:
Najprawdopodobniej za resety explorera odpowiada ten ostatni plik.
Dodatkowo przeszukaj rejestr i usun z niego wszystko co zawiera w sobie: style2 oraz {6AC3806F–8B39–4746–9C38–6B01CB7331FF}
Gdyby to nie pomogło podajesz log z Silent Runners.
Sciagnij SpSeHjfix112 i uruchom go.
Opróznij Tempy
Usun wpisy, pogrubione pliki/katalogi usun z dysku:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll/space.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 – BHO: SABHO – {21B4ACC4–8874–4AEC–AEAC–F567A249B4D4} – (no file)
O2 – BHO: (no name) – {D21734C7–7C7D–458B–A22A–031D43166A37} – C:\WINNT\System32\pggp.dll
O4 – HKLM\..\Run: [Kernel32] C:\WINNT\SYSTEM\Kernel32.dll
O4 – HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 – HKLM\..\Run: [velnvcbf] C:\WINNT\System32\velnvcbf.exe
O4 – HKLM\..\Run: [msxct] msxct.exe
O4 – HKLM\..\Run: [rabpdseg] c:\winnt\system32\rabpdseg.exe
O4 – HKLM\..\Run: [Rimhsv] C:\Program Files\Rrahyut\Uesowh.exe
O4 – HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\GOEBF0~1\USTAWI~1\Temp\se.dll,DllInstall
O4 – HKCU\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 – HKCU\..\Run: [qdstqlqr] C:\WINDOWS\qdstqlqr.exe
O4 – Startup: folder.htt
O4 – Global Startup: folder.htt
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c5.cab
O16 – DPF: {CDCBE0F1–D13A–4F86–A963–3A272D3ABA7E} (VacPro.internazionale_ver15) – http://advnt01.com/dialer/internazionale_ver15.CAB
O18 – Filter: text/html – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O18 – Filter: text/plain – {999F3F66–3A3E–46C2–ACDD–E4690EDB30A7} – C:\WINNT\System32\pggp.dll
O20 – AppInit_DLLs: w2gyvc6sdcn.tlb
O20 – Winlogon Notify: style2 – C:\WINNT\q922957_disk.dll
Najprawdopodobniej za resety explorera odpowiada ten ostatni plik.
Dodatkowo przeszukaj rejestr i usun z niego wszystko co zawiera w sobie: style2 oraz {6AC3806F–8B39–4746–9C38–6B01CB7331FF}
Gdyby to nie pomogło podajesz log z Silent Runners.
Strona 1 / 1