Forum » Operacijski sistemi » Windows\explorer.exe Buffer overrun
Windows\explorer.exe Buffer overrun
heftek ::
Buffer overrun detected!
Program C:WINDOWS\EXPLORER.EXE
--------------------------------------------------
No verjetno je že morda imel to težavo ali pa tudi ne...stvar je pač ta da ko kliknše OK se ti orodna vrstica "resetira" in ponovno pojavi nazaj z vsemi programi in ponvno z tem obvestilom. Imam AV Kaspersky zadnjo verzijo(updejtano)+Ad-aware in preskeniro pa našo nekaj, zbrisal pa očitno nič pomagalo. Prilimal sem tudi sliko od Hijackthis v kolikor se kdo spozna, bi bil zelo zelo hvaležen za pomoč.
LP Uroš
PS če kaj nisem prilimal ali pozabil mi povejte, pa bom prilimo :)
StartupList report, 4.4.2007, 22:05:57
StartupList version: 1.52
Started from : C:\Program Files\Hijack\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundService = rundll32.exe "C:\WINDOWS\system32\cuqkvxfj.dll",setvm
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
1-Click Maintenance.job
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[{0000000A-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/...
[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/ms...
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/Mi...
[{2B323CD9-50E3-11D3-9466-00A0C9700498}]
CODEBASE = http://jcs.chat.dcn.yahoo.com/v45/yacsc...
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/...
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupda...
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup...
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/7d90...
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Me...
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan...
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/C...
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMe...
[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/binFramework/v10/ZI...
[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.c...
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shoc...
[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/zone/datafiles/heart...
[McFreeScan Class]
CODEBASE = http://download.mcafee.com/molbin/iss-l...
[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://by12fd.bay12.hotmail.msn.com/act...
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab
[MCSendMessageHandler Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MISBH.dll
CODEBASE = http://xtraz.icq.com/xtraz/activex/MISB...
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #2: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #3: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #4: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #5: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #11: C:\Program Files\NetLimiter\nl_lsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
Program C:WINDOWS\EXPLORER.EXE
--------------------------------------------------
No verjetno je že morda imel to težavo ali pa tudi ne...stvar je pač ta da ko kliknše OK se ti orodna vrstica "resetira" in ponovno pojavi nazaj z vsemi programi in ponvno z tem obvestilom. Imam AV Kaspersky zadnjo verzijo(updejtano)+Ad-aware in preskeniro pa našo nekaj, zbrisal pa očitno nič pomagalo. Prilimal sem tudi sliko od Hijackthis v kolikor se kdo spozna, bi bil zelo zelo hvaležen za pomoč.
LP Uroš
PS če kaj nisem prilimal ali pozabil mi povejte, pa bom prilimo :)
StartupList report, 4.4.2007, 22:05:57
StartupList version: 1.52
Started from : C:\Program Files\Hijack\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\LightSurf\Common\IconMgr.exe
C:\Program Files\LightSurf\Colorific\hgcctl95.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijack\HijackThis.exe
--------------------------------------------------
Listing of startup folders:
Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
LightSurf.lnk = C:\Program Files\LightSurf\Common\IconMgr.exe
--------------------------------------------------
Checking Windows NT UserInit:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SoundService = rundll32.exe "C:\WINDOWS\system32\cuqkvxfj.dll",setvm
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
HP Software Update = C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
{0228e555-4f9c-4e35-a3ec-b109a192b4c2} = C:\Program Files\Google\Gmail Notifier\gnotify.exe
ATIPTA = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
AVP = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
updateMgr = C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
Shell & screensaver key from Registry:
Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
Policies Shell key:
HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*
--------------------------------------------------
Enumerating Task Scheduler jobs:
1-Click Maintenance.job
AppleSoftwareUpdate.job
--------------------------------------------------
Enumerating Download Program Files:
[{0000000A-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/...
[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/ms...
[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zone.msn.com/binary/Mi...
[{2B323CD9-50E3-11D3-9466-00A0C9700498}]
CODEBASE = http://jcs.chat.dcn.yahoo.com/v45/yacsc...
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/...
[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupda...
[MUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup...
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx
CODEBASE = http://a840.g.akamai.net/7/840/537/7d90...
[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Me...
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://www.pandasoftware.com/activescan...
[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/C...
[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMe...
[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://zone.msn.com/binFramework/v10/ZI...
[{B9191F79-5613-4C76-AA2A-398534BB8999}]
CODEBASE = http://us.dl1.yimg.com/download.yahoo.c...
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shoc...
[{E5D419D6-A846-4514-9FAD-97E826C84822}]
CODEBASE = http://fdl.msn.com/zone/datafiles/heart...
[McFreeScan Class]
CODEBASE = http://download.mcafee.com/molbin/iss-l...
[Hotmail Attachments Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx
CODEBASE = http://by12fd.bay12.hotmail.msn.com/act...
[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab
[MCSendMessageHandler Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MISBH.dll
CODEBASE = http://xtraz.icq.com/xtraz/activex/MISB...
--------------------------------------------------
Enumerating Winsock LSP files:
Protocol #1: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #2: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #3: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #4: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #5: C:\Program Files\NetLimiter\nl_lsp.dll
Protocol #11: C:\Program Files\NetLimiter\nl_lsp.dll
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | analiza hijack thisOddelek: Pomoč in nasveti | 1947 (1727) | klaudija |
| » | Regedit in brisanje ključaOddelek: Pomoč in nasveti | 4412 (4203) | Silvano |
| » | Optimizacija Win XPOddelek: Operacijski sistemi | 3007 (2746) | jan01 |
| » | Trojanski konjOddelek: Pomoč in nasveti | 4114 (3725) | KaiCris |
| » | zajedalski spywareOddelek: Operacijski sistemi | 2614 (2281) | hunter01 |