Премини към съдържанието
anton82

windows explorer stop working (незнам името на зловредния софтуер) [РЕШЕН]

    Препоръчан отговор


    Здравей те, насочиха ме да направя нова тема . С Windows7 Ultimate x64 Oт преди 6-7 дена зе да изкача това съобщение: windows explorer has stop working когато стартирам някой видео файл или стартирам уиндоус експлорера a по някой път и когато стартирам иконата My Computer (до колкото разбрах съм се заразил с нещо ама незнам с какво точно ,антивирусната ми програма е ЕСЕТ НОД32 и не открива никакви заразени фаилове.имам и диск с windows7 ) Ето и : Аttach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume2 Install Date: 5/31/2011 09:55:01 System Uptime: 7/24/2011 15:53:50 (3 hours ago) . Motherboard: BIOSTAR Group | | TP45D2-A7 Processor: Pentium® Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 2604/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 40 GiB total, 11.229 GiB free. D: is FIXED (NTFS) - 75 GiB total, 71.502 GiB free. E: is FIXED (NTFS) - 211 GiB total, 180.88 GiB free. F: is FIXED (NTFS) - 215 GiB total, 157.541 GiB free. G: is CDROM (UDF) H: is CDROM (CDFS) I: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP53: 7/23/2011 19:21:35 - Installed DirectX . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Apple Application Support Apple Software Update Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy CCC Help English DAEMON Tools Lite Gears of War LogMeIn Hamachi Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Mozilla Firefox (3.6.18) QuickTime Resident Evil 5 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Skype™ 4.2 World of Tanks v.0.6.5 Xilisoft HD Video Converter 6 . ==== Event Viewer Messages From Past Week ======== . 7/24/2011 14:16:43, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error. 7/23/2011 23:19:47, Error: bowser [8003] - The master browser has received a server announcement from the computer VAN-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{7B621CF3-4251-4174-BDA4-C46129303814}. The master browser is stopping or an election is being forced. 7/20/2011 23:17:07, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== Ето го и DDS.txt . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by anton at 18:53:11 on 2011-07-24 Microsoft Windows 7 Ultimate 6.1.7601.1.1251.359.1033.18.4095.2869 [GMT 3:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Connectify\Connectifyd.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe C:\Windows\explorer.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.bg/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 91.139.252.2 TCP: Interfaces\{16B5D40D-C403-4E3D-AD37-832E3E1601EB} : NameServer = 192.168.2.1 TCP: Interfaces\{911FD708-273C-4D76-91FC-6F6E34CFFE30} : DhcpNameServer = 91.139.252.2 TCP: Interfaces\{C027F89C-8CAD-4A38-8316-68B060ED1A97} : NameServer = 192.168.2.1 TCP: Interfaces\{FD2C970D-81BD-4C97-B04D-6D8BAFBA3575} : NameServer = 192.168.2.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\anton\AppData\Roaming\Mozilla\Firefox\Profiles\m6v5zgv8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files\Mozilla Plugins\npitunes.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} . ============= SERVICES / DRIVERS =============== . R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 Connectify;Connectify;C:\Program Files (x86)\Connectify\Connectifyd.exe [2011-3-10 892992] R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-5 810144] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-5-26 2275720] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 connctfyMP;connctfyMP;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576] S3 connctfy;Connectify Service;C:\Windows\system32\DRIVERS\connctfy.sys --> C:\Windows\system32\DRIVERS\connctfy.sys [?] S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?] S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2011-07-24 11:06:37 -------- d-----w- C:\ProgramData\Xilisoft 2011-07-24 11:06:37 -------- d-----w- C:\Program Files (x86)\Xilisoft 2011-07-23 12:15:42 -------- d-----w- C:\Program Files (x86)\uTorrent 2011-07-23 12:14:52 -------- d-----w- C:\Users\anton\AppData\Roaming\uTorrent 2011-07-22 09:59:19 8578896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFA39BBC-79C6-44B0-A0C8-C9E300C77708}\mpengine.dll 2011-07-21 13:33:17 -------- d-----w- C:\Users\anton\AppData\Roaming\Xilisoft 2011-07-20 20:17:19 -------- d-----w- C:\Program Files\Mozilla Plugins 2011-07-20 20:17:18 -------- d-----w- C:\Program Files\iTunesHelper.Resources 2011-07-20 20:16:55 -------- d-----w- C:\Program Files\iPod 2011-07-20 20:16:54 -------- d-----w- C:\Program Files\iTunes 2011-07-20 20:16:54 -------- d-----w- C:\Program Files\CD Configuration 2011-07-20 20:13:37 -------- d-----w- C:\Program Files\Bonjour 2011-07-20 20:13:37 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-07-19 15:29:08 293736 ----a-w- C:\Program Files\iTunesOutlookAddIn.dll 2011-07-19 15:29:00 421736 ----a-w- C:\Program Files\iTunesHelper.exe 2011-07-19 15:29:00 168296 ----a-w- C:\Program Files\iTunesHelper.dll 2011-07-19 15:28:58 403304 ----a-w- C:\Program Files\iTunesAdmin.dll 2011-07-19 15:28:56 9777512 ----a-w- C:\Program Files\iTunes.exe 2011-07-19 15:28:46 19655528 ----a-w- C:\Program Files\iTunes.dll 2011-07-19 15:28:42 792424 ----a-w- C:\Program Files\gnsdk_sdkmanager.dll 2011-07-19 15:28:42 276328 ----a-w- C:\Program Files\gnsdk_submit.dll 2011-07-19 15:28:42 2742120 ----a-w- C:\Program Files\gnsdk_dsp.dll 2011-07-19 15:28:42 198504 ----a-w- C:\Program Files\gnsdk_musicid.dll 2011-07-13 22:42:16 111904 ----a-w- C:\Program Files\ITDetector.ocx 2011-07-13 11:11:55 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-13 11:11:55 338944 ----a-w- C:\Windows\System32\conhost.exe 2011-07-13 11:11:55 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-07-13 11:11:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-13 11:11:53 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-13 11:11:53 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-13 11:11:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-13 11:11:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-13 11:11:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-13 11:11:52 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-13 11:11:49 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-12 08:43:22 -------- d-----w- C:\Users\anton\AppData\Roaming\Day 1 Studios 2011-07-12 08:43:16 -------- d-----w- C:\Users\anton\AppData\Local\ALI213 2011-07-12 08:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 08:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 08:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 08:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 08:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 08:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 08:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 08:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-05 17:28:26 -------- d-----w- C:\Users\anton\dwhelper 2011-07-05 17:17:12 -------- d-----w- C:\Users\anton\AppData\Roaming\Microsoft Games 2011-07-05 17:09:00 -------- d-----w- C:\Program Files (x86)\Common Files\Microsoft Games 2011-07-05 16:34:56 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2011-07-05 16:34:42 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2011-07-05 16:33:50 -------- d-----w- C:\Users\anton\AppData\Roaming\DAEMON Tools Lite 2011-07-05 16:33:50 -------- d-----w- C:\ProgramData\DAEMON Tools Lite 2011-07-01 01:36:17 -------- d-----w- C:\Program Files\Common Files\ATI Technologies 2011-07-01 01:36:17 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies 2011-07-01 01:36:03 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2011-07-01 01:30:20 -------- d-----w- C:\Program Files (x86)\AMD APP 2011-07-01 01:28:26 -------- d-----w- C:\Program Files\ATI Technologies 2011-06-29 02:34:08 -------- d-----w- C:\Users\anton\AppData\Local\ESET 2011-06-28 04:30:01 -------- d-----w- C:\Users\anton\AppData\Roaming\Thinstall 2011-06-28 04:30:01 -------- d-----w- C:\Users\anton\AppData\Local\Thinstall . ==================== Find3M ==================== . 2011-06-22 16:46:34 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys 2011-06-04 19:42:10 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-06-04 19:42:10 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-05-31 06:47:02 0 ----a-w- C:\Windows\ativpsrm.bin 2011-05-28 03:30:09 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-05-28 02:53:58 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-05-25 06:44:04 16672768 ----a-w- C:\Windows\System32\amdocl64.dll 2011-05-25 06:43:50 12798976 ----a-w- C:\Windows\SysWow64\amdocl.dll 2011-05-24 16:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe 2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll 2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll 2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll 2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll 2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe 2011-05-10 15:06:08 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2011-05-10 15:06:08 4517664 ----a-w- C:\Windows\System32\usbaaplrc.dll 2011-05-05 08:28:10 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-05-05 08:27:58 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll 2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll 2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll 2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll 2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll 2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe 2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe 2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe 2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll 2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll 2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll 2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll 2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll 2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll 2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe 2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe 2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe 2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys 2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS 2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys . ============= FINISH: 18:54:07.00 ===============

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Здравейте,

    Инсталирали ли сте наскоро някакви програми ?

    Windows-a обновяван ли е, защото често от MS пускат кръпки за подобни проблеми.

    Проблема само при папки с видеосъдържание ли се получава ?

    Възможно е и да не се държи на зловредна активност. В офиса на служебния компютър се появи подобен проблем на папките с видеосъдържание, като всички изпробвани досега методи като:

    - изключване на Preview-то на видеофайловете

    - забраняване на thumbnails на видеофайловете

    - проверка и отстраняването на некоректните добавки от контекстното меню

    - проверка за гадинки и т.н.

    не донесоха успех. Подозирам, че проблемите се причиниха от една от функциите на HitMan Pro запушваща LNK уязвимост KB 2286198. Макар да изключих опцията с програмата ShellExView, проблема си остана. Само една възможност там не съм пробвал, но и нямам право е да използвам Windows Update, защото все пак работим с видеоредактиращ софтуер и може да се сбъгяса съвместимостта с някое приложение.

    Все пак да проверим всички възможности при вас:

    Изтеглете Microsoft AutoRuns

    Разархивирайте AutoRuns в негова собствена папка и стартирайте файла autoruns.exe

    1. Изберете Options -> Hide Microsoft and Windows Entries

    2. Изберете File -> Refresh или бутона (F5)

    3. Изберете File -> Save as

    Изберете да запазите файла някъде (важно задайте разширение на файла от падащото меню - txt) и след това ,използвайки Copy/Paste , поставете този log файл в отговора си.

    Изтеглете aswMBR и го запазете на вашия десктоп.

    • Кликнете с двоен клин на мишката върху файла aswMBR.exe за да го стартирате.
    • Изберете Scan бутона, за да започне проверката.
    • Когато проверката завърши, натиснете бутона save log, запазете съдържанието на лог файла на десктопа и публикувайте съдържанието му в следващия си коментар.
    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ето го autoruns.log "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "egui" "ESET GUI" "ESET" "c:\program files\eset\eset nod32 antivirus\egui.exe" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "StartCCC" "Catalyst® Control Center Launcher" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\clistart.exe" "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" "" + "Internet Explorer" "" "" "File not found: start" + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe" "HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" "" + "Internet Explorer" "" "" "File not found: start" + "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe" "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" "" + "DAEMON Tools Lite" "DAEMON Tools Lite" "DT Soft Ltd" "c:\program files (x86)\daemon tools lite\dtlite.exe" + "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe" "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" "" + "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\shellext.dll" + "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\x86\shellext.dll" + "WinRAR" "" "" "c:\program files\winrar\rarext.dll" + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" "" + "WinRAR" "" "" "c:\program files\winrar\rarext.dll" + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" "" + "WinRAR" "" "" "c:\program files\winrar\rarext.dll" "HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers" "" "" "" + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" "" + "ACE" "AMD Desktop Control Panel" "Advanced Micro Devices, Inc." "c:\program files (x86)\ati technologies\ati.ace\core-static\atiacm64.dll" + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll" + "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll" "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" "" + "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\shellext.dll" + "ESET Smart Security - Context Menu Shell Extension" "Shell Extension" "ESET" "c:\program files\eset\eset nod32 antivirus\x86\shellext.dll" + "WinRAR" "" "" "c:\program files\winrar\rarext.dll" + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" "" + "WinRAR" "" "" "c:\program files\winrar\rarext.dll" + "WinRAR32" "" "" "c:\program files\winrar\rarext32.dll" "Task Scheduler" "" "" "" + "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe" + "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe" + "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs" + "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe" + "\{1B359D39-7B46-45A3-B97F-6A00A56C9F07}" "Skype " "Skype Technologies S.A." "c:\program files (x86)\skype\phone\skype.exe" "HKLM\System\CurrentControlSet\Services" "" "" "" + "AMD External Events Utility" "AMD External Events Service Module" "AMD" "c:\windows\system32\atiesrxx.exe" + "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe" + "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files (x86)\bonjour\mdnsresponder.exe" + "Connectify" "Turns your computer into a WiFi hotspot" "Connectify" "c:\program files (x86)\connectify\connectifyd.exe" + "EhttpSrv" "ESET HTTP Server" "ESET" "c:\program files\eset\eset nod32 antivirus\ehttpsrv.exe" + "ekrn" "ESET Service" "ESET" "c:\program files\eset\eset nod32 antivirus\x86\ekrn.exe" + "Hamachi2Svc" "Hamachi2 Client Tunneling Engine" "LogMeIn Inc." "c:\program files (x86)\logmein hamachi\hamachi-2.exe" + "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe" + "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll" + "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe" "HKLM\System\CurrentControlSet\Services" "" "" "" + "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys" + "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys" + "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys" + "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys" + "amdkmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" + "amdkmdap" "AMD multi-vendor Miniport Driver" "Advanced Micro Devices, Inc." "c:\windows\system32\drivers\atikmpag.sys" + "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys" + "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys" + "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys" + "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys" + "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys" + "AtiHDAudioService" "AMD High Definition Audio Function Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\atihdw76.sys" + "atikmdag" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys" + "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys" + "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys" + "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys" + "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys" + "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys" + "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys" + "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys" + "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys" + "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys" + "connctfy" "NDIS helper driver" "Connectify" "c:\windows\system32\drivers\connctfy.sys" + "connctfyMP" "NDIS helper driver" "Connectify" "c:\windows\system32\drivers\connctfy.sys" + "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys" + "eamonm" "Eset file on-access scanner" "ESET" "c:\windows\system32\drivers\eamonm.sys" + "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys" + "ehdrv" "Eset Helper driver" "ESET" "c:\windows\system32\drivers\ehdrv.sys" + "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys" + "epfwwfpr" "EPFW Filter Driver" "ESET" "c:\windows\system32\drivers\epfwwfpr.sys" + "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys" + "GPU-Z" "" "" "File not found: C:\Users\anton\AppData\Local\Temp\GPU-Z.sys" + "hamachi" "Hamachi Virtual Network Interface Driver" "LogMeIn, Inc." "c:\windows\system32\drivers\hamachi.sys" + "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys" + "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys" + "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys" + "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys" + "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys" + "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys" + "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys" + "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys" + "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys" + "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys" + "netr28ux" "Ralink 802.11n Wireless Adapter Driver" "Ralink Technology Corp." "c:\windows\system32\drivers\netr28ux.sys" + "netr7364" "Ralink 802.11 USB Wireless Adapter Driver" "Ralink Technology, Corp." "c:\windows\system32\drivers\netr7364.sys" + "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys" + "nvraid" "NVIDIA® nForce RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys" + "nvstor" "NVIDIA® nForce Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys" + "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys" + "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys" + "RTL8167" "Realtek 8101E/8168/8169 NDIS 6.20 64-bit Driver " "Realtek Corporation " "c:\windows\system32\drivers\rt64win7.sys" + "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys" + "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys" + "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys" + "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys" + "Synth3dVsc" "" "" "File not found: System32\drivers\synth3dvsc.sys" + "tsusbhub" "@%SystemRoot%\system32\drivers\tsusbhub.sys,-2" "" "File not found: system32\drivers\tsusbhub.sys" + "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys" + "VGPU" "" "" "File not found: System32\drivers\rdvgkmd.sys" + "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys" + "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys" "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm" + "VIDC.FFDS" "" "" "c:\windows\system32\ff_vfw.dll" "HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" "" + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm" + "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll" "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" + "AC3File" "" "" "c:\program files\klcp64\filters\ac3file64.ax" + "DirectVobSub" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\klcp64\filters\vsfilter.dll" + "DirectVobSub (auto-loading version)" "VobSub & TextSub filter for DirectShow/VirtualDub/Avisynth" "MPC-HC Team" "c:\program files\klcp64\filters\vsfilter.dll" + "ffdshow Audio Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "ffdshow Audio Processor" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "ffdshow DXVA Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "ffdshow raw video filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "ffdshow subtitles filter" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "ffdshow Video Decoder" "DirectShow and VFW video and audio decoding/encoding/processing filter" "" "c:\program files\klcp64\ffdshow\ffdshow.ax" + "Haali Matroska Muxer" "Haali Media Splitter" "" "c:\program files\klcp64\filters\haali\splitter.x64.ax" + "Haali Media Splitter" "Haali Media Splitter" "" "c:\program files\klcp64\filters\haali\splitter.x64.ax" + "Haali Media Splitter (AR)" "Haali Media Splitter" "" "c:\program files\klcp64\filters\haali\splitter.x64.ax" + "Haali Simple Media Splitter" "Haali Media Splitter" "" "c:\program files\klcp64\filters\haali\splitter.x64.ax" + "Haali Video Sink" "Haali Media Splitter" "" "c:\program files\klcp64\filters\haali\splitter.x64.ax" + "MPC - FLV Source (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\flvsplitter.ax" + "MPC - FLV Splitter (Gabest)" "FLV Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\flvsplitter.ax" + "MPC - MP4 Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mp4splitter.ax" + "MPC - MP4 Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mp4splitter.ax" + "MPC - MPEG Audio Source" "Mpa Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mpasplitter.ax" + "MPC - MPEG Audio Splitter" "Mpa Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mpasplitter.ax" + "MPC - Mpeg Source (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mpegsplitter.ax" + "MPC - Mpeg Splitter (Gabest)" "Mpeg Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mpegsplitter.ax" + "MPC - MPEG4 Video Source" "MP4 Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mp4splitter.ax" + "MPC - MPEG4 Video Splitter" "MP4 Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\mp4splitter.ax" + "MPC - RealAudio Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\realmediasplitter.ax" + "MPC - RealMedia Source" "RealMedia Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\realmediasplitter.ax" + "MPC - RealMedia Splitter" "RealMedia Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\realmediasplitter.ax" + "MPC - RealVideo Decoder" "RealMedia Splitter" "MPC-HC Team" "c:\program files\klcp64\filters\realmediasplitter.ax" "HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" "" + "AsyncEx" "" "" "File not found: C:\Users\anton\AppData\Roaming\WindSolutions\CopyTransManager\CopyTransManager.ax" + "ATI Ticker" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\ticker.ax" + "MMACE Deinterlace" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "MMACE ProcAmp" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "MMACE SoftEmu" "" "" "c:\program files (x86)\ati technologies\ati.ace\graphics-previews-common\mmacefilters.dll" + "QQ Source" "ImTOO Software Studio" "ImTOO Software Studio" "c:\program files (x86)\xilisoft\hd video converter 6\yuvsrc.ax" + "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax" + "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax" + "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax" + "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\windows\syswow64\realmediasplitter.ax" "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" "" + "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll" "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" "" + "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll" "C:\Users\anton\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" "" + "CPU Meter" "See the current computer CPU and system memory (RAM)." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\Gadget.xml" ето го и aswMBR.log aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software Run date: 2011-07-25 00:00:34 ----------------------------- 00:00:34.354 OS Version: Windows x64 6.1.7601 Service Pack 1 00:00:34.354 Number of processors: 2 586 0x170A 00:00:34.356 ComputerName: ANTON-PC UserName: anton 00:00:35.383 Initialize success 00:01:25.541 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 00:01:25.544 Disk 0 Vendor: ST380011A 8.10 Size: 76319MB BusType: 3 00:01:25.548 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-2 00:01:25.551 Disk 1 Vendor: Hitachi_HDP725050GLA360 GM4OA5CA Size: 476940MB BusType: 3 00:01:25.570 Disk 1 MBR read successfully 00:01:25.574 Disk 1 MBR scan 00:01:25.579 Disk 1 Windows 7 default MBR code 00:01:25.583 Service scanning 00:01:27.724 Modules scanning 00:01:27.730 Disk 1 trace - called modules: 00:01:27.738 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 00:01:27.745 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa8004c3d060] 00:01:27.751 3 CLASSPNP.SYS[fffff880019c043f] -> nt!IofCallDriver -> [0xfffffa8004722580] 00:01:27.757 5 ACPI.sys[fffff88000eef7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004724060] 00:01:27.767 Scan finished successfully 00:02:11.339 Disk 1 MBR has been saved successfully to "C:\Users\anton\Desktop\MBR.dat" 00:02:11.367 The log file has been saved successfully to "C:\Users\anton\Desktop\aswMBR.txt" П,п. Да само на един видео файл ми го прави този номер а по някой път и като отворя My Computer (от иконата) Ето току що изпразих кошчето и се появи това windows explorer has stop working

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    До момента в логовете не виждам никаква зловредна активност...все пак да направим още няколко проверки:

    • Изтеглете Malwarebytes' Anti-Malware оттук и я инсталирайте.
    • Стартирайте Malwarebytes' Anti-Malware и отидете на UPDATE и натиснете Check for updates.
    • След това се върнете на Scanner изберете Perform QUICK Scan, след това кликнете на Scan.
    • Сканирането ще отнеме малко време, затова моля бъдете търпеливи.
    • Когато сканирането завърши, кликнете на OK, след това Show Results, за да видите резултата.
    • Уверете се, че на всички редове има отметки, и кликнете Remove Selected.
    • Когато всичко бъде премахнато, логът ще бъде отворен в Notepad. Копирайте лога и го публикувайте в следващия си коментар в темата.

    Забележка: Ако MalwareBytes' Anti-Malware се затрудни в премахването на откритите вируси/заплахи, той ще поиска да рестартира компютъра и по време на рестартирането да премахне проблемните вируси/заплахи. Ако бъдете попитани, потвърдете че желаете вашия компютър да бъде рестартиран.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    хах MalwareBytes anti-Malware намери троянски коне :zipper: ето го .log-а Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7270 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 7/25/2011 12:11:52 mbam-log-2011-07-25 (12-11-51).txt Scan type: Quick scan Objects scanned: 163339 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 16 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\anton\Desktop\eset nod32 & smart security key finder v8 final.exe (Riskware.KG) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_10\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_10\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_11\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_11\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_12\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_12\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_4\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_6\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_6\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_7\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_7\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_8\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_8\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_9\AutoPlay\Docs\eset login viewer v1.4.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully. c:\Users\anton\AppData\Local\Temp\ir_ext_temp_9\AutoPlay\Docs\TNODUP.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    По-скоро е намерила нещата които използвате за нелегални обновявания на NOD32.

    Предполагам, че няма промяна... Да пробваме още няколко неща:

    Отворете Start => долу в търсачката напишете CMD и натиснете Enter

    В конзолата въведете следната команда:

    regsvr32 /u shmedia.dll

    Това ще премахне Preview функцията на video файлове и може да реши проблема.

    Ако проблема остане тогава трябва да продължим да търсим:

    - Изтеглете програмата ShellExView

    Разархивирайте файла и стартирайте shellexview.exe. Изчакайте да сканира системата и след това подредете резултатите по тип "просто натиснете колонката" TYPE.

    Направете снимка (screenshot) и я публикувайте в следващия си коментар.

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    ето тази грешка излиза когато напиша в конзолата (CMD) командата regsvr32 /u shmedia.dll прикачам снимка на грешката .

    и снимки на Shellexview (само че за Shellexview като спре сканирането и натисна TYPE надоло и настрани продължава и незнам начин как да го побликувам в една цяла снимка затова съм ги номерирал с 01,02,03,04 и 05

    post-172102-0-90413900-1311590005_thumb.

    post-172102-0-30037200-1311591767_thumb.

    post-172102-0-99418800-1311591851_thumb.

    post-172102-0-77187600-1311591881_thumb.

    post-172102-0-94422100-1311591908_thumb.

    post-172102-0-88937500-1311591934_thumb.

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Мда...извинявам се. Забравих, че командата не бачка при Windows 7.

    Прегледах и снимките и не подозирам никоя от добавките за създаването на проблема.

    Долу от търсачката на Start менюто въведете командата:

    C:\Windows\System32\rundll32.exe shell32.dll,Options_RunDLL 7

    Сложете отметка пред Always show icons, never thumbnails

    Публикувано изображение

    Също така изтеглете K-Lite Codec Tweak Tool 5.0.5

    Стартирайте инструмента => отидете то thumbnails settings => натиснете Select None => натиснете Apply & Close.

    Публикувано изображение

    Затворете инструмента.

    Пишете за резултата.

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Златен си бате :yanim: дразнещия проблем(windows explorer has stopped working ) изчезна специално за отварянето на видео файлa. Бях споменал че проблема се появява когато стартирам уиндоус експлорера или когато отворя иконата на My Computer за сега не се появява (според мене с моите малки разбирания в тази среда се е бъгясал windows player-a нещо и ходи разбери какво е :) ) П.П.ako ,има още някоя програмка или изнструмент който (трябва ) да се пробва казвай те

    Редактирано от anton82 (преглед на промените)
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ако продължи да крашва да направим следното.

    Копирайте следната информация с copy/paste в Notepad:

    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindows Error ReportingLocalDumpsExplorer.exe]"DumpType"=dword:00000002[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsWindows Error ReportingLocalDumpsExplorer.exe]"DumpFolder"=hex(2):43,00,3a,00,5c,00,43,00,72,00,61,00,73,00,68,00,44,00,75,00,6d,00,70,00,73,00,00,00
    Запазете файла с име crash.reg
    Иконата на файла трябва да изглежда така - Публикувано изображение

    Стартирайте файла и изберете YES на въпроса от диалоговия прозорец.

    При следващия краш би трябвало да се създаде лог файл в папката C:CrashDumps
    Архивирайте файла и го прикачете към следващия си коментар.
    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Ами за сега не се е показвал този проблем .Изпълних файла който казахте и чакам да видим дали ще крашне пак (дано да не се появява повече това дразнещо нещо )но за сега си е наред дано и в бъдеще остане така но ако се повтори проблема отново ще пиша . БЛАГОДАРЯ ВИ още веднъж за отделеното време , имате една почерпка от мене :yanim:

    • Харесва ми 1

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    За нищо...ако се появи проблем, пишете пак...имам още 2-3 коза скрити в ръкава. :yanim: Лек ден засега ! :)

    • Харесва ми 2

    Сподели този отговор


    Линк към този отговор
    Сподели в други сайтове

    Регистрирайте се или влезете в профила си за да коментирате

    Трябва да имате регистрация за да може да коментирате това

    Регистрирайте се

    Създайте нова регистрация в нашия форум. Лесно е!

    Нова регистрация

    Вход

    Имате регистрация? Влезте от тук.

    Вход


    ×

    Информация

    Този сайт използва бисквитки (cookies), за най-доброто потребителско изживяване. С използването му, вие приемате нашите Условия за ползване.