Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Right click on explorer.exe --> module error: shell32.dll


  • This topic is locked This topic is locked
9 replies to this topic

#1 HazFener

HazFener

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 January 2014 - 06:29 AM

Hello,

 

I have problem with windows explorer. When i right click on Hard Disk C:, a message appears and saying "Explorer.exe must restart". I used eventvwr.exe to see what kind of problem was. It said that the problem is caused by the module shell32.dll. So i looked for solutions in Internet. I used the command sfs /scannow but it said none file was modified. Then i used Combofix in following instructions given on this forum.

So i need someone capable of reading files produced by combofix.

 

                                    Thanks you for your help

 

ComboFix 14-01-08.03 - julien 11/01/2014  11:56:46.1.4 - x64
Microsoft Windows 7 Édition Familiale Premium   6.1.7601.1.1252.33.1036.18.4010.1825 [GMT 1:00]
Lancé depuis: c:\users\julien\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\wininit.ini
D:\install.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2013-12-11 au 2014-01-11  ))))))))))))))))))))))))))))))))))))
.
.
2014-01-11 09:04 . 2013-09-20 09:49 21040 ----a-w- c:\windows\system32\sdnclean64.exe
2014-01-10 21:50 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-10 21:45 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{05CA4B4C-0165-4AC6-BED8-85377EADE342}\mpengine.dll
2014-01-10 21:37 . 2014-01-10 21:37 -------- d-----w- c:\users\UpdatusUser\AppData\Local\Microsoft
2014-01-10 15:02 . 2014-01-10 15:02 -------- d-----w- c:\users\julien\AppData\Roaming\Malwarebytes
2014-01-10 15:01 . 2014-01-10 15:01 -------- d-----w- c:\programdata\Malwarebytes
2014-01-10 15:01 . 2014-01-10 21:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-10 14:05 . 2014-01-11 09:04 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-01-10 14:05 . 2014-01-11 09:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-10 14:05 . 2014-01-10 14:05 -------- d-----w- c:\users\julien\AppData\Local\Programs
2013-12-27 07:46 . 2013-12-27 07:46 -------- d-----w- c:\program files (x86)\StarUML
2013-12-26 16:47 . 2014-01-10 21:35 -------- d-----w- c:\users\julien\AppData\Local\Eclipse
2013-12-26 16:45 . 2014-01-10 21:31 -------- d-----w- c:\program files (x86)\eclipse
.
.
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 10:51 . 2012-07-29 14:26 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-11 20:07 . 2012-08-05 14:14 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 20:07 . 2012-08-05 14:14 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-03 23:33 . 2013-12-03 23:33 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-03 23:33 . 2013-12-03 23:33 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-03 23:32 . 2013-12-03 23:32 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-03 23:32 . 2013-12-03 23:32 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-03 23:32 . 2013-12-03 23:32 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-03 23:32 . 2013-12-03 23:32 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-03 23:32 . 2013-12-03 23:32 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-03 23:32 . 2013-12-03 23:32 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-03 23:32 . 2013-12-03 23:32 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-03 23:32 . 2013-12-03 23:32 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-03 23:32 . 2013-12-03 23:32 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-03 23:32 . 2013-12-03 23:32 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-03 23:32 . 2013-12-03 23:32 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-03 23:32 . 2013-12-03 23:32 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-03 23:32 . 2013-12-03 23:32 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-03 23:32 . 2013-12-03 23:32 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-03 23:32 . 2013-12-03 23:32 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-03 23:32 . 2013-12-03 23:32 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-03 23:32 . 2013-12-03 23:32 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-03 23:32 . 2013-12-03 23:32 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-03 23:32 . 2013-12-03 23:32 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-03 23:32 . 2013-12-03 23:32 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-03 23:32 . 2013-12-03 23:32 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-03 23:32 . 2013-12-03 23:32 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-03 23:32 . 2013-12-03 23:32 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-03 23:32 . 2013-12-03 23:32 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-03 23:32 . 2013-12-03 23:32 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-03 23:32 . 2013-12-03 23:32 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-03 23:32 . 2013-12-03 23:32 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-03 23:32 . 2013-12-03 23:32 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-03 23:32 . 2013-12-03 23:32 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-03 23:32 . 2013-12-03 23:32 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-03 23:32 . 2013-12-03 23:32 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-03 23:32 . 2013-12-03 23:32 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-03 23:32 . 2013-12-03 23:32 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-03 23:32 . 2013-12-03 23:32 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-03 23:32 . 2013-12-03 23:32 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-03 23:32 . 2013-12-03 23:32 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-03 23:32 . 2013-12-03 23:32 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-03 23:32 . 2013-12-03 23:32 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-03 23:32 . 2013-12-03 23:32 413696 ----a-w- c:\windows\system32\html.iec
2013-12-03 23:32 . 2013-12-03 23:32 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 23:32 . 2013-12-03 23:32 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-03 23:32 . 2013-12-03 23:32 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-03 23:32 . 2013-12-03 23:32 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-03 23:32 . 2013-12-03 23:32 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-03 23:32 . 2013-12-03 23:32 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-03 23:32 . 2013-12-03 23:32 235520 ----a-w- c:\windows\system32\url.dll
2013-12-03 23:32 . 2013-12-03 23:32 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-03 23:32 . 2013-12-03 23:32 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-03 23:32 . 2013-12-03 23:32 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-03 23:32 . 2013-12-03 23:32 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-03 23:32 . 2013-12-03 23:32 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-03 23:32 . 2013-12-03 23:32 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-12-03 23:32 . 2013-12-03 23:32 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-03 23:32 . 2013-12-03 23:32 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-03 23:32 . 2013-12-03 23:32 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-03 23:32 . 2013-12-03 23:32 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-03 23:32 . 2013-12-03 23:32 101376 ----a-w- c:\windows\system32\inseng.dll
2013-11-26 11:54 . 2013-12-11 22:17 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-11 22:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-11 22:17 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-11 22:17 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-11 22:17 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-11 22:17 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-11 22:17 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-11 22:17 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-11 22:17 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-11 22:17 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-11 22:17 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-11 22:17 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-11 22:17 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-11 22:17 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-11 22:17 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-11 22:17 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-11 22:17 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-11 22:17 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-11 22:17 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-11 22:17 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-11 22:17 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-11 22:17 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-11 22:17 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-11 22:17 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-11 11:36 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 11:36 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-19 02:33 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-12 02:23 . 2013-12-11 11:36 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-11 11:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-10-30 02:32 . 2013-12-11 11:37 335360 ----a-w- c:\windows\system32\msieftp.dll
2013-10-30 02:19 . 2013-12-11 11:37 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-10-30 01:24 . 2013-12-11 11:36 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-10-28 23:04 . 2013-04-24 12:33 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-10-19 02:18 . 2013-12-11 11:36 81408 ----a-w- c:\windows\system32\imagehlp.dll
2013-10-19 01:36 . 2013-12-11 11:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-10-15 10:41 . 2013-10-22 20:55 251664 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-10-15 10:38 . 2013-10-22 20:54 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-10-15 10:38 . 2013-10-15 10:38 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
.
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Protocole Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 driverhardwarev2x64;driverhardwarev2x64;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys;c:\program files\ma-config.com\Drivers\driverhardwarev2x64.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 WatAdminSvc;Service Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MaConfigAgent;Ma-Config Agent;c:\program files\ma-config.com\MaConfigAgent.exe;c:\program files\ma-config.com\MaConfigAgent.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys;c:\windows\SYSNATIVE\DRIVERS\SGdrv64.sys [x]
S3 AMPPAL;Carte réseau virtuelle Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Son Intel® pour écrans;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 00:12 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2014-01-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 20:07]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 11:38]
.
2014-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-10 11:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Examen supplémentaire -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{EF79F67A-6AD7-4715-A0F8-932FCA442023} - (no file)
.
.
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Heure de fin: 2014-01-11  12:08:05
ComboFix-quarantined-files.txt  2014-01-11 11:08
.
Avant-CF: 177 105 801 216 octets libres
Après-CF: 175 854 370 816 octets libres
.
- - End Of File - - 8259CAF6E6F08ABCB063E973C34DB210
2E5DEBB2116B3417023E0D6562D7ED07

Edited by hamluis, 11 January 2014 - 09:12 AM.
Moved from Win 7 to Malware Removal Logs - Hamluis.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 11 January 2014 - 06:57 AM

Hello,

 

Please download the following file and save it to your desktop:

 

Attached File  crash.reg   367bytes   1 downloads

Now double click on it. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

Try to reproduce the problem and when done please zip the dmp file from the following folder C:\CrashDumps and upload it here => http://www.filedropper.com/

 

Post the link in your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#3 HazFener

HazFener
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 January 2014 - 07:03 AM

I won't download this file.



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 11 January 2014 - 07:06 AM

Can I ask why?

 

 

Regards,

Georgi


cXfZ4wS.png


#5 HazFener

HazFener
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 11 January 2014 - 07:07 AM

I don't know what contains this file.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 11 January 2014 - 07:16 AM

The file is harmless and as you can see (I am a member of Malware response team here) so you can trust me (it's your call).

This is a registry script that will allow a large dmp of explorer exe to be created in the following folder C:\CrashDumps.

Then we can examine the dump file using WindBg to see what is the reason explorer.exe to restart.

Also you can try to disable the shell extensions with SlellExView or Autoruns(one by one) to see if that will help you to find the culprit.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 13 January 2014 - 03:05 PM

Hi,

 

 

Do you still need help? If you don't trust me that means that you don't trust BleepingComputer and I (we) are with hands tied and can't help you further resolving the issue.

Let me know what is your decision. Thank you! :)

 

 

 

Regards,

Georgi


cXfZ4wS.png


#8 HazFener

HazFener
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 January 2014 - 05:19 AM

I resolved my problem.  :lol:



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 14 January 2014 - 06:11 AM

Thanks for the feedback!


cXfZ4wS.png


#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 14 January 2014 - 06:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

cXfZ4wS.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users