Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Problem - sysmenu.dll win7

xDefQonOnex 18 Sty 2015 11:12 1122 10
  • #1 18 Sty 2015 11:12
    xDefQonOnex
    Poziom 4  

    Witam mam znany wszystkim problem odnośnie wyskakującego okienka run.dll wyskakują mi 3 okienka jednocześnie przy starcie systemu potem już tylko po jednym co jakiś czas,odnośnie problem z tym wyskakującym oknem/okienkami zaczął się gdy anty wirus AVG wykrył wirusa w pliku sysmenu.dll od tamtej pory mam problem.

    Odnośnie daje logi z tego FRST

    0 10
  • CControls
  • Pomocny post
    #2 18 Sty 2015 11:43
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {0AD52243-1BFF-45FF-9C54-ED5305DCE427} - System32\Tasks\DSite => C:\Users\lenovo\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {211862B3-35D1-46F2-BCB0-0B010E3D6950} - System32\Tasks\1214avUpdateInfo => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe [2014-10-26] ()
    Task: {248D4681-9C33-4F76-AE97-24217015A330} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {3C616E9A-D9A0-458C-9A13-DB79E910565E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1846424258-773668272-2142520942-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-27] (Facebook Inc.)
    Task: {6D5647C3-0FF2-4C39-97F9-A00F564D5A39} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
    Task: {6E782758-14F4-4129-9687-44DFEDB61093} - \Funmoods No Task File <==== ATTENTION
    Task: {70257410-164E-4A0D-A60F-CFED641D0396} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
    Task: {98064050-0791-47BD-AC0E-AFAB8643F754} - \SaveSense No Task File <==== ATTENTION
    Task: {B440D1A2-4EDF-4479-A1A4-17AD998BDABA} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
    Task: {BD3BAC9C-1B72-4011-8FF9-578F31DF6778} - \EPUpdater No Task File <==== ATTENTION
    Task: {C377D141-7562-4750-8235-BA3C74952730} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    Task: {C53B7DFA-1888-4F81-92B8-CD92C97C8F71} - System32\Tasks\QtraxPlayer => 3495296518.portal.qtrax.com
    Task: {EF913E9C-4565-4E5A-AAFC-8ACAC2287345} - \DealPly No Task File <==== ATTENTION
    Task: C:\Windows\Tasks\1214avUpdateInfo.job => C:\ProgramData\Avg_Update_1214av\1214av_AVG-Secure-Search-Update.exe
    Task: C:\Windows\Tasks\Dealply.job => C:\Users\lenovo\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\DSite.job => C:\Users\lenovo\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1846424258-773668272-2142520942-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1846424258-773668272-2142520942-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\SaveSense.job => C:\Users\lenovo\AppData\Roaming\SAVESE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Tutorials] => [X]
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)




    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
    HKU\S-1-5-21-1846424258-773668272-2142520942-1000\...\Run: [Facebook Update] => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-27] (Facebook Inc.)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzuyCyCyC0DyDyByEtCyCtC0FtAtCyCtDtAtN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=589489584
    SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzuyCyCyC0DyDyByEtCyCtC0FtAtCyCtDtAtN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=589489584
    SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzuyCyCyC0DyDyByEtCyCtC0FtAtCyCtDtAtN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=589489584
    SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=iron2&ir=iron2&cd=2XzuyEtN2Y1L1QzuyCyCyC0DyDyByEtCyCtC0FtAtCyCtDtAtN0D0Tzu0CtAyEyCtN1L2XzutBtFtBtFtCtFyEtDyB&cr=589489584
    SearchScopes: HKU\S-1-5-21-1846424258-773668272-2142520942-1000 -> {489C107F-D724-D510-0070-45DB5E053BF0} URL = https://isearch.avg.com/search?cid={EFD1F829-ED32-442C-94DC-CDDD27A33FCD}&mid=bce7c7e04aef4417ab3b33b9df67030c-b2cbe9ca74fd78b9e027b52ece398fb1f20bd9dc&lang=pl&ds=AVG&pr=fr&d=2012-10-05 16:46:11&v=12.2.5.34&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1846424258-773668272-2142520942-1000 -> {C224A13F-83C9-420B-B08A-45C73265C358} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^PL&apn_uid=3E727A97-313D-4ED5-86D8-F5856EA95AD6&apn_sauid=9247A919-9453-4A1C-9EF6-9174939B25C8
    CHR Extension: (prriceChoP) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\njiiijbdlljpnanpgoiakjeooglgcppn [2014-08-16]
    CHR HKLM-x32\...\Chrome\Extension: [gjokjdicpfckeiihaniimbbmhadclefc] - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\novo_price_comparison.crx [Not Found]
    U3 BcmSqlStartupSvc; No ImagePath
    U2 CLKMSVC10_3A60B698; No ImagePath
    U2 CLKMSVC10_C3B3B687; No ImagePath
    U2 DriverService; No ImagePath
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    U2 iATAgentService; No ImagePath
    U2 idealife Update Service; No ImagePath
    U3 IGRS; No ImagePath
    U2 IviRegMgr; No ImagePath
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    U2 nvUpdatusService; No ImagePath
    U2 Oasis2Service; No ImagePath
    U2 PCCarerService; No ImagePath
    U2 ReadyComm.DirectRouter; No ImagePath
    U2 RichVideo; No ImagePath
    U2 RtLedService; No ImagePath
    S2 sbmntr; \??\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
    U2 SeaPort; No ImagePath
    U2 SoftwareService; No ImagePath
    U3 SQLWriter; No ImagePath
    S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
    U4 WMCoreService; No ImagePath
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom FRST i kliknij w Fix.Pobierz i uruchom AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Szukaj i później Usuń.

    1
  • #3 18 Sty 2015 12:54
    xDefQonOnex
    Poziom 4  

    Więc po wykonaniu czynności, które wymieniłeś prawdopodobnie problem znikł całkowicie. Okienka już się nie pojawiają, dziękuje ci bardzo.

    0
  • CControls
  • #4 18 Sty 2015 13:01
    Acorus 20
    Spec od komputerów

    Skasuj folder C:\FRST

    0
  • #5 18 Sty 2015 13:01
    xDefQonOnex
    Poziom 4  

    Zrobione skasowane, a mógłbym się dowiedzieć co było winą że AVG usunął ten plik sysmenu.dll i nagle te okienka się wyświetliły?

    0
  • #6 18 Sty 2015 13:11
    Kolobos
    Spec od komputerów

    Ten plik to czesc infekcji, jak widac antywirusy sa zbyt prymitywne zeby usunac zadanie, ktore uruchamialo ten plik.

    0
  • Pomocny post
    #8 04 Sie 2015 12:08
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    globalupdate Helper (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
    Task: {08E5BE7D-6BFD-468D-BACC-A2EE453F84AE} - \YTDownloaderUpd No Task File <==== ATTENTION
    Task: {0AA04562-4C9D-46A2-8078-66DBD348F8E6} - \YTDownloader No Task File <==== ATTENTION
    Task: {2DAB9616-B56C-42AA-BFCE-2B4D2470B1D1} - \SMupdate1 No Task File <==== ATTENTION
    Task: {37150286-3176-4FC4-B0F0-1B1D0AC9FE08} - \ShopperPro No Task File <==== ATTENTION
    Task: {5F007F49-C714-4A7B-B290-E3554910578D} - \SPDriver No Task File <==== ATTENTION
    Task: {72522B6C-3ED9-4C11-8EF8-4C976780D7B5} - \Inst_Rep No Task File <==== ATTENTION
    Task: {84A0B9B1-2C93-4D89-A835-B0A324B81E86} - \B20CCC97-111F-4DEC-8570-E2A4072C111 No Task File <==== ATTENTION
    Task: {8698FBCB-0D3B-4616-BBCE-F4350AA8B911} - \ShopperProJSUpd No Task File <==== ATTENTION
    Task: {922DAD5C-2B3D-41AA-BEE0-DA814B030C2A} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
    Task: {A749E135-8E87-4B13-A611-50587E1C172C} - System32\Tasks\SPBIW_UpdateTask_Time_333736383030333233352d3437415a556c2a3223346c41 => Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 <==== ATTENTION
    Task: {D4274B0A-D099-433A-BFAA-7C4831211FA8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.omniboxes.com/?type=hppp&ts=14...id=WDCXWD5000AAKS-00A7B2_WD-WCASY933124131241
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hppp&ts=14...id=WDCXWD5000AAKS-00A7B2_WD-WCASY933124131241
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=ds&ts=...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    HKU\S-1-5-21-2059208856-3909376436-98528511-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=dspp&t...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    HKU\S-1-5-21-2059208856-3909376436-98528511-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.omniboxes.com/?type=hppp&ts=14...id=WDCXWD5000AAKS-00A7B2_WD-WCASY933124131241
    HKU\S-1-5-21-2059208856-3909376436-98528511-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.omniboxes.com/web/?type=dspp&t...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&ts=...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=ds&ts=...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2059208856-3909376436-98528511-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.omniboxes.com/web/?utm_source=b&am...241&ts=1438518803&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2059208856-3909376436-98528511-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.omniboxes.com/web/?type=dspp&t...WD5000AAKS-00A7B2_WD-WCASY933124131241&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2059208856-3909376436-98528511-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.omniboxes.com/web/?utm_source=b&am...241&ts=1438518803&type=default&q={searchTerms}
    FF SelectedSearchEngine: omniboxes
    FF Extension: Object Browser - C:\Users\Jaca\AppData\Roaming\Mozilla\Firefox\Profiles\nycsv7xj.default\Extensions\9321b276-2c2e-4c5f-bd04-b8118e512707@c0c8a2d6-3275-4cac-a0b2-52e936311db9.com [2015-08-02]
    FF Extension: Default SearchProtected - C:\Users\Jaca\AppData\Roaming\Mozilla\Firefox\Profiles\nycsv7xj.default\Extensions\defsearchp@gmail.com [2015-08-02]
    FF Extension: Shopper-Pro - C:\Users\Jaca\AppData\Roaming\Mozilla\Firefox\Profiles\nycsv7xj.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-08-02]
    2015-08-02 16:51 - 2015-08-03 12:23 - 00000000 ____D C:\Program Files\Enigma Software Group
    2015-08-02 16:50 - 2015-08-03 12:23 - 00000000 ____D C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
    2015-08-02 16:50 - 2015-08-02 16:50 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
    2015-08-02 16:48 - 2015-08-02 16:48 - 46519075 _____ C:\Users\Jaca\Downloads\SpyHunter 4.12.13.4202 + Patch.rar
    2015-08-02 14:33 - 2015-08-03 01:10 - 00000000 ____D C:\Program Files\MiuiTab
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.
    Odinstaluj globalupdate Helper. Pokaż nowy log z FRST.

    2
  • #10 04 Sie 2015 13:07
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    2015-08-04 12:42 - 2015-08-04 12:49 - 00000000 ____D C:\AdwCleaner
    DeleteQuarantine:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix. Skasuj folder C:\FRST.

    1
  • #11 04 Sie 2015 13:13
    jc73
    Poziom 2  

    To chyba na tyle....Dzięki wielkie!

    0