Elektroda.pl
Elektroda.pl
X
Elektroda.pl
Advanced Search
Elektroda.pl
Please add exception to AdBlock for elektroda.pl.
If you watch the ads, you support portal and users.

Windows 7-pendrive - RUNDLL-wystapil blad podczas ładowania

kempa299 16 Jul 2015 14:07 1233 12
Computer Controls
Reply | New topic
  • #1
    kempa299
    Level 9  
    Mam pendrive i nie mogę go uruchomić poniewaz wyskakuje powyzej podany bład .Mam problem ponieważ podczas skanowania w adw cleaner używam funkcji usuń (jest do usuniecia jedno okienko o nazwie toolbars) podczas usuwania wyskakuje bluescreen i komputer włącza się na nowo...co zrobić?
  • Computer Controls
  • #2
    Acorus 20
    Level 43  
    Przeskanuj programem Malwarebytes Anti-Malware http://www.malwarebytes.org/8/
    Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.
    Użyj USBFix z funkcji Usuń(Clean). Pokaż z niego log. http://www.en.usbfix.net/download/usbfix/?wpdmdl=75
    Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
    Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition jako załączniki.
  • #3
    kempa299
    Level 9  
    Przepraszam że tak póżno odpowiadam, ale byłem w pracy za granicą. Podaję poniżej log z USBFix:

    Spoiler:
    ############################## | UsbFix V 8.106 | [Clean]

    User: User (Administrator) # USER-KOMPUTER
    Updated 13/09/2015 by El Desaparecido - SosVirus
    Started at 22:49:34 | 13/09/2015

    Website : http://www.en.usbfix.net/
    Tutorial : http://www.pt.usbfix.net/2014/03/tutorial-do-usbfix-scan/
    Support : http://www.sos-virus.net/
    Live detection : http://how-to-remove.us/
    Contact : http://www.en.usbfix.net/contact/

    ################## | System information |

    MB: Acer (Aspire 5742G)
    CPU: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
    RAM -> [Total : 3959 Mo | Free : 1108 Mo]
    Bios: Acer
    Boot: Normal boot

    OS: Microsoft™ Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
    WB: Internet Explorer : 8.00.7600.16385
    WB: Google Chrome : 45.0.2454.85

    ################## | Security Information |

    AS: Windows Defender [(!) Disabled |(!) Outdated]
    AS: Malwarebytes Anti-Malware : 2.1.8.1057
    FW: Windows Firewall [(!) Disabled]
    SC: Security Center [Enabled]
    WU: Windows Update [Enabled]

    ################## | Disk Information |

    C:\ (%SystemDrive%) -> Fixed disk # 215 Gb (136 Gb free - 63%) [] # NTFS
    D:\ -> Fixed disk # 251 Gb (228 Gb free - 91%) [] # NTFS

    ################## | Generic Research |

    Deleted! C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\h.lnk
    Not deleted ! ... Tentative au redémarrage... C:\ProgramData\msmqqgzn.exe
    Not deleted ! ... Tentative au redémarrage... C:\Users\All Users\msmqqgzn.exe
    Deleted! C:\Users\User\AppData\Roaming\obnycxqlcb.exe
    Repaired ! HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows|load ("")

    (!) Temporary files deleted. (17.9189672470093 MB)

    ################## | Startup |

    F2 - HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
    F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
    F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
    04 - HKCU\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    04 - HKCU\..\Run : [Dropbox Update] "C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
    04 - HKLM\..\Run : [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    04 - HKLM\..\Run : [vProt] "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
    04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    04 - [x64] HKLM\..\Run : [MouseDriver] TiltWheelMouse.exe
    04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
    04 - HKU\S-1-5-21-2698116502-2571964688-1901533079-1000\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    04 - HKU\S-1-5-21-2698116502-2571964688-1901533079-1000\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
    04 - HKU\S-1-5-21-2698116502-2571964688-1901533079-1000\..\Run : [Dropbox Update] "C:\Users\User\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
    04 - HKU\S-1-5-18\..\Run : [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
    04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
    04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
    04GS - Dropbox.lnk : C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe
    04GS - CLS 2015.10.lnk : C:\Program Files (x86)\Common Files\Planit\2015.10\CLS\cls.exe
    04GS - CodeMeter Control Center.lnk : C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
    04GS - HP Digital Imaging Monitor.lnk : C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    04GS - Live Job Reports 2015 R1.lnk : C:\Program Files (x86)\Planit\Live Job Reports 2015 R1\JobReports.Manager.exe
    04GS - SolidWorks 2014 Fast Start.lnk : C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe
    04GS - SolidWorks Pobieracz w tle.lnk : C:\Program Files (x86)\Common Files\Menedżer instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe

    ################## | UsbFix - Information |

    Info : How to remove shortcut virus on flash disk (Video)
    Info : Shortcut virus on flash disk, What is it ?
    Live detection : http://how-to-remove.us/

    ################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

    [13/09/2015 - 22:11:06 | ASH | 3040284 Ko] - C:\hiberfil.sys
    [13/09/2015 - 22:11:11 | ASH | 4053716 Ko] - C:\pagefile.sys
    [28/08/2015 - 01:11:02 | D] - C:\Config.Msi
    [09/04/2015 - 12:16:18 | SHD] - C:\$Recycle.Bin
    [14/07/2009 - 05:20:08 | D] - C:\PerfLogs
    [14/07/2009 - 07:08:56 | SHD] - C:\Documents and Settings
    [09/04/2015 - 12:16:04 | SHD] - C:\Recovery
    [09/04/2015 - 12:16:10 | RD] - C:\Users
    [09/04/2015 - 12:53:56 | D] - C:\Intel
    [12/05/2015 - 17:16:00 | D] - C:\Siemens
    [13/05/2015 - 20:40:48 | D] - C:\AX NF ZZ
    [01/06/2015 - 15:45:04 | D] - C:\SolidWorks Data
    [16/07/2015 - 13:47:34 | D] - C:\_OTL
    [16/07/2015 - 13:56:50 | D] - C:\AdwCleaner
    [28/08/2015 - 01:06:59 | RD] - C:\Program Files (x86)
    [13/09/2015 - 13:29:22 | HD] - C:\ProgramData
    [13/09/2015 - 22:39:33 | RD] - C:\Program Files
    [13/09/2015 - 22:45:21 | D] - C:\Windows
    [13/09/2015 - 22:45:22 | D] - C:\FRST
    [13/09/2015 - 22:55:16 | D] - C:\UsbFix

    ################## | D:\ - Fixed drive (NTFS) |

    [09/04/2015 - 13:14:46 | D] - D:\msdownld.tmp
    [29/06/2015 - 23:45:16 | D] - D:\Battle.net
    [09/04/2015 - 12:16:18 | SHD] - D:\$RECYCLE.BIN
    [09/04/2015 - 23:01:25 | D] - D:\AutoCAD_2014_Polish_Win_64bit_dlm
    [09/04/2015 - 23:31:46 | D] - D:\AutoCAD
    [19/04/2015 - 21:11:03 | D] - D:\Hertstone
    [01/06/2015 - 15:50:08 | D] - D:\SOLID
    [24/06/2015 - 16:37:37 | D] - D:\Edgecam 2015 R1
    [24/06/2015 - 17:21:16 | D] - D:\Haidenhein
    [23/07/2015 - 00:20:45 | D] - D:\LOL

    ################## | Vaccin |

    C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
    D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

    Analysed in 347.4 seconds

    ################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |
    Attachments:
  • Computer Controls
  • #4
    Kolobos
    IT specialist
    USBFix powinienes uruchomic po podlaczeniu pendrive'a, a z tego co widac nie byl podlaczony.

    Daj screen z menadzera urzadzen, wczesniej wlacz w nim pokazywanie urzadzen ukrytych.

    Odinstaluj: AVG Web TuneUp

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {77C9FB47-B817-499A-8E84-CAD319D373DF} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{54c12f42-f9bb-631f-54c1-12f42f9bbd0b}\SolidWorks 2014 SP0.0 x64.exe <==== UWAGA
    Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{54c12f42-f9bb-631f-54c1-12f42f9bbd0b}\SolidWorks 2014 SP0.0 x64.exe <==== UWAGA
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\RunOnce: [] => [X]
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1428939159&from=cor&uid=HGSTXHTS725050A7E630_RC250ACB1LS7YJ1LS7YJX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://do-search.com/web/?type=ds&ts=1428939159&from=cor&uid=HGSTXHTS725050A7E630_RC250ACB1LS7YJ1LS7YJX&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1428939159&from=cor&uid=HGSTXHTS725050A7E630_RC250ACB1LS7YJ1LS7YJX&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1428939159&from=cor&uid=HGSTXHTS725050A7E630_RC250ACB1LS7YJ1LS7YJX&q={searchTerms}
    HKU\S-1-5-21-2698116502-2571964688-1901533079-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={607CED9B-38CE-4698-AE2A-142373A4F3E4}&mid=a4841526d0bb47cd95e09d4628ff9f65-53db070b53406f02b1953f2cca532fdf739ce4d6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2015-04-12 22:18:46&v=4.1.6.294&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-2698116502-2571964688-1901533079-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
    SearchScopes: HKU\S-1-5-21-2698116502-2571964688-1901533079-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={607CED9B-38CE-4698-AE2A-142373A4F3E4}&mid=a4841526d0bb47cd95e09d4628ff9f65-53db070b53406f02b1953f2cca532fdf739ce4d6&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0915tb&pr=fr&d=2015-04-12 22:18:46&v=4.1.6.294&pid=wtu&sg=&sap=dsp&q={searchTerms}
    CHR StartupUrls: Default -> "hxxp://do-search.com/?type=hp&ts=1428939159&from=cor&uid=HGSTXHTS725050A7E630_RC250ACB1LS7YJ1LS7YJX"
    CHR Extension: (SalEPPllus) - C:\ProgramData\fjadhchhcccnakfkhfgaofbhnpcdhhbb\ []
    R2 VSSS; C:\Users\User\AppData\Roaming\Microsoft\SystemCertificates\VSSVC.exe [102694464 2015-06-26] (Microsoft Corporation) [Brak podpisu cyfrowego] <==== UWAGA
    R2 vToolbarUpdater40.1.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.6\ToolbarUpdater.exe [1874320 2015-08-24] (AVG Secure Search)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-09-09] ()
    S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
    S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
    R4 KProcessHacker2; \??\C:\Program Files\kprocesshacker.sys [X]
    2015-09-13 22:39 - 2015-09-13 22:39 - 01415680 _____ (wj32) C:\Program Files\468ACEUS.exe
    2015-09-13 01:19 - 2015-04-21 01:19 - 00000362 _____ C:\Windows\Tasks\Bidaily Synchronize Task.job
    2015-09-09 11:56 - 2015-04-12 22:18 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
    2015-07-16 10:36 - 2015-07-16 10:36 - 1415680 _____ (wj32) C:\Program Files\0BFVHIHX.exe
    2015-09-13 22:39 - 2015-09-13 22:39 - 1415680 _____ (wj32) C:\Program Files\468ACEUS.exe
    2015-07-11 07:57 - 2015-07-11 07:57 - 1415680 _____ (wj32) C:\Program Files\68ACRTOM.exe
    2015-07-16 14:52 - 2015-07-16 14:52 - 1415680 _____ (wj32) C:\Program Files\79BDFHGI.exe
    2015-07-06 09:53 - 2015-07-06 09:53 - 1415680 _____ (wj32) C:\Program Files\79BDRV9G.exe
    2015-07-06 09:53 - 2015-07-06 09:53 - 1415680 _____ (wj32) C:\Program Files\9BDFHJRP.exe
    2015-06-29 13:20 - 2015-06-29 13:20 - 1415680 _____ (wj32) C:\Program Files\BDFHJYE1.exe
    2015-07-12 10:44 - 2015-07-12 10:44 - 1415680 _____ (wj32) C:\Program Files\FHJLN2XV.exe
    2015-06-30 15:13 - 2015-06-30 15:13 - 1415680 _____ (wj32) C:\Program Files\HJY024Z1.exe
    2015-06-29 10:23 - 2015-06-29 10:23 - 1415680 _____ (wj32) C:\Program Files\NPR68AKX.exe
    2015-07-10 00:26 - 2015-07-10 00:26 - 1415680 _____ (wj32) C:\Program Files\NPRTVXKX.exe
    2015-07-10 00:26 - 2015-07-10 00:26 - 1415680 _____ (wj32) C:\Program Files\PRTVXZGX.exe
    2015-07-16 14:51 - 2015-07-16 14:51 - 1415680 _____ (wj32) C:\Program Files\SL84XTYK.exe
    2015-07-13 11:13 - 2015-07-13 11:13 - 1415680 _____ (wj32) C:\Program Files\T48YI5PK.exe
    2015-07-02 14:28 - 2015-07-02 14:28 - 1415680 _____ (wj32) C:\Program Files\TVXZ13HF.exe
    2015-07-13 11:13 - 2015-07-13 11:13 - 1415680 _____ (wj32) C:\Program Files\TVXZEGWU.exe
    2015-07-11 07:57 - 2015-07-11 07:57 - 1415680 _____ (wj32) C:\Program Files\UWY0FHFA.exe
    2010-11-21 05:24 - 2010-11-21 05:24 - 104075264 ____N () C:\ProgramData\msmqqgzn.exe
    EmptyTemp:

    W FRST wybierz Fix/Napraw.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu daj nowe logi z FRST, ze skanowania oraz log z USBFix wykonany z podlaczonym pendrive'em.
  • #5
    kempa299
    Level 9  
    Gdzie znajduje się frst.exe?
  • #6
    Domino_2
    Helpful for users
    Masz go w C:\Users\User\Desktop\Downloads
  • #7
    kempa299
    Level 9  
    Oto screeny z Menadżera Urządzeń:

    Windows 7-pendrive - RUNDLL-wystapil blad podczas ładowania Windows 7-pendrive - RUNDLL-wystapil blad podczas ładowania

    Po włączeniu napraw w FRST pojawia się bluescreen. Jest tak za każdym razem:

    Windows 7-pendrive - RUNDLL-wystapil blad podczas ładowania
  • #8
    Domino_2
    Helpful for users
    A FRST odpalasz jako administrator?
  • #9
    kempa299
    Level 9  
    Tak jako administrator
  • #12
    Kolobos
    IT specialist
    W menadzerze urzadzen usun te wszystkie "nieznane urzadzenia".
  • #13
    kempa299
    Level 9  
    Nie mogę tego usunąc :/ gdy usuwam tak jak by wciąż powstaja nowe urządzenia
Reply | New topic