Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

RunDll-Wystąpił problem podczas uruchamiania pliku

wolek_klb 16 Lip 2016 17:45 669 1
  • CControls
  • #2 16 Lip 2016 18:15
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {B454D742-1646-427C-A555-C028ED433EC7} - System32\Tasks\Microsoft\Windows\SystemRestore\FreeVPN => C:\Users\p.wollo\AppData\Roaming\FreeVPN\FreeVPN.exe <==== UWAGA
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    HKLM-x32\...\Run: [tim.exe -start] => c:\users\p.wollo\appdata\roaming\tim.exe -start
    HKLM-x32\...\Run: [apphide] => C:\Program Files (x86)\badu\uc.exe
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\...\Run: [Installer] => C:\Users\p.wollo\AppData\Local\Temp\yeaplayer51495.exe <===== UWAGA
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\...\Run: [msiql] => C:\ProgramData\msiql.exe /RUNNING
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\...\Run: [taskhost] => rundll32.exe C:\ProgramData\WindowsMsg\675D131108D4FD145B0BFBC68A3E018A.dll Start /AUTORUN
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\...\RunOnce: [Uninstall C:\Users\p.wollo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\p.wollo\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\...\MountPoints2: {2bc0c143-e793-11e5-95df-9cad9738dec2} - "H:\HiSuiteDownLoader.exe"
    AppInit_DLLs: C:\ProgramData\Viatax\Ranla.dll => Brak pliku
    AppInit_DLLs-x32: C:\ProgramData\Viatax\FreshJob.dll => Brak pliku
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456 hao pg
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%...mNGlsVuQ2QQxr5Po819sA,,&q={searchTerms}
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={7AFD5CC8-CB74-4407-9CB1-AD627AABE842}&mid=de66fd65775447ccb59f5041d924afd9-de204faac29a66acf6310e5a6efd02456eb3db11&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-07-03 21:13:59&v=4.3.1.831&pid=wtu&sg=&sap=hp
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%...mNGlsVuQ2QQxr5Po819sA,,&q={searchTerms}
    HKU\S-1-5-21-490457171-274830800-1219709722-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%...mNGlsVuQ2QQxr5Po819sA,,&q={searchTerms}




    SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
    SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%...mNGlsVuQ2QQxr5Po819sA,,&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-490457171-274830800-1219709722-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7AFD5CC8-CB74-4407-9CB1-AD627AABE842}&mid=de66fd65775447ccb59f5041d924afd9-de204faac29a66acf6310e5a6efd02456eb3db11&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-07-03 21:13:59&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-490457171-274830800-1219709722-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={7AFD5CC8-CB74-4407-9CB1-AD627AABE842}&mid=de66fd65775447ccb59f5041d924afd9-de204faac29a66acf6310e5a6efd02456eb3db11&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516pii&pr=fr&d=2016-07-03 21:13:59&v=4.3.1.831&pid=wtu&sg=&sap=dsp&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-490457171-274830800-1219709722-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%...mNGlsVuQ2QQxr5Po819sA,,&q={searchTerms}
    BHO-x32: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF NewTab: hxxp://www.hohosearch.com/?ts=...E&ptid=icb&mode=ffseng
    FF DefaultSearchEngine: hohosearch
    FF DefaultSearchEngine.US: data:text/plain,browser.search.defaultenginename.US=hohosearch
    FF SelectedSearchEngine: hohosearch
    FF Keyword.URL: hxxp://www.hohosearch.com/chro...5&mode=ffexttoolbar&q=
    FF SearchPlugin: C:\Users\p.wollo\AppData\Roaming\Mozilla\Firefox\Profiles\61s7y8v4.default\searchplugins\avg-secure-search.xml [2016-07-03]
    FF Extension: AVG Web TuneUp - C:\Users\p.wollo\AppData\Roaming\Mozilla\Firefox\Profiles\61s7y8v4.default\Extensions\avg@toolbar.xpi [2016-07-03]
    FF Extension: Quick Searcher - C:\Users\p.wollo\AppData\Roaming\Mozilla\Firefox\Profiles\61s7y8v4.default\Extensions\{d720d64d-c71a-4316-b59e-8a41b860178f} [2016-04-27] [Brak podpisu cyfrowego]
    CHR Extension: (Quick Searcher) - C:\Users\p.wollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecnphlgnajanjnkcmbpancdjoidceilk [2016-04-27]
    CHR Extension: (Brak nazwy) - C:\Users\p.wollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-06]
    CHR Extension: (Brak nazwy) - C:\Users\p.wollo\AppData\Local\Google\Chrome\User Data\Default\Extensions\piaphheklodiededmbmgfcfbcagncgka [2016-04-27]
    R2 vToolbarUpdater40.3.1; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.1\ToolbarUpdater.exe [1323080 2016-07-03] (AVG Secure Search)
    S2 GoogleChromeUpService; Brak ImagePath
    S2 GoogleChromeUpSvc; Brak ImagePath
    S2 rijufoze; Brak ImagePath
    S2 rocufyky; Brak ImagePath
    S2 xucezenozbt; Brak ImagePath
    S2 zigipyro; Brak ImagePath
    S1 QMUdisk; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [X]
    S3 softaal; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [X]
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [X]
    2016-07-03 21:13 - 2016-07-03 21:13 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
    2016-03-07 19:20 - 2016-03-07 19:20 - 8037888 _____ () C:\Users\p.wollo\AppData\Roaming\agent.dat
    2016-03-07 19:20 - 2016-03-07 19:20 - 0065040 _____ () C:\Users\p.wollo\AppData\Roaming\Config.xml
    2016-04-27 16:22 - 2016-04-27 16:22 - 0005120 _____ () C:\Users\p.wollo\AppData\Roaming\GiftBag.db
    2016-03-07 19:20 - 2016-03-07 19:20 - 0011424 _____ () C:\Users\p.wollo\AppData\Roaming\InstallationConfiguration.xml
    2016-03-07 19:20 - 2016-03-07 19:20 - 0127488 _____ () C:\Users\p.wollo\AppData\Roaming\Installer.dat
    2016-03-07 19:20 - 2016-03-07 19:20 - 1901217 _____ () C:\Users\p.wollo\AppData\Roaming\Kinnix.tst
    2016-03-07 19:20 - 2016-03-07 19:20 - 0018432 _____ () C:\Users\p.wollo\AppData\Roaming\Main.dat
    2016-03-07 19:20 - 2016-03-07 19:20 - 0005568 _____ () C:\Users\p.wollo\AppData\Roaming\md.xml
    2016-03-07 19:20 - 2016-03-07 19:20 - 0126464 _____ () C:\Users\p.wollo\AppData\Roaming\noah.dat
    2016-03-07 19:21 - 2016-03-07 19:21 - 0032038 _____ () C:\Users\p.wollo\AppData\Roaming\uninstall_temp.ico
    2016-04-27 20:51 - 2016-04-27 20:51 - 0114632 _____ (深圳市迅雷网络技术有限公司) C:\Users\p.wollo\AppData\Roaming\xldl.dll
    C:\ProgramData\a.bat
    C:\ProgramData\adb.exe
    C:\ProgramData\AdbWinApi.dll
    C:\ProgramData\AdbWinUsbApi.dll
    C:\ProgramData\fastboot.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Zapisując Fixlist kodowanie ustaw na UTF-8
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0