Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

RUNDLL - nie można odnaleźć określonego modułu

mat1k 01 Lis 2017 18:25 210 5
  • Pomocny post
    #4 01 Lis 2017 18:54
    krzychupar
    Poziom 40  

    Odinstaluj:
    YTD Video Downloader 5.7.1 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.7.1 - GreenTree Applications SRL) <==== UWAGA
    McAfee Security Scan Plus

    Otwórz notatnik systemowy i wklej:
    Task: {CCD837A1-8FF7-490F-87BC-39A3D189217B} - System32\Tasks\gqYdfkgQOi => C:\gqYdfkgQOigqYdfkgQOi\gqYdfkgQOi.vbs [2017-04-05] () <==== UWAGA
    Task: {D0ACED54-0524-4417-99E0-7B53C37DB02C} - System32\Tasks\Opera scheduled Autoupdate 1465033385 => C:\Users\Tomek i Kasia\AppData\Local\Programs\Opera\launcher.exe [2017-10-24] (Opera Software)
    ShortcutWithArgument: C:\Users\Mateoo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466863345&a=1003081&src=sh&uuid=449cb9b8-c296-42aa-bdad-a1dfcfd35986"
    ShortcutWithArgument: C:\Users\Mateoo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466863345&a=1003081&src=sh&uuid=449cb9b8-c296-42aa-bdad-a1dfcfd35986"
    ShortcutWithArgument: C:\Users\Mateoo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mail.Ru.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> url,FileProtocolHandler "hxxp://www.mail.ru/cnt/20775012?gp=811035"
    ShortcutWithArgument: C:\Users\Mateoo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safebrowsing.biz/?ssid=1466863345&a=1003081&src=sh&uuid=449cb9b8-c296-42aa-bdad-a1dfcfd35986"
    HKLM\...\Run: [CucusoftNetGuard] => [X]
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\Run: [WinStart] => C:\Users\Mateoo\AppData\Local\Microsoft Windows\taskhost.exe <==== UWAGA
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\MountPoints2: {669f1d25-0113-11e7-8363-d8cb8a9695b3} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\MountPoints2: {95b801c9-bf02-11e7-8441-d8cb8a9695b3} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\MountPoints2: {a3db8375-a25d-11e6-830a-d8cb8a9695b3} - "F:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\MountPoints2: {bb26bb2a-ef80-11e6-8352-d8cb8a9695b3} - "G:\HiSuiteDownLoader.exe"
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\...\MountPoints2: {e12ffdf9-3f72-11e7-83a9-d8cb8a9695b3} - "G:\HiSuiteDownLoader.exe"
    Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter "C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2017-09-22]




    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.599\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia <==== UWAGA
    GroupPolicy\User: Ograniczenia <==== UWAGA
    AutoConfigURL: [S-1-5-21-2252507789-182079010-4220164900-1001] => hxxp://unstops.info/wpad.dat?8eb76950c1efc7e52911054cf40bc22112146421
    Hosts: 0.0.0.1 mssplus.mcafee.com
    ManualProxies: 0hxxp://unstops.info/wpad.dat?8eb76950c1efc7e52911054cf40bc22112146421
    HKU\S-1-5-21-2252507789-182079010-4220164900-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/cnt/10445?gp=811040
    SearchScopes: HKU\S-1-5-21-2252507789-182079010-4220164900-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7A2F989A-EFC1-4562-8AC2-654BFABF078B%7D&gp=811041
    SearchScopes: HKU\S-1-5-21-2252507789-182079010-4220164900-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B7A2F989A-EFC1-4562-8AC2-654BFABF078B%7D&gp=811041
    CHR HomePage: Default -> mail.ru/cnt/11956636?rciguc__PARAM__
    CHR HKLM-x32\...\Chrome\Extension: [ccfifbojenkenpkmnbnndeadpfdiffof] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [ojlcebdkbpjdpiligkdbbkdkfjmchbfd] - hxxps://clients2.google.com/service/update2/crx
    R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [1001920 2017-06-26] (McAfee, Inc.)
    R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [16928 2017-06-26] (McAfee, Inc.)
    S3 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [87760 2017-06-26] (McAfee, Inc.)
    S2 InstallerService; C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe [X]
    S3 MSICDSetup; \??\F:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\F:\NTIOLib_X64.sys [X]
    2017-11-01 18:24 - 2017-11-01 18:24 - 000173478 _____ C:\Users\Mateoo\Downloads\Extras.Txt
    2017-11-01 18:24 - 2017-11-01 18:24 - 000173478 _____ C:\Users\Mateoo\Desktop\Extras.Txt
    2017-11-01 18:24 - 2017-11-01 18:24 - 000133214 _____ C:\Users\Mateoo\Desktop\OTL.Txt
    2017-11-01 18:23 - 2017-11-01 18:23 - 000133214 _____ C:\Users\Mateoo\Downloads\OTL.Txt
    2017-11-01 17:57 - 2017-11-01 17:58 - 000602112 _____ (OldTimer Tools) C:\Users\Mateoo\Downloads\OTL_www.INSTALKI.pl.exe
    2017-11-01 15:11 - 2016-07-27 20:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
    2017-09-03 20:21 - 2017-09-03 20:21 - 000000057 _____ () C:\ProgramData\Ament.ini
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie masz FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    Po wykonaniu zamieść nowe logi zFRST

    0
  • #5 01 Lis 2017 19:09
    mat1k
    Poziom 3  

    Dziękuje, wszystko działa.

    0
  • #6 01 Lis 2017 20:42
    krzychupar
    Poziom 40  

    Usuń C:\FRST i zamknij temat.

    0