Błąd SysMenu.dll

krychukrych · 11 Maj 2015 23:43

Witam

mam problem kilka minut po uruchomieniu komputera wyskakują mi 3 okienka z błędem SysMenu.dlll

Prosiłbym o pomoc z góry dziękuję

spandaupol · 11 Maj 2015 23:49

Farbar Recovery Scan Tool - Raport obowiązkowy Instrukcja http://forum.dobreprogramy.pl/farbar-recovery-scan-tool-raport-obowiązkowy-t478727/

krychukrych · 11 Maj 2015 23:52

Dodaje w załączniku

Addition.txt

FRST.txt

spandaupol · 12 Maj 2015 01:00

Wklej do notatnika:

CloseProcesses:
Task: {1C72377B-AE29-4296-851E-8FFE8E048EC8} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Krychu\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION
Task: {30DA5300-E5D6-4D71-A85B-2CC3CDF253C3} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {36A6D3BF-5FE0-4A46-8920-B02563351075} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {387A6726-8CAF-41A6-9917-E6A092D7C14E} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION
Task: {62D0AEE6-BE1E-42FB-BD0A-0A8038E58BD8} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {6B0690FF-3D64-4BDF-8828-D327B1CE2B8A} - System32\Tasks\8P1GmLlNrKPv6M => C:\Users\Krychu\AppData\Roaming\8P1GmLlNrKPv6M.exe <==== ATTENTION
Task: {6C0A7596-DD3E-43E1-80D1-C4B4C35921F5} - System32\Tasks\52teP044XUmDX0MEud8 => C:\Users\Krychu\AppData\Roaming\52teP044XUmDX0MEud8.exe <==== ATTENTION
Task: {7D6A8C1A-FBC5-451D-8C2F-CAE06FE1EE4F} - System32\Tasks\uMmSwFs95 => C:\Users\Krychu\AppData\Roaming\uMmSwFs95.exe <==== ATTENTION
Task: {8578B5C5-82D5-4625-97A5-BB928A32771F} - System32\Tasks\{7F3DCFAF-0687-4310-87F5-8F11EAFFFF96} => pcalua.exe -a C:\Users\Krychu\Downloads\jxpiinstall.exe -d C:\Users\Krychu\Downloads
Task: {8C0FE8A6-0461-454A-8329-BB89BEB0511B} - System32\Tasks\{CD7AB16A-DDDD-4AB1-A460-BCE326D1D44B} => pcalua.exe -a C:\Users\Krychu\AppData\Roaming\oursurfing\UninstallManager.exe -c  -ptid=cmi
Task: {AB87506E-4AC5-4465-8BC5-4AD7AEC1B392} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {B3115155-980A-4262-9846-31B47EA7DFE0} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {D3B9BE0F-7357-4813-B9BA-25596C8031F4} - System32\Tasks\hwHX0ua0r => C:\Users\Krychu\AppData\Roaming\hwHX0ua0r.exe <==== ATTENTION
Task: {D694ECC7-2449-43CB-9E23-646873CCE399} - System32\Tasks\Bidaily Synchronize Task => C:\ProgramData\{50254e48-025b-353d-5025-54e480253920}\Download.exe <==== ATTENTION
Task: C:\Windows\Tasks\52teP044XUmDX0MEud8.job => C:\Users\Krychu\AppData\Roaming\52teP044XUmDX0MEud8.exe <==== ATTENTION
Task: C:\Windows\Tasks\8P1GmLlNrKPv6M.job => C:\Users\Krychu\AppData\Roaming\8P1GmLlNrKPv6M.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task.job => C:\ProgramData\{50254e48-025b-353d-5025-54e480253920}\Download.exe <==== ATTENTION
Task: C:\Windows\Tasks\hwHX0ua0r.job => C:\Users\Krychu\AppData\Roaming\hwHX0ua0r.exe <==== ATTENTION
Task: C:\Windows\Tasks\uMmSwFs95.job => C:\Users\Krychu\AppData\Roaming\uMmSwFs95.exe <==== ATTENTION
C:\Users\Krychu\AppData\Roaming\*.exe
HKLM-x32\...\Run: [mbot_pl_194] => [X]
HKLM-x32\...\Run: [SmartWeb] => C:\Users\Krychu\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.oursurfing.com/web/?type=ds&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.oursurfing.com/web/?type=ds&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
HKU\S-1-5-21-4126495578-2000874245-1102637110-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dspp&ts=1425890754&from=cor&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
HKU\S-1-5-21-4126495578-2000874245-1102637110-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKU\S-1-5-21-4126495578-2000874245-1102637110-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
HKU\S-1-5-21-4126495578-2000874245-1102637110-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dspp&ts=1425890754&from=cor&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4126495578-2000874245-1102637110-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&ts=1430415358&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4126495578-2000874245-1102637110-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&ts=1430415358&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4126495578-2000874245-1102637110-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&ts=1430415358&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4126495578-2000874245-1102637110-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&ts=1430415358&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4126495578-2000874245-1102637110-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://www.oursurfing.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX&ts=1430415358&type=default&q={searchTerms}
FF DefaultSearchEngine: oursurfing
FF SelectedSearchEngine: oursurfing
FF Homepage: hxxp://www.oursurfing.com/?type=hp&ts=1430415313&z=c860f986bff9d704c61f2degdzbceeczegfwbc3g5w&from=cmi&uid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF SearchPlugin: C:\Users\Krychu\AppData\Roaming\Mozilla\Firefox\Profiles\sec3dbtx.default-1424461570408\searchplugins\do-search.xml [2015-03-12]
FF SearchPlugin: C:\Users\Krychu\AppData\Roaming\Mozilla\Firefox\Profiles\sec3dbtx.default-1424461570408\searchplugins\oursurfing.xml [2015-05-06]
FF Extension: Search Enginer - C:\Users\Krychu\AppData\Roaming\Mozilla\Firefox\Profiles\sec3dbtx.default-1424461570408\Extensions\sweetsearch@gmail.com [2015-04-30]
FF Extension: Round World 1.0.1 - C:\Users\Krychu\AppData\Roaming\Mozilla\Firefox\Profiles\sec3dbtx.default-1424461570408\Extensions\{4cc550cb-ad95-48a3-ae71-6ab7c8433971}.xpi [2015-03-12]
R2 kygyhosy; C:\Users\Krychu\AppData\Roaming\10F6C580-1430414571-81E1-26E6-3085A915E920\jnsl7788.tmp [266240 2015-04-30] () [File not signed]
R2 xikejyre; C:\Users\Krychu\AppData\Local\10F6C580-1430421974-81E1-26E6-3085A915E920\snss5A7A.tmp [112128 2015-04-30] () [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] <==== ATTENTION
C:\Users\Krychu\AppData\Roaming\10F6C580-1430414571-81E1-26E6-3085A915E920
C:\Program Files (x86)\globalUpdate
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 NPF; system32\drivers\NPF.sys [X]
2015-04-30 20:08 - 2015-04-30 20:08 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Krychu\Downloads\sh-remover (3).exe
2015-04-30 20:07 - 2015-04-30 20:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Krychu\Downloads\sh-remover.exe
2015-04-30 20:07 - 2015-04-30 20:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Krychu\Downloads\sh-remover (2).exe
2015-04-30 20:07 - 2015-04-30 20:07 - 03109248 _____ (Enigma Software Group USA, LLC.) C:\Users\Krychu\Downloads\sh-remover (1).exe
2015-04-30 19:54 - 2015-04-30 19:54 - 00000000 ____ D () C:\Users\Krychu\AppData\Local\globalUpdate
2015-04-30 19:53 - 2015-05-06 02:27 - 00000000 ____ D () C:\Users\Krychu\AppData\Local\CrashDumps
2015-04-30 19:55 - 2015-04-30 19:56 - 00000111 _____ () C:\Windows\Reimage.ini
2015-04-30 19:41 - 2015-04-30 20:14 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-04-30 19:41 - 2015-04-30 20:14 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-04-30 19:41 - 2015-04-30 20:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-04-30 19:41 - 2015-04-30 19:41 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2015-04-30 19:41 - 2015-04-30 19:41 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2015-04-30 19:41 - 2015-04-30 19:41 - 00002828 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2015-04-30 19:40 - 2015-05-12 01:12 - 00001014 _____ () C:\Windows\Tasks\52teP044XUmDX0MEud8.job
2015-04-30 19:40 - 2015-05-12 01:12 - 00001004 _____ () C:\Windows\Tasks\8P1GmLlNrKPv6M.job
2015-04-30 19:40 - 2015-04-30 19:40 - 00004056 _____ () C:\Windows\System32\Tasks\52teP044XUmDX0MEud8
2015-04-30 19:40 - 2015-04-30 19:40 - 00004046 _____ () C:\Windows\System32\Tasks\8P1GmLlNrKPv6M
2015-04-30 19:38 - 2015-04-30 19:38 - 00000000 __SHD () C:\Users\Krychu\AppData\Roaming\AnyProtectEx
2015-04-30 19:35 - 2015-04-30 19:35 - 00004052 _____ () C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-04-30 19:33 - 2015-05-12 01:12 - 00000994 _____ () C:\Windows\Tasks\uMmSwFs95.job
2015-04-30 19:33 - 2015-04-30 19:33 - 00004036 _____ () C:\Windows\System32\Tasks\uMmSwFs95
2015-04-30 19:32 - 2015-05-12 01:12 - 00000994 _____ () C:\Windows\Tasks\hwHX0ua0r.job
2015-04-30 19:32 - 2015-04-30 19:59 - 00000000 ____ D () C:\Program Files (x86)\4c3a4aa7-1165-401e-8150-331fd2643d97
2015-04-30 19:32 - 2015-04-30 19:33 - 00004036 _____ () C:\Windows\System32\Tasks\hwHX0ua0r
2015-04-30 19:26 - 2015-05-12 01:14 - 00000000 ____ D () C:\Users\Krychu\AppData\Local\10F6C580-1430421974-81E1-26E6-3085A915E920
2015-04-30 19:25 - 2015-04-30 19:36 - 00000000 ____ D () C:\Users\Krychu\AppData\Local\10F6C580-1430421958-81E1-26E6-3085A915E920
2015-04-30 19:25 - 2015-04-30 19:25 - 00003738 _____ () C:\Windows\System32\Tasks\SMupdate1
2015-04-30 19:23 - 2015-04-30 20:08 - 00000000 ____ D () C:\Program Files (x86)\PrriiceLess
2015-04-30 19:23 - 2015-04-30 19:36 - 00000000 ____ D () C:\Users\Krychu\AppData\Local\10F6C580-1430421820-81E1-26E6-3085A915E920
2015-04-30 19:23 - 2015-04-30 19:23 - 00000000 ____ D () C:\ProgramData\4282392189907342003
2015-04-30 19:22 - 2015-05-07 00:40 - 00000000 ____ D () C:\Users\Krychu\AppData\Roaming\10F6C580-1430414571-81E1-26E6-3085A915E920
2015-04-30 19:22 - 2015-05-06 19:22 - 00000332 _____ () C:\Windows\Tasks\Bidaily Synchronize Task.job
2015-04-30 19:22 - 2015-04-30 20:12 - 00000000 ____ D () C:\ProgramData\{50254e48-025b-353d-5025-54e480253920}
2015-04-19 14:20 - 2015-04-19 14:20 - 00005872 _____ () C:\Users\Krychu\AppData\Roaming\hwHX0ua0r
2015-04-19 14:20 - 2015-04-19 14:20 - 00005872 _____ () C:\Users\Krychu\AppData\Roaming\52teP044XUmDX0MEud8
2015-04-30 19:59 - 2015-02-25 13:48 - 00000000 ____ D () C:\Program Files (x86)\8a3febee-36d7-4cf2-ba33-a9b55dc90687
C:\Program Files\Common Files\System\SysMenu.dll
C:\Users\Krychu\AppData\Local\SmartWeb
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum. Następnie ponownie uruchom FRST klikasz Scan pokaż nowy raport FRST.txt na forum

krychukrych · 12 Maj 2015 21:26

Nowe raporty przesyłam w załączniku

Addition.txt

FRST.txt

Fixlog.txt

spandaupol · 13 Maj 2015 14:43

Wklej do notatnika:

CloseProcesses:
BHO: No Name - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.oursurfing.com/?type=scts=1430414414z=7305a56d9628746e6304c56g6z7c2ecz0g8z0zfg8qfrom=amtuid=HitachiXHTS547575A9E384_J2540020C665NEC665NEX
2015-04-30 19:51 - 2015-04-30 19:51 - 00000000 ____ D () C:\Program Files (x86)\predm
2015-04-30 19:38 - 2015-04-30 19:54 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Krychu\AppData\Roaming\uMmSwFs95
2015-04-14 18:28 - 2015-04-14 18:28 - 00004387 _____ () C:\Users\Krychu\AppData\Roaming\8P1GmLlNrKPv6M
S3 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 mohinocu; C:\Users\Krychu\AppData\Roaming\10F6C580-1430414571-81E1-26E6-3085A915E920\nsg5353.tmp [X]
S2 poxuqire; C:\Users\Krychu\AppData\Local\10F6C580-1430421958-81E1-26E6-3085A915E920\cnsc1D7C.tmp [X]
EmptyTemp:

Plik zapisz jako fixlist.txt i umieść w tym samym katalogu co FRST Uruchom FRST klikasz Fix Raport z usuwania pokaż na forum. Skasuj Folder C:\FRST

Wykonaj pełny skan Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html(w trakcie instalacji odznacz okres testowy) Wykonaj pełny skan, jeśli program coś wykryje pokaż raport na forum

krychukrych · 16 Maj 2015 08:42

Nie wiem jak to możliwe ale problem minął nie wykonywałem kroku z ostatniego postu dziękuje temat można zamknąć