RunDLL, problem z plikiem SysMenu.dll


(Lechzarzycki) #1

Objawy zainfekowania:

Na komputerze PC z systemem Windows 7 (64 bit) po starcie ukazują się dwa jednakowe komunikaty następującej treści: "RunDLL (tytuł). Wystąpił problem podczas uruchamiania pliku C:\PROGRA~1\COMMON~1\System\SysMenu.dll. Nie można odnaleźć określonego modułu".  Identyczne komunikaty pojawiają się sporadycznie w innych okolicznościach podczas pracy PC.

Wykonane działania:

Komputer przeskanowałem i wyczyściłem przed zapisem logów nastepującymi programami:G Data (antywirus na stałe zainstalowany), Malwarebytes Anti-Malware, CCleaner Free, RegCleaner, System Ninja, AdwCleaner.

Logi:

1/ Addition.txt       http://wklej.org/id/1599477/dl/

2/ Extras.Txt         http://wklej.org/id/1599481/dl/

3/FRST.txT           http://wklej.org/id/1599486/dl/

4/OTL.Txt             http://wklej.org/id/1599487/dl/

5/Shortcut.txt        http://wklej.org/id/1599489/dl/

Serdecznie pozdrawiam i proszę o pomoc.


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2885899350-3276771230-1663034452-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-18\...\Winlogon: [Shell] C:\Windows\explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR Extension: (No Name) - C:\Users\LECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinhoacconpceelgdaedinmimfpianmk [2014-05-28]
CHR Extension: (No Name) - C:\Users\LECH\AppData\Local\Google\Chrome\User Data\Default\Extensions\egddckipodihhblgbiiijgmpoojljgag [2014-05-29]
R2 tor; C:\Program Files (x86)\Tor\tor.exe [2897422 2012-06-09] () [File not signed] <==== ATTENTION
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
U3 aj4lujiu; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S2 SPDRIVER_1463.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1463.0.0.0\jsdrv.sys [X]
C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys
C:\ProgramData\{f5c9830a-c6f6-5bc5-f5c9-9830ac6f0c2b}
C:\Users\LECH\Downloads\yet_another_cleaner_nee.exe
C:\Program Files (x86)\Tor
C:\sh4_service.log
C:\shldr.mbr
C:\shldr
C:\Program Files\Enigma Software Group
C:\AdwCleaner
C:\Temp
Task: {005CE215-E151-466D-B074-42D9A43E583A} - System32\Tasks\{E46C4CED-671D-4825-BA96-5378A057D219} => pcalua.exe -a C:\Users\LECH\Downloads\ocrupdat.exe -d C:\Users\LECH\Downloads
Task: {055CC745-2FA4-42A8-9F6F-1AC76C2BE397} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-5 No Task File <==== ATTENTION
Task: {0AB4FF72-B8B9-4DF4-9D57-7141ACAE5561} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-5_user No Task File <==== ATTENTION
Task: {0D106206-24ED-4C82-9B40-A1D423A7D909} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-11 No Task File <==== ATTENTION
Task: {1C6F2E69-903F-45EA-8D30-3197006B0195} - System32\Tasks\{994D72E7-B039-42EA-BDAA-2348752C2CE8} => pcalua.exe -a "C:\Program Files (x86)\Torntv V9.0\Uninstall.exe" -c /fcp=1
Task: {1F903375-546C-4F6F-B9FB-FF56D2983C73} - \2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-5 No Task File <==== ATTENTION
Task: {2222D5F8-A1DC-4B12-92F4-81F86B00D991} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {2F96C5BF-1B30-4AF4-B8B4-88BAF25CC257} - System32\Tasks\{008D2195-4324-49BD-A296-E8AE524417A3} => pcalua.exe -a C:\Users\LECH\Downloads\ocrupdat.exe -d C:\Users\LECH\Downloads
Task: {37BD1D6E-DB05-404E-A7A2-8382FE209377} - System32\Tasks\GoForFiles Installer Starter => C:\Users\LECH\AppData\Local\Temp\GoForFilesRtXbuI6tFC.exe <==== ATTENTION
Task: {3B5DE04F-9C75-4126-B319-A02CC8AFBBED} - System32\Tasks\{80C9FCB9-7A57-459D-BDCA-08545BD326C9} => pcalua.exe -a "C:\Program Files (x86)\Plus-HD-9.6\Uninstall.exe" -c /fcp=1
Task: {3C7AE7AF-227F-44FA-A0ED-EFC6031D1A1F} - \2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-3 No Task File <==== ATTENTION
Task: {3DF4703E-AFE8-467A-8496-7D957C8DDB2C} - \957451f1-e94b-45b5-a4de-f6b7bcfab902-4 No Task File <==== ATTENTION
Task: {473148D9-B853-4FB1-9720-46FB6E6F661D} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-1 No Task File <==== ATTENTION
Task: {51EE1857-8B37-4375-A3A4-E2787873B3E5} - System32\Tasks\NIUpdateServiceCheckTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2014-06-10] (National Instruments)
Task: {5267939B-EBCE-4F4E-AC3F-EC9930962E19} - \4bd3ec58-c42f-443e-8edb-0a5b2d035380-1 No Task File <==== ATTENTION
Task: {5F225765-5F69-4B47-951D-A5F157A912B7} - \4bd3ec58-c42f-443e-8edb-0a5b2d035380-5 No Task File <==== ATTENTION
Task: {68261A93-B8AB-4C3A-AC0F-CFDC3AB83C42} - System32\Tasks\NIUpdateServiceStartupTask => C:\Program Files (x86)\National Instruments\Shared\Update Service\NIUpdateService.exe [2014-06-10] (National Instruments)
Task: {70893356-DCCC-4CFF-8768-6F8E689BE747} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-2 No Task File <==== ATTENTION
Task: {7823A9A9-81E4-4988-887F-4DD2471ADE9A} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-5 No Task File <==== ATTENTION
Task: {78BC5CD1-1E46-4994-BC19-448440179BC1} - \4bd3ec58-c42f-443e-8edb-0a5b2d035380-2 No Task File <==== ATTENTION
Task: {7B27A0B9-CA0F-4BCE-8F16-2FA933B675BC} - \a3bb1f37-ca48-4005-9c57-de3ec606553c-2 No Task File <==== ATTENTION
Task: {7D02631E-ECC5-49EF-BA3E-4F88D77358AD} - System32\Tasks\{B3A1B4AF-661C-41C4-B563-EBDB551945A4} => pcalua.exe -a "C:\Program Files (x86)\Nuance\PaperPort\ScannerWizard.exe" -c /A [PaperPort 11.1] /L [pol]
Task: {8D4BDB2E-7829-4748-B758-BFEBAE0CD1DA} - \957451f1-e94b-45b5-a4de-f6b7bcfab902-3 No Task File <==== ATTENTION
Task: {8DF602BE-FE44-428C-AD40-CDD9280B8512} - \2e10d0f9-1239-4dc7-85f8-42db6a7eaea5-4 No Task File <==== ATTENTION
Task: {8FC4ECAA-AD7C-467D-985C-D19EBA399A30} - \957451f1-e94b-45b5-a4de-f6b7bcfab902-5 No Task File <==== ATTENTION
Task: {96B81A12-FCD3-4502-8A5B-34EB94A8D753} - \a3bb1f37-ca48-4005-9c57-de3ec606553c-1 No Task File <==== ATTENTION
Task: {A161FF47-9449-4174-A8D4-51A7655235BA} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-4 No Task File <==== ATTENTION
Task: {A3A20FF5-0E5A-46BF-AD44-C0BBD0FA7172} - System32\Tasks\{55284381-7C20-44CF-A39E-3CD8CB708235} => pcalua.exe -a C:\Users\LECH\Downloads\emule.exe -d C:\Users\LECH\Downloads
Task: {A624ACEE-F9EF-4132-A1CB-D2F9BCF6DE5D} - \a7982934-0630-49b5-bdb1-d23d83f53ffd-4 No Task File <==== ATTENTION
Task: {B64B5C2E-955C-4F4C-B5E8-47121DEFE25D} - System32\Tasks\{0226C892-CAAD-4810-AD91-343D8C65448F} => pcalua.exe -a "C:\Program Files (x86)\Sense\Uninstall.exe" -c /fcp=1
Task: {C3FB9795-2462-416C-964E-492DD330ACE6} - \957451f1-e94b-45b5-a4de-f6b7bcfab902-2 No Task File <==== ATTENTION
Task: {C6A6942F-743B-4B2C-9124-AD771A24AD69} - \957451f1-e94b-45b5-a4de-f6b7bcfab902-1 No Task File <==== ATTENTION
Task: {C93AC77F-456E-4351-B821-CE8819AA61BA} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {CA8581B8-5ACD-4ECF-9401-BACA31D6CBB7} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-1 No Task File <==== ATTENTION
Task: {D2CF2A1C-901D-41E1-B49C-E93ECCC165BD} - \e3cefae2-45fd-47e6-99c9-7fa478a7ebe6-2 No Task File <==== ATTENTION
Task: {D616B36F-C144-45D5-9966-66F5845FAF6D} - System32\Tasks\YTAUpdate => C:\PROGRA~2\YOUTUB~1\Updater.exe <==== ATTENTION
Task: {D80584DF-2787-4661-A78F-3498DA53000D} - System32\Tasks\{5F0B91AB-F8F6-44D2-BC83-36A658D4A98D} => pcalua.exe -a C:\Users\LECH\Downloads\PDFCombiner-Installation.exe -d C:\Users\LECH\Downloads
Task: {DC47DAE3-5E0A-4E01-A7B6-7E1625BE0E8F} - \a3bb1f37-ca48-4005-9c57-de3ec606553c-5 No Task File <==== ATTENTION
Task: {E2A9DEDC-CE13-4A7B-A6F1-29BF06C288A3} - \4bd3ec58-c42f-443e-8edb-0a5b2d035380-4 No Task File <==== ATTENTION
Task: {FCD411DD-1797-4ECA-B4E7-19EF9AEDBB09} - System32\Tasks\{4901EAB3-8140-42FD-9B04-EAD73B5AC80A} => pcalua.exe -a C:\Users\LECH\Downloads\mflpro_c1\Data\Disk1\setup.exe -d C:\Users\LECH\Downloads\mflpro_c1\Data\Disk1
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.


(Lechzarzycki) #3

Fixlog - http://wklej.org/id/1600046/dl/

Shortcut - http://wklej.org/id/1600065/dl/

FRST -  http://wklej.org/id/1600067/dl/


(Atis) #4

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
C:\ProgramData\{d66e7a20-fab2-a3ca-d66e-e7a20fabe883}
C:\Windows\46B04D534E344388B6EE80FAB66AEF9B.TMP
C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
C:\Users\LECH\Downloads\SpyHunter*.rar
C:\Users\LECH\Downloads\SpyHunter *.zip
C:\Users\LECH\AppData\Roaming\AYZK
C:\Users\LECH\AppData\Roaming\TXINUNIE
C:\Users\LECH\AppData\Roaming\UNFEEUIC
C:\Users\LECH\AppData\Roaming\UVUIP
DeleteQuarantine:

Uruchom FRST i kliknij Fix. Skasuj folder C:\FRST

Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania

Przeczytaj w jaki sposób należy instalować programy: KLIK - KLIK - KLIK - KLIK


(Lechzarzycki) #5

Serdecznie dziękuję za skuteczną bezinteresowną  pomoc. Usterka została wyeliminowana.