RegSvr32 - nie można załadować modułu FapqAywi.dat

[Sevidix]

Po wlaczeniu komputera pojawia sie komunikat - Nie mozna zaladowac modulu "C:\ProgramData\FapqAywi\FapqAywi.dat".Probowalem czyszczenia przez pare programow ale nic nie pomagalo.Raz pojawil sie blue screen.Przesylam logi z OLT Gmer i Frst.

 

Z gory dziekuje za pomoc

Addition.txt

Extras.Txt

FRST.txt

OTL.Txt

Shortcut.txt

Nowy dokument tekstowy.txt

[picasso]

Wykonaj:

 

1. Odinstaluj starsze wersje Adobe Flash Player 14 ActiveX (wtyczka dla IE) + Adobe Flash Player 15 Plugin (wtyczka dla Firefox/Opera). Używasz Google Chrome, które ma własny wbudowany Flash i nie potrzebuje tych instalacji.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
HKU\S-1-5-21-1426686453-4213014111-1618088604-1001\...\Run: [] => [X]
HKU\S-1-5-21-1426686453-4213014111-1618088604-1001\...\Run: [FapqAywi] => regsvr32.exe "C:\ProgramData\FapqAywi\FapqAywi.dat"
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> G:\Programy\Java\bin\ssv.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> G:\Programy\Java\bin\jp2ssv.dll No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF Plugin HKU\S-1-5-21-1426686453-4213014111-1618088604-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
S2 TBPanel; No ImagePath
S3 ATICDSDr; \??\C:\Users\Siwy\AppData\Local\Temp\ATICDSDr.sys [X]
testsigning: ==> Check for possible unsigned rootkit driver 
C:\ProgramData\FapqAywi
CMD: netsh advfirewall reset
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu, błąd RegSvr32 nie powinien się już pokazać. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut). Dołącz też plik fixlog.txt.

 

 

 

.

[Sevidix]

Wszystko przebieglo ok, lecz podczas zamykania systemu ktore trwalo jakies 3 min pojawil sie ponownie blue screen.Po ponownym wlaczeniu sie komputera blad RegSvr32 juz sie nie pokazal takze nie sadze by to mialo jakis wplyw na tamte procesy.

Fixlog.txt

FRST.txt

[picasso]

podczas zamykania systemu ktore trwalo jakies 3 min pojawil sie ponownie blue screen

Czy ten BSOD przy zamykaniu systemu pojawia się nadal, czy był to przypadek podczas przetwarzania Fix? Skopiuj na Pulpit poniższe pliki, spakuj do ZIP, shostuj gdzieś i podaj link do paczki.

 

==================== One Month Created Files and Folders ========
 

2014-12-02 19:55 - 2014-12-02 19:55 - 00498416 _____ () C:\Windows\Minidump\120214-34647-01.dmp

2014-12-02 17:43 - 2014-12-02 17:43 - 00292216 _____ () C:\Windows\Minidump\120214-32697-01.dmp

 

Natomiast zadania czyszczące pomyślnie wykonane i w tym zakresie już kończymy:

 

1. Usuń pobrane narzędzia z G:\Naprawa kompa. Następnie zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Zaktualizuj systemowy Internet Explorer 10 do wersji 11, nawet jeśli przeglądarki w ogóle nie używasz.

 

 

 

.

[Sevidix]

Nie, teraz gdy wylaczylem system wszystko przebieglo normalnie bez BSOD.

https://www.sendspace.com/file/ldzucv

Nowy dokument tekstowy.txt

[picasso]

Oba BSOD nie były tożsame, wyniki debugowania są różne, co nie tworzy tu dla mnie konkretnej powtarzalności:

 

 

 

Loading Dump File [D:\DMP\Sevidix\120214-34647-01.dmp]
 

*******************************************************************************
 

* Bugcheck Analysis *
 

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck 1000009F, {4, 258, fffffa8003aefb50, fffff80000b9c510}
 

Implicit thread is now fffffa80`03aefb50

Probably caused by : WUDFRd.sys ( WUDFRd!RdDevice::MarkForDelete+26 )
 

Followup: MachineOwner

---------
 

0: kd> !analyze -v
 

DRIVER_POWER_STATE_FAILURE (9f)

A driver has failed to complete a power IRP within a specific time (usually 10 minutes).

Arguments:

Arg1: 0000000000000004, The power transition timed out waiting to synchronize with the Pnp

subsystem.

Arg2: 0000000000000258, Timeout in seconds.

Arg3: fffffa8003aefb50, The thread currently holding on to the Pnp lock.

Arg4: fffff80000b9c510, nt!TRIAGE_9F_PNP on Win7
 

Debugging Details:

------------------
 

Implicit thread is now fffffa80`03aefb50
 

DRVPOWERSTATE_SUBCODE: 4
 

CUSTOMER_CRASH_COUNT: 1
 

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
 

BUGCHECK_STR: 0x9F
 

PROCESS_NAME: System
 

CURRENT_IRQL: 2
 

LAST_CONTROL_TRANSFER: from fffff80002e6f5f2 to fffff80002e7ca8a
 

STACK_TEXT:

fffff880`031cb140 fffff800`02e6f5f2 : fffffa80`03aefb50 fffffa80`03aefb50 00000000`00000000 00000000`00000000 : nt!KiSwapContext+0x7a

fffff880`031cb280 fffff800`02e8099f : 00000000`00000000 00000000`00000100 00000000`00000000 fffffa80`06f73340 : nt!KiCommitThreadWait+0x1d2

fffff880`031cb310 fffff800`02f8a875 : 00000000`00000000 fffffa80`00000000 fffffa80`07276300 fffffa80`071af700 : nt!KeWaitForSingleObject+0x19f

fffff880`031cb3b0 fffff880`09ba29ea : fffffa80`06f72d80 fffffa80`06f73340 fffffa80`21444d55 00000000`0000041f : nt!IoReleaseRemoveLockAndWaitEx+0x45

fffff880`031cb3f0 fffff880`09ba1e52 : 00000000`00000000 fffffa80`06f73340 fffffa80`07292e02 fffffa80`06f72d80 : WUDFRd!RdDevice::MarkForDelete+0x26

fffff880`031cb420 fffff880`09ba137e : fffffa80`072d3a10 fffffa80`072d3a10 fffff880`09bc7158 fffffa80`06f73350 : WUDFRd!RdDriver::DeleteDrvMgrCtrlDevice+0x1e

fffff880`031cb450 fffff880`09baadb4 : 00000000`00000001 fffffa80`06f73350 fffffa80`7c444d55 00000000`0000046b : WUDFRd!RdDriver::UnprepareSharedResources+0x92

fffff880`031cb480 fffff880`09baa9dc : 00000000`00000001 fffffa80`07292e10 00000000`ffffffff fffffa80`06925f20 : WUDFRd!RdFdoDevice::~RdFdoDevice+0x264

fffff880`031cb500 fffff880`09b9ed0d : 00000000`00000000 fffff880`09ba4e05 fffffa80`07292e02 fffff880`09bc7158 : WUDFRd!RdFdoDevice::`vector deleting destructor'+0x14

fffff880`031cb530 fffff880`09b9f1af : fffffa80`06925f20 fffff880`09b9ed0d 00000000`00000000 fffff800`02e7ca00 : WUDFRd!CUMDFUnknown::Release+0x21

fffff880`031cb560 fffff880`09ba570a : fffffa80`039f2040 fffffa80`06f73010 fffffa80`075a1690 00000000`00000000 : WUDFRd!WdfObject::ReleaseWait+0x7f

fffff880`031cb5a0 fffff880`09ba5a33 : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000001 : WUDFRd!RdPnpTracker::RdPnpProcessor+0x342

fffff880`031cb630 fffff880`09ba532f : fffffa80`075a1690 fffffa80`075a1690 fffffa80`06f7301b 00000000`00000103 : WUDFRd!RdPnpTracker::RdPnpProcessor+0x66b

fffff880`031cb6c0 fffff880`09ba3de6 : 00000000`0000001b fffffa80`06f73010 fffffa80`075a1690 fffff8a0`00bb0910 : WUDFRd!RdPnpTracker::RdPnp+0x407

fffff880`031cb730 fffff880`09ba04ce : 00000000`00000000 00000000`c000001b fffffa80`075a1690 00000000`c000001b : WUDFRd!RdDevice::ProcessIrp+0x132

fffff880`031cb770 fffff800`030e6121 : fffffa80`07276380 fffff880`031cb868 00000000`c00000bb fffffa80`075a1690 : WUDFRd!RdDriver::RdDispatch+0xda

fffff880`031cb7b0 fffff800`032663a1 : fffffa80`07292e10 00000000`00000000 fffffa80`0728cd90 00000000`00000801 : nt!IopSynchronousCall+0xe1

fffff880`031cb820 fffff800`02f7c063 : fffff8a0`045ab5b0 fffff8a0`045ab5b0 00000000`0000002b 00000000`00000000 : nt!IopRemoveDevice+0x101

fffff880`031cb8e0 fffff800`03265ef4 : fffffa80`0728cd90 00000000`00000000 00000000`00000002 00000000`00000002 : nt!PnpRemoveLockedDeviceNode+0x1a3

fffff880`031cb930 fffff800`03266000 : 00000000`00000000 fffffa80`07292e00 fffff8a0`052e0850 fffff800`0307dae0 : nt!PnpDeleteLockedDeviceNode+0x44

fffff880`031cb960 fffff800`032660f9 : fffffa80`06925902 fffffa80`06925940 00000000`00000001 00000000`00000000 : nt!PnpDeleteLockedDeviceNodes+0xa0

fffff880`031cb9d0 fffff800`03266271 : fffffa80`06925940 00000000`00000000 fffffa80`06925940 00000000`00000001 : nt!PnpDelayedRemoveWorker+0x79

fffff880`031cba20 fffff800`02f7c29a : 00000000`00000000 fffffa80`07275090 00000000`0000000a 00000000`00000000 : nt!PnpChainDereferenceComplete+0x131

fffff880`031cba60 fffff800`032f72a0 : 00000000`00000000 fffffa80`0728cd90 fffff8a0`0e88b350 00000000`00000001 : nt!PnpIsChainDereferenced+0xda

fffff880`031cbae0 fffff800`032f753c : fffff880`031cbcb8 00000000`00000000 fffff8a0`0e8bf500 fffffa80`00000000 : nt!PnpProcessQueryRemoveAndEject+0xff0

fffff880`031cbc20 fffff800`031e073e : 00000000`00000000 fffffa80`04098b90 fffff8a0`0e88b350 00000000`00000001 : nt!PnpProcessTargetDeviceEvent+0x4c

fffff880`031cbc50 fffff800`02e83261 : fffff800`030e4f88 fffff8a0`0e88b350 fffff800`0301f2d8 fffff800`0301f2d8 : nt! ?? ::NNGAKEGL::`string'+0x54d9b

fffff880`031cbcb0 fffff800`031162ea : 00000000`00000000 fffffa80`03aefb50 00000000`00000080 fffffa80`039f2040 : nt!ExpWorkerThread+0x111

fffff880`031cbd40 fffff800`02e6a8e6 : fffff880`02f64180 fffffa80`03aefb50 fffff880`02f6efc0 00000000`00000000 : nt!PspSystemThreadStartup+0x5a

fffff880`031cbd80 00000000`00000000 : fffff880`031cc000 fffff880`031c6000 fffff880`031cb9e0 00000000`00000000 : nt!KxStartSystemThread+0x16
 
 

STACK_COMMAND: kb
 

FOLLOWUP_IP:

WUDFRd!RdDevice::MarkForDelete+26

fffff880`09ba29ea 4883c428 add rsp,28h
 

SYMBOL_STACK_INDEX: 4
 

SYMBOL_NAME: WUDFRd!RdDevice::MarkForDelete+26
 

FOLLOWUP_NAME: MachineOwner
 

MODULE_NAME: WUDFRd
 

IMAGE_NAME: WUDFRd.sys
 

DEBUG_FLR_IMAGE_TIMESTAMP: 5010aabe
 

FAILURE_BUCKET_ID: X64_0x9F_4_WUDFRd!RdDevice::MarkForDelete+26
 

BUCKET_ID: X64_0x9F_4_WUDFRd!RdDevice::MarkForDelete+26
 

Followup: MachineOwner

---------

 

Loading Dump File [D:\DMP\Sevidix\120214-32697-01.dmp]
 

*******************************************************************************
 

* Bugcheck Analysis *
 

*******************************************************************************
 

Use !analyze -v to get detailed debugging information.
 

BugCheck A, {f8001e, 2, 0, fffff80002e92a55}
 

Probably caused by : ntkrnlmp.exe ( nt!KiPageFault+260 )
 

Followup: MachineOwner

---------
 

3: kd> !analyze -v
 

IRQL_NOT_LESS_OR_EQUAL (a)

An attempt was made to access a pageable (or completely invalid) address at an

interrupt request level (IRQL) that is too high. This is usually

caused by drivers using improper addresses.

If a kernel debugger is available get the stack backtrace.

Arguments:

Arg1: 0000000000f8001e, memory referenced

Arg2: 0000000000000002, IRQL

Arg3: 0000000000000000, bitfield :

bit 0 : value 0 = read operation, 1 = write operation

bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)

Arg4: fffff80002e92a55, address which referenced memory
 

Debugging Details:

------------------
 
 

READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800030b5100

GetUlongFromAddress: unable to read from fffff800030b51c0

0000000000f8001e Nonpaged pool
 

CURRENT_IRQL: 2
 

FAULTING_IP:

nt!IopCompleteRequest+ae5

fffff800`02e92a55 488b09 mov rcx,qword ptr [rcx]
 

CUSTOMER_CRASH_COUNT: 1
 

DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
 

BUGCHECK_STR: 0xA
 

PROCESS_NAME: pg0o7sur.exe
 

IRP_ADDRESS: ffffffffffffff89
 

TRAP_FRAME: fffff8800e440f00 -- (.trap 0xfffff8800e440f00)

NOTE: The trap frame does not contain all registers.

Some register values may be zeroed or incorrect.

rax=fffff8800e441860 rbx=0000000000000000 rcx=0000000000f8001e

rdx=0000000000f8001e rsi=0000000000000000 rdi=0000000000000000

rip=fffff80002e92a55 rsp=fffff8800e441090 rbp=fffff8800e4411e0

r8=fffffa800462a9d0 r9=fffff8800e441190 r10=0000000000000002

r11=fffffa8007d47790 r12=0000000000000000 r13=0000000000000000

r14=0000000000000000 r15=0000000000000000

iopl=0 nv up ei pl nz na po cy

nt!IopCompleteRequest+0xae5:

fffff800`02e92a55 488b09 mov rcx,qword ptr [rcx] ds:00000000`00f8001e=????????????????

Resetting default scope
 

LAST_CONTROL_TRANSFER: from fffff80002e7d169 to fffff80002e7dbc0
 

STACK_TEXT:

fffff880`0e440db8 fffff800`02e7d169 : 00000000`0000000a 00000000`00f8001e 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx

fffff880`0e440dc0 fffff800`02e7bde0 : fffff8a0`000018d0 00000000`00000000 fffffa80`039d6040 fffffa80`07d3f3d0 : nt!KiBugCheckDispatch+0x69

fffff880`0e440f00 fffff800`02e92a55 : 00000000`00000000 fffff880`0112b284 fffffa80`03f48000 fffffa80`0496ec01 : nt!KiPageFault+0x260

fffff880`0e441090 fffff800`02e705f7 : 00000000`00000001 00000000`00000000 00000000`00000000 fffffa80`00000000 : nt!IopCompleteRequest+0xae5

fffff880`0e441160 fffff800`02e708a7 : fffffa80`053a3530 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiDeliverApc+0x1c7

fffff880`0e4411e0 fffff800`02e90ec7 : fffff880`012d7654 fffffa80`053a3530 fffff880`0e441580 fffffa80`053a3190 : nt!KiApcInterrupt+0xd7

fffff880`0e441378 fffff880`012d7654 : fffffa80`053a3530 fffff880`0e441580 fffffa80`053a3190 fffff880`023554f8 : nt!IoIsOperationSynchronous+0x7

fffff880`0e441380 fffff880`01109bcf : fffffa80`04a67030 fffffa80`053a3190 00000000`00000000 00000000`00000000 : Ntfs!NtfsFsdCreate+0x74

fffff880`0e441530 fffff880`011292b9 : fffffa80`053a3190 fffffa80`04a60010 fffffa80`053a3100 fffffa80`0492cde0 : fltmgr!FltpLegacyProcessingAfterPreCallbacksCompleted+0x24f

fffff880`0e4415c0 fffff800`0317d43c : 00000000`00000045 fffffa80`067b8cc8 fffffa80`04f5bd80 00000000`00000000 : fltmgr!FltpCreate+0x2a9

fffff880`0e441670 fffff800`03178db8 : fffffa80`04a609d0 fffff800`00000000 fffffa80`067b8b10 00000000`00000001 : nt!IopParseDevice+0x14d3

fffff880`0e4417d0 fffff800`03179fd6 : 00000000`00000000 fffffa80`067b8b10 fffff8a0`002b9510 fffffa80`03aa9660 : nt!ObpLookupObjectName+0x588

fffff880`0e4418c0 fffff800`03158066 : fffff8a0`0ddb47e0 00000000`03aae7f8 fffff8a0`016e0001 fffff8a0`016ef530 : nt!ObOpenObjectByName+0x306

fffff880`0e441990 fffff800`02e7ce53 : fffffa80`07c2e5f0 fffff880`0e441ca0 fffffa80`07c2e5f0 00000000`7efaa000 : nt!NtQueryAttributesFile+0x145

fffff880`0e441c20 00000000`76f3168a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13

00000000`03aae7b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x76f3168a
 
 

STACK_COMMAND: kb
 

FOLLOWUP_IP:

nt!KiPageFault+260

fffff800`02e7bde0 440f20c0 mov rax,cr8
 

SYMBOL_STACK_INDEX: 2
 

SYMBOL_NAME: nt!KiPageFault+260
 

FOLLOWUP_NAME: MachineOwner
 

MODULE_NAME: nt
 

IMAGE_NAME: ntkrnlmp.exe
 

DEBUG_FLR_IMAGE_TIMESTAMP: 521ea035
 

FAILURE_BUCKET_ID: X64_0xA_nt!KiPageFault+260
 

BUCKET_ID: X64_0xA_nt!KiPageFault+260
 

Followup: MachineOwner

---------

 

 

 

 

Jeśli sytuacja się nie powtarza, to uznaję temat za zakończony. Skasuj plik CL\DelFix.tt z dysku.

[Sevidix]

Ok dziekuje bardzo za pomoc