RunDLL: problem podczas uruchamiania pliku

Dla specjalistów Bezpieczeństwo
#1

Witam, mam ostatnio problem, mianowicie przy starcie systemu i włączaniu niektórych programów pojawia mi się parokrotnie komunikat:  http://s1.fotowrzut…QCX8YPZBM/1.jpg . Uprzejmie proszę o pomoc przy naprawie.

#2

Pobierz na pulpit skaner FRST ( we 64 bit ) - http://www.bleepingc…very-scan-tool/

Uruchom skaner FRST. Pokaż wygenerowane raporty FRST i Addition.

 

http://forum.dobreprogramy.pl/nowy-log-obowi%C4%85zkowy-farbar-recovery-scan-tool-t478727/

 

 

#3

Przy próbie odpalenia FRST64 pojawia się komunikat: Wersja tego pliku jest niezgodna z wersją używanego systemu Windows (mam Windows 7). Wygenerowałam raporty przy użyciu wersji 32, nie wiem, czy to wystarczy.

 

FRST: http://wklej.to/VyNAm

Addition:http://wklej.to/KSdrw

#4

Pobierz na pulpit AdwCleaner - https://toolslib.net/downloads/viewdownload/1-adwcleaner/

Po uruchomieniu wykonaj polecenia szukaj i usuń.

Po restarcie wykonaj ponownie skanowanie FRST i pokaż aktualne raporty FRST i Addition.

 

Przepraszam za błedną info w poprzednim wpisie. Tak ma być FRST(32 bit)

#5

Masz wersję 32-bitową.Odinstaluj Download Updater.Otwórz notatnik systemowy i wklej:

Task: {11641B27-6C2E-4E38-8EA2-B952B1B7D4F0} - System32\Tasks\SMupdate1 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 ==== ATTENTION
Task: {1F94D87B-A30F-495F-B68D-68DF8CD26BA8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 ==== ATTENTION
Task: {37C7488B-173A-4E78-9754-0F49D65BE02A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000Core = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-26] (Facebook Inc.)
Task: {67FE5AE4-9C87-44E5-905A-5F98F228F50C} - System32\Tasks\{71263463-645B-4CB3-97D3-23B5C9B6C3DE} = pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {79F6C926-0980-4D28-984D-22834163F5B2} - System32\Tasks\{D0F8DCDB-323F-4793-A98B-014F5BDCB159} = pcalua.exe -a "C:\Program Files\YouTube Accelerator\YTAUninstall.exe"
Task: {94CBB594-B8C3-4568-AF2C-B323ECCA7250} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000UA = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-04-26] (Facebook Inc.)
Task: {EC149F2E-B77B-4C0D-BD1C-FA1AA4D4EC09} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 ==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000Core.job = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000UA.job = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000Core.job = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4033399343-591313562-431950359-1000UA.job = C:\Users\Adm\AppData\Local\Facebook\Update\FacebookUpdate.exe
HKU\S-1-5-21-4033399343-591313562-431950359-1000\...\RunOnce: [Adobe Speed Launcher] = 1420789256
HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] = 1420789256
HKU\S-1-5-21-4033399343-591313562-431950359-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Adobe Speed Launcher] = 1420220030
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
ShellIconOverlayIdentifiers: [0MediaIconsOerlay] - {1EC23CFF-4C58-458f-924C-8519AEF61B32} = No File
ShellIconOverlayIdentifiers: [1MediaIconsOverlay] - {1EC23CFF-4C58-458f-924C-8519AEF61B32} = No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=dsts=1416855824from=smtuid=WDCXWD5000BEVT-24A0RT0_WD-WXG1C301496714967q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=dsts=1416855824from=smtuid=WDCXWD5000BEVT-24A0RT0_WD-WXG1C301496714967q={searchTerms}
URLSearchHook: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
URLSearchHook: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - (No Name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}SearchSource=4ctid=CT2786678
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685query={searchTerms}invocationType=tb50-ie-winamp-chromesbox-en-ustb_uuid=20110429125055843tb_oid=12-12-2010tb_mrud=29-04-2011
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=osts={searchTerms}f=4
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}affID=112185tt=3012_4babsrc=SP_ssmntrId=86d122950000000000000026828515fa
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-pandaq={searchTerms}ei=UTF-8type=PCAFSI1190
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {C6E60558-4EA5-4809-B62B-A838D80F1B4D} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=src=kwq={searchTerms}locale=apn_ptnrs=apn_dtid=OSJ000apn_uid=4732B6CA-4AC5-432F-A24A-DE74A53F8D44apn_sauid=8FA953A7-0F02-4BEB-8D0E-18B39C7753ED
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685query={searchTerms}invocationType=tb50-ie-winamp-chromesbox-en-ustb_uuid=20110429125055843tb_oid=12-12-2010tb_mrud=29-04-2011
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=osts={searchTerms}f=4
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}affID=112185tt=3012_4babsrc=SP_ssmntrId=86d122950000000000000026828515fa
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = http://search.yahoo.com/search?fr=chr-pandaq={searchTerms}ei=UTF-8type=PCAFSI1190
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {C6E60558-4EA5-4809-B62B-A838D80F1B4D} URL = http://websearch.ask.com/redirect?client=ietb=ORJo=src=kwq={searchTerms}locale=apn_ptnrs=apn_dtid=OSJ000apn_uid=4732B6CA-4AC5-432F-A24A-DE74A53F8D44apn_sauid=8FA953A7-0F02-4BEB-8D0E-18B39C7753ED
SearchScopes: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685query={searchTerms}invocationType=tb50-ie-winamp-chromesbox-en-ustb_uuid=20110429125055843tb_oid=12-12-2010tb_mrud=29-04-2011
Toolbar: HKLM - No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File
Toolbar: HKU\S-1-5-21-4033399343-591313562-431950359-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchost.xml
FF Extension: General Crawler - C:\Users\Adm\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com [2012-02-16]
CHR StartupUrls: Default - "hxxp://www.gazeta.pl/0,0.html?p=137", "hxxp://search.babylon.com/?affID=112185tt=3012_4babsrc=HP_ssmntrId=86d122950000000000000026828515fa", "https://www.google.pl/", "hxxp://www2.delta-search.com/?babsrc=HP_ssmntrId=86D10026828515FAaffID=121705tt=288013_icontsp=4991", null, "hxxp://www.mystartsearch.com/?type=hpts=1416855824from=smtuid=WDCXWD5000BEVT-24A0RT0_WD-WXG1C301496714967"
CHR HKLM\...\Chrome\Extension: [aacbndibbcpajfgnkdkaakeiojmmgmnk] - C:\Users\Adm\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Adm\AppData\Local\Temp\ccex.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Adm\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Adm\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [2013-05-22]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoods.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-06-12]
CHR HKLM\...\Chrome\Extension: [jpihmmhdcobmllpcnpfbhnipmhamldje] - C:\Users\Adm\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx [2012-02-16]
CHR HKLM\...\Chrome\Extension: [jplinpmadfkdgipabgcdchbdikologlh] - C:\Program Files\1ClickDownload\1click12.crx [Not Found]
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#6

 

 

Po wykonaniu instrukcji początkowy problem w postaci komunikatu “RunDLL: problem podczas uruchamiania pliku” zniknął i nie pojawia się przy uruchamianiu systemu, za to pojawił się nowy komunikat: 

 

RegisterDLL: Error - Nieprawidłowy poziom główny w kluczu rejestru “HKCU\Software\Classes\CLSID{f8d6c273-4772-4ee8-9d4f-adcb0a7e5c50}”.

 

Załączam wygenerowane pliki:

 

Fixlog: http://wklej.to/cy5P3

FRST: http://wklej.to/SQP5z

#7

Pokaż też Addition.txt

#8

Oto Addition: http://wklej.to/Bkwf1

#9

Otwórz notatnik systemowy i wklej:

Task: {D3E2EB36-C71C-4DC2-92DA-F5674A4D32B6} - System32\Tasks\{65D49F89-D48D-4BAE-8571-2FB111D34E8F} = pcalua.exe -a C:\Users\Adm\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=smt
HKLM\...\Run: [GrooveMonitor] = C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] = C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
BHO: No Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No File
BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Adm\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.dll ()
CHR HKU\S-1-5-21-4033399343-591313562-431950359-1000\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Adm\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [Not Found]
CHR HKU\S-1-5-21-4033399343-591313562-431950359-1000\...\Chrome\Extension: [dknkjnkhedbanphkkpbpcgoblmkbfhlf] - C:\Users\Adm\AppData\Local\CRE\dknkjnkhedbanphkkpbpcgoblmkbfhlf.crx [Not Found]
U3 BcmSqlStartupSvc; No ImagePath
U2 IAStorDataMgrSvc; No ImagePath
U2 IviRegMgr; No ImagePath
U2 RichVideo; No ImagePath
U4 vsserv; No ImagePath

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#10

Zrobiłam tak, niestety

 

RegisterDLL: Error - Nieprawidłowy poziom główny w kluczu rejestru “HKCU\Software\Classes\CLSID{f8d6c273-4772-4ee8-9d4f-adcb0a7e5c50}”.

 

dalej się pojawia przy uruchamianiu systemu.

#11

Wyczyść rejestr programem CCleaner.