Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Błąd - RunDLL - komunikat po uruchomieniu Windows

cezkam1 05 Sty 2016 19:11 621 2
  • #1 05 Sty 2016 19:11
    cezkam1
    Poziom 1  

    Witam!
    Proszę o pomoc w usunięciu problemu z włączającym się po uruchomieniu komputera
    komunikatu Windows RunDLL. Dołączam plik z logami. Proszę o instrukcję co mam robić.
    Ścieżka dostępu w komunikacie to C:\Users\P...\AppData\Local\Camera Form\Bin\CameraForm.dll
    Treść komunikatu to - nie można odnaleźć określonego modułu.
    Z góry dziękuję za pomoc.

    0 2
  • Pomocny post
    #2 05 Sty 2016 19:34
    Kolobos
    Spec od komputerów

    Odinstaluj:
    Setup

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {03FD1C48-A331-4010-A7B6-101F2D0E33A5} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe <==== UWAGA
    Task: {10A18B02-A020-4A36-94E4-91BF070C96B6} - \Crossbrowse -> Brak pliku <==== UWAGA
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
    Task: {4B920465-2B30-447A-B75A-F9DF52A17195} - System32\Tasks\{00D2C493-2654-4136-B9F8-266DD35A29DF} => pcalua.exe -a "E:\PAULINA\WinKalk 3.7 Full\wklk37_setup.exe" -d "E:\PAULINA\WinKalk 3.7 Full"
    Task: {67B77122-5DCC-4373-B9CB-32A5AF23B279} - System32\Tasks\Camera Form => Rundll32.exe "C:\Users\Paulina\AppData\Local\Camera Form\Bin\CameraForm.dll",#3 <==== UWAGA
    Task: {A4FCC499-AC06-4701-84A6-94A19F54E4D6} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe <==== UWAGA
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
    Task: {D88F3D98-307B-4F69-B8A7-E9A2D221638B} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Paulina\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    ShortcutWithArgument: C:\Users\Paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    ShortcutWithArgument: C:\Users\Paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    () C:\Users\Paulina\AppData\Roaming\WinNetSvc\WinNetSvc.exe




    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1060126488-2984689387-2849948018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443701066
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1060126488-2984689387-2849948018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-1060126488-2984689387-2849948018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.pl/
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    FF Extension: deskCut - C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Profiles\dv13c64l.default\Extensions\1443701144_xpi [2015-10-01] [Brak podpisu cyfrowego]
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!52951D138FBE7616A822911B01AE17715295.js [2015-10-01] <==== UWAGA
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\52951D138FBE7616A822911B01AE17715295 [2015-10-01] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-23] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-01-05 14:36 - 2016-01-05 14:44 - 00000000 ____D C:\AdwCleaner
    2015-12-23 19:34 - 2015-12-23 19:34 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2015-12-17 10:36 - 2015-12-17 10:36 - 00000000 ____D C:\Users\Paulina\AppData\Roaming\WinNetSvc
    2015-12-10 21:10 - 2015-12-10 21:25 - 00000000 ____D C:\Qoobox
    2015-12-10 21:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-10 21:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-10 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST i to wszystko.

    0
  • Pomocny post
    #3 05 Sty 2016 19:37
    Acorus 20
    Spec od komputerów

    Odinstaluj Setup. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {03FD1C48-A331-4010-A7B6-101F2D0E33A5} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Pending Update => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe <==== UWAGA
    Task: {10A18B02-A020-4A36-94E4-91BF070C96B6} - \Crossbrowse -> Brak pliku <==== UWAGA
    Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> Brak pliku <==== UWAGA
    Task: {67B77122-5DCC-4373-B9CB-32A5AF23B279} - System32\Tasks\Camera Form => Rundll32.exe "C:\Users\Paulina\AppData\Local\Camera Form\Bin\CameraForm.dll",#3 <==== UWAGA
    Task: {A4FCC499-AC06-4701-84A6-94A19F54E4D6} - System32\Tasks\WordWizard Auto Updater 1.10.0.24 Core => C:\Program Files (x86)\WordWizard_1.10.0.24\Update\WordwizardAutoUpdateClient.exe <==== UWAGA
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> Brak pliku <==== UWAGA
    Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> Brak pliku <==== UWAGA
    Task: {D88F3D98-307B-4F69-B8A7-E9A2D221638B} - \SmartWeb Upgrade Trigger Task -> Brak pliku <==== UWAGA
    Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\Paulina\Desktop\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    ShortcutWithArgument: C:\Users\Paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    ShortcutWithArgument: C:\Users\Paulina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-1060126488-2984689387-2849948018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443701066
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=9VM2N9H5_ST3500418AS&tm=1443702881
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\!52951D138FBE7616A822911B01AE17715295.js [2015-10-01] <==== UWAGA
    FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\52951D138FBE7616A822911B01AE17715295 [2015-10-01] <==== UWAGA
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    2016-01-05 14:36 - 2016-01-05 14:44 - 00000000 ____D C:\AdwCleaner
    2015-12-10 21:10 - 2015-12-10 21:25 - 00000000 ____D C:\Qoobox
    2015-12-10 21:10 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2015-12-10 21:10 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2015-12-10 21:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2015-12-10 21:10 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0