Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Blad wermgr.exe i wariujaca klawiatura

Rozbójnik70 26 Sie 2015 20:31 867 8
  • CControls
  • Pomocny post
    #2 26 Sie 2015 20:46
    Kolobos
    Spec od komputerów

    Odinstaluj:
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== UWAGA
    Web Companion

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: https://toolslib.net/downloads/viewdownload/1-adwcleaner/

    Fixlist.txt dla FRST:
    Task: {2CC70E68-2636-4D87-A217-ABFF9C389CCE} - System32\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== UWAGA
    Task: {51B8EE4E-D581-4A0A-98D4-BD0A1473C8F8} - System32\Tasks\Sk-Enhancer-S-5499298658 => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exe <==== UWAGA
    Task: {5BD0542B-04D1-49DF-830A-FD43D46FFBDC} - \Windows Update Check - 0x0E5602E0 -> Brak pliku <==== UWAGA
    Task: {89643C16-D251-483A-A003-C63EF5520350} - System32\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71} => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exe <==== UWAGA
    Task: {D7C00F5C-93D8-48D7-8E6D-06218C303422} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== UWAGA
    Task: C:\Windows\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\ProgramData\cisEE44.exe <==== UWAGA
    Task: C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cisFB7E.exe <==== UWAGA
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== UWAGA
    Task: C:\Windows\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910}.job => C:\ProgramData\Premium\OptimizerPro1\OptimizerPro1.exeJ/schedule /profilepath C:\ProgramData\Premium\OptimizerPro1\profile.ini <==== UWAGA
    Task: C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job => c:\programdata\wintersoft\sk-enhancer\Sk-Enhancer.exeJ/schedule /profile c:\programdata\wintersoft\sk-enhancer\5499298658.ini <==== UWAGA
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\.exe: exefile => <===== UWAGA
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Classes\exefile: <===== UWAGA
    IE trusted site: HKU\S-1-5-21-2514341295-222075935-350485170-500\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2514341295-222075935-350485170-500\...\webcompanion.com -> hxxp://webcompanion.com
    (XTab system) C:\Program Files (x86)\MiuiTab\ProtectService.exe
    HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] => "C:\ProgramData\cisEE44.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
    HKU\S-1-5-21-2514341295-222075935-350485170-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize




    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\jumpflip: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchinstaller.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\searchsettings.exe: [Debugger] tasklist.exe
    IFEO\searchsettings64.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\umbrella.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    IFEO\volaro: [Debugger] tasklist.exe
    IFEO\vonteera: [Debugger] tasklist.exe
    IFEO\websteroids.exe: [Debugger] tasklist.exe
    IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
    Startup: C:\Users\Piotrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk [2014-01-30]
    ShortcutTarget: start.lnk -> C:\Users\Administrator\udeqt\start.vbs (Brak pliku)
    GroupPolicy: Zasady grupy Chrome wykryto <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Zasada ograniczeń <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
    HKU\S-1-5-21-2514341295-222075935-350485170-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hppp&t...om=cor&uid=SAMSUNGXHD502HJ_S20BJ90Z501958
    HKU\S-1-5-21-2514341295-222075935-350485170-500\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    URLSearchHook: HKLM-x32 - (Brak nazwy) - {43bb27e0-a789-4894-b1a3-e7c6af827a68} - Brak pliku
    SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-19 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-20 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = hxxp://search.yac.mx/web/?q={searchTerms}&type=ds&from=yac&uid=samsungxhd502hj_s20bj90z501958&ts=1430915139
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=dspp&a...amp;uid=SAMSUNGXHD502HJ_S20BJ90Z501958&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2514341295-222075935-350485170-500 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&a...958&ts=1437298518&type=default&q={searchTerms}
    BHO: uoniSalees -> {0718616a-9a76-49ac-b4b9-8704fe4acd71} -> Brak pliku
    BHO: JonniCoupoen -> {2130f167-dd9d-42d6-81fb-3c16da75c924} -> Brak pliku
    BHO: BesttSaveForYou -> {49abdec8-a6c6-4b3a-92c3-ae374dd40cf7} -> Brak pliku
    BHO: AllChEapPreice -> {9f4edd78-3451-4e43-b14a-93edd7b24aba} -> Brak pliku
    BHO-x32: LuckyTab Class -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-06-24] (Thinknice Co. Limited)
    BHO-x32: Brak nazwy -> {A5F52A5D-8999-0BF1-2A76-9E84738F703C} -> Brak pliku
    BHO-x32: Brak nazwy -> {C9ACA1FD-0E8E-12FB-1FB9-EE53303C335D} -> Brak pliku
    Toolbar: HKLM-x32 - Brak nazwy - {52170494-4d34-4f69-8dac-f726dc0da9ac} - Brak pliku
    Winsock: Catalog5 01 mswsock.dll Plik nie znalezionoUWAGA: LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll Plik nie znalezionoUWAGA: LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5-x64 01 mswsock.dll File Not ' & $found1 & 'UWAGA: The LibraryPath powinno kierować na "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5-x64 05 mswsock.dll File Not ' & $found1 & 'UWAGA: The LibraryPath powinno kierować na "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
    Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
    Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
    Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
    Winsock: Catalog9-x64 15 C:\Windows\system32\LavasoftTcpService64.dll [422400 2015-07-09] (Lavasoft Limited)
    FF DefaultSearchEngine: webssearches
    FF SelectedSearchEngine: webssearches
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\searchplugins\istartsurf.xml [2015-07-21]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\searchplugins\mystartsearch.xml [2015-07-21]
    FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\searchplugins\webssearches.xml [2015-08-26]
    FF Extension: Default SearchProtected - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\Extensions\defsearchp@gmail.com.xpi [2015-07-22]
    FF Extension: Brak nazwy - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@dokotoolbar.com [2015-08-15]
    FF HKLM-x32\...\Firefox\Extensions: [searchffv2@gmail.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\extensions\searchffv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0u0vssjw.default\extensions\sweetsearch@gmail.com
    R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
    S2 ChromodoUpdater; Brak ImagePath
    S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]
    S2 AODDriver4.1; Brak ImagePath
    S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    2015-08-26 19:44 - 2013-11-12 22:13 - 00000464 ____H C:\Windows\Tasks\Sk-Enhancer-S-5499298658.job
    2015-08-26 19:44 - 2012-10-30 23:11 - 00000428 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{020C10D3-5E03-4242-ACBC-7CA7F8A91E71}.job
    2015-08-26 19:44 - 2012-10-21 12:09 - 00000428 ____H C:\Windows\Tasks\OptimizerPro1UpdaterTask{68E062E8-5630-4B60-9194-366CFA5F9910}.job
    C:\Users\Piotrek\AppData\Local\Google\Desktop\Install
    C:\Program Files (x86)\Google\Desktop\Install
    EmptyTemp:


    Zrob pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu daj nowe logi z FRST, ze skanowania.

    1
  • CControls
  • #4 26 Sie 2015 22:23
    Kolobos
    Spec od komputerów

    W ogole nie wykonales tego co podalem.

    Wykonaj fixlist.txt, ktory podalem i po wykonaniu daj fixlog.txt, ktory sie utworzy.

    0
  • Pomocny post
    #6 27 Sie 2015 09:10
    Kolobos
    Spec od komputerów

    Tak, czy problem nadal wystepuje?

    1
  • #7 27 Sie 2015 10:33
    Rozbójnik70
    Poziom 5  

    Komunikat juz nie wyskakuje ale klawiatura nie dziala poprawnie

    0
  • Pomocny post
    #8 27 Sie 2015 10:59
    Kolobos
    Spec od komputerów

    Podmien na inna.

    1
  • #9 27 Sie 2015 17:58
    Rozbójnik70
    Poziom 5  

    Podmieniłem i wyszło na to że to była wina klawiatury. Myślałem że to miało coś wspólnego bo zdarzyło się w takim samym czasie. Wielkie dzięki za pomoc :)

    0