Wyskakująca czeska strona "tomaszkowalczuk" - jak usunąć?

[kborekk]

Witam,

proszę o pomoc w usunięciu strony która wyskakuje sama w trakcie korzystania z internetu

strona to hxxp://www.tomaszkowalczuk.com/?id=8d492f&campaign=1472&sub=pluginPL i nie mam pojęcia skąd się wzięła. Wiemm tylko że moja siostra przez cały dzień korzystała z mojego komputera i po tym czasie sie to pojawiło. Proszę napisać jakie jeszcze pliki mam dodać aby postawić diagnozę.

Dziękuje za pomoc

Kamil

 

Addition.txtFRST.txtOTL.Txtgmer.txt

[picasso]

Brakuje raportu FRST Shortcut oraz OTL Extras. Posługujesz się ciut starszą wersją FRST. Pobierz najnowszą z linka w przyklejonym: KLIK. Zrób nowe raporty (pola Addition + Shortcut zaznaczone).

[kborekk]

przesyłam nowe raporty

 

Shortcut.txtAddition.txtExtras.TxtFRST.txtOTL.Txt

[picasso]

Nowy log FRST Addition jest ucięty od początku do połowy, więc muszę się posiłkować starszym - czy był jakiś błąd FRST?

 

 

strona to hxxp://www.tomaszkowalczuk.com/?id=8d492f&campaign=1472&sub=pluginPL i nie mam pojęcia skąd się wzięła

W Firefox siedzi fałszywe rozszerzenie hdplugin produkujące przekierowania:

 

FF Extension: hdplugin - C:\Documents and Settings\BOREK\Dane aplikacji\Mozilla\Firefox\Profiles\15b72szx.default\Extensions\jid0-aSChrRyNMdJxBmorrZFa2r4Vv4w@jetpack.xpi [2014-12-01]

 

Są też widoczne jakieś mocno podejrzane klasy uruchamiane z Temp. Przeprowadź następujące działania:

 

 

1. Na początek deinstalacje:

- Przez Dodaj/Usuń programy odinstaluj stare wersje: Adobe Reader X (10.1.11) - Polish, Java 2 Runtime Environment, SE v1.4.2_05, Java™ 6 Update 11, Java 7 Update 51. Te pozycje Java to niebezpieczne luki.

- Uruchom narzędzie Microsoftu: KLIK. Zaakceptuj > Wykryj problemy i pozwól mi wybrać poprawki do zastosowania > Odinstalowywanie > zaznacz na liście odpadkowy wpis Google Update Helper.

 

2. Otwórz Notatnik i wklej w nim:

 

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{01AF261B-D0CB-11D4-BD20-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{08F28746-7FD5-11D3-BD1E-00A0C9ECF8CA}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\LDRC.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{08F2874C-7FD5-11D3-BD1E-00A0C9ECF8CA}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\LDRC.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{10559E6B-E248-11D4-BD17-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\LIMA.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{12974D97-593F-11D3-BD9B-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{20CAE592-30B5-11D4-BD69-0090278D538F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SCN.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{272FEA32-7B34-11D3-BDC2-00A0C9D4BB53}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SCN.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{28C83C91-DFAF-11D2-A2B2-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{2BB29E47-BEBB-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{2BB29E7F-BEBB-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{2D993C0F-8B34-11D5-9BF0-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Viewer.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{2DFAB4FD-5F75-11D3-827F-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SCN.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{2EFA68E7-0D79-11D6-AB20-00D0B7A9A45B}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{30822FB3-C74C-34D3-BD45-0090278D44AE}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{30AEA7AC-554F-11D3-BD93-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{30AEA7AE-554F-11D3-BD93-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{322F9009-5569-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{34653F1C-8B4B-11D5-9BF0-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PNL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{38761795-2797-49A9-8F15-BD6E43BCEC95}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{396F7AC9-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{396F7AD1-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{396F7AD5-A0DD-11D3-93EC-00C0DFE7442A}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\vbalIml6.ocx (vbAccelerator)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{3C06F51D-11CA-11D3-BD54-00A0C9D4BB53}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{3C255E15-561C-11D3-BD95-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{3C255E16-561C-11D3-BD95-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{3D74AC17-A698-11D5-BDBC-00A0C9ECF91E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{400D090C-0A10-11D4-BD37-00A0C9ECF91E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{400D090F-0A10-11D4-BD37-00A0C9ECF91E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{45587792-4DDD-4FB5-BBE7-81730C3B454C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PMAUI.dll (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{483D395F-2399-4365-A35F-A28F4BD7C290}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{48D6E651-33C1-4DA7-BA01-EAC032BC5F94}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PMAUI.dll (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{4932CEF4-2CAA-11D2-A165-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{4BE87C84-8916-4BE1-A826-E44C6412A81D}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{4E211FC0-5871-11D3-827D-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SCN.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{4FA6E110-359F-11D3-B5EE-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5615DA23-204C-45A7-8C1B-142C59DFA226}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{584FACBB-A46B-42CF-A2FB-2C788E8F28EA}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5BAADB36-D13B-4708-B8E6-7FACF1BF6783}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\sg20u.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5BBDBC63-CFF1-4D6B-802E-C16A79058062}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5C1ED606-C736-11D3-BD2F-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5C51D27D-1501-11D4-BD9F-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5C7207D0-645A-11D3-8281-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5F50A962-5576-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5F50A963-5576-11D3-BD94-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CBI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5FE13094-DC68-11D2-BD29-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{5FE13101-DC68-11D2-BD29-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{62A588ED-FBE9-11D3-BD78-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{62A588F7-FBE9-11D3-BD78-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{6396223E-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{63962241-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{63962244-7A2A-11D3-8285-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{6C71BA99-806B-11D3-BD1E-00A0C9ECF8CA}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\IGA.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{70879892-E862-11D3-BD7C-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\WL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{7168A3B8-AFCD-4A0A-B11E-818BB0863E2F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{74DDD5B2-6AA7-40DF-81A1-287CA65ED858}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PMAUI.dll (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{75298357-720E-47CC-9206-271AE0981722}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{78D0CE48-7C0A-11D3-BD2A-0090278D002D}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CFG.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{79A0CC4D-DC4A-11D2-BD28-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{7B213C1E-735F-4A07-B38F-81A11BCB87FF}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{7E752AAA-5A32-40AD-B150-4A2E85768E4D}\InprocServer32 -> D:\BIN\WIN32\omgdwrap.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8629E83E-AB47-11D5-BDBD-00A0C9ECF91E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541530-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541531-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541532-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541533-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541534-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{89541537-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8954153A-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8954153B-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8954153E-2D31-11D2-A166-0060081C43D9}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\Actbar2.ocx (Data Dynamics)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8984F8A6-3F52-11D3-BD7E-00A0C9D4BB53}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ACMD.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8CEE3C47-BBC0-11D4-BD1C-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{8E0F551E-62D6-4216-961F-9AABF8CC4FAF}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{913E866D-7C0A-11D3-BD2A-0090278D002D}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CFG.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{95BCFAC1-6064-11D3-827F-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{9620B992-43F2-11D3-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ssubtmr.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{9620B994-43F2-11D3-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ssubtmr.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{969CAFAD-226B-407B-B3BC-62D85B18E846}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{9B44062E-ECE5-11D3-BD7F-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\WL.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{A07415D7-35F5-4439-9C06-FE773261B01B}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PMAUI.dll (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{A5075AA2-6894-11D5-BD41-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{A9DFBADF-D71D-43EC-95DA-B2FC5D274F57}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{B3230A3C-BD1A-11D3-BD2C-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\CFG.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{B33477F7-D827-4194-8917-89356C7FD580}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{B5A560A9-47D9-4CFD-97CF-95DB29740978}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PMAUI.dll (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{BE49E39D-C8EC-11D4-A206-00D0B7A93974}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{BE5222B3-C74A-11D3-BD45-0090278D538F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{BE522430-C74A-11D3-BD45-0090278D538F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{C0DCDCDA-3FA3-4832-8F6C-9EADAA2113BB}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\AWIN.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{C2674716-0ED6-4951-9C0C-E0105B1B034B}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{C42EBEFA-37DA-11D5-BD36-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\QM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{C42EBFFA-37DA-11D5-BD36-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\QM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{C6A6B6CD-1850-11D5-BD96-00A0C9ECF91E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PD.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{CB98387D-1F37-11D4-BD1C-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\dropdown.ocx (algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{CE5AA328-0B3F-4846-9348-64B97782AADB}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\spmServices.dll No File
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D21DECB0-02E4-11D4-BD81-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D4E025BB-0595-11D4-BD83-0090278D2C56}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D648C576-A69C-11D5-9BF6-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ALGMPR.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{D95DEB2F-4A47-467C-A78B-5D3038D089D5}\InprocServer32 -> D:\BIN\WIN32\omgdbp.ocx No File
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DA77449C-95F2-11D3-BD1E-00C04F6047D8}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\LDRC.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DBDD261B-D027-11C4-BD24-11A0C9FBA123}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\SM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DD15AA4D-DF9E-48D8-B393-F78500B6166F}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ddp.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{DDA3EF8E-9187-439D-90D0-09FDB116BEB4}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\EXPT.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E085839A-0BA8-11D4-BDA3-00A0C9ED6D19}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\dropdown.ocx (algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E226A993-E837-11D3-BD77-00A0C982CE3E}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FP.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{E6E29E0E-0A05-11D4-BD93-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{EFF4A4FA-0865-11D4-BD92-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\FILM.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F128A719-4822-11D3-BD80-00A0C9D4BB53}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\ACMD.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F3DEEFF2-1F65-11D4-BDA5-00A0C9FB3988}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UTL2.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F4C855CB-F2F1-4303-95C7-FA8E37D4BAA5}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\UI_MultiMon.ocx (Algotec)
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{F5018CC5-4A5B-11D3-BD72-00A0C9D4BD79}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\PGI.dll ()
CustomCLSID: HKU\S-1-5-21-1229272821-1343024091-725345543-1005_Classes\CLSID\{FA0C0B36-7B2A-11D3-8289-00A0C982CB4C}\InprocServer32 -> C:\Documents and Settings\BOREK\Ustawienia lokalne\Temp\MP\DSEL.dll ()
S3 BlueletAudio; system32\DRIVERS\blueletaudio.sys [X]
S3 BlueletSCOAudio; system32\DRIVERS\BlueletSCOAudio.sys [X]
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S3 BTHidEnum; system32\DRIVERS\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 hSONYPVh; \??\C:\DOCUME~1\BOREK\USTAWI~1\Temp\hSONYPVh.sys [X]
S3 LVUSBSta; system32\DRIVERS\LVUSBSta.sys [X]
S3 PID_0928; system32\DRIVERS\LV561AV.SYS [X]
S3 Tosrfcom; No ImagePath
S3 VComm; system32\DRIVERS\VComm.sys [X]
S3 VcommMgr; System32\Drivers\VcommMgr.sys [X]
HKU\S-1-5-21-1229272821-1343024091-725345543-1005\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKU\S-1-5-21-1229272821-1343024091-725345543-1005 -> {105E99FF-8B9A-4492-B155-06194B9056D2} URL = http://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
FF Plugin: @zylom.com/ZylomGamesPlayer -> C:\Documents and Settings\All Users\Dane aplikacji\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll No File
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\BOREK\Ustawienia lokalne\Dane aplikacji\Google
C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechCommunicationsManager" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechQuickCamRibbon" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
EmptyTemp:

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

 

3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj program Firefox. Zakładki i hasła nie zostaną naruszone.

 

4. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt.

[kborekk]

Witam

serdecznie dziekuje za pomoc

wykonałem wszystkie czynności tylko z odinstalowaniem Google Update Helper był chyba jakiś problem i nie wiem czy się to udało

załączam nowe raporty

FRST.txt

Addition.txt

Fixlog.txt

[picasso]

Nie wspominasz czy strona nadal wyskakuje, ale problem powinien ustąpić. Wszystko wykonane, Google Update Helper też usunięty. Ostatnie poprawki przed finalizacją tematu - otwórz Notatnik i wklej:

 

DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_51-windows-i586.cab
RemoveDirectory: C:\AdwCleaner
RemoveDirectory: C:\Documents and Settings\BOREK\Pulpit\Stare dane programu Firefox
RemoveDirectory: C:\FRST\Quarantine
RemoveDirectory: C:\MATS

 

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Zaprezentuj wynikowy fixlog.txt.

[kborekk]

strona już nie wyskakuje!!! Super

dołączam nowy raport

Bardzo Dziękuje

Kamil

Fixlog.txt

[picasso]

Na zakończenie:

 

1. Zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK.

 

2. Dodatkowo, zaktualizuj wtyczki Adobe Flash (wytyczne w w/w linku). A stare dziurawe GG7 proponuję zastąpić nowoczesnym WTW: KLIK.

 

==================== Installed Programs ======================
 

Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated) ----> wtyczka dla IE

Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated) ----> wtyczka dla Firefox

Gadu-Gadu 7.7 (HKLM\...\Gadu-Gadu) (Version: - )

[kborekk]

powyższe czynności wykonane

załączam raport z delfix

DelFix.txt

[picasso]

OK, zadanie wykonane. Skasuj z dysku plik C:\Delfix.txt.

 

Temat rozwiązany. Zamykam.