Hold page, potrzebna pomoc

[Jagiello1]

Dobry wieczór.

Mam do was prośbę, czy moglibyście powiedzieć mi jak usunąć tego wirusa HOLD PAGE (podobne coś do strong signal)

Usunąłem już z panelu sterowania i zainstalowałem nowego Nortona, do tej pory miałem avasta.

Pisałem ostatnio temat dotyczący Strong signal i udało mi się ten problem rozwiązać, ale teraz mam problem na innym komputerze.


Oto skany FRST

Additional.txt

Kod: Zaznacz wszystko

[code]Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by komp at 2015-02-19 18:50:10
Running from C:\Users\komp\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI - Polish (HKLM\...\{AC76BA86-7AD7-1045-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Aktualizacje NVIDIA 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Avast Free Antivirus (HKLM\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVS Video Editor 7.0 (HKLM\...\AVS Video Editor_is1) (Version: 7.0.1.258 - Online Media Technologies Ltd.)
Click Caption 1.10.0.2 (HKLM\...\ClickCaption_1.10.0.2) (Version: 1.10.0.2 - ClickCaption) <==== ATTENTION
Farming Simulator 15 (HKLM\...\FarmingSimulator2015PL_is1) (Version: 1.2.0.0 - GIANTS Software)
Farming Simulator 2013 (HKLM\...\FarmingSimulator2013PL_is1) (Version: 1.0 - GIANTS Software)
Fraps (HKLM\...\Fraps) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
K-Lite Codec Pack 10.3.0 Full (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.0 - )
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 pl) (HKLM\...\Mozilla Firefox 35.0.1 (x86 pl)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
NVIDIA Sterownik 3D Vision 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
omiga-plus uninstall (HKLM\...\omiga-plus uninstall) (Version:  - omiga-plus) <==== ATTENTION
Panel sterowania NVIDIA 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Symulator Farmy 2011 (HKLM\...\FarmingSimulator2011PL_is1) (Version: 1.0 - GIANTS Software)
TeamSpeak 3 Client (HKU\S-1-5-21-877709464-2453382027-2957049181-1000\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Vegas Pro 10.0 (HKLM\...\Vegas Pro 10.0) (Version: 10.0 - Salai Thawng Za Lian)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

23-01-2015 02:58:08 Zaplanowany punkt kontrolny
30-01-2015 06:01:28 Zaplanowany punkt kontrolny
07-02-2015 04:01:32 Zaplanowany punkt kontrolny
14-02-2015 23:17:33 Zaplanowany punkt kontrolny

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {16D1EC66-295E-4DFA-BA0C-269500140F0F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-17] (AVAST Software)
Task: {56D41707-CFDA-4CF7-B7F5-4AA4686F1641} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)
Task: {A15BA833-D2D3-485E-A857-2B179E3FCC90} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-11-22] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-11-17 11:59 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-02-15 10:44 - 2015-02-15 10:44 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021500\algo.dll
2015-02-19 10:36 - 2015-02-19 10:36 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15021900\algo.dll
2014-11-17 11:56 - 2014-11-17 11:56 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-24 08:10 - 2015-02-18 03:31 - 01649904 _____ () C:\Program Files\Hold Page\bin\HoldPage.BOASHelper.exe
2014-12-22 08:32 - 2015-02-18 22:26 - 00296688 _____ () C:\Program Files\Hold Page\bin\HoldPage.PurBrowse.exe
2015-01-31 07:46 - 2015-02-19 06:33 - 00101616 _____ () C:\Program Files\Hold Page\bin\HoldPage.expext.exe
2015-01-31 07:46 - 2015-02-19 06:33 - 00081648 _____ () C:\Program Files\Hold Page\bin\HoldPage.expextdll.dll
2014-12-24 08:10 - 2015-02-18 03:31 - 01786608 _____ () C:\Program Files\Hold Page\bin\HoldPage.BOASPRT.exe
2015-01-27 08:43 - 2015-01-27 08:43 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-877709464-2453382027-2957049181-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\komp\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.10.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-877709464-2453382027-2957049181-500 - Administrator - Disabled)
Gość (S-1-5-21-877709464-2453382027-2957049181-501 - Limited - Disabled)
komp (S-1-5-21-877709464-2453382027-2957049181-1000 - Administrator - Enabled) => C:\Users\komp

==================== Faulty Device Manager Devices =============

Name: Kontroler multimediów audio
Description: Kontroler multimediów audio
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Karta tunelowania Teredo firmy Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/19/2015 06:38:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 35.0.1.5500, sygnatura czasowa: 0x54c1f9f3
Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 35.0.1.5500, sygnatura czasowa: 0x54c1f224
Kod wyjątku: 0x80000003
Przesunięcie błędu: 0x00001425
Identyfikator procesu powodującego błąd: 0x11c4
Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0
Ścieżka aplikacji powodującej błąd: plugin-container.exe1
Ścieżka modułu powodującego błąd: plugin-container.exe2
Identyfikator raportu: plugin-container.exe3

Error: (02/18/2015 06:19:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program AVSVideoEditor.exe w wersji 7.0.1.258 zatrzymał interakcję z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania Centrum akcji.

Identyfikator procesu: 1350

Godzina rozpoczęcia: 01d04b9d1a61bdc7

Godzina zakończenia: 1323

Ścieżka aplikacji: C:\Program Files\AVS4YOU\AVSVideoEditor\AVSVideoEditor.exe

Identyfikator raportu: 384d5645-b792-11e4-bb30-001a4d5e988c

Error: (02/18/2015 05:20:47 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/18/2015 05:20:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/18/2015 05:20:41 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/18/2015 05:20:40 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/18/2015 05:20:39 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/17/2015 06:54:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/16/2015 09:16:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (02/16/2015 09:15:49 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Nie można odnaleźć zestawu zależnego Microsoft.VC90.OpenMP,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.


System errors:
=============
Error: (02/19/2015 06:38:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Update Hold Page z powodu następującego błędu:
%%1053

Error: (02/19/2015 06:38:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Update Hold Page.

Error: (02/19/2015 06:38:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Update Hold Page niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (02/19/2015 06:38:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Nie można uruchomić usługi Util Hold Page z powodu następującego błędu:
%%1053

Error: (02/19/2015 06:38:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na połączenie się z usługą Util Hold Page.

Error: (02/19/2015 06:38:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Util Hold Page niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 5000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie.

Error: (02/19/2015 06:31:45 PM) (Source: DCOM) (EventID: 10016) (User: komp-Komputer)
Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}komp-KomputerkompS-1-5-21-877709464-2453382027-2957049181-1000LocalHost (użycie LRPC)

Error: (02/19/2015 06:27:45 PM) (Source: DCOM) (EventID: 10016) (User: komp-Komputer)
Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}komp-KomputerkompS-1-5-21-877709464-2453382027-2957049181-1000LocalHost (użycie LRPC)

Error: (02/19/2015 06:27:02 PM) (Source: DCOM) (EventID: 10016) (User: komp-Komputer)
Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}komp-KomputerkompS-1-5-21-877709464-2453382027-2957049181-1000LocalHost (użycie LRPC)

Error: (02/19/2015 06:26:47 PM) (Source: DCOM) (EventID: 10016) (User: komp-Komputer)
Description: domyślne ustawienia komputeraLokalnyAktywacja{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}komp-KomputerkompS-1-5-21-877709464-2453382027-2957049181-1000LocalHost (użycie LRPC)


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4700 @ 2.60GHz
Percentage of memory in use: 89%
Total physical RAM: 2046.49 MB
Available physical RAM: 215.65 MB
Total Pagefile: 4593.82 MB
Available Pagefile: 1932.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:162.79 GB) NTFS
Drive d: () (Fixed) (Total:270.44 GB) (Free:265.15 GB) NTFS
Drive e: (farming15_pl) (CDROM) (Total:1.89 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 23D623D5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=270.4 GB) - (Type=OF Extended)

==================== End Of Log ============================[/code]

FRST.txt

Kod: Zaznacz wszystko

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by komp (administrator) on KOMP-KOMPUTER on 19-02-2015 18:49:20
Running from C:\Users\komp\Downloads
Loaded Profiles: komp (Available profiles: komp)
Platform: Microsoft Windows 7 Home Premium  (X86) OS Language: Polski (Polska)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(ClickCaption) C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\Hold Page\bin\HoldPage.BOASHelper.exe
() C:\Program Files\Hold Page\bin\HoldPage.PurBrowse.exe
() C:\Program Files\Hold Page\bin\HoldPage.expext.exe
() C:\Program Files\Hold Page\bin\HoldPage.BOASPRT.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [1795872 2014-08-19] (NVIDIA Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\f4d62731-aa22-4901-b395-12874da95ba2.exe [183232 2015-02-18] (AVAST Software)
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\...\Run: [RGSC] => D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\...\MountPoints2: {3a454036-8dbf-11e4-b28a-001a4d5e988c} - F:\LG_PC_Programs.exe
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\...\MountPoints2: {b6eb6385-6e3f-11e4-8c2e-806e6f6e6963} - E:\autorun.exe
Startup: C:\Users\komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk
ShortcutTarget: Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877709464-2453382027-2957049181-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877709464-2453382027-2957049181-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: ClickCaption -> {A18EA34C-6D33-4298-8A54-7F16499904C0} -> C:\Program Files\ClickCaption_1.10.0.2\IE\ClickCaptionClientIE.dll (ClickCaption)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.10.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215

FireFox:
========
FF ProfilePath: C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\Extensions\faststartff@gmail.com [2014-12-22]
FF Extension: Hold Page 1.0.1 - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\Extensions\{27899312-155f-40f3-8661-fb6675d82b4b}.xpi [2014-12-22]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-11-17]
FF HKLM\...\Firefox\Extensions: [{190bc294-c8e5-471c-9466-3eb945b09542}] - C:\Program Files\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542}
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\extensions\faststartff@gmail.com

Chrome:
=======
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215"
CHR DefaultSearchKeyword: Default -> omiga-plus
CHR DefaultSuggestURL: Default ->
CHR Profile: C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-22]
CHR Extension: (Avast Online Security) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-11-23]
CHR Extension: (Hold Page) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhippelchacimnkamngddemhkifekini [2014-12-23]
CHR Extension: (Google Wallet) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-23]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-17]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-17] (AVAST Software)
R2 ccsvc_1.10.0.2; C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe [277584 2014-10-30] (ClickCaption)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-22] (Fuyu LIMITED) [File not signed]
S2 Update Hold Page; "C:\Program Files\Hold Page\updateHoldPage.exe" [X]
S2 Util Hold Page; "C:\Program Files\Hold Page\bin\utilHoldPage.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-17] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-20] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-17] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-17] ()
R1 ccnfd_1_10_0_2; C:\Windows\System32\drivers\ccnfd_1_10_0_2.sys [52728 2014-10-30] (ClickCaption)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R1 {27899312-155f-40f3-8661-fb6675d82b4b}Gw; C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw.sys [43152 2014-12-21] (StdLib)
R1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw; C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw.sys [43152 2014-12-30] (StdLib)
R1 {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw; C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw.sys [43152 2015-01-02] (StdLib)
R1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw; C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw.sys [43152 2015-01-05] (StdLib)
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw.sys [43152 2014-12-27] (StdLib)
R1 {ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw; C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw.sys [43152 2014-12-24] (StdLib)
R3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 18:35 - 2015-02-19 18:36 - 00018817 _____ () C:\Users\komp\Downloads\Addition.txt
2015-02-19 18:33 - 2015-02-19 18:49 - 00013603 _____ () C:\Users\komp\Downloads\FRST.txt
2015-02-19 18:33 - 2015-02-19 18:49 - 00000000 ____D () C:\FRST
2015-02-19 18:32 - 2015-02-19 18:32 - 01126400 _____ (Farbar) C:\Users\komp\Downloads\FRST.exe
2015-02-19 18:31 - 2015-02-19 18:31 - 02086912 _____ (Farbar) C:\Users\komp\Downloads\FRST64.exe
2015-02-19 18:23 - 2015-02-19 18:23 - 00000025 _____ () C:\Users\komp\Desktop\klucz norton.txt
2015-02-19 18:22 - 2015-02-19 18:38 - 227028809 _____ () C:\Users\komp\Downloads\NIS-ESD-21.6.0.32-PL.exe.part
2015-02-19 18:22 - 2015-02-19 18:22 - 00000000 _____ () C:\Users\komp\Downloads\NIS-ESD-21.6.0.32-PL.exe
2015-02-18 19:50 - 2015-02-18 19:53 - 00000000 ____D () C:\Users\komp\AppData\Roaming\Xfire
2015-02-18 19:49 - 2015-02-18 19:53 - 00000000 ____D () C:\ProgramData\Xfire
2015-02-18 19:45 - 2015-02-18 19:48 - 16336696 _____ (Xfire, Inc. ) C:\Users\komp\Downloads\xfire_installer.exe
2015-02-16 21:14 - 2015-02-16 21:14 - 00002186 _____ () C:\Users\komp\Desktop\Salai Thawng Za Lian.lnk
2015-02-16 21:14 - 2015-02-16 21:14 - 00001110 _____ () C:\Users\komp\Desktop\Vegas Pro 10.0.lnk
2015-02-16 21:14 - 2015-02-16 21:14 - 00000000 ____D () C:\Users\komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vegas Pro 10.0
2015-02-16 21:14 - 2015-02-16 21:14 - 00000000 ____D () C:\Program Files\Sony
2015-02-16 20:08 - 2015-02-16 21:13 - 118956222 _____ () C:\Users\komp\Downloads\trollu106pl Sony Vegas Pro 10.0.zip
2015-02-16 18:33 - 2015-02-16 20:05 - 243058468 _____ (Sony Creative Software Inc.) C:\Users\komp\Downloads\vegaspro12.0.770.exe
2015-02-14 22:25 - 2015-02-17 19:23 - 00000000 ____D () C:\Fraps
2015-02-14 22:25 - 2015-02-14 22:25 - 02326976 _____ (Beepa Pty Ltd) C:\Users\komp\Downloads\Fraps_www.INSTALKI.pl.exe
2015-02-14 22:25 - 2015-02-14 22:25 - 00000562 _____ () C:\Users\Public\Desktop\Fraps.lnk
2015-02-14 22:25 - 2015-02-14 22:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-02-14 18:58 - 2015-02-14 18:58 - 00722376 _____ ( ) C:\Users\komp\Downloads\IDM2-Win-EN(1).exe
2015-02-12 20:23 - 2015-02-12 20:23 - 00001166 _____ () C:\Users\komp\Desktop\TeamSpeak 3 Client.lnk
2015-02-12 20:23 - 2015-02-12 20:23 - 00000000 ____D () C:\Users\komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-02-12 20:23 - 2015-02-12 20:23 - 00000000 ____D () C:\Users\komp\AppData\Local\TeamSpeak 3 Client
2015-02-12 20:19 - 2015-02-12 20:22 - 28115400 _____ (TeamSpeak Systems GmbH) C:\Users\komp\Downloads\TeamSpeak3-Client-win32-3.0.16.exe
2015-02-12 20:18 - 2015-02-12 20:18 - 00722376 _____ ( ) C:\Users\komp\Downloads\IDM2-Win-EN.exe
2015-02-07 08:50 - 2015-02-07 09:37 - 143613129 _____ () C:\Users\komp\Downloads\wypakowac.rar
2015-02-07 08:13 - 2014-12-22 23:01 - 00004760 _____ () C:\Users\komp\Downloads\SampleModMap.lua
2015-02-07 08:12 - 2015-02-07 08:12 - 00000647 _____ () C:\Users\komp\Desktop\7-Zip File Manager.lnk
2015-02-07 08:11 - 2015-02-07 08:11 - 00293354 _____ () C:\Users\komp\Downloads\LysaPolana_Reactivation_SampleModMap(2).rar
2015-02-07 07:54 - 2015-02-07 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-02-07 07:54 - 2015-02-07 07:54 - 00000000 ____D () C:\Program Files\7-Zip
2015-02-07 07:53 - 2015-02-07 07:53 - 01110476 _____ () C:\Users\komp\Downloads\7z920(dobreprogramy.pl).exe
2015-02-07 07:53 - 2015-02-07 07:53 - 00728784 _____ (Web ) C:\Users\komp\Downloads\7Zip(12559)-dp.exe
2015-02-07 07:51 - 2015-02-07 07:51 - 00293354 _____ () C:\Users\komp\Downloads\LysaPolana_Reactivation_SampleModMap(1).rar
2015-02-06 20:13 - 2015-02-06 20:13 - 00293354 _____ () C:\Users\komp\Downloads\LysaPolana_Reactivation_SampleModMap.rar
2015-02-06 18:50 - 2015-02-06 18:50 - 00000000 ____D () C:\Users\komp\Documents\AVS4YOU
2015-02-06 18:26 - 2015-02-06 18:26 - 00000000 ____D () C:\Users\komp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-02-06 18:26 - 2015-02-06 18:26 - 00000000 ____D () C:\Users\komp\AppData\Roaming\AVS4YOU
2015-02-06 18:26 - 2015-02-06 18:26 - 00000000 ____D () C:\ProgramData\AVS4YOU
2015-02-06 18:25 - 2015-02-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-02-06 18:25 - 2015-02-06 18:25 - 00001159 _____ () C:\Users\komp\Desktop\AVS Video Editor.lnk
2015-02-06 18:24 - 2015-02-06 18:26 - 00000000 ____D () C:\Program Files\Common Files\AVSMedia
2015-02-06 18:23 - 2015-02-06 18:26 - 00000000 ____D () C:\Program Files\AVS4YOU
2015-02-06 18:23 - 2011-06-23 12:26 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-02-06 18:23 - 2011-06-23 12:25 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3a.dll
2015-02-06 17:47 - 2015-02-06 18:17 - 154787896 _____ (Online Media Technologies Ltd. ) C:\Users\komp\Downloads\AVSVideoEditor.exe
2015-02-05 17:31 - 2015-02-05 17:57 - 138796375 _____ () C:\Users\komp\Downloads\sredniawies.zip
2015-02-05 09:54 - 2015-02-05 09:55 - 00000000 ____D () C:\Users\komp\Desktop\Extras
2015-01-29 21:43 - 2015-01-29 21:43 - 476509232 _____ (Sony Creative Software Inc.) C:\Users\komp\Downloads\moviestudiope13.0.931_32bit.exe
2015-01-29 20:55 - 2015-01-29 20:55 - 00730528 _____ ( ) C:\Users\komp\Downloads\Sony-Vegas-Movie-Studio-Platinum(12465)-dp.exe
2015-01-28 20:26 - 2015-01-28 21:01 - 354230360 _____ (Sony Creative Software Inc.) C:\Users\komp\Downloads\vegaspro13-0-310_64bit.exe
2015-01-27 08:43 - 2015-01-27 08:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-19 18:46 - 2014-11-17 19:07 - 00000000 ____D () C:\Users\komp\AppData\Roaming\Skype
2015-02-19 18:38 - 2014-12-22 08:21 - 00000000 ____D () C:\Program Files\Hold Page
2015-02-19 17:55 - 2014-11-22 18:40 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-19 17:46 - 2014-11-17 10:57 - 00615758 _____ () C:\Windows\WindowsUpdate.log
2015-02-19 13:52 - 2009-07-14 03:04 - 00000580 _____ () C:\Windows\win.ini
2015-02-19 04:55 - 2014-11-22 18:40 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 18:18 - 2014-11-18 16:14 - 00000000 ____D () C:\Users\komp\Desktop\Zdjęcia
2015-02-17 06:28 - 2009-07-14 05:39 - 00033081 _____ () C:\Windows\setupact.log
2015-02-15 19:03 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:03 - 2009-07-14 05:34 - 00014336 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-15 19:02 - 2014-11-17 11:08 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-15 19:02 - 2009-07-14 09:07 - 00687590 _____ () C:\Windows\system32\perfh015.dat
2015-02-15 19:02 - 2009-07-14 09:07 - 00131176 _____ () C:\Windows\system32\perfc015.dat
2015-02-15 18:56 - 2014-11-17 12:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-15 18:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-15 09:22 - 2015-01-18 08:14 - 00000000 ____D () C:\Users\komp\Desktop\mody
2015-02-10 10:41 - 2009-07-14 05:33 - 00414824 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-06 18:26 - 2014-11-17 11:47 - 00109232 _____ () C:\Users\komp\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-06 18:23 - 2009-07-14 03:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-06 16:18 - 2014-11-22 18:43 - 00002329 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-02-05 22:45 - 2014-12-27 12:55 - 559185777 _____ () C:\Windows\MEMORY.DMP
2015-02-05 22:45 - 2014-12-27 12:55 - 00000000 ____D () C:\Windows\Minidump
2015-01-29 22:59 - 2014-12-22 09:47 - 860203000 _____ (Acresso Software Inc.) C:\Users\komp\Downloads\VSX7_Pro_TBYB.exe
2015-01-28 14:59 - 2014-11-17 11:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-20 05:17 - 2014-11-17 12:13 - 00101034 _____ () C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\komp\AppData\Local\Temp\ICReinstall_Skype(13018)-dp.exe
C:\Users\komp\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-13 06:03

==================== End Of Log ============================


[ordynat]

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

2) Otwórz Notatnik i wklej w nim:

C:\Program Files\Hold Page
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
R1 {27899312-155f-40f3-8661-fb6675d82b4b}Gw; C:\Windows\System32\drivers\{27899312-155f-40f3-8661-fb6675d82b4b}Gw.sys [43152 2014-12-21] (StdLib)
R1 {40d1e549-9fca-4f25-a19d-d845842dd635}Gw; C:\Windows\System32\drivers\{40d1e549-9fca-4f25-a19d-d845842dd635}Gw.sys [43152 2014-12-30] (StdLib)
R1 {84edc66f-0e16-4519-bd1a-cead01f243ac}Gw; C:\Windows\System32\drivers\{84edc66f-0e16-4519-bd1a-cead01f243ac}Gw.sys [43152 2015-01-02] (StdLib)
R1 {91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw; C:\Windows\System32\drivers\{91975f83-f39c-43cf-aad4-0b3396b0f6db}Gw.sys [43152 2015-01-05] (StdLib)
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}Gw.sys [43152 2014-12-27] (StdLib)
R1 {ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw; C:\Windows\System32\drivers\{ca4e7e4c-3ebf-4428-bf75-cc138b7061f1}Gw.sys [43152 2014-12-24] (StdLib)
R3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [X]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-22] (Fuyu LIMITED) [File not signed]
S2 Update Hold Page; "C:\Program Files\Hold Page\updateHoldPage.exe" [X]
S2 Util Hold Page; "C:\Program Files\Hold Page\bin\utilHoldPage.exe" [X]
R2 ccsvc_1.10.0.2; C:\Program Files\ClickCaption_1.10.0.2\Service\ccsvc.exe [277584 2014-10-30] (ClickCaption)
R1 ccnfd_1_10_0_2; C:\Windows\System32\drivers\ccnfd_1_10_0_2.sys [52728 2014-10-30] (ClickCaption)
C:\Program Files\ClickCaption
C:\ProgramData\WindowsMangerProtect
CHR Extension: (Hold Page) - C:\Users\komp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhippelchacimnkamngddemhkifekini [2014-12-23]
CHR HomePage: Default -> hxxp://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
CHR StartupUrls: Default -> "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215"
CHR DefaultSearchKeyword: Default -> omiga-plus
FF HKLM\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\extensions\faststartff@gmail.com
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Fast Start - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\Extensions\faststartff@gmail.com [2014-12-22]
FF Extension: Hold Page 1.0.1 - C:\Users\komp\AppData\Roaming\Mozilla\Firefox\Profiles\xxud03vi.default\Extensions\{27899312-155f-40f3-8661-fb6675d82b4b}.xpi [2014-12-22]
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=sc&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
BHO: ClickCaption -> {A18EA34C-6D33-4298-8A54-7F16499904C0} -> C:\Program Files\ClickCaption_1.10.0.2\IE\ClickCaptionClientIE.dll (ClickCaption)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
HKU\S-1-5-21-877709464-2453382027-2957049181-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877709464-2453382027-2957049181-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
SearchScopes: HKU\S-1-5-21-877709464-2453382027-2957049181-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1419234317&from=cor&uid=SAMSUNGXHD502IJ_S13TJDWQ517215&q={searchTerms}
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

3) Uruchom Google Chrome
> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >
> Sekcja: Po uruchomieniu > wybierz: Otwórz konkretną stronę lub zestaw stron >
> Kliknij: Wybierz strony >
> Usuń: isearch.omiga-plus.com, wpisz nowy adres strony głównej i kliknij przycisk OK.

4) Zrób nowe logi FRST.
.