Hold page w Mozilli

ahmr · 27 Grudzień 2014 18:48

Witam, mam problem na Mozilli, bardzo proszę o pomoc.

kaspersky internet security niby usuwa coś z folderu hold page ale nic to nie daje

Acorus · 27 Grudzień 2014 19:05

Otwórz notatnik systemowy i wklej:

Task: {FF36CEF1-FEAF-4EBC-A90A-BE57B969997D} - System32\Tasks\Price Fountain = C:\Users\Andrzej\AppData\Roaming\PriceFountain\UpdateProc\UpdateTask.exe [2014-12-19] () ==== ATTENTION
Task: C:\Windows\Tasks\Price Fountain.job = C:\Users\Andrzej\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE ==== ATTENTION
HKLM-x32\...\Run: [NBAgent] = C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-04-03] (Nero AG)
HKU\S-1-5-21-3692416566-3167839608-1769432284-1001\...\MountPoints2: {1b3ea8de-76ad-11e4-825d-74e6e2105953} - "E:\DPFMate.exe"
GroupPolicy: Group Policy on Chrome detected ======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419000224from=coruid=ST1000LM024XHN-M101MBB_S314JU0F858877858877q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419000224from=coruid=ST1000LM024XHN-M101MBB_S314JU0F858877858877q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419000224from=coruid=ST1000LM024XHN-M101MBB_S314JU0F858877858877q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419000224from=coruid=ST1000LM024XHN-M101MBB_S314JU0F858877858877q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://isearch.omiga-plus.com/?type=scts=1419000224from=coruid=ST1000LM024XHN-M101MBB_S314JU0F858877858877
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3692416566-3167839608-1769432284-1001 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3692416566-3167839608-1769432284-1001 - {872E2E64-2725-45AC-80AE-B87BA22F6AB1} URL =
BHO-x32: Hold Page 1.0.0.6 - {6c14185e-4de6-4a79-985b-19f23fd1e638} - C:\Program Files (x86)\Hold Page\HoldPageBHO.dll No File
BHO-x32: PriceFountain - {b608cc98-54de-4775-96c9-097de398500c} - C:\Users\Andrzej\AppData\Local\PriceFountain\PriceFountainIE.dll No File
FF Extension: Hold Page 1.0.1 - C:\Users\Andrzej\AppData\Roaming\Mozilla\Firefox\Profiles\rzc75hup.default\Extensions\{fb92e7a9-ee13-44c3-a51b-600382fe9211}.xpi [2014-12-18]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
R2 nkdytjtjsw32; C:\Program Files\007\nkdytjtjsw32.exe [683848 2014-11-26] ()
R2 Update Hold Page; C:\Program Files (x86)\Hold Page\updateHoldPage.exe [524528 2014-12-27] ()
R2 Util Hold Page; C:\Program Files (x86)\Hold Page\bin\utilHoldPage.exe [524528 2014-12-27] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-19] (Fuyu LIMITED) [File not signed]
R1 {078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64; C:\Windows\System32\drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64.sys [48784 2014-12-08] (StdLib)
R1 {2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}w64; C:\Windows\System32\drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}w64.sys [48784 2014-12-06] (StdLib)
R1 {507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64; C:\Windows\System32\drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys [48776 2014-12-05] (StdLib)
R1 {8299d9bc-4fe2-4889-9adf-025a0769d461}w64; C:\Windows\System32\drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}w64.sys [48784 2014-12-15] (StdLib)
R1 {a16a1775-5ab3-4034-ac52-de0795db97f0}w64; C:\Windows\System32\drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}w64.sys [48784 2014-12-13] (StdLib)
R1 {c88279d3-91dd-4bd9-ad38-681f71d6e36d}w64; C:\Windows\System32\drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}w64.sys [48784 2014-12-27] (StdLib)
R1 {fb92e7a9-ee13-44c3-a51b-600382fe9211}w64; C:\Windows\System32\drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}w64.sys [48784 2014-12-18] (StdLib)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
2014-12-27 16:02 - 2014-12-27 01:22 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{c88279d3-91dd-4bd9-ad38-681f71d6e36d}w64.sys
2014-12-19 16:46 - 2014-12-27 18:46 - 00000065 _____ () C:\Users\Andrzej\AppData\Roaming\WB.CFG
2014-12-19 15:46 - 2014-12-27 18:46 - 00000308 _____ () C:\Windows\Tasks\Price Fountain.job
2014-12-19 15:46 - 2014-12-19 15:46 - 00002646 _____ () C:\Windows\System32\Tasks\Price Fountain
2014-12-19 15:46 - 2014-12-19 15:46 - 00000000 ____ D () C:\Users\Andrzej\AppData\Roaming\PriceFountain
2014-12-19 15:44 - 2014-12-19 15:44 - 00000000 ____ D () C:\ProgramData\WindowsMangerProtect
2014-12-19 15:43 - 2014-12-27 16:54 - 00000000 ____ D () C:\Program Files\D51D0083-1C6B-4CB4-8FA1-7CF891242EBD
2014-12-19 15:43 - 2014-12-19 15:43 - 00000000 ____ D () C:\Program Files\007
2014-12-18 20:59 - 2014-12-18 07:22 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{fb92e7a9-ee13-44c3-a51b-600382fe9211}w64.sys
2014-12-15 19:12 - 2014-12-15 00:28 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{8299d9bc-4fe2-4889-9adf-025a0769d461}w64.sys
2014-12-14 14:01 - 2014-12-13 22:27 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{a16a1775-5ab3-4034-ac52-de0795db97f0}w64.sys
2014-12-09 20:22 - 2014-12-08 22:48 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{078ad437-dc9f-4228-9edb-b3d1c0246ff8}w64.sys
2014-12-07 15:11 - 2014-12-06 18:51 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{2bf1e193-df72-4e3c-9f15-d1dc6e2f810f}w64.sys
2014-12-05 16:47 - 2014-12-05 03:03 - 00048776 _____ (StdLib) C:\Windows\system32\Drivers\{507a9b68-2b48-4a22-b662-e674fb6a16f7}Gw64.sys
2014-12-05 16:38 - 2014-12-27 18:37 - 00000000 ____ D () C:\Program Files (x86)\Hold Page
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

ahmr · 28 Grudzień 2014 17:35

Dziękuję ślicznie, pomogło. Pozdrawiam.

Acorus · 28 Grudzień 2014 18:36

Skasuj folder C:\FRST