Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015 Ran by MM at 2015-03-21 18:21:07 Run:2 Running from C:\Documents and Settings\MM\Moje dokumenty\Pobrane Loaded Profiles: MM (Available profiles: MM) Boot Mode: Normal ============================================== Content of fixlist: ***************** CloseProcesses: CreateRestorePoint: R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158816 2015-03-10] (XTab system) R2 WindowsMangerProtect; C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-19] (SysTool PasSame LIMITED) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6 HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki" <======= ATTENTION SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?type=ds&ts=1426786852&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {3E11A34D-CD50-4A89-82BA-571B0AB8EB7C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-583907252-842925246-1003 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = http://do-search.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST3500418AS_5VMCG4S6XXXX5VMCG4S6&ts=1426786918&type=default&q={searchTerms} BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-03-10] (Thinknice Co. Limited) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\extensions\searchengine@gmail.com FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Documents and Settings\MM\Dane aplikacji\Mozilla\Firefox\Profiles\jr22v0pi.default-1367269415453\extensions\istart_ffnt@gmail.com C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate C:\Documents and Settings\All Users\Dane aplikacji\TEMP C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect C:\Documents and Settings\MM\FIX.REG C:\Documents and Settings\MM\Dane aplikacji\do-search C:\Program Files\Mozilla Firefox\plugins C:\Program Files\XTab C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension Reg: reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. IHProtect Service => Service not found. WindowsMangerProtect => Service not found. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => Value was restored successfully. HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKU\S-1-5-21-1390067357-583907252-842925246-1003\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\Tabs => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. HKCR\CLSID\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} => Key not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3E11A34D-CD50-4A89-82BA-571B0AB8EB7C} => Key not found. HKCR\CLSID\{3E11A34D-CD50-4A89-82BA-571B0AB8EB7C} => Key not found. HKU\S-1-5-21-1390067357-583907252-842925246-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. HKCR\CLSID\{E733165D-CBCF-4FDA-883E-ADEF965B476C} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key not found. HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key not found. HKLM\Software\Mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} => Value not found. HKLM\Software\Mozilla\Firefox\Extensions\\searchengine@gmail.com => Value not found. HKLM\Software\Mozilla\Firefox\Extensions\\istart_ffnt@gmail.com => Value not found. "C:\Documents and Settings\All Users\Dane aplikacji\IHProtectUpDate" => File/Directory not found. "C:\Documents and Settings\All Users\Dane aplikacji\TEMP" => File/Directory not found. "C:\Documents and Settings\All Users\Dane aplikacji\WindowsMangerProtect" => File/Directory not found. "C:\Documents and Settings\MM\FIX.REG" => File/Directory not found. "C:\Documents and Settings\MM\Dane aplikacji\do-search" => File/Directory not found. "C:\Program Files\Mozilla Firefox\plugins" => File/Directory not found. "C:\Program Files\XTab" => File/Directory not found. "C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" => File/Directory not found. ========= reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2 /f ========= Operacja ukończona pomyślnie ========= End of Reg: ========= ========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\do-search uninstall" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: ========= ========= reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f ========= Błąd: system nie może odnaleźć określonego klucza rejestru lub wartości. ========= End of Reg: =========