przepraszam ze tak ale ja zrobilem taki sam temat na searchengines i tak mi odpisal szybciej wiec
dostalem tam taki skrypt :OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
SRV:64bit: - File not found [Auto | Stopped] -- C:\windows\SysNative\srvany.exe -- (KMService)
IE - HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2304157
IE - HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Facemoods Search"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
[2011/03/17 21:36:56 | 000,002,059 | ---- | M] () -- C:\Users\Misza\AppData\Roaming\Mozilla\FireFox\Profiles\7wk1mb64.default\searchplugins\daemon-search.xml
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\windows\SysWow64\mctadmin.exe File not found
:Commands
[emptytemp]
potem taki log
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Service KMService stopped successfully!
Service KMService deleted successfully!
File C:\windows\SysNative\srvany.exe not found.
HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2195184045-3265951034-2981680463-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
C:\Users\Misza\AppData\Roaming\Mozilla\FireFox\Profiles\7wk1mb64.default\searchplugins\daemon-search.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-2195184045-3265951034-2981680463-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Misza
->Temp folder emptied: 11396245 bytes
->Temporary Internet Files folder emptied: 75146257 bytes
->Java cache emptied: 1465694 bytes
->FireFox cache emptied: 51954379 bytes
->Opera cache emptied: 19658697 bytes
->Flash cache emptied: 2914582 bytes
User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81374 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 155.00 mb
OTL by OldTimer - Version 3.2.10.0 log created on 04052011_221529
Files\Folders moved on Reboot...
C:\Users\Misza\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Misza\AppData\Local\Temp\~DF030107E5F8DEF281.TMP not found!
File\Folder C:\Users\Misza\AppData\Local\Temp\~DF143B586987012B38.TMP not found!
File\Folder C:\Users\Misza\AppData\Local\Temp\~DF6D859608E62ACF62.TMP not found!
File\Folder C:\Users\Misza\AppData\Local\Temp\~DFD7EC7F7371D595DD.TMP not found!
File\Folder C:\Users\Misza\AppData\Local\Temp\~DFEB7D0F74C83DDA13.TMP not found!
File\Folder C:\Users\Misza\AppData\Local\Temp\~DFF6A1F06DE3391594.TMP not found!
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\startupCache\startupCache.4.little moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\urlclassifier3.sqlite moved successfully.
C:\Users\Misza\AppData\Local\Mozilla\Firefox\Profiles\7wk1mb64.default\XUL.mfl moved successfully.
Registry entries deleted on Reboot...
potem skrypt picasso i ten log
========== REGISTRY ==========
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"about:blank" /E : value set successfully!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2195184045-3265951034-2981680463-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
Prefs.js: "Facemoods Search" removed from browser.search.defaultenginename
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2195184045-3265951034-2981680463-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
C:\Users\Misza\AppData\Roaming\mozilla\Firefox\Profiles\7wk1mb64.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Misza\AppData\Roaming\mozilla\Firefox\Profiles\7wk1mb64.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
File C:\Users\Misza\AppData\Roaming\Mozilla\FireFox\Profiles\7wk1mb64.default\searchplugins\daemon-search.xml not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml moved successfully.
C:\ProgramData\bltofzsb.qlf moved successfully.
C:\Users\Misza\AppData\Local\Conduit folder moved successfully.
C:\Users\Misza\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\Misza\AppData\Roaming\AVG10 folder moved successfully.
C:\ProgramData\AVG10\lsdb\prev folder moved successfully.
C:\ProgramData\AVG10\lsdb folder moved successfully.
C:\ProgramData\AVG10\Chjw\e664bcdc64bcb123 folder moved successfully.
C:\ProgramData\AVG10\Chjw\acc8bf90c8bf5774 folder moved successfully.
C:\ProgramData\AVG10\Chjw\a0f2e8bef2e899b4 folder moved successfully.
C:\ProgramData\AVG10\Chjw\9ef609e1f609bb13 folder moved successfully.
C:\ProgramData\AVG10\Chjw folder moved successfully.
C:\ProgramData\AVG10 folder moved successfully.
C:\ProgramData\MFAData\SelfUpd\bins folder moved successfully.
C:\ProgramData\MFAData\SelfUpd folder moved successfully.
C:\ProgramData\MFAData\pack\bins folder moved successfully.
C:\ProgramData\MFAData\pack folder moved successfully.
C:\ProgramData\MFAData\mkt\res folder moved successfully.
C:\ProgramData\MFAData\mkt\pl folder moved successfully.
C:\ProgramData\MFAData\mkt\hi folder moved successfully.
C:\ProgramData\MFAData\mkt folder moved successfully.
C:\ProgramData\MFAData\logs folder moved successfully.
C:\ProgramData\MFAData folder moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Misza
->Flash cache emptied: 1056 bytes
User: postgres
User: Public
Total Flash Files Cleaned = 0.00 mb
Error: Unable to interpret <[emptytemp> in the current context!
OTL by OldTimer - Version 3.2.10.0 log created on 04062011_091318
tksskiller nic reszte instrukcji właśnie kończę robić