BlackNoise

mimo uruchomienia w trybie bezpiecznym dalej nic. Dziękuje za pomoc

załączam combo, jest progres bo strona startowa jest już ok jednak dalej nie da sie zresetować wyszukiwarki (w prawym górnym rogu) scan z OTL zaraz bedzie ComboFix.txt OTL.Txt

załączam gmera skanował najdłużej na świecie bede teraz odpalał skrypt, wyniki po zakończeniu. gmer.txt

Combo. Punkt 3 nic nie daje dalej jest startsear.ch jako obie wyszukiwarki. GMER'anie w trakcie. ComboFix.txt LOG.txt OTL.Txt Ad-Report-SCAN3.txt

puntk 1 zrobiony, 2 w trakcie jak sie uda wrzuce logi. niestety nadal pisze że nie mam uprawień aby go wrzucić wiec wklejam w takiej postaci: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKU\S-1-5-21-1177238915-412668190-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Prefs.js: "http://startsear.ch/?aff=1" removed from browser.startup.homepage Prefs.js: engine@conduit.com:3.3.3.2 removed from extensions.enabledItems Prefs.js: "chrome://browser-region/locale/region.properties" removed from keyword.URL C:\Documents and Settings\Rasta\Dane aplikacji\Mozilla\Firefox\Profiles\wbxaityt.default\searchplugins\google.xml moved successfully. Service wmcmgc stopped successfully! Service wmcmgc deleted successfully! Service Microsoft Office Groove Audit Service stopped successfully! Service Microsoft Office Groove Audit Service deleted successfully! Service Bonjour Service stopped successfully! Service Bonjour Service deleted successfully! Error: No service named catchme was found to stop! Service\Driver key catchme not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found. Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71} C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: Rasta ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->FireFox cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 16384 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Rasta ->Temp folder emptied: 1688 bytes ->Temporary Internet Files folder emptied: 212810 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 12216212 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 483 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 12,00 mb OTL by OldTimer - Version 3.2.29.1 log created on 10112011_124607 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\NetworkService\Ustawienia lokalne\Temp\Perflib_Perfdata_7fc.dat not found! File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found! Registry entries deleted on Reboot... OTL.Txt Ad-Report-SCAN2.txt

po usunieciu, tego vuze, i uruchominiu skryptu, komp uruchomił się ale ani nie było neta ani dzwięku nic. (dobrze że istnieje przywracanie). spróbuje sam skrypt i pokaże logi.

Vuze Remote Toolbar - nie chce sie odinstalować. Usunąć ręcznie? [edit] poradziłem sobie, zaraz wrzuce skany.

Witam, wczoraj po odpaleniu pewnego pliku który "udawał" film, w moim FireFoxie, jak i IE, została zmieniona strona startowa na hxxp://startsear.ch/?aff=1. Równocześnie w miejscu gdzie standardowo w FF jest szybka wyszukiwarka google, pojawiła się wyszukiwarka Web Search, która szuka na podstawie hxxp://startsear.ch/?aff=1. Próbowałem już wielu rzeczy, jednak po każdym uruchomieniu PC, problem powraca. Działam na WinXP x32. OTL.Txt Extras.Txt