ordynat

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2012-09-25 16:45:37 | 000,000,000 | ---D | M] -- C:\Users\wloszczyzna\AppData\Roaming\hellomoto
O4 - HKU\S-1-5-21-2617635955-1411969527-2400639260-1000..\Run: [Govoob] C:\Users\wloszczyzna\AppData\Roaming\Uloha\ebys.exe File not found
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.

 

Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).  
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt

 

Zrób nowy log, ale tym razem na zarażonym koncie.

.

1) Użyj >Adw-cleaner (aby pobrać kliknij na dużą zieloną strzałkę po prawej).  
Kliknij w nim Usuń
Pokaż raport z niego C:\AdwCleaner[S1].txt

 

2) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

 

:OTL
[2013/08/21 16:48:26 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\BabSolution
[2012/09/17 09:15:11 | 000,000,000 | ---D | M] -- C:\Users\Hubert\AppData\Roaming\Babylon
[2013/08/21 16:41:41 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/08/21 16:41:41 | 000,000,372 | -H-- | M] () -- C:\Windows\tasks\VaudiXUpdaterTask{B402661C-FB63-43EA-8D86-EA65D1C629BB}.job
O20 - AppInit_DLLs: (c:\progra~2\contin~1\sprote~1.dll) - c:\progra~2\contin~1\sprote~1.dll ()
O20 - AppInit_DLLs: (c:\progra~2\websea~1\sprote~1.dll) -  File not found
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.25.2)
O4 - HKU\S-1-5-21-3970815587-3154509807-107303040-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-3970815587-3154509807-107303040-1000..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED File not found
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-21-3970815587-3154509807-107303040-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKU\S-1-5-21-3970815587-3154509807-107303040-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3970815587-3154509807-107303040-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O2 - BHO: (Vaudix) - {06427A33-9D9E-A76B-E2E0-47A86847E0F1} - C:\ProgramData\Vaudix\50eca83752650.dll File not found
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (coNNtinuetosyavee) - {68687021-122A-7789-42F9-A83E68BAE98A} - C:\ProgramData\coNNtinuetosyavee\5186374457ec6.dll File not found
[2013/07/23 00:47:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions\ffxtlbr@babylon.com
[2013/06/20 16:12:38 | 000,002,308 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\zaswvqv4.default\searchplugins\askcom.xml
[2013/04/04 22:04:40 | 000,001,294 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\zaswvqv4.default\searchplugins\delta.xml
[2013/05/30 00:28:35 | 000,007,781 | ---- | M] () -- C:\Users\Hubert\AppData\Roaming\mozilla\firefox\profiles\zaswvqv4.default\searchplugins\WebSearch.xml
[2012/08/05 20:49:12 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Hubert\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - prefs.js..browser.startup.homepage: "http://websearch.homesearchapp.info/?unqvl=17"
FF - prefs.js..browser.search.defaulturl: "http://websearch.coolwebsearch.info/?unqvl=19&l=1&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
IE - HKU\S-1-5-21-3970815587-3154509807-107303040-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
MOD - [2013/01/24 13:16:54 | 001,050,112 | ---- | M] () -- c:\progra~2\contin~1\sprote~1.dll

:Reg
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D8C088A2B470428CB10FEE6F6FAE4E54}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A244612-A1F7-11E0-95C0-E71F4824019B}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6EA03EEB-79AA-46BA-B21B-53F8B49B70B8}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3040EA3D-A405-4315-967A-836249763CA0}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0763FC92-CD50-4EF1-A5CA-9443110A0F41}]
[HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\Software\Microsoft\Internet Explorer\SearchScopes]
"BrowserMngrDefaultScope"=-
[HKEY_USERS\S-1-5-21-3970815587-3154509807-107303040-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"BrowserMngr Start Page"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

 

3) Zainstaluj nowszą, bezpieczniejszą wersję Javy:
>http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html (wybierz: Windows x86 Offline)
Być może trzeba też zainstalować nowszą wersję Javy 64 bit >http://java.com/pl/download/faq/java_win64bit.xml

Dodatkowo:

Użyj Adw-Cleaner /Usuwanie-Adware-Babylon-SweetIM-itp-czyli-program-AdwCleaner-t51855/

z opcji USUŃ.

Nie widzę tu żadnej infekcji.
Są niepotrzebne "rzeczy", więc użyj Adw Cleaner >/Usuwanie-Adware-Babylon-SweetIM-itp-czyli-program-AdwCleaner-t51855/ z opcji DELETE

W nowym logu nie widzę już niczego podejrzanego, więc powinno być OK.

W Adw-Cleaner kliknij na przycisk Uninstall
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2012-10-25 19:30:43 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\spmsgq.dll
[2012-10-25 19:30:43 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Fqqpxidgdm.job
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O4 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003..\Run: [PCSpeedUp] "C:\Program Files\Przyspiesz Komputer\PCSpeedUp.exe" File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (facemoods.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll File not found
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll File not found
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\prxtbgr0.dll File not found
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
[2012-07-12 08:59:06 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012-05-21 21:25:09 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2012-08-11 17:05:03 | 000,006,481 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-05-05 21:20:15 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011-08-04 16:43:32 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\aol-web-search.xml
[2012-08-26 21:22:36 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\askcom.xml
[2012-10-01 18:41:05 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\SearchTheWeb.xml
[2012-09-24 17:05:27 | 000,003,983 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\sweetim.xml
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337631904_230548
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1337631904_230548
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=31-07-2011
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337631904_230548
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - SOFTWARE\Classes\CLSID\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}\InprocServer32 File not found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = Facemoods Search
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Claro Search
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{46F62C9F-47F3-4D1E-AC19-E6B47347FC9D}: "URL" = http://websearch.ask...7-F08E15960BC9
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = DAEMON-Search.com :: SEARCH
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Szukaj {searchTerms}
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=31-07-2011
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..keyword.URL: "http://slirsredirect...08-2011&query="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.winamp...08-2011&query="

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
Użyj >Adw-cleaner. Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

Nie widzę tu żadnej infekcji.
Usuniemy niepotrzebne sponsorskie dodatki:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - HKCU..\Run: [ALLUpdate] "C:\EMILKA\Programy\ALLPlayer\ALLUpdate.exe" "sleep" File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (BitTorrentControl_v12 Toolbar) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentControl_v12 Toolbar) - {B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
[2012-10-20 16:45:42 | 000,002,578 | ---- | M] () -- C:\Users\User OEM\AppData\Roaming\mozilla\firefox\profiles\e0x0eoy0.default\searchplugins\askcom.xml
[2012-10-20 16:45:40 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\User OEM\AppData\Roaming\mozilla\Firefox\Profiles\e0x0eoy0.default\extensions\toolbar@ask.com
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=STT&o=102866&locale=en_US&apn_uid=9b8bb0ab-fc68-4452-89d0-1e245d50b091&apn_ptnrs=^5N&apn_sauid=45A8DB15-26FA-42FF-BE52-9ECC8B77093F&apn_dtid=^YYYYYY^YY^PL&&q="
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=STT&o=102866&src=crm&q={searchTerms}&locale=&apn_ptnrs=^5N&apn_dtid=^YYYYYY^YY^PL&apn_uid=9b8bb0ab-fc68-4452-89d0-1e245d50b091&apn_sauid=45A8DB15-26FA-42FF-BE52-9ECC8B77093F
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={2855F2D3-A3EB-4BC4-BF38-4EC4E22E5534}&mid=e71f6ce0010b47d08151d15ee205d559-bbbcbf9aed2222606afeee7108272e6d686a9049&lang=pl&ds=xn011&pr=sa&d=2012-10-05 16:27:28&v=13.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKLM\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={2855F2D3-A3EB-4BC4-BF38-4EC4E22E5534}&mid=e71f6ce0010b47d08151d15ee205d559-bbbcbf9aed2222606afeee7108272e6d686a9049&lang=pl&ds=xn011&pr=sa&d=2012-10-05 16:27:28&v=13.0.0.7&sap=hp
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - C:\Program Files\BitTorrentControl_v12\prxtbBitT.dll (Conduit Ltd.)

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

Użyj >Adw-cleaner. Kliknij w nim Delete

Jest takie powiedzenie: jeszcze się taki nie urodził, kto wymyśliłby sposób na problem z muleniem.

Nie masz żadnej infekcji.

Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3225826
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0388404D-6072-4CEB-B521-8F090FEAEE57}: "URL" = http://klit.startnow.com/s/?q={searchTerms}&src=defsearch&provider=&provider_name=yahoo&provider_code=&partner_id=693&product_id=741&affiliate_id=&channel=&toolbar_id=200&toolbar_version=2.4.0&install_country=PL&install_date=20120203&user_guid=22E1EE0A3CF14F5A9CA023D748D159A9&machine_id=09b02b0de7ec1f15f4b898e8fa3f47d1&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=110811&babsrc=SP_ss&mntrId=3ac7fa8a000000000000000000000000
IE - HKCU\..\SearchScopes\{1D817984-5CF7-4E83-A4A4-0293C4E43D1C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=crm&q={searchTerms}&locale=&apn_ptnrs=UJ&apn_dtid=YYYYYYYYPL&apn_uid=6561ceb4-57c5-420c-bb21-5c970b0f1fff&apn_sauid=FEC2E157-C70A-4AB5-A40B-4CC124449017
IE - HKCU\..\SearchScopes\{7D93E605-01BE-4F90-BD14-6B6AA02BD724}: "URL" = http://search.softonic.com/MON00085/tb_v1?q={searchTerms}&SearchSource=4&cc=
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3225826
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "BitTorrentControl_v12 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3225826&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&q="
[2012-03-08 23:59:11 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-10-13 09:28:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\b22hdb1v.default\extensions
[2012-08-28 09:35:08 | 000,000,000 | ---D | M] (uTorrentControl2) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\b22hdb1v.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012-10-12 23:11:25 | 000,000,000 | ---D | M] (BitTorrentControl_v12) -- C:\Users\Marcin\AppData\Roaming\mozilla\Firefox\Profiles\b22hdb1v.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
[2012-10-13 09:28:33 | 000,000,935 | ---- | M] () -- C:\Users\Marcin\AppData\Roaming\mozilla\firefox\profiles\b22hdb1v.default\searchplugins\conduit.xml
[2012-01-01 16:13:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D43723AE-1AE1-4A25-A6A4-BF0929273CAB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

Przy okazji usuniemy sponsorskie śmieci:
Użyj >Adw-cleaner. Kliknij w nim Delete
.

Jeśli tak jest, to oznacza, że miałeś do czynienia z Tibią, bo to tylko z Tibii jest infekcja ("spdg.dll"), która zaraża plik Systemowy "ws2_32.dll". Ten plik "ws2_32.dll". trzeba podmienić.
Użyj ComboFix >/Archiwalny-Combofix-t35201/. Jeśli ComboFix znajdzie niezarażoną kopię tego pliku, to go podmieni.
Niestety, jest ryzyko, że System już w ogóle nie wstanie, bo ta infekcja tak reaguje na próbę jej usunięcia. Nic na to nie poradzę.

.

Trochę dziwne, że AdwCleaner nic nie wykrył, choć powinien wykryć i usunąć.
Odinstaluj " Linkury Smartbar".
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\ola\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDY&co=PL&userid=cc94248c-a582-4e0e-8fda-aaa277cc0b89&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}

:Reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"BrowserMngrDefaultScope"=-

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt

W Adw-Cleaner kliknij na przycisk Uninstall

1) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
SRV - [2012-09-13 21:41:32 | 001,701,400 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe -- (Browser Manager)
IE - HKLM\..\URLSearchHook: {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylon.com/?affID=113678&tt=bandext_3312_8&babsrc=HP_ss&mntrId=fe97a5eb000000000000ec55f9be5b3f
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3425900288-1883478760-1700715328-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110808&tt=3412_7&babsrc=SP_ss&mntrId=fe97a5eb000000000000ec55f9be5b3f
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.2.565.25\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
[2012-08-21 22:40:10 | 000,000,000 | ---D | M] (Serif PhotoPlus Community Toolbar) -- C:\Users\ola\AppData\Roaming\mozilla\Firefox\extensions\{8f2767f8-338a-4258-bd1c-4de5a3d8cdb2}
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Serif PhotoPlus Toolbar) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Serif PhotoPlus Toolbar) - {8f2767f8-338a-4258-bd1c-4de5a3d8cdb2} - C:\Program Files (x86)\Serif_PhotoPlus\prxtbSeri.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.4.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - Startup: C:\Users\ola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\22643~1.41\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

2) Użyj >Adw-cleaner. Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

[2012-09-09 12:57:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012-09-27 11:07:10 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012-09-27 13:30:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LocalAppData%
[2012-09-27 14:37:14 | 000,000,000 | -HSD | C] -- C:\Users\happy\%APPDATA%
[2012-09-27 16:53:10 | 000,000,000 | -HSD | C] -- C:\%APPDATA%

To są oznaki infekcji ZeroAcces/Sirefef, ale w logu nie widzę żadnych innych oznak aktywnej infekcji.
Opisane w Twoim pierwszym temacie niektóre objawy pasują właśnie do ZeroAcces.
Zrozumiałem, że już nie masz tych problemów, ale jeśli jednak by dalej były, to napiszesz temat na >http://www.fixitpc.pl/, bo tam @Picasso wyśmienicie zna się na tej infekcji, na jej usuwaniu, i na naprawianiu tego, co ZeroAcces uszkodził w Systemie.
.
Ale

Driver "11df87ef6c405e25" deleted successfully.

Skoro Avenger usuwał tę usługę, to znaczy, że ESET Necurs niezbyt dokładnie działał.

C:\WINDOWS\System32\drivers\11df87ef6c405e25.sys.vir

Spróbuj to usunąć ręcznie, a jeśli się nie uda, to:
>>Avenger >>wklej do niego ten tekst:

Files to delete:
C:\WINDOWS\System32\drivers\11df87ef6c405e25.sys.vir

Kliknij w "Execute" i zatwierdź restart komputera.

.

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2012-09-12 10:39:19 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\11df87ef6c405e25.sys
[2012-09-12 06:32:20 | 000,108,544 | ---- | C] () -- C:\Documents and Settings\ja\tiddiszagtor.exe
[2012-09-15 20:03:03 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\hcmf.sys
O33 - MountPoints2\{540d8ea9-181e-11e0-aeff-0024813f3938}\Shell\AutoRun\command - "" = D:\w9.exe
O33 - MountPoints2\{540d8ea9-181e-11e0-aeff-0024813f3938}\Shell\open\Command - "" = D:\w9.exe
O33 - MountPoints2\{6376601c-8e31-11de-ae5d-0024813f3938}\Shell\AutoRun\command - "" = E:\ktly.exe
O33 - MountPoints2\{6376601c-8e31-11de-ae5d-0024813f3938}\Shell\open\Command - "" = E:\ktly.exe
O33 - MountPoints2\{c9ad138c-4f05-11de-ae40-0024813f3938}\Shell\AutoRun\command - "" = D:\eexyv.exe
O33 - MountPoints2\{c9ad138c-4f05-11de-ae40-0024813f3938}\Shell\open\Command - "" = D:\eexyv.exe
O33 - MountPoints2\{ccc6dbfa-8e36-11de-ae5e-002100ae76c1}\Shell\AutoRun\command - "" = E:\ktly.exe
O33 - MountPoints2\{ccc6dbfa-8e36-11de-ae5e-002100ae76c1}\Shell\open\Command - "" = E:\ktly.exe
O33 - MountPoints2\{d4deeb52-d179-11df-ae8b-0024813f3938}\Shell\AutoRun\command - "" = D:\io3yalc.exe
O33 - MountPoints2\{d4deeb52-d179-11df-ae8b-0024813f3938}\Shell\open\Command - "" = D:\io3yalc.exe
O33 - MountPoints2\{df839f3c-dc7b-11df-aea3-0024813f3938}\Shell\AutoRun\command - "" = D:\jofk1wf.exe
O33 - MountPoints2\{df839f3c-dc7b-11df-aea3-0024813f3938}\Shell\open\Command - "" = D:\jofk1wf.exe
O33 - MountPoints2\{ea20b9e0-9945-11de-ae61-0024813f3938}\Shell\AutoRun\command - "" = E:\o9bxu.exe
O33 - MountPoints2\{ea20b9e0-9945-11de-ae61-0024813f3938}\Shell\open\Command - "" = E:\o9bxu.exe
O4 - Startup: C:\Documents and Settings\ja\Menu Start\Programy\Autostart\PowerReg Scheduler.exe ()
O4 - HKCU..\Run: [tiddiszagtor] C:\Documents and Settings\ja\tiddiszagtor.exe ()
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe File not found
DRV - [2012-09-15 20:03:03 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\hcmf.sys -- (ljeisl)

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.

Wprawdzie w logach nie widzę usługi, ale, tak na wszelki wypadek, użyj tego ESET Necurs Remover.

Avenger skutecznie usunął obiekt "Live Security Platinum"
Z logu FSS wynika, że pomyślnie zostały odbudowane te Systemowe usługi, które były zniszczone przez "ZeroAcces'a".
Jednym słowem - kończymy:
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
Jednocześnie zniknie Avenger.
W Adw-Cleaner kliknij na przycisk Uninstall.
RogueKiller usuń ręcznie.
To wszystko z mojej strony.
.