Analiza logów z OTL - prośba o sprawdzenie i interpretację danych

Witam, tak jak w temacie, bardzo prosiłbym o sprawdzenie logów z OTL'a.

Odinstaluj IB Updater 2.0.0.578, Adobe Download Assistant,Bundled software uninstaller,IB Updater Service.Użyj AdwCleaner http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner z funkcji Skan a następnie Clean (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator).
Pokaż nowy OTL.txt

Twoj komputer jest czescia botnetu:
http://zaufanatrzeciastrona.pl/post/zagadka-o...stu-liczby-uzytkownikow-sieci-tor-wyjasniona/

Uzyj AdwCleaner, opcja Scan i Clean:
http://www.bleepingcomputer.com/download/adwcleaner/

Wykonaj skrypt w OTL:

:OTL
PRC - [2013-09-09 18:28:29 | 003,233,806 | ---- | M] () -- C:\Program Files (x86)\Tor\tor.exe
PRC - [2013-09-09 18:28:28 | 002,665,472 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe
PRC - [2013-08-16 10:18:51 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) -- C:\ProgramData\eSafe\eGdpSvc.exe
PRC - [2013-08-06 18:50:59 | 000,051,992 | ---- | M] (cake bake) -- C:\Program Files (x86)\WADesktop.Updater.exe
PRC - [2013-04-07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
PRC - [2013-01-29 15:30:58 | 000,188,760 | ---- | M] () -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe
MOD - [2013-04-07 10:55:02 | 000,015,152 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\stij.exe
MOD - [2013-04-07 10:54:20 | 000,306,176 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\lmrn.dll
MOD - [2013-02-05 09:25:06 | 000,362,029 | ---- | M] () -- C:\Windows\SysWOW64\jmdp\sqlite3.dll
SRV:64bit: - [2013-04-07 10:54:58 | 001,455,408 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013-01-29 15:30:58 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2013-09-09 18:28:29 | 003,233,806 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Tor\tor.exe -- (tor)
SRV - [2013-09-09 18:28:28 | 002,665,472 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe -- (Windows Internet Name Service)
SRV - [2013-08-16 10:18:51 | 000,301,120 | ---- | M] (Wsys Co., Ltd.) [Auto | Running] -- C:\ProgramData\eSafe\eGdpSvc.exe -- (WsysSvc)
SRV - [2013-08-06 18:50:59 | 000,051,992 | ---- | M] (cake bake) [Auto | Running] -- C:\Program Files (x86)\WADesktop.Updater.exe -- (WebCake Desktop Updater)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.qvo6.com/?utm_source=b&utm_medium=...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qvo6.com/?utm_source=b&utm_medium=...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss_sps&mntrId=BCD1001966EFB6DA&affID=119357&tsp=4943
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://isearch.babylon.com/?q={searchTerms}&babsrc=SP_ssbtis1&mntrId=BCD1001966EFB6DA&affID=119357&tsp=4943
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://search.qvo6.com/web/?utm_source=b&utm_...&uid=395049983_1052498_BCD15D93&ts=1373826498
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F9315073-69B3-4CC6-9467-BBC4C16988CB}&mid=b03469f7474e47d0abf8d150200b5f29-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=pl&ds=AVG&pr=fr&d=2013-01-23 23:01:26&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6PQTCnA0h2&i=26
IE - HKU\S-1-5-21-633407372-874980917-2903816572-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013-03-02 18:02:28 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\PROGRAM FILES\IB UPDATER\FIREFOX [2013-03-02 18:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013-03-02 18:02:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\IB Updater\Firefox [2013-03-02 18:02:28 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (a2zLyrics-1) - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho64.dll (Lyrics)
O2:64bit: - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
O2 - BHO: (a2zLyrics-1) - {11111111-1111-1111-1111-110411151154} - C:\Program Files (x86)\a2zLyrics-1\a2zLyrics-1-bho.dll (Lyrics)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
O3 - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O3 - HKU\S-1-5-21-633407372-874980917-2903816572-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKU\S-1-5-21-633407372-874980917-2903816572-1001..\Run: [CubeDesktop] File not found
O4 - HKLM..\RunOnce: [daemontoolslite] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
[2013-09-14 10:27:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\a2zLyrics-1
[2013-09-09 18:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tor
[2013-08-06 18:51:00 | 000,051,992 | ---- | C] (cake bake) -- C:\Program Files (x86)\WADesktop.Updater.exe
[2013-09-14 10:29:37 | 000,001,286 | ---- | M] () -- C:\Windows\tasks\a2zLyrics-1-updater.job
[2013-09-14 10:29:22 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\a2zLyrics-1-enabler.job
[2013-09-14 10:28:56 | 000,001,190 | ---- | M] () -- C:\Windows\tasks\a2zLyrics-1-codedownloader.job
[2013-09-14 10:28:36 | 000,001,822 | ---- | M] () -- C:\Windows\tasks\a2zLyrics-1-firefoxinstaller.job
[2013-09-14 10:27:33 | 000,001,898 | ---- | M] () -- C:\Windows\tasks\a2zLyrics-1-chromeinstaller.job
[2013-09-14 08:04:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013-09-14 08:04:19 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013-06-17 19:00:09 | 000,000,000 | ---D | M] -- C:\Users\xXX\AppData\Roaming\Babylon
[2013-07-14 20:27:36 | 000,000,000 | ---D | M] -- C:\Users\xXX\AppData\Roaming\eIntaller
[2013-06-20 09:49:07 | 000,000,000 | ---D | M] -- C:\Users\xXX\AppData\Roaming\File Scout
[2013-03-15 21:59:46 | 000,000,000 | ---D | M] -- C:\Users\xXX\AppData\Roaming\OpenCandy
[2013-08-15 16:14:02 | 000,000,000 | ---D | M] -- C:\Users\xXX\AppData\Roaming\Web Cake
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Commands
[emptytemp]

Zrob skan przy pomocy mbam oraz cureit i usun to co wykryja.
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/
http://ftp.drweb.com/pub/drweb/cureit/launch.exe

Po wykonaniu daj nowy log z OTL, ze skanowania.

Zrobione. Oto nowe logi z OTL'a.

Nowy skrypt:

:OTL

:Files
C:\Users\xXX\AppData\Local\Google\Chrome\User Data\Default\Extensions\afeodekfkejjgjigfnhhifffljmhnpfn\

Po wykonaniu wybierz w OTL Sprzatanie i to wszystko.

Okej, dziękuję bardzo za pomoc. ; )