Jak usunąć wirusa spowalniającego komputer po skanowaniu OTL?

Witam. Koleżanka zainfekowała swój komputer jakiś wirusem przez który praktycznie urządzenie nie nadaje się do użytku, ponieważ po 5 minutach działania chodzi tak wolno, że otwarcie przeglądarki zajmuje ok. 2 minut. Udało mi się zrobić skan programem OTL. Wyniki w załączniku. Bardzo proszę o pomoc.

Odinstaluj:
McAfee Security Scan Plus

Wykonaj skrypt w OTL:

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.buenosearch.com/?babsrc=HP_ss&mntrId=483D201A06250F9D&affID=128491&tsp=5176
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=483D201A06250F9D&affID=128491&tsp=5176
CHR - homepage: http://www.buenosearch.com/?babsrc=HP_ss&mntrId=483D201A06250F9D&affID=128491&tsp=5176
O4:64bit: - HKLM..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
O4:64bit: - HKLM..\Run: [svchost] C:\Temp [2014-06-15 22:50:16 | 000,000,000 | ---D | M]
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKCU..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
O4 - HKCU..\Run: [svchost] C:\Temp [2014-06-15 22:50:16 | 000,000,000 | ---D | M]
[2014-06-10 22:04:33 | 000,000,000 | ---D | C] -- C:\temp
@Alternate Data Stream - 4603857 bytes -> C:\Temp:012F22F0.dat
@Alternate Data Stream - 4 bytes -> C:\Temp:rnd.dat
@Alternate Data Stream - 4 bytes -> C:\Temp:pidG
@Alternate Data Stream - 4 bytes -> C:\Temp:pid3
@Alternate Data Stream - 4 bytes -> C:\Temp:pid2
@Alternate Data Stream - 4 bytes -> C:\Temp:pid1
@Alternate Data Stream - 32 bytes -> C:\Temp:srv
@Alternate Data Stream - 1620 bytes -> C:\Temp:list3


Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

Daj w zalaczniku logi z FRST:
http://www.fixitpc.pl/topic/61-diagnostyka-ogólne-raporty-systemowe/#entry119294

Zrob pelny skan przy pomocy Mbam:
http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

Logi z FRST

Uzyj http://www.bleepingcomputer.com/download/tfc/

Obok frst.exe utworz plik fixlist.txt z zawartoscia:
HKLM\...\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] => 1
HKLM\...\Run: [svchost] => regsvr32 /s "C:\Temp:012F22F0.dat"
SearchScopes: HKLM-x32 - DefaultScope value is missing.
2014-06-15 23:38 - 2014-06-15 23:38 - 00000000 ____D () C:\_OTL
2014-06-15 23:31 - 2014-06-15 23:32 - 00000000 ____D () C:\AdwCleaner
2014-06-15 23:08 - 2014-06-15 23:08 - 00080934 _____ () C:\Users\Alii\Desktop\OTL.Txt
2014-06-15 23:07 - 2014-06-15 23:07 - 00055724 _____ () C:\Users\Alii\Desktop\Extras.Txt
2014-06-15 23:00 - 2014-06-15 23:00 - 00055724 _____ () C:\Users\Alii\Downloads\Extras.Txt
2014-06-15 22:59 - 2014-06-15 22:59 - 00080934 _____ () C:\Users\Alii\Downloads\OTL.Txt
2014-06-15 22:38 - 2014-06-15 22:41 - 00388608 _____ (Trend Micro Inc.) C:\Users\Alii\Downloads\HijackThis_2.0.4 (2).exe

W Frst wybierz Fix.