Pokreni OTL
U beli okvir prozora gde piše
Custom Scans/Fixes iskopiraj sledeci tekst:
Kod:
:files
C:\DOCUME~1\NINA\LOCALS~1\Temp\cportclm.sys
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
ipconfig /flushdns /c
recycler /alldrives
:Drivers
cportclm
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/web?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.bearshare.com/sidebar.html?src=ssb&appid=0&systemid=2&sr=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/web?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
IE - HKCU\..\URLSearchHook: {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\prxtbSof0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={085E6D9A-BB6F-46EA-905F-96423EE8409E}&mid=296562e6f02e47d0ba38d1510b37cc74-33d89468f1c719e35b63068803e6a533aaf4102d&lang=en&ds=AVG&pr=fr&d=2012-06-25 23:00:52&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2560206
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "BearShare Web Search"
FF - prefs.js..extensions.enabledItems: {86bf3498-8c44-4c3d-bbfb-05bd50858039}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {013a635f-e3aa-4371-b682-ece95ca974b0}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.3.3
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q="
FF - user.js - File not found
[2012.06.03 18:57:59 | 000,000,000 | ---D | M] (MB2 Community Toolbar) -- C:\Documents and Settings\NINA\Application Data\Mozilla\Firefox\Profiles\1zh9r3fc.default\extensions\{013a635f-e3aa-4371-b682-ece95ca974b0}
[2012.05.20 20:49:20 | 000,000,000 | ---D | M] (ST-Eng46 Community Toolbar) -- C:\Documents and Settings\NINA\Application Data\Mozilla\Firefox\Profiles\1zh9r3fc.default\extensions\{86bf3498-8c44-4c3d-bbfb-05bd50858039}
[2012.05.30 15:43:09 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\NINA\Application Data\Mozilla\Firefox\Profiles\1zh9r3fc.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011.09.30 12:37:18 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\NINA\Application Data\Mozilla\Firefox\Profiles\1zh9r3fc.default\extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}
O2 - BHO: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic-Eng46 Toolbar) - {86bf3498-8c44-4c3d-bbfb-05bd50858039} - C:\Program Files\Softonic-Eng46\prxtbSof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2C688203-7EB3-4327-9995-1CB417BA23F9} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng46 Toolbar) - {86BF3498-8C44-4C3D-BBFB-05BD50858039} - C:\Program Files\Softonic-Eng46\prxtbSof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
:Commands
[purity]
[emptytemp]
[Reboot]
Klikni taster
Run Fix;
Log koji dobiješ iskopiraj ovde u poruci.
Korak 2:
Preuzmi program
Malwarebytes' Anti-Malware
Dvoklikom pokreni instalaciju
Na samom pocetku proveri da li su stiklirane ove opcije
Update Malwarebytes' Anti-Malware
Launch Malwarebytes Anti-Malware
Zatim klikni Finish.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a proveri da li su obelezene sve stavke i klikni Remove Selected.
Po zavrsetku ciscenja zakaci MBAM log na forum.
Korak 3:
Preuzmi ComboFix sa sledece adrese na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Iskljuci AV
Pokreni Combofix iskljucivo sa desktopa (I Agree)
Na svaki popup prozor klikci Yes \ Ok
Kad zavrsi skeniranje izbacice ti log na desktop
Kopiraj mi log na paste.bin
avira mi javlja ove dvije greške tj virus TR/Sirefef.AG.35 i TR/ATRAPS.Gen2..pritisnem remove al nakon par min ponovo izbaci isto...evo ovdje su otl logovi 
)..očito ih je riješio 
Linearni mod
