jak odstranit Trojan MSIL:Dropper-AAJ

[Fluke]

Ne,virobijci vědí co dělají,musíš počkat,buď rád že to nejsou trojani a nebo že z tich pupů nemáš bitcoiny,stačí čekat.

[Reklama]

[thevalid]

Tak ja sem jim vděčnej že pomahaj, ale uz to resim docela dlouho a v tom poslednim logu je jeste jeden TROJAN
a to Trojan.MONDER včetně tech Bit....

[Fluke]

Kdo si počká,ten se dočká

[thevalid]

# AdwCleaner v3.016 - Report created 02/01/2014 at 20:59:15
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : admin - PC
# Running from : C:\Users\admin\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : BitGuard
Service Found : DefaultTabSearch
Service Found : DefaultTabUpdate

***** [ Files / Folders ] *****

File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Windows\system32\roboot.exe
Folder Found C:\Program Files\iSafe
Folder Found C:\Program Files\LemurLeap
Folder Found C:\Program Files\Mobogenie
Folder Found C:\Program Files\optimizer pro
Folder Found C:\Program Files\ss helper
Folder Found C:\Program Files\WebSearch
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\Birowsee2save
Folder Found C:\ProgramData\BitGuard
Folder Found C:\ProgramData\Downnload keepEer
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Found C:\ProgramData\Seuaarch-NeWTaib
Folder Found C:\ProgramData\Seuaarch-NeWTaib
Folder Found C:\ProgramData\SoftSafe
Folder Found C:\ProgramData\WinterSoft
Folder Found C:\Users\admin\AppData\Local\Bundled software uninstaller
Folder Found C:\Users\admin\AppData\Local\Mobogenie
Folder Found C:\Users\admin\AppData\LocalLow\Birowsee2save
Folder Found C:\Users\admin\AppData\LocalLow\Seuaarch-NeWTaib
Folder Found C:\Users\admin\AppData\LocalLow\Seuaarch-NeWTaib
Folder Found C:\Users\admin\AppData\Roaming\Babylon
Folder Found C:\Users\admin\AppData\Roaming\DefaultTab
Folder Found C:\Users\admin\AppData\Roaming\file scout
Folder Found C:\Users\admin\AppData\Roaming\iSafe
Folder Found C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Found C:\Users\admin\AppData\Roaming\optimizer pro
Folder Found C:\Users\admin\AppData\Roaming\Systweak
Folder Found C:\Users\admin\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\bitguard\271832~1.68\{c16c1~1\bitguard.dll
Key Found : HKCU\Software\590db8fe23be844
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\590db8fe23be844
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_360582d7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\qone8Software
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\systweak
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16521

Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://websearch.pu-results.info/?pid=7 ... g=EN&cc=CZ

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5730 octets] - [02/01/2014 20:59:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5790 octets] ##########

[Orcus]

Důrazně žádám o nevstupování uživatelů do témat v sekci HJT!

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

====================================================

Spusť znovu AdwCleaner (u Windows Vista či Windows7, klikni na AdwCleaner pravým a vyber „Spustit jako správce“
Klikni na „ Smazat“
Program provede opravu, po automatickém restartu neukáže log (C:\AdwCleaner [S?].txt) , jeho obsah sem celý vlož.

====================================================

Stáhni si Junkware Removal Tool

na svojí plochu.
Deaktivuj si svůj antivirový program.
Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

====================================================

[thevalid]

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.02.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16521
admin :: PC [administrator]

3.1.2014 11:43:09
mbam-log-2014-01-03 (11-43-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212163
Time elapsed: 11 minute(s), 15 second(s)

Memory Processes Detected: 1
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe (PUP.Optional.DefaultTab.A) -> 2004 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 30
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_b0285714 (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} (PUP.Optional.WebSearchInfo) -> Delete on reboot.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Quarantined and deleted successfully.
HKCU\Software\AppDataLow\Software\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\BI (PUP.Optional.FilesFrog.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS (PUP.Optional.BProtector.A) -> Delete on reboot.
HKCU\SOFTWARE\OPTIMIZER PRO (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\qone8Software (PUP.Optional.Qone8.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\DEFAULT TAB (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{E1E33470-1CF0-4675-B024-56F7905C746D} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\Interface\{B51437A3-E0E6-4046-A6E4-173B1E777C85} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabToolbarBHO.DefaultTabToolbar.1 (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCR\DefaultTabToolbarBHO.DefaultTabToolbar (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.3.3.0 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: http://www2.delta-search.com/?affID=119 ... 1D920B96DE -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Delete on reboot.
HKCU\Software\BI|ui_path_filesfrog (PUP.Optional.FilesFrog.A) -> Data: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker -> Quarantined and deleted successfully.
HKCU\Software\Optimizer Pro|AdsBuyNowURL (PUP.Optional.OptimizerPro.A) -> Data: http://pcup4.pcutilitiespro.revenuewire ... A1011C14A4 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Default Tab|Version (PUP.Optional.DefaultTab.A) -> Data: 2.3.3.0 -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{96A25A24-2E87-4374-8A50-CC6F943FCE4D} (PUP.Optional.DefaultTab.A) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.WebSearchInfo) -> Bad: (http://websearch.pu-results.info/?pid=7 ... g=EN&cc=CZ) Good: (http://www.google.com) -> Delete on reboot.

Folders Detected: 7
C:\Users\admin\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\WebSearch (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\Apps (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

Files Detected: 77
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\dtupdate.exe (PUP.Optional.DefaultTab.A) -> Delete on reboot.
C:\ProgramData\Birowsee2save\5176c0fd446b4.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\InstallMate\{F6580D3D-B652-4954-ABBF-FE702DBB2FCB}\Custom.dll (PUP.Optional.InstalleRex) -> Quarantined and deleted successfully.
C:\ProgramData\Seuaarch-NeWTaib\5176c1197c398.dll (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\ProgramData\UHBRVU\FJU.01 (Trojan.Monder) -> Quarantined and deleted successfully.
C:\ProgramData\UHBRVU\FJU.02 (PUP.Ardamax) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabStart64.exe (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabWrap64.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Bundled software uninstaller\biclient.exe (PUP.Optional.Somoto.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptimizerPro.chm (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\CookiesException.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\English.ini (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\file_id.diz (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\HomePage.url (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProCrash.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProGuard.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProLauncher.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProReminder.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProSchedule.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProSmartScan.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProStart.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\OptProUninstaller.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\scan.gif (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\sqlite3.dll (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\StartupList.txt (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\unins000.dat (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\unins000.exe (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\Optimizer Pro\unins000.msg (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Program Files\WebSearch\sprotector.dll (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\Program Files\WebSearch\uninstall.exe (PUP.OPtional.Websearch.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro on the Web.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Check updates.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Help.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro\Uninstall Optimizer Pro.lnk (PUP.Optional.OptimizerPro.A) -> Quarantined and deleted successfully.
C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\TimeServer.exe (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\c5ba51c8822b2ebb730d18f8bab93d8a.elf (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\d4ce4f36e508153bf25ab6a8dcde7f0d.elf (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.multiarray.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.scalarmath.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core.umath.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.core._dotblas.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.fft.fftpack_lite.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.lib._compiled_base.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.linalg.lapack_lite.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\numpy.random.mtrand.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\pyopencl._cl.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\select.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\_ctypes.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\_hashlib.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\_socket.pyd (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Time\library.zip (Trojan.BtcMiner.TS) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\addon.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\amazon_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\blocklist.json (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DefaultTabBHO.cfg (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\defaulttabuninstaller.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\DT.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\ebay_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\facebook_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\searchhere.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\search_here_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\twitter_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\uninstalldt.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\update.exe (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\wikipedia_ie.ico (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
C:\Users\admin\AppData\Roaming\defaulttab\defaulttab\Apps\RelatedLinksBHO.dll (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.

(end)

[thevalid]

# AdwCleaner v3.016 - Report created 03/01/2014 at 12:04:02
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : admin - PC
# Running from : C:\Users\admin\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BitGuard

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\Birowsee2save
Folder Deleted : C:\ProgramData\Downnload keepEer
Folder Deleted : C:\ProgramData\Seuaarch-NeWTaib
Folder Deleted : C:\Program Files\LemurLeap
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Program Files\ss helper
Folder Deleted : C:\Users\admin\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\admin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\admin\AppData\LocalLow\Birowsee2save
Folder Deleted : C:\Users\admin\AppData\LocalLow\Seuaarch-NeWTaib
Folder Deleted : C:\Users\admin\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\admin\AppData\Roaming\iSafe
Folder Deleted : C:\Users\admin\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\admin\AppData\Roaming\Systweak
Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Folder Deleted : C:\Users\admin\Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_360582d7
Key Deleted : HKCU\Software\590db8fe23be844
Key Deleted : HKLM\SOFTWARE\590db8fe23be844
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16521

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5870 octets] - [02/01/2014 20:59:15]
AdwCleaner[R1].txt - [4150 octets] - [03/01/2014 12:02:46]
AdwCleaner[S0].txt - [4029 octets] - [03/01/2014 12:04:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4089 octets] ##########

[thevalid]

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows 7 Ultimate x86
Ran by admin on p  03.01.2014 at 12:24:36,56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2676208217-3038664493-994317445-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2970C7B4-9D08-4A1C-AA41-AEE4095C2E4E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3C2A0AE5-E82A-4DD7-84E2-98840AB7A527}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  03.01.2014 at 12:27:45,79
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[thevalid]

Uz je to vše?

[Orcus]

Jak to vypadá s problémy? Pokud nejsou, nemusíme čistit dál a téma může označit jako vyřešené.

Pokud jsou, stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
- Zkontroluj , zda máš zaškrtnuto:
Kontrola MBR
Kontrola Faked
Antirootkit
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.