PC-HELP.CZ

Zdravím, píšu sem kvůli tomuto problému.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:40, on 18.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
CHROME: 45.0.2454.93
FIREFOX: 33.1.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Jirka\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jirka\Downloads\Silverlight_x86.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
D:\Steam\steam.exe
D:\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Users\Jirka\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... S912599&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... S912599&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.facebook.com/groups/3105325 ... 5/?fref=nf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... S912599&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... S912599&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Jirka\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [BloodyToneMaker] "C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe" Minimum
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Microsoft Updater] "C:\Users\Jirka\Downloads\Silverlight_x86.exe" 273819
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} (Activex Control) - http://mhd.frag.cz/loadgame_et.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10760 bytes

Ahoj!

Ano, už jsem si to četl.
Vypadá to, že se to tam ani nějak extra nedrží, ale uvidíme ..

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

- Pokud používáš jen Google Chrome , tak ATF nemusíš použít.

===================================================

Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

===================================================

Stáhni AdwCleaner (by Xplode)

Ulož si ho na svojí plochu
Ukonči všechny programy , okna a prohlížeče
Spusť program poklepáním a klikni na „Prohledat-Scan“
Po skenu se objeví log ( jinak je uložen systémovem disku jako AdwCleaner[R?].txt), jeho obsah sem celý vlož.

===================================================

Stáhni si Malwarebytes' Anti-Malware
- Při instalaci odeber zatržítko u „Povolit bezplatnou zkušební verzi Malwarebytes' Anti-Malware Premium“
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a klikni na Skenovat nyní a
- po proběhnutí programu se ti objeví hláška vpravo dole tak klikni na Kopírovat do schránky a a vlož sem celý log.

- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).

Pokud budou problémy , spusť v nouz. režimu.

Dobře, udělal jsem už všechny kroky, akorát jsem u AdwCleaneru omylem klikl na "Vyčistit" a tím pádem se vymazali zvolené soubory a restartoval se PC. Proto nejspíše v PC nemohu najít soubor AdwCleaner[R?].txt, proto přikládám soubor, který se objevil po restartu - AdwCleaner[C2].txt.

Udělej znova AdwCleaner sken a poté klikni na Vyčistit. Výsledný log sem vlož(ne vše se minule vymazalo)

Spusť znovu MbAM a dej Skenovat nyní
- po proběhnutí programu se ti objeví hláška tak klikni na „Vše do karantény(smazat vybrané)“ a na „Exportovat záznam“ a vyber „textový soubor“ , soubor nějak pojmenuj a někam ho ulož. Zkopíruj se celý obsah toho logu.

Stáhni si Junkware Removal Tool by Thisisu

na svojí plochu.

Deaktivuj si svůj antivirový program. Pravým tl. myši klikni na JRT.exe a vyber „spustit jako správce“. Pro pokračování budeš vyzván ke stisknutí jakékoliv klávesy. Na nějakou klikni.
Začne skenování programu. Skenování může trvat dloho , podle množství nákaz. Po ukončení skenu se objeví log (JRT.txt) , který se uloží na ploše.
Zkopíruj sem prosím celý jeho obsah.

Stáhni si RogueKiller
32bit.:
http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
64bit.:
http://www.sur-la-toile.com/RogueKiller ... lerX64.exe
na svojí plochu.
- Zavři všechny ostatní programy a prohlížeče.
- Pro OS Vista a win7 spusť program RogueKiller.exe jako správce , u XP poklepáním.
- počkej až skončí Prescan -vyhledávání škodlivých procesů.
-Potom klikni na „Prohledat“.
- Program skenuje procesy PC. Po proskenování klikni na „Zpráva“celý obsah logu sem zkopíruj.
Pokud je program blokován , zkus ho spustit několikrát. Pokud dále program nepůjde spustit a pracovat, přejmenuj ho na winlogon.exe.

Spustil jsem znovu AdwCleaner, dal jsem skenovat, ale ani z jedného odvětví to nic nenašlo. Dal jsem tedy vyčistit, restartoval se PC a log byl taky prázdnej.
V MbAM jsem dal znova skenovat, našlo to ty stejné soubory jako minule, dal jsem je tedy odstranit a chtělo to po mně restart PC. Také to ale psalo, že se log někam uložil, ale nemůžu ho najít (fail z mé strany).
Stáhl jsem si Junkware a chtěl jsem deaktivovat svůj Eset a zarazila mě jedna věc. Obyčejně ho mám dole v liště, vedle času, ale teď tam nebyl. Sice byl spuštěnej a zapnutej, ale nebyla dostupná ikona. Co se ale týče Junkwaru, tak vše proběhlo ok, níže ve spoileru je log.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 7 Professional x64
Ran by Jirka on p  18.09.2015 at 19:48:09,63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update webporpoise
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Util webporpoise



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Jirka\AppData\Roaming\software informer



~~~ FireFox

Emptied folder: C:\Users\Jirka\AppData\Roaming\mozilla\firefox\profiles\mr71hqwk.default\minidumps [6 files]



~~~ Chrome


[C:\Users\Jirka\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Jirka\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
nafaimnnclfjfedmmabolbppcngeolgf

[C:\Users\Jirka\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Jirka\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
bgjpfhpjcgdppjbgnpnjllokbmcdllig,
blmojkbhnkkphngknkmgccmlenfaelkd,
olfeabkoenfaoljndfecamgilllcpiak
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on p  18.09.2015 at 19:52:33,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rád bych upozornil, že odkaz ke stažení Rogue Killera je nefunkční Stáhl jsem si ho tedy z jiné stránky a spustil dle instrukcí. Log níže.

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Users\Jirka\Desktop\RogueKillerX64.exe
Mód : Prohledat -- Datum : 09/18/2015 20:15:31

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Nalezeno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Nalezeno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/groups/3105325 ... 5/?fref=nf -> Nalezeno
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/groups/3105325 ... 5/?fref=nf -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nalezeno
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nalezeno

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bandicam.com
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl.bandisoft.com

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_POWER[22] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_PNP[27] : Unknown @ 0x41824b9600000000

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 3366e2830b24cf6fdc4653f52419481f
[BSP] f3f5a7420a334b8c11b321397212cf63 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 119900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 245762370 | Size: 185233 MB
User = LL1 ... OK
User = LL2 ... OK

Mě odkazy na RK fungují, tak asi to byl je výpadek. Logy nedávej do spoilerů, nedá se to pořádně luštit.

Zavři všechny programy a prohlížeče. Deaktivuj antivir a firewall.
Prosím, odpoj všechny USB nebo externí disky z počítače před spuštěním tohoto programu.
Spusť RogueKiller ( Pro Windows Vista nebo Windows 7, klepni pravým a vyber "Spustit jako správce", ve Windows XP poklepej ke spuštění).
- Počkej, až Prescan dokončí práci...
- Počkej, dokud status okno zobrazuje "Prohledat "
- V záložkách (Registry , Tasks , Web Browser apod.) vše zatrhni (dej zatržítka).
- Klikni na "Smazat"
- Počkej, dokud Status box zobrazuje " Mazání dokončeno "
- Klikni na "Zpráva" a zkopíruj a vlož obsah té zprávy prosím sem. Log je možno nalézt v RKreport [číslo]. txt na ploše.
- Zavři RogueKiller

====================================================

Stáhni
Zoek.exe

a ulož si ho na plochu.
Zavři všechny ostatní programy, okna i prohlížeče.
Spusť Zoek.exe ( u win vista , win7, 8 klikni na něj pravým a vyber : „Spustit jako správce“
- pozor, náběh programu může trvat déle.

Do okna programu vlož skript níže:


Klikni na Run Script
Program provede sken, opravu, sken i oprava může trvat i více minut, je třeba posečkat do konce. Do okna neklikej!
Program nabídne restart , potvrď .

Po restartu se může nějaký čas ukázat pouze černá plocha , to je normální. Je třeba počkat až se vytvoří log. Ten si můžeš uložit třeba do dokumentů, jinak se sám ukládá do:
C:\zoek-results.log
Zkopíruj sem celý obsah toho logu.

====================================================

Co problémy? + nový log z HJT

//Double post

Ok, první log je RK, druhý ze Zoeku a poslední z HJT. Jinak když zapnu PC, tak už ten Silverlight není v procesech.

RogueKiller V10.10.5.0 (x64) [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Webová stránka : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spuštěno : Normální režim
Uživatel : Jirka [Práva správce]
Started from : C:\Users\Jirka\Desktop\RogueKillerX64.exe
Mód : Smazat -- Datum : 09/19/2015 00:13:31

¤¤¤ Procesy : 0 ¤¤¤

¤¤¤ Registry : 10 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Smazáno
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\FairplayKD (\??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys) -> Smazáno
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/groups/3105325 ... 5/?fref=nf -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.facebook.com/groups/3105325 ... 5/?fref=nf -> Nahrazeno (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{AF53C706-0D93-41BB-B1C9-61E69D6EC366} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Nahrazeno ()
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1172406430-1104187383-2876399737-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Nahrazeno (1)

¤¤¤ Úlohy : 0 ¤¤¤

¤¤¤ Soubory : 0 ¤¤¤

¤¤¤ Soubor HOSTS : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 bandicam.comSmazáno
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ssl.bandisoft.comSmazáno

¤¤¤ Antirootkit : 7 (Driver: Nahrán) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CREATE[0] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_POWER[22] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x41824b9600000000
[IRP:Addr(Hook.IRP)] \SystemRoot\system32\drivers\intelide.sys - IRP_MJ_PNP[27] : Unknown @ 0x41824b9600000000

¤¤¤ Webové prohlížeče : 3 ¤¤¤
[FIREFX:Addon] mr71hqwk.default : avast! Online Security [wrc@avast.com] -> Smazáno
[FIREFX:Addon] mr71hqwk.default : Adblock Plus [{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}] -> Smazáno
[FIREFX:Addon] mr71hqwk.default : anonymoX [client@anonymox.net] -> Smazáno

¤¤¤ Kontrola MBR : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HD322HJ ATA Device +++++
--- User ---
[MBR] 3366e2830b24cf6fdc4653f52419481f
[BSP] f3f5a7420a334b8c11b321397212cf63 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 119900 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 245762370 | Size: 185233 MB
User = LL1 ... OK
User = LL2 ... OK


==================================================================================================================



Zoek.exe v5.0.0.0 Updated 17-09-2015
Tool run by Jirka on so 19.09.2015 at 0:16:25,80.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jirka\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

19.9.2015 0:18:09 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully
C:\PROGRA~2\COMMON~1\EAInstaller deleted successfully
C:\Users\Jirka\AppData\Roaming\Octoshape deleted successfully
C:\Users\Jirka\AppData\Roaming\Publish Providers deleted successfully
C:\Users\Jirka\AppData\Local\DayZ deleted successfully
C:\Users\Jirka\AppData\Local\Downloaded Installations deleted successfully
C:\Users\Jirka\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Jirka\AppData\Local\EmieSiteList deleted successfully
C:\Users\Jirka\AppData\Local\EmieUserList deleted successfully
C:\Users\Sh4k4ldo\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\mr71hqwk.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com/");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\mr71hqwk.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\mr71hqwk.default

user.js not found
---- Lines webporpoise removed from prefs.js ----
user_pref("extensions.webporpoise.asul", "1407416144349");
user_pref("extensions.webporpoise.aul", "1408648373223");
user_pref("extensions.webporpoise.irl", true);
user_pref("extensions.webporpoise.is", "IM27lsCZ");
user_pref("extensions.webporpoise.ug", "3D086A9E-B00F-4342-A7EE-4D9D702704B3");
---- FireFox user.js and prefs.js backups ----

prefs_19.09.2015_0030_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome.3QE66HLOTQYSXWQ7GETWNW4VEU\shell\open\command]
@="C:\\Users\\Jirka\\AppData\\Local\\Google\\Chrome\\Application\\old_chrome.exe"

==== Deleting Files \ Folders ======================

C:\PROGRA~2\AGEIA Technologies not found
C:\Users\Jirka\AppData\Roaming\.technic deleted
C:\Users\Jirka\.android deleted
C:\Users\Jirka\AppData\Roaming\2.txt deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Jirka\AppData\Local\{964CEE3F-13E8-4AC2-B7DF-F35C205D6334} deleted
C:\Users\Jirka\AppData\Local\Unity deleted
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847} deleted
C:\Users\Jirka\AppData\LocalLow\Unity deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
"C:\Users\Jirka\AppData\Local\LumaEmu" deleted
"C:\ProgramData\cb73da61608e8523ef35903a25d1d11e_c" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\mr71hqwk.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jirka\AppData\Roaming\Mozilla\Firefox\Profiles\mr71hqwk.default
0015C790161C5698FDDC22613C19533B - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll - Shockwave for Director / Shockwave for Director


==== Chromium Look ======================


SIH - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
Disable Timeline on Facebook - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\efegkamagjpaioecemiekbhdgehlnaoe
Halo 4 Theme - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gicmfcfiapdgllojipocnaeikejjaigj
Until AM for Chrome - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjafmkicbmhcbapadecadciafbkecofl
Cheat in your favorite games - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\oaggpdjanjhebmfhegdkjbjnooofmfhb
Texas Holdem Poker - Jirka\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojbaogcpfpkhbmjmefladpimcmfggkjl
SIH - Jirka\AppData\Roaming\Opera Software\Opera Stable\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl
LoungeDestroyer - Jirka\AppData\Roaming\Opera Software\Opera Stable\Extensions\ghahcnmfjfckcedfajbhekgknjdplfcl
S.T.H. - Jirka\AppData\Roaming\Opera Software\Opera Stable\Extensions\lhoahihokddepjlegpenefeaahdkojog
plug³ - Jirka\AppData\Roaming\Opera Software\Opera Stable\Extensions\pgpngjnicamooaemannphpiffajbmbie

==== Chromium Fix ======================

C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\Extensions\lhoahihokddepjlegpenefeaahdkojog deleted successfully
C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\Local Storage\chrome-extension_lhoahihokddepjlegpenefeaahdkojog_0.localstorage deleted successfully
C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\databases\chrome-extension_lhoahihokddepjlegpenefeaahdkojog_0 deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Default_Page_URL"="http://www.google.com/"
"Search Page"="http://www.google.com"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com/"
"Start Page"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.google.com/"
"Start Page"="http://www.google.com/"
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Sh4k4ldo\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Jirka\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully
C:\Users\Sh4k4ldo\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Sh4k4ldo\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileConnect deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jirka\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Sh4k4ldo\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=2239 folders=580 653344796 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jirka\AppData\Local\Temp will be emptied at reboot
C:\Users\Sh4k4ldo\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jirka\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on so 19.09.2015 at 8:25:38,06 ======================

Ještě přikládám log z HJT, který se nevlezl.



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:36:19, on 19.9.2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18015)
CHROME: 45.0.2454.93
FIREFOX: 33.1.1 (x86 cs)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Jirka\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\BlueStacks\HD-Agent.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera_crashreporter.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Program Files (x86)\Opera\32.0.1948.25\opera.exe
C:\Users\Jirka\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
O4 - HKCU\..\Run: [f.lux] "C:\Users\Jirka\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
O4 - HKCU\..\Run: [BloodyToneMaker] "C:\Program Files (x86)\BloodyToneMaker\BloodyToneMaker\Bloody ToneMaker1.exe" Minimum
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "D:\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {26ACAE6F-BC95-44B4-9150-61E4D20D5C2E} (Activex Control) - http://mhd.frag.cz/loadgame_et.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - D:\Origin\OriginClientService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10651 bytes

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

Mohu se jen zeptat proč pořád tady tyto programy? Ten vir už v PC není, ne? V procesech není a na Steam jsem se už několikrát přihlašoval.

Měl si tam backdoor a trojany , mohlo tam ještě něco zůstat , co ty programy nenašly. Ale jak chceš..