VIRY.CZ

Zdravím, příšerně se mi zpomalil notebook, někde asi chyba. Prosím o kontrolu logu, který přikládám níže. Děkuji za odpovědi.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:36, on 28.2.2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Windows\OEM13Mon.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\AVG Web TuneUp\vprot.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\AVG\Framework\Common\avguix.exe
C:\Program Files\AVG\Av\avgui.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Gabca\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mysearch.avg.com/?cid={E1EDAB5C ... 2014-12-11 12:58:55&v=4.2.5.441&pid=wtu&sg=&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1ewenusDefaultPack/UP97_FRPage
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Web TuneUp - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [OEM13Mon.exe] C:\Windows\OEM13Mon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\Av\avuirunnerx.exe" C:\Program Files\AVG\Av\avgui.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Web TuneUp\vprot.exe"
O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgidsagent.exe
O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Av\avgwdsvcx.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HTCMonitorService - Nero AG - C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
O23 - Service: O2FLASH (o2flash) - O2Micro International - C:\Windows\system32\DRIVERS\o2flash.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: vToolbarUpdater40.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe

--
End of file - 7721 bytes

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem. Děkuji.

Rudy píše:Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 . HijackThis je už za zenitem. Děkuji.

Přikládám níže:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-02-2016
Ran by Gabca (administrator) on GABCA-PC (28-02-2016 20:11:48)
Running from C:\Users\Gabca\Downloads
Loaded Profiles: Gabca (Available Profiles: Gabca)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-02-04] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2874440 2016-02-23] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: {fb340dc6-0408-11e3-8fc6-002170a5fcc5} - F:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{EE6E886F-BA96-423C-85E0-9F628A23B32B}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{FF3BBD7E-2F67-4515-A199-FA23372CBC47}: [DhcpNameServer] 10.0.0.138 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E1EDAB5C-0F7F-42D6-8DF4-BFDFE641F7DF}&mid=dda663e097c847d3abd9d16836411536-5ac7a0a3cab68c333cbf7da2fb234ccfdacd68e8&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 12:58:55&v=4.2.5.441&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E1EDAB5C-0F7F-42D6-8DF4-BFDFE641F7DF}&mid=dda663e097c847d3abd9d16836411536-5ac7a0a3cab68c333cbf7da2fb234ccfdacd68e8&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 12:58:55&v=4.2.5.441&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-23] (AVG)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-09] [not signed]

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (AVG Secure Search) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-09]
CHR Extension: (Skype) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2008-02-04] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 vToolbarUpdater40.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-23] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 qcserxp; C:\Windows\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated) [File not signed]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 20:11 - 2016-02-28 20:12 - 00016879 _____ C:\Users\Gabca\Downloads\FRST.txt
2016-02-28 20:11 - 2016-02-28 20:11 - 01722368 _____ (Farbar) C:\Users\Gabca\Downloads\FRST.exe
2016-02-28 20:11 - 2016-02-28 20:11 - 00000000 ____D C:\FRST
2016-02-28 20:10 - 2016-02-28 20:10 - 00112640 _____ (forum.viry.cz) C:\Users\Gabca\Downloads\Nepotvrzeno 152789.crdownload
2016-02-28 19:28 - 2016-02-28 19:28 - 00000000 ____D C:\Users\Gabca\Downloads\backups
2016-02-28 19:19 - 2016-02-28 19:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (2).exe
2016-02-28 19:15 - 2016-02-28 19:15 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (1).exe
2016-02-28 19:12 - 2016-02-28 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis.exe
2016-02-28 18:53 - 2016-02-28 18:55 - 00000000 ____D C:\Windows\system32\ca-ES
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\vi-VN
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\eu-ES
2016-02-28 18:25 - 2016-02-28 18:25 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-09 00:50 - 2016-02-09 00:50 - 00033792 _____ C:\Users\Gabca\Downloads\divadla (1).xls
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\AVG
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Local\Avg
2016-02-02 10:57 - 2016-02-02 10:57 - 00000735 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-02 10:56 - 2016-02-02 11:00 - 00000000 ____D C:\ProgramData\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 20:09 - 2013-04-10 09:44 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\Skype
2016-02-28 20:09 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-28 20:09 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 19:55 - 2013-04-10 09:34 - 00000000 ____D C:\ProgramData\MFAData
2016-02-28 19:20 - 2013-04-10 20:36 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 19:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-02-28 19:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-02-28 19:05 - 2006-11-02 11:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-28 19:04 - 2013-05-05 22:13 - 00000000 ____D C:\Users\Gabca\AppData\Local\Htc
2016-02-28 19:02 - 2015-07-31 10:25 - 00000000 ____D C:\Users\Gabca\AppData\Local\HTC MediaHub
2016-02-28 19:02 - 2013-04-10 20:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-28 19:01 - 2013-04-10 20:36 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-10 20:36 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000955 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000921 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-02-28 19:00 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-28 18:59 - 2006-11-02 13:47 - 00375360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-28 18:57 - 2006-11-02 14:01 - 00020620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lv-LV
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\et-EE
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\servicing
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\IME
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\setup
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\oobe
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lt-LT
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-28 18:51 - 2013-04-09 23:09 - 00000000 ____D C:\Windows\system32\RTCOM
2016-02-28 18:15 - 2014-12-11 12:58 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-27 14:33 - 2015-04-01 16:33 - 00000440 ____H C:\Windows\Tasks\Norton Security Scan for Gabca.job
2016-02-23 13:18 - 2015-05-08 10:24 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-13 03:08 - 2013-07-19 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-13 03:02 - 2006-11-02 11:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-02 11:04 - 2015-11-04 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-02 11:04 - 2013-04-10 09:37 - 00000000 ___HD C:\$AVG
2016-02-02 11:04 - 2013-04-10 09:36 - 00000000 ____D C:\Program Files\AVG
2016-02-02 10:58 - 2014-12-11 12:59 - 00000000 ____D C:\Users\Gabca\AppData\Local\AVG Web TuneUp

==================== Files in the root of some directories =======

2013-04-09 19:21 - 2013-04-09 19:37 - 0000680 _____ () C:\Users\Gabca\AppData\Local\d3d9caps.dat
2013-04-16 09:07 - 2015-10-19 16:59 - 0029184 _____ () C:\Users\Gabca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Gabca\AppData\Local\Temp\hnmwhdkm.dll
C:\Users\Gabca\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 19:04

==================== End of FRST.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-02-2016
Ran by Gabca (administrator) on GABCA-PC (28-02-2016 20:11:48)
Running from C:\Users\Gabca\Downloads
Loaded Profiles: Gabca (Available Profiles: Gabca)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\loggingserver.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
() C:\Program Files\AVG Web TuneUp\vprot.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-02-04] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [vProt] => C:\Program Files\AVG Web TuneUp\vprot.exe [2874440 2016-02-23] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: {fb340dc6-0408-11e3-8fc6-002170a5fcc5} - F:\Autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{EE6E886F-BA96-423C-85E0-9F628A23B32B}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{FF3BBD7E-2F67-4515-A199-FA23372CBC47}: [DhcpNameServer] 10.0.0.138 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E1EDAB5C-0F7F-42D6-8DF4-BFDFE641F7DF}&mid=dda663e097c847d3abd9d16836411536-5ac7a0a3cab68c333cbf7da2fb234ccfdacd68e8&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 12:58:55&v=4.2.5.441&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={E1EDAB5C-0F7F-42D6-8DF4-BFDFE641F7DF}&mid=dda663e097c847d3abd9d16836411536-5ac7a0a3cab68c333cbf7da2fb234ccfdacd68e8&lang=cs&ds=AVG&coid=avgtbavg&cmpid=1214av&pr=fr&d=2014-12-11 12:58:55&v=4.2.5.441&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll [2016-02-23] (AVG)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll [2014-12-11] (AVG Secure Search)

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.6\\npsitesafety.dll [No File]
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2011-06-06] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-09] [not signed]

Chrome:
=======
CHR HomePage: Default -> mysearch.avg.com/?rvt=1
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR DefaultSearchURL: Default -> hxxps://mysearch.avg.com/search?rvt=1&sap=dsp&q={searchTerms}
CHR DefaultSearchKeyword: Default -> https://mysearch.avg.com
CHR DefaultSuggestURL: Default -> hxxps://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (AVG Secure Search) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn [2016-02-09]
CHR Extension: (Vyhledávání Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-09]
CHR Extension: (Skype) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2008-02-04] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 vToolbarUpdater40.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\40.2.6\ToolbarUpdater.exe [1949768 2016-02-23] (AVG Secure Search)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 qcserxp; C:\Windows\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated) [File not signed]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 20:11 - 2016-02-28 20:12 - 00016879 _____ C:\Users\Gabca\Downloads\FRST.txt
2016-02-28 20:11 - 2016-02-28 20:11 - 01722368 _____ (Farbar) C:\Users\Gabca\Downloads\FRST.exe
2016-02-28 20:11 - 2016-02-28 20:11 - 00000000 ____D C:\FRST
2016-02-28 20:10 - 2016-02-28 20:10 - 00112640 _____ (forum.viry.cz) C:\Users\Gabca\Downloads\Nepotvrzeno 152789.crdownload
2016-02-28 19:28 - 2016-02-28 19:28 - 00000000 ____D C:\Users\Gabca\Downloads\backups
2016-02-28 19:19 - 2016-02-28 19:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (2).exe
2016-02-28 19:15 - 2016-02-28 19:15 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (1).exe
2016-02-28 19:12 - 2016-02-28 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis.exe
2016-02-28 18:53 - 2016-02-28 18:55 - 00000000 ____D C:\Windows\system32\ca-ES
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\vi-VN
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\eu-ES
2016-02-28 18:25 - 2016-02-28 18:25 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-09 00:50 - 2016-02-09 00:50 - 00033792 _____ C:\Users\Gabca\Downloads\divadla (1).xls
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\AVG
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Local\Avg
2016-02-02 10:57 - 2016-02-02 10:57 - 00000735 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-02 10:56 - 2016-02-02 11:00 - 00000000 ____D C:\ProgramData\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 20:09 - 2013-04-10 09:44 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\Skype
2016-02-28 20:09 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-28 20:09 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 19:55 - 2013-04-10 09:34 - 00000000 ____D C:\ProgramData\MFAData
2016-02-28 19:20 - 2013-04-10 20:36 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 19:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-02-28 19:05 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-02-28 19:05 - 2006-11-02 11:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-28 19:04 - 2013-05-05 22:13 - 00000000 ____D C:\Users\Gabca\AppData\Local\Htc
2016-02-28 19:02 - 2015-07-31 10:25 - 00000000 ____D C:\Users\Gabca\AppData\Local\HTC MediaHub
2016-02-28 19:02 - 2013-04-10 20:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-28 19:01 - 2013-04-10 20:36 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-10 20:36 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000955 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000921 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-02-28 19:00 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-28 18:59 - 2006-11-02 13:47 - 00375360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-28 18:57 - 2006-11-02 14:01 - 00020620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lv-LV
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\et-EE
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\servicing
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\IME
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\setup
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\oobe
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lt-LT
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-28 18:51 - 2013-04-09 23:09 - 00000000 ____D C:\Windows\system32\RTCOM
2016-02-28 18:15 - 2014-12-11 12:58 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-27 14:33 - 2015-04-01 16:33 - 00000440 ____H C:\Windows\Tasks\Norton Security Scan for Gabca.job
2016-02-23 13:18 - 2015-05-08 10:24 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-13 03:08 - 2013-07-19 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-13 03:02 - 2006-11-02 11:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-02 11:04 - 2015-11-04 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-02 11:04 - 2013-04-10 09:37 - 00000000 ___HD C:\$AVG
2016-02-02 11:04 - 2013-04-10 09:36 - 00000000 ____D C:\Program Files\AVG
2016-02-02 10:58 - 2014-12-11 12:59 - 00000000 ____D C:\Users\Gabca\AppData\Local\AVG Web TuneUp

==================== Files in the root of some directories =======

2013-04-09 19:21 - 2013-04-09 19:37 - 0000680 _____ () C:\Users\Gabca\AppData\Local\d3d9caps.dat
2013-04-16 09:07 - 2015-10-19 16:59 - 0029184 _____ () C:\Users\Gabca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Gabca\AppData\Local\Temp\hnmwhdkm.dll
C:\Users\Gabca\AppData\Local\Temp\SkypeSetup.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 19:04

==================== End of FRST.txt ============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

# AdwCleaner v5.037 - Logfile created 28/02/2016 at 21:27:31
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows Vista (TM) Business Service Pack 2 (x86)
# Username : Gabca - GABCA-PC
# Running from : C:\Users\Gabca\Downloads\adwcleaner_5.037 (1).exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.6

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb
[-] Folder Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfdnecihphmhljaaejmgoiahnihplgn

***** [ Files ] *****

[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage
[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_chfdnecihphmhljaaejmgoiahnihplgn_0.localstorage-journal
[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_mysearch.avg.com_0.localstorage-journal
[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : chfdnecihphmhljaaejmgoiahnihplgn

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [4489 bytes] - [28/02/2016 21:27:31]
C:\AdwCleaner\AdwCleaner[S1].txt - [4364 bytes] - [28/02/2016 21:25:13]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4635 bytes] ##########

Dejte nový log FRST.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-02-2016
Ran by Gabca (administrator) on GABCA-PC (28-02-2016 22:01:59)
Running from C:\Users\Gabca\Downloads
Loaded Profiles: Gabca (Available Profiles: Gabca)
Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgcsrvx.exe
() C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avgsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgwdsvcx.exe
(Nero AG) C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgemcx.exe
() C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Creative Technology Ltd.) C:\Windows\OEM13Mon.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Av\avgui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [OEM13Mon.exe] => C:\Windows\OEM13Mon.exe [36864 2008-01-07] (Creative Technology Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Windows\system32\WLTRAY.exe [3563520 2009-01-20] (Dell Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-02-04] (Realtek Semiconductor)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\Av\avgui.exe [3873704 2016-01-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [HTC Sync Loader] => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [655360 2012-12-12] ()
HKLM\...\Run: [AvgUi] => C:\Program Files\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: {fb340dc6-0408-11e3-8fc6-002170a5fcc5} - F:\Autorun.exe
BootExecute: autocheck autochk /r \??\C:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{EE6E886F-BA96-423C-85E0-9F628A23B32B}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{FF3BBD7E-2F67-4515-A199-FA23372CBC47}: [DhcpNameServer] 10.0.0.138 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/UP97_FRPage
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKU\S-1-5-21-2545414933-95109104-453651295-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)

FireFox:
========
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-09] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP97&ocid=UP97DHP"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-11]
CHR Extension: (Disk Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Vyhledávání Google) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Dokumenty Google offline) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-09]
CHR Extension: (Skype) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-02-09]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-17]
CHR Extension: (Gmail) - C:\Users\Gabca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-18]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2008-02-04] (Andrea Electronics Corporation)
R2 AVGIDSAgent; C:\Program Files\AVG\Av\avgidsagent.exe [3881696 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files\AVG\Framework\Common\avgsvcx.exe [865704 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\Av\avgwdsvcx.exe [561104 2016-01-25] (AVG Technologies CZ, s.r.o.)
R2 HTCMonitorService; C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 o2flash; C:\Windows\system32\DRIVERS\o2flash.exe [71512 2008-07-29] (O2Micro International)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2009-01-20] (Dell Inc.) [File not signed]
R2 WtuSystemSupport; C:\Program Files\AVG Web TuneUp\WtuSystemSupport.exe [1205832 2016-02-02] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [149936 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [257456 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [207792 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [31664 2015-11-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [229296 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [308656 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [198576 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [37296 2015-12-04] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [231856 2015-10-08] (AVG Technologies CZ, s.r.o.)
R0 Avgunivx; C:\Windows\System32\DRIVERS\avgunivx.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2009-01-20] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [389968 2015-11-18] (Symantec Corporation)
R3 OEM13Vfx; C:\Windows\System32\DRIVERS\OEM13Vfx.sys [7424 2007-03-05] (EyePower Games Pte. Ltd.)
R3 OEM13Vid; C:\Windows\System32\DRIVERS\OEM13Vid.sys [235840 2008-05-28] (Creative Technology Ltd.)
S3 qcserxp; C:\Windows\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated) [File not signed]
S3 HTCAND32; System32\Drivers\ANDROIDUSB.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 21:53 - 2016-02-28 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-28 21:53 - 2016-02-28 21:53 - 00000000 ____D C:\Program Files\Common Files\Skype
2016-02-28 21:25 - 2016-02-28 21:27 - 00000000 ____D C:\AdwCleaner
2016-02-28 21:24 - 2016-02-28 21:24 - 01518592 _____ C:\Users\Gabca\Downloads\adwcleaner_5.037 (1).exe
2016-02-28 21:18 - 2016-02-28 21:18 - 01518592 _____ C:\Users\Gabca\Downloads\adwcleaner_5.037.exe
2016-02-28 20:12 - 2016-02-28 20:14 - 00023455 _____ C:\Users\Gabca\Downloads\Addition.txt
2016-02-28 20:11 - 2016-02-28 22:02 - 00014638 _____ C:\Users\Gabca\Downloads\FRST.txt
2016-02-28 20:11 - 2016-02-28 22:01 - 00000000 ____D C:\FRST
2016-02-28 20:11 - 2016-02-28 20:11 - 01722368 _____ (Farbar) C:\Users\Gabca\Downloads\FRST.exe
2016-02-28 20:10 - 2016-02-28 20:10 - 00112640 _____ (forum.viry.cz) C:\Users\Gabca\Downloads\Nepotvrzeno 152789.crdownload
2016-02-28 19:28 - 2016-02-28 19:28 - 00000000 ____D C:\Users\Gabca\Downloads\backups
2016-02-28 19:19 - 2016-02-28 19:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (2).exe
2016-02-28 19:15 - 2016-02-28 19:15 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis (1).exe
2016-02-28 19:12 - 2016-02-28 19:12 - 00388608 _____ (Trend Micro Inc.) C:\Users\Gabca\Downloads\hijackthis.exe
2016-02-28 18:53 - 2016-02-28 18:55 - 00000000 ____D C:\Windows\system32\ca-ES
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\vi-VN
2016-02-28 18:53 - 2016-02-28 18:54 - 00000000 ____D C:\Windows\system32\eu-ES
2016-02-28 18:25 - 2016-02-28 18:25 - 00000000 ____D C:\Windows\system32\EventProviders
2016-02-09 00:50 - 2016-02-09 00:50 - 00033792 _____ C:\Users\Gabca\Downloads\divadla (1).xls
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\AVG
2016-02-02 11:04 - 2016-02-02 11:04 - 00000000 ____D C:\Users\Gabca\AppData\Local\Avg
2016-02-02 10:57 - 2016-02-02 10:57 - 00000735 _____ C:\Users\Public\Desktop\AVG.lnk
2016-02-02 10:57 - 2016-02-02 10:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2016-02-02 10:56 - 2016-02-02 11:00 - 00000000 ____D C:\ProgramData\Avg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-28 21:56 - 2013-04-10 20:40 - 00002425 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-02-28 21:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\inf
2016-02-28 21:55 - 2006-11-02 11:33 - 00703388 _____ C:\Windows\system32\PerfStringBackup.INI
2016-02-28 21:54 - 2013-04-10 09:44 - 00000000 ____D C:\Users\Gabca\AppData\Roaming\Skype
2016-02-28 21:53 - 2014-06-13 19:15 - 00001896 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-28 21:53 - 2013-04-10 09:44 - 00000000 ___RD C:\Program Files\Skype
2016-02-28 21:53 - 2013-04-10 09:44 - 00000000 ____D C:\ProgramData\Skype
2016-02-28 21:51 - 2013-05-05 22:13 - 00000000 ____D C:\Users\Gabca\AppData\Local\Htc
2016-02-28 21:50 - 2015-07-31 10:25 - 00000000 ____D C:\Users\Gabca\AppData\Local\HTC MediaHub
2016-02-28 21:50 - 2013-04-10 20:36 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-28 21:50 - 2013-04-10 09:34 - 00000000 ____D C:\ProgramData\MFAData
2016-02-28 21:49 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-02-28 21:49 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2016-02-28 21:49 - 2006-11-02 13:47 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2016-02-28 21:48 - 2006-11-02 14:01 - 00021356 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-28 21:20 - 2013-04-10 20:36 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-28 19:16 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\rescache
2016-02-28 19:01 - 2013-04-10 20:36 - 00001989 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-10 20:36 - 00001977 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000955 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-28 19:01 - 2013-04-09 19:21 - 00000921 _____ C:\Users\Gabca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2016-02-28 18:59 - 2006-11-02 13:47 - 00375360 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Sidebar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Photo Gallery
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Collaboration
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Calendar
2016-02-28 18:55 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Movie Maker
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lv-LV
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\et-EE
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\servicing
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\IME
2016-02-28 18:55 - 2006-11-02 12:18 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\SLUI
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\setup
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\oobe
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\manifeststore
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\lt-LT
2016-02-28 18:54 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2016-02-28 18:51 - 2013-04-09 23:09 - 00000000 ____D C:\Windows\system32\RTCOM
2016-02-28 18:15 - 2014-12-11 12:58 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-27 14:33 - 2015-04-01 16:33 - 00000440 ____H C:\Windows\Tasks\Norton Security Scan for Gabca.job
2016-02-23 13:18 - 2015-05-08 10:24 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-13 03:08 - 2013-07-19 02:01 - 00000000 ____D C:\Windows\system32\MRT
2016-02-13 03:02 - 2006-11-02 11:24 - 144254680 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2016-02-02 11:04 - 2015-11-04 09:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-02 11:04 - 2013-04-10 09:37 - 00000000 ___HD C:\$AVG
2016-02-02 11:04 - 2013-04-10 09:36 - 00000000 ____D C:\Program Files\AVG
2016-02-02 10:58 - 2014-12-11 12:59 - 00000000 ____D C:\Users\Gabca\AppData\Local\AVG Web TuneUp

==================== Files in the root of some directories =======

2013-04-09 19:21 - 2013-04-09 19:37 - 0000680 _____ () C:\Users\Gabca\AppData\Local\d3d9caps.dat
2013-04-16 09:07 - 2015-10-19 16:59 - 0029184 _____ () C:\Users\Gabca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Some files in TEMP:
====================
C:\Users\Gabca\AppData\Local\Temp\hnmwhdkm.dll
C:\Users\Gabca\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Gabca\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 21:57

==================== End of FRST.txt ============================

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-2545414933-95109104-453651295-1000\...\MountPoints2: {fb340dc6-0408-11e3-8fc6-002170a5fcc5} - F:\Autorun.exe
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
SearchScopes: HKU\S-1-5-21-2545414933-95109104-453651295-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97 ... -SearchBox
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
C:\Program Files\Skype\Toolbars
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-10-09] (Skype Technologies S.A.)
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\48.0.2564.116\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Gabca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\Gabca\AppData\Local\Temp
End

Uložte do C:\Users\Gabca\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

VIRY.CZ

Prosím o kontrolu logu - totálně pomalý počítač

Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač

Re: Prosím o kontrolu logu - totálně pomalý počítač