PC-HELP.CZ

Ahojky, prosím o kontrolu logu, noťas špatně startuje, občas se seká a zpomaluje.
Občas se objeví hláška - explorer exe chyba aplikace. Děkuji Jarka

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:24:47, on 27.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\opera.exe
C:\Users\sora.group\Desktop\Nová složka\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=14737&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C03E4588-3E6E-4DF0-A2D2-06E59E2221E6}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 8933 bytes

Zdravím,

odinstaluj:
Ask Toolbar
Deamon Tools Toolbar

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Deamon Tools Toolbar jsem odinstalovala, Ask Toolbar jsem v PC nikde nenašla, jenom knihovnu ddl s tímto názvem u PowerArchiver.
ATF-Cleaner mi hlásí - no files were removed.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5615

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

27.1.2011 8:39:09
mbam-log-2011-01-27 (08-39-09).txt

Typ kontroly: Rychlý test
Testované objekty: 173087
Uplynulý čas: 6 minut, 43 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Ještě ....

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Po ukončení ComboFixu nejde otevřít prohlížeč, píše to hlášku:
-Pokus otevřít neplatnou operaci na klíč registru, který je označen pro odstranění
otevřela jsem ho až příkazem spustit jako správce


ComboFix 11-01-26.01 - sora.group 27.01.2011 9:06.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1202 [GMT 1:00]
Spuštěný z: c:\users\sora.group\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\UNWISE.EXE

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-27 do 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 08:20 . 2011-01-27 08:25 -------- d-----w- c:\users\sora.group\AppData\Local\temp
2011-01-27 08:20 . 2011-01-27 08:20 -------- d-----w- c:\users\SORA~1~GRO\AppData\Local\temp
2011-01-27 08:20 . 2011-01-27 08:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-27 08:20 . 2011-01-27 08:20 -------- d-----w- c:\users\Lucka.PAVEL-PC\AppData\Local\temp
2011-01-27 08:20 . 2011-01-27 08:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-26 12:36 . 2011-01-26 12:36 -------- d-----w- c:\users\sora.group\AppData\Roaming\YCanPDF
2011-01-26 12:04 . 2011-01-26 12:04 -------- d-----w- c:\users\sora.group\AppData\Local\ABBYY
2011-01-26 07:34 . 2011-01-26 07:34 439632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA3AB897-8B4F-4D6D-9737-54E8C99F65CB}\gapaengine.dll
2011-01-26 07:34 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79141611-0AF1-4151-AFB7-09F042BA710F}\mpengine.dll
2011-01-26 07:07 . 2011-01-26 07:07 -------- d-----w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures
2011-01-26 07:06 . 2011-01-26 07:08 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 07:05 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-25 16:24 . 2011-01-25 16:24 -------- d-----w- c:\users\sora.group\AppData\Roaming\Thunderbird
2011-01-25 16:24 . 2011-01-25 16:24 -------- d-----w- c:\users\sora.group\AppData\Local\Thunderbird
2011-01-25 15:37 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-01-25 15:37 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-01-25 15:05 . 2011-01-25 15:05 -------- d-----w- c:\users\sora.group\AppData\Local\Windows Live Writer
2011-01-25 15:05 . 2011-01-25 15:05 -------- d-----w- c:\users\sora.group\AppData\Roaming\Windows Live Writer
2011-01-12 06:23 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 06:23 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 06:23 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 06:23 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 06:23 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 06:23 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 06:23 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 16:54 . 2000-05-22 00:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-01-06 16:54 . 2011-01-06 17:03 -------- d-----w- c:\program files\Kalkulace nové komíny
2010-12-30 17:26 . 2010-12-30 17:26 -------- d-----w- c:\users\Lucka.PAVEL-PC\AppData\Local\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2010-07-02 21:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-02 21:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 15:30 . 2010-11-09 15:30 191488 ----a-w- c:\windows\system32\hlvdd.dll
2010-11-04 18:56 . 2010-12-16 07:00 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 07:00 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 07:00 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 07:00 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 07:00 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-16 06:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-16 06:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-16 06:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-16 06:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-16 06:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-16 06:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-16 06:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-16 06:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2010-3-23 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sora.group^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\sora.group\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-12 18:24 699456 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 11:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 05:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-14 20:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R1 MpKsla55b90e7;MpKsla55b90e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79141611-0AF1-4151-AFB7-09F042BA710F}\MpKsla55b90e7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 697328]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-24 142592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=14737&l=dis
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {C03E4588-3E6E-4DF0-A2D2-06E59E2221E6} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com?o=14737&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?clien ... YYYYYCZ&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Ask Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSConfigStartUp-SysTrayApp - %ProgramFiles%\IDT\WDM\sttray.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-HijackThis - i:\download\software\Nová složka\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 09:25
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(4048)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Celkový čas: 2011-01-27 09:34:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-27 08:34

Před spuštěním: Volných bajtů: 85 358 469 120
Po spuštění: Volných bajtů: 84 323 123 200

- - End Of File - - 9698AF17BAD44F19C68E874704803E49

Odinstaluj Spyware Terminátora

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu

ComboFix 11-01-26.01 - sora.group 27.01.2011 11:10:57.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1196 [GMT 1:00]
Spuštěný z: c:\users\sora.group\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\sora.group\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\DRIVERS\eamonm.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_36c0.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\datastore\cache.sqlite
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\defaults.js.bak
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\defaults\preferences\defaults.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome.manifest
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\about.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\about.xul
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\cache.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\constants.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\core.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\custom-command-listener.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\events.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\feeds.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\json.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\lifecycle.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\listeners.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\locale.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\logger.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\network.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\observer.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\options.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\options.xul
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\preferences.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\prefetch.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\ss-popup-bindings.xml
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\suggestions.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\update.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\utilities.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\webframe-bindings.xml
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\webframe-manager.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\widget-controller.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\widget-popup.xul
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\content\widgets.js
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\abc.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\amazon_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\as.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\ask_16x16.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\ask_32x32.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\ask_browser_ff_chrome.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\asklogo.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\bbc_news.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\beppe_grillo.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\bg.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\bild.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\blogs.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\business.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\celebrity.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\close.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\cnn_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\corriere_della_sera.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\dictionary.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\el_mundo.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\email_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\expansion.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\facebook_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\folha.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\ft.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\ftd.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\g1.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\games_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\gazzetta_dello_sport.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\globe_18x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\gripper.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\highlight_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\highlighter_off.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\highlighter_on.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\hola.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\chevron.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_film1_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_history_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_news_ru_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_nu_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_radiodigital_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_sports_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_sportsru_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icon_vk_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\icons_business_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\images.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\kicker.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-de.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-en.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-es.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-fr.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-it.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-nl.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-pt.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\labels-ru.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\laposte.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\lemonde.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\lequipe.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\libero_it.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-BR.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-DE.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-ES.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-EU.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-FR.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-IT.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-NL.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-RU.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-UK.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\links-US.properties
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\logo_32x32.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\magnify_search.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\magnify_search_grey_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\maps.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\mtv.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\news.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\oglobo.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\orkut.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\personas.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\preferences.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_de.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_es.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_fr.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_it.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_nl.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pl.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_pt.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ask_ru.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_cobrand.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_current_site.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_de.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_es.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_fr.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_grey_73x24.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_it.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_nl.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_pl.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_pt.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\search_ru.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\shopping.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\sports.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\stocks.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\terra.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\titlebar_bg.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\toolbar.css
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\toolbar.xul
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\tv.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\tv_movie_de.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\uol.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\voici_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\weather.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\weather_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\web.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\web_de.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\wordoftheday_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\youtube_16x.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\skin\zoomall.png
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-19-Jul-2010-05-17-32-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-27-Sep-2010-08-21-10-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-07-Aug-2010-22-09-00-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-09-Dec-2010-13-26-27-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-22-Jul-2010-05-04-27-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-28-Oct-2010-14-01-54-GMT\ff-config.zip
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\install.rdf
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1291979104277.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292002251036.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292022782355.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292126501983.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292212607251.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292235830363.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292248056723.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292356126899.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1292357747508.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1293026051118.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1293065588016.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1293088955092.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1293608571237.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1293609913665.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1294209626520.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1294736058707.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1294736248018.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1295186216997.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1295207112653.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\logs\asktb-log-1295508719373.html
c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\extensions\toolbar@ask.com\searchplugins\askcom.xml

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_EAMONM
-------\Service_eamonm


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-27 do 2011-01-27 )))))))))))))))))))))))))))))))
.

2011-01-27 10:24 . 2011-01-27 10:28 -------- d-----w- c:\users\sora.group\AppData\Local\temp
2011-01-27 10:24 . 2011-01-27 10:24 -------- d-----w- c:\users\SORA~1~GRO\AppData\Local\temp
2011-01-27 10:24 . 2011-01-27 10:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-27 10:24 . 2011-01-27 10:24 -------- d-----w- c:\users\Lucka.PAVEL-PC\AppData\Local\temp
2011-01-27 10:24 . 2011-01-27 10:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-27 10:02 . 2011-01-27 10:02 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C4A5915-D8A5-458D-B003-A751D35E1FB8}\MpKslaf481d1f.sys
2011-01-27 08:40 . 2011-01-13 00:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C4A5915-D8A5-458D-B003-A751D35E1FB8}\mpengine.dll
2011-01-26 12:36 . 2011-01-26 12:36 -------- d-----w- c:\users\sora.group\AppData\Roaming\YCanPDF
2011-01-26 12:04 . 2011-01-26 12:04 -------- d-----w- c:\users\sora.group\AppData\Local\ABBYY
2011-01-26 07:34 . 2011-01-26 07:34 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA3AB897-8B4F-4D6D-9737-54E8C99F65CB}\gapaengine.dll
2011-01-26 07:07 . 2011-01-26 07:07 -------- d-----w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures
2011-01-26 07:06 . 2011-01-26 07:08 -------- d-----w- c:\program files\Microsoft Security Client
2011-01-26 07:05 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-01-25 16:24 . 2011-01-25 16:24 -------- d-----w- c:\users\sora.group\AppData\Roaming\Thunderbird
2011-01-25 16:24 . 2011-01-25 16:24 -------- d-----w- c:\users\sora.group\AppData\Local\Thunderbird
2011-01-25 15:37 . 2003-06-19 00:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2011-01-25 15:37 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2011-01-25 15:05 . 2011-01-25 15:05 -------- d-----w- c:\users\sora.group\AppData\Local\Windows Live Writer
2011-01-25 15:05 . 2011-01-25 15:05 -------- d-----w- c:\users\sora.group\AppData\Roaming\Windows Live Writer
2011-01-12 06:23 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 06:23 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 06:23 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 06:23 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 06:23 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-12 06:23 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 06:23 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-01-06 16:54 . 2000-05-22 00:00 244416 ----a-w- c:\windows\system32\Msflxgrd.ocx
2011-01-06 16:54 . 2011-01-06 17:03 -------- d-----w- c:\program files\Kalkulace nové komíny
2010-12-30 17:26 . 2010-12-30 17:26 -------- d-----w- c:\users\Lucka.PAVEL-PC\AppData\Local\Opera

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-13 00:41 . 2010-09-27 13:23 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-20 17:09 . 2010-07-02 21:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-02 21:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 15:30 . 2010-11-09 15:30 191488 ----a-w- c:\windows\system32\hlvdd.dll
2010-11-04 18:56 . 2010-12-16 07:00 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-16 07:00 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-16 07:00 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-16 07:00 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-16 07:00 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-16 06:59 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-16 06:59 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-16 06:59 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-16 06:59 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-16 06:59 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-16 06:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-16 06:59 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-16 06:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures ----

2011-01-26 07:07 . 2011-01-26 06:59 957840 ----a-w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures\mpavdlta.vdm
2011-01-26 07:07 . 2011-01-26 06:59 378768 ----a-w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures\mpasdlta.vdm
2011-01-26 07:07 . 2011-01-22 10:32 44713360 ----a-w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures\mpavbase.vdm
2011-01-26 07:07 . 2011-01-22 10:32 12179344 ----a-w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures\mpasbase.vdm
2011-01-26 07:07 . 2011-01-13 09:41 5890896 ----a-w- c:\windows\Temp7F19D367-55AA-32C0-E5F4-CBC8454D42C1-Signatures\mpengine.dll


(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2010-3-23 25214]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sora.group^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\sora.group\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-12 18:24 699456 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 11:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 05:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-09-22 22:47 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-14 20:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

R1 MpKsla55b90e7;MpKsla55b90e7;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{79141611-0AF1-4151-AFB7-09F042BA710F}\MpKsla55b90e7.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-24 697328]
S1 MpKslaf481d1f;MpKslaf481d1f;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2C4A5915-D8A5-458D-B003-A751D35E1FB8}\MpKslaf481d1f.sys [2011-01-27 28752]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {C03E4588-3E6E-4DF0-A2D2-06E59E2221E6} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-27 11:26
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(2904)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2011-01-27 11:37:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-27 10:37
ComboFix2.txt 2011-01-27 08:34

Před spuštěním: Volných bajtů: 83 455 553 536
Po spuštění: Volných bajtů: 83 313 860 608

- - End Of File - - BA416C9FC807E7CE6B96303109E90A45

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast,Avira či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast, Avira či Microsoft Security Essentials


+HJT

Jak se chová PC?

Při spuštění HiJackThis to zobrazuje hlášku viz příloha

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:39:51, on 27.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Normal

Running processes:
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\sora.group\Desktop\Nová složka\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C03E4588-3E6E-4DF0-A2D2-06E59E2221E6}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 8110 bytes

Ta hláška je v pořádku. Ta jen říká, že pokud budeš chtít upravovat položky v HJT, tak jej musíš spustit jako správce jinak ti to bude UAC blokovat. Log HJT vypadá v pořádku. Jak je na tom PC s rychlostí?

Vypadá to v pořádku, restart proběhl taky docela svižně, PC funguje jak má.
Děkuji moc za pomoc, odvádíte tady na fóru vynikající práci.

Měla bych ještě poslední dotaz. Jak mám v PC přejmenovat to sora.group? To zbylo v počítači po synátorovi a nevím jak na to .

Není zač.V rámci dalšího zrychlení bootu lze použít utilitu StartUpLite. Stáhneš, spustíš, položky buď smažeš nebo zakážeš.

To sora.group je co? Název profilu nebo skupiny v síti?