Re: explorer.exe
Napsal: 27 dub 2011 19:49
od hugostieglitz
Logfile of random's system information tool 1.08 (written by random/random)
Run by dominik2 at 2011-04-27 20:48:07
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 124 GB (82%) free of 151 GB
Total RAM: 4095 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:48:09, on 27.4.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\stahování z internetu\RSIT.exe
C:\Program Files (x86)\trend micro\dominik2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 4693 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-09 336384]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2011-03-15 203776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2011-04-27 20:48:08 ----D---- C:\Program Files (x86)\trend micro
2011-04-27 19:55:59 ----D---- C:\rsit
2011-04-26 20:08:12 ----D---- C:\Program Files (x86)\Lark Anti-Spyware
2011-04-26 17:53:47 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2011-04-25 09:23:17 ----D---- C:\Program Files (x86)\AMD APP
2011-04-25 09:23:15 ----D---- C:\Program Files (x86)\Common Files\ATI Technologies
2011-04-25 08:02:06 ----D---- C:\Windows\SysWOW64\directx
2011-04-24 20:21:11 ----D---- C:\ProgramData\ATI
2011-04-24 20:20:52 ----D---- C:\Program Files (x86)\ATI Technologies
2011-04-24 20:18:20 ----D---- C:\ATI
2011-04-19 13:55:06 ----D---- C:\Windows\Minidump
2011-04-13 20:28:22 ----A---- C:\Windows\SysWOW64\XpsGdiConverter.dll
2011-04-13 19:05:17 ----SHD---- C:\$RECYCLE.BIN
2011-04-13 18:59:38 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2011-04-13 18:59:36 ----D---- C:\ProgramData\AVAST Software
2011-04-13 18:50:57 ----A---- C:\Windows\zip.exe
2011-04-13 18:50:57 ----A---- C:\Windows\SWSC.exe
2011-04-13 18:50:57 ----A---- C:\Windows\SWREG.exe
2011-04-13 18:50:57 ----A---- C:\Windows\sed.exe
2011-04-13 18:50:57 ----A---- C:\Windows\PEV.exe
2011-04-13 18:50:57 ----A---- C:\Windows\NIRCMD.exe
2011-04-13 18:50:57 ----A---- C:\Windows\MBR.exe
2011-04-13 18:50:57 ----A---- C:\Windows\grep.exe
2011-04-13 18:50:54 ----D---- C:\Windows\ERDNT
2011-04-13 18:47:58 ----A---- C:\Windows\SWXCACLS.exe
2011-04-13 18:37:43 ----D---- C:\Users\dominik2\AppData\Roaming\PeerNetworking
2011-04-13 10:34:44 ----A---- C:\Windows\SysWOW64\dnscacheugc.exe
2011-04-13 10:34:44 ----A---- C:\Windows\SysWOW64\dnsapi.dll
2011-04-13 10:34:43 ----A---- C:\Windows\SysWOW64\atmlib.dll
2011-04-13 10:34:43 ----A---- C:\Windows\SysWOW64\atmfd.dll
2011-04-13 10:34:36 ----A---- C:\Windows\SysWOW64\mfc42u.dll
2011-04-13 10:34:36 ----A---- C:\Windows\SysWOW64\mfc42.dll
2011-04-13 10:34:35 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2011-04-10 17:14:50 ----D---- C:\Users\dominik2\AppData\Roaming\RegGenie
2011-04-10 11:35:52 ----D---- C:\Users\dominik2\AppData\Roaming\Malwarebytes
2011-04-09 15:50:29 ----A---- C:\Windows\SysWOW64\PnkBstrA.exe
2011-04-09 15:50:23 ----A---- C:\Windows\SysWOW64\PnkBstrB.exe
2011-04-09 15:43:08 ----D---- C:\Users\dominik2\AppData\Roaming\Leadertech
2011-04-08 18:07:55 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-04-08 18:05:54 ----D---- C:\Program Files (x86)\Adobe Media Player
2011-04-08 18:04:36 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2011-04-08 17:02:08 ----D---- C:\Windows\pss
======List of files/folders modified in the last 1 months======
2011-04-27 20:48:09 ----D---- C:\Windows\Prefetch
2011-04-27 20:48:08 ----RD---- C:\Program Files (x86)
2011-04-27 20:00:14 ----D---- C:\Windows\Temp
2011-04-27 19:56:00 ----RD---- C:\Program Files
2011-04-26 18:32:12 ----SHD---- C:\Windows\Installer
2011-04-26 18:32:12 ----SD---- C:\Users\dominik2\AppData\Roaming\Microsoft
2011-04-26 17:53:49 ----D---- C:\Windows
2011-04-26 17:53:38 ----D---- C:\Program Files (x86)\Common Files
2011-04-25 13:35:01 ----RSD---- C:\Windows\assembly
2011-04-25 13:24:04 ----D---- C:\Windows\System32
2011-04-25 09:23:10 ----D---- C:\Windows\inf
2011-04-25 09:23:05 ----D---- C:\Windows\SysWOW64
2011-04-25 08:26:26 ----D---- C:\Windows\winsxs
2011-04-24 21:52:50 ----D---- C:\Windows\Tasks
2011-04-24 21:52:06 ----D---- C:\Windows\registration
2011-04-24 21:51:09 ----SHD---- C:\System Volume Information
2011-04-24 20:21:11 ----D---- C:\ProgramData
2011-04-24 17:24:44 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-04-24 17:20:39 ----AD---- C:\ProgramData\TEMP
2011-04-22 13:30:54 ----D---- C:\Users\dominik2\AppData\Roaming\Skype
2011-04-22 12:56:15 ----D---- C:\Users\dominik2\AppData\Roaming\skypePM
2011-04-21 12:00:45 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-04-17 16:48:12 ----D---- C:\Windows\Microsoft.NET
2011-04-17 13:25:28 ----A---- C:\Windows\SysWOW64\PerfStringBackup.INI
2011-04-16 11:19:48 ----D---- C:\Windows\debug
2011-04-13 21:21:08 ----SD---- C:\ProgramData\Microsoft
2011-04-13 18:53:19 ----A---- C:\Windows\system.ini
2011-04-13 18:52:17 ----D---- C:\Windows\SysWOW64\drivers
2011-04-13 18:52:17 ----D---- C:\Windows\AppPatch
2011-04-12 11:30:40 ----D---- C:\Windows\LiveKernelReports
2011-04-10 11:26:15 ----D---- C:\Windows\Downloaded Program Files
2011-04-09 08:08:53 ----D---- C:\Program Files (x86)\Adobe
2011-04-09 07:08:36 ----D---- C:\ProgramData\Adobe
2011-04-08 19:22:59 ----RSD---- C:\Windows\Fonts
2011-04-08 18:13:59 ----D---- C:\Users\dominik2\AppData\Roaming\Adobe
2011-04-08 18:06:47 ----D---- C:\Program Files (x86)\Common Files\Adobe
2011-03-29 13:49:02 ----D---- C:\Program Files (x86)\Setup Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 HWiNFO32;HWiNFO32 Kernel Driver; \??\E:\programs(x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-30 28032]
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 amdiox64;AMD IO Driver; C:\Windows\system32\DRIVERS\amdiox64.sys []
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys []
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 ALSysIO;ALSysIO; \??\C:\Users\dominik2\AppData\Local\Temp\ALSysIO64.sys []
S3 AmdTools64;AMD Special Tools Driver; C:\Windows\system32\DRIVERS\AmdTools64.sys []
S3 AODDriver4.0;AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys []
S3 arfky4nc;arfky4nc; C:\Windows\SysWOW64\drivers\arfky4nc.sys []
S3 atillk64;atillk64; \??\C:\Program Files (x86)\GIGABYTE\atBIOS\ATITool\atillk64.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DualCoreCenter;DualCoreCenter; \??\C:\Program Files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys []
S3 FLASHSYS;FLASHSYS; \??\E:\programs(x86)\Live Update 4\LU4\FLASHSYS64.sys []
S3 pwdrvio;pwdrvio; \??\C:\Windows\system32\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\Windows\system32\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-09 365568]
R2 AMD Reservation Manager;AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 UmRdpService;Přesměrovač portů uživatelského režimu služby Vzdálená plocha; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Re: explorer.exe
Napsal: 27 dub 2011 20:10
od hugostieglitz
ComboFix 11-04-27.01 - dominik2 27.04.2011 21:01:46.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2926 [GMT 2:00]
Spuštěný z: d:\stahování z internetu\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.tady je log
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-27 do 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-27 19:04 . 2011-04-27 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 17:55 . 2011-04-27 17:56 -------- d-----w- C:\rsit
2011-04-26 18:08 . 2011-04-26 18:08 -------- d-----w- c:\program files (x86)\Lark Anti-Spyware
2011-04-26 15:53 . 2011-04-26 15:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-04-26 11:03 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16520D07-5A68-4D1B-91F3-4F808270FE55}\mpengine.dll
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-24 18:21 . 2011-04-24 18:21 -------- d-----w- c:\programdata\ATI
2011-04-24 18:20 . 2011-04-24 18:20 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-24 18:18 . 2011-04-24 18:21 -------- d-----w- c:\program files\ATI Technologies
2011-04-24 18:18 . 2011-04-24 18:18 -------- d-----w- C:\ATI
2011-04-24 13:39 . 2008-04-28 10:03 47160 ----a-w- c:\windows\system32\drivers\AmdTools64.sys
2011-04-24 10:20 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-04-13 18:28 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 18:28 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 16:59 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-13 16:59 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-13 16:59 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-13 16:59 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-13 16:59 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-13 16:59 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-13 16:59 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-13 16:59 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-13 16:59 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-13 16:59 . 2011-04-13 16:59 -------- d-----w- c:\programdata\AVAST Software
2011-04-13 16:59 . 2011-04-13 16:59 -------- d-----w- c:\program files\AVAST Software
2011-04-13 16:37 . 2011-04-13 16:37 -------- d-----w- c:\users\dominik2\AppData\Roaming\PeerNetworking
2011-04-10 15:14 . 2011-04-10 15:14 -------- d-----w- c:\users\dominik2\AppData\Roaming\RegGenie
2011-04-10 09:35 . 2011-04-10 09:35 -------- d-----w- c:\users\dominik2\AppData\Roaming\Malwarebytes
2011-04-10 09:35 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 13:50 . 2011-04-09 13:50 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-09 13:50 . 2011-04-10 09:06 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-09 13:50 . 2011-04-09 13:50 -------- d-----w- c:\users\dominik2\AppData\Local\PunkBuster
2011-04-09 13:43 . 2011-04-09 13:43 -------- d-----w- c:\users\dominik2\AppData\Roaming\Leadertech
2011-04-08 16:07 . 2011-04-08 16:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-04-08 16:06 . 2011-04-08 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-08 16:05 . 2011-04-08 16:05 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-04-08 16:04 . 2011-04-08 16:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-08 08:34 . 2011-03-09 04:55 795136 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-08 08:34 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-08 08:34 . 2011-03-09 04:40 5044224 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-08 08:34 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atiuxp64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 17:56 . 2011-03-21 17:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-03-15 15:10 . 2011-03-15 15:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 15:10 . 2011-03-15 15:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 15:10 . 2011-03-15 15:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 15:10 . 2011-03-15 15:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 15:10 . 2011-03-15 15:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 15:10 . 2011-03-15 15:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 15:10 . 2011-03-15 15:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-15 15:10 . 2011-03-15 15:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 15:10 . 2011-03-15 15:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 15:10 . 2011-03-15 15:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 15:10 . 2011-03-15 15:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 15:10 . 2011-03-15 15:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 15:10 . 2011-03-15 15:10 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 15:10 . 2011-03-15 15:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 15:10 . 2011-03-15 15:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 15:10 . 2011-03-15 15:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 15:10 . 2011-03-15 15:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 15:10 . 2011-03-15 15:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 15:10 . 2011-03-15 15:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 15:10 . 2011-03-15 15:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 15:10 . 2011-03-15 15:10 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 15:10 . 2011-03-15 15:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 15:10 . 2011-03-15 15:10 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 15:10 . 2011-03-15 15:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 15:10 . 2011-03-15 15:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 15:10 . 2011-03-15 15:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 15:10 . 2011-03-15 15:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 15:10 . 2011-03-15 15:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 15:10 . 2011-03-15 15:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 15:10 . 2011-03-15 15:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 15:10 . 2011-03-15 15:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 15:10 . 2011-03-15 15:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 15:10 . 2011-03-15 15:10 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 15:10 . 2011-03-15 15:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 15:10 . 2011-03-15 15:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 15:10 . 2011-03-15 15:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 15:10 . 2011-03-15 15:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 15:10 . 2011-03-15 15:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 15:10 . 2011-03-15 15:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 15:10 . 2011-03-15 15:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 15:10 . 2011-03-15 15:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-15 15:10 . 2011-03-15 15:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-09 09:22 . 2011-03-09 09:22 9258496 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:41 . 2011-03-09 05:41 22518272 ----a-w- c:\windows\system32\atio6axx.dll
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2011-03-09 04:56 679424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-03-09 04:51 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-03-09 04:48 . 2011-03-09 04:48 4277760 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-03-09 04:34 . 2011-03-09 04:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-03-09 04:34 . 2011-03-09 04:34 7025152 ----a-w- c:\windows\system32\aticaldd64.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-03-09 04:24 . 2011-03-09 04:24 5438976 ----a-w- c:\windows\system32\atiumd64.dll
2011-03-09 04:18 . 2011-03-09 04:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-03-09 04:18 . 2011-03-09 04:18 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 300544 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2011-03-09 04:17 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-03-09 04:16 . 2011-03-09 04:16 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-03-09 04:16 . 2011-03-09 04:16 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 03:42 . 2011-03-09 03:42 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-03-09 03:41 . 2011-03-09 03:41 3239936 ----a-w- c:\windows\system32\atiumd6a.dll
2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-03-06 10:55 . 2011-03-06 10:55 933888 ----a-w- c:\windows\SysWow64\o2cAreas.ocx
2011-03-06 10:55 . 2011-03-06 10:55 1208320 ----a-w- c:\windows\SysWow64\O2CPlayer.OCX
2011-03-03 20:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-03 20:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-28 20:09 . 2011-02-28 20:09 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-28 08:00 . 2011-03-04 07:13 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-02-19 12:05 . 2011-03-09 09:49 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 09:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\dominik2\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\atBIOS\ATITool\atillk64.sys [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [x]
R3 FLASHSYS;FLASHSYS;e:\programs(x86)\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;e:\programs(x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://
www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\dominik2\AppData\Roaming\Mozilla\Firefox\Profiles\lp7of6qi.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-746906850-708434209-923399738-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,f3,ae,da,de,14,51,41,22,9b,ab,45,99,bf,66,b7,01,d0,6c,8f,c5,
d9,5c,77,f3,ee,56,4f,a4,45,a8,71,b2,59,d1,d0,9f,c9,82,b1,c7,e0,e5,fb,6d,63,\
"rkeysecu"=hex:ec,08,d7,f4,32,26,f3,81,28,ab,6d,33,ee,0a,80,af
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-04-27 21:05:27
ComboFix-quarantined-files.txt 2011-04-27 19:05
.
Před spuštěním: Volných bajtů: 129 773 002 752
Po spuštění: Volných bajtů: 129 483 051 008
.
- - End Of File - - 1FBABB81BC98BDC50E9C5075A9842E9F
Re: explorer.exe
Napsal: 28 dub 2011 09:02
od hugostieglitz
ComboFix 11-04-27.02 - dominik2 28.04.2011 9:54.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.4095.2907 [GMT 2:00]
Spuštěný z: c:\users\dominik2\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\dominik2\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-03-28 do 2011-04-28 )))))))))))))))))))))))))))))))
.
.
2011-04-28 07:56 . 2011-04-28 07:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-27 17:55 . 2011-04-27 17:56 -------- d-----w- C:\rsit
2011-04-26 18:08 . 2011-04-26 18:08 -------- d-----w- c:\program files (x86)\Lark Anti-Spyware
2011-04-26 15:53 . 2011-04-26 15:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-04-26 11:03 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16520D07-5A68-4D1B-91F3-4F808270FE55}\mpengine.dll
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files (x86)\AMD APP
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-04-25 07:23 . 2011-04-25 07:23 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-04-24 18:21 . 2011-04-24 18:21 -------- d-----w- c:\programdata\ATI
2011-04-24 18:20 . 2011-04-24 18:20 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-04-24 18:18 . 2011-04-24 18:21 -------- d-----w- c:\program files\ATI Technologies
2011-04-24 18:18 . 2011-04-24 18:18 -------- d-----w- C:\ATI
2011-04-24 13:39 . 2008-04-28 10:03 47160 ----a-w- c:\windows\system32\drivers\AmdTools64.sys
2011-04-24 10:20 . 2010-10-27 01:43 110592 ----a-w- c:\windows\system32\rtvcvfw32.dll
2011-04-13 18:28 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-13 18:28 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-13 16:59 . 2011-02-23 13:54 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-13 16:59 . 2011-02-23 13:57 280408 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-04-13 16:59 . 2011-02-23 14:04 238968 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-13 16:59 . 2011-02-23 13:57 505176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-04-13 16:59 . 2011-02-23 13:55 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-04-13 16:59 . 2011-02-23 13:55 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-04-13 16:59 . 2011-02-23 13:55 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-04-13 16:59 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-04-13 16:59 . 2011-02-23 14:04 190016 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-04-13 16:59 . 2011-04-13 16:59 -------- d-----w- c:\programdata\AVAST Software
2011-04-13 16:59 . 2011-04-13 16:59 -------- d-----w- c:\program files\AVAST Software
2011-04-13 16:37 . 2011-04-13 16:37 -------- d-----w- c:\users\dominik2\AppData\Roaming\PeerNetworking
2011-04-10 15:14 . 2011-04-10 15:14 -------- d-----w- c:\users\dominik2\AppData\Roaming\RegGenie
2011-04-10 09:35 . 2011-04-10 09:35 -------- d-----w- c:\users\dominik2\AppData\Roaming\Malwarebytes
2011-04-10 09:35 . 2010-12-20 16:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-04-09 13:50 . 2011-04-09 13:50 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-04-09 13:50 . 2011-04-10 09:06 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-04-09 13:50 . 2011-04-09 13:50 -------- d-----w- c:\users\dominik2\AppData\Local\PunkBuster
2011-04-09 13:43 . 2011-04-09 13:43 -------- d-----w- c:\users\dominik2\AppData\Roaming\Leadertech
2011-04-08 16:07 . 2011-04-08 16:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2011-04-08 16:06 . 2011-04-08 16:07 -------- d-----w- c:\program files\Common Files\Adobe
2011-04-08 16:05 . 2011-04-08 16:05 -------- d-----w- c:\program files (x86)\Adobe Media Player
2011-04-08 16:04 . 2011-04-08 16:04 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-04-08 08:34 . 2011-03-09 04:55 795136 ----a-w- c:\windows\system32\aticfx64.dll
2011-04-08 08:34 . 2011-03-09 04:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-04-08 08:34 . 2011-03-09 04:40 5044224 ----a-w- c:\windows\system32\atidxx64.dll
2011-04-08 08:34 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atiuxp64.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-21 17:56 . 2011-03-21 17:56 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-03-21 17:56 . 2011-03-21 17:56 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-03-21 17:56 . 2011-03-21 17:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-03-21 17:56 . 2011-03-21 17:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-03-21 17:55 . 2011-03-21 17:55 16115712 ----a-w- c:\windows\system32\amdocl64.dll
2011-03-21 17:55 . 2011-03-21 17:55 12385792 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-03-15 15:10 . 2011-03-15 15:10 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-15 15:10 . 2011-03-15 15:10 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-15 15:10 . 2011-03-15 15:10 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-03-15 15:10 . 2011-03-15 15:10 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-03-15 15:10 . 2011-03-15 15:10 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-03-15 15:10 . 2011-03-15 15:10 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-03-15 15:10 . 2011-03-15 15:10 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-03-15 15:10 . 2011-03-15 15:10 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-03-15 15:10 . 2011-03-15 15:10 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-03-15 15:10 . 2011-03-15 15:10 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-03-15 15:10 . 2011-03-15 15:10 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-03-15 15:10 . 2011-03-15 15:10 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-15 15:10 . 2011-03-15 15:10 448512 ----a-w- c:\windows\system32\html.iec
2011-03-15 15:10 . 2011-03-15 15:10 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-03-15 15:10 . 2011-03-15 15:10 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-03-15 15:10 . 2011-03-15 15:10 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-03-15 15:10 . 2011-03-15 15:10 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-15 15:10 . 2011-03-15 15:10 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-03-15 15:10 . 2011-03-15 15:10 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-15 15:10 . 2011-03-15 15:10 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-03-15 15:10 . 2011-03-15 15:10 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-15 15:10 . 2011-03-15 15:10 222208 ----a-w- c:\windows\system32\msls31.dll
2011-03-15 15:10 . 2011-03-15 15:10 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-03-15 15:10 . 2011-03-15 15:10 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-15 15:10 . 2011-03-15 15:10 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-03-15 15:10 . 2011-03-15 15:10 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-03-15 15:10 . 2011-03-15 15:10 160256 ----a-w- c:\windows\system32\wextract.exe
2011-03-15 15:10 . 2011-03-15 15:10 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-03-15 15:10 . 2011-03-15 15:10 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-03-15 15:10 . 2011-03-15 15:10 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-15 15:10 . 2011-03-15 15:10 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-03-15 15:10 . 2011-03-15 15:10 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-03-15 15:10 . 2011-03-15 15:10 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-03-15 15:10 . 2011-03-15 15:10 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-15 15:10 . 2011-03-15 15:10 12288 ----a-w- c:\windows\system32\mshta.exe
2011-03-15 15:10 . 2011-03-15 15:10 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-03-15 15:10 . 2011-03-15 15:10 114176 ----a-w- c:\windows\system32\admparse.dll
2011-03-15 15:10 . 2011-03-15 15:10 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-03-15 15:10 . 2011-03-15 15:10 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-15 15:10 . 2011-03-15 15:10 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-03-15 15:10 . 2011-03-15 15:10 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-15 15:10 . 2011-03-15 15:10 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-03-09 09:22 . 2011-03-09 09:22 9258496 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-03-09 05:41 . 2011-03-09 05:41 22518272 ----a-w- c:\windows\system32\atio6axx.dll
2011-03-09 05:19 . 2011-03-09 05:19 17397248 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-03-09 04:57 . 2011-03-09 04:57 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2011-03-09 04:56 . 2011-03-09 04:56 679424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-03-09 04:53 . 2011-03-09 04:53 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-03-09 04:53 . 2011-03-09 04:53 480256 ----a-w- c:\windows\system32\atieclxx.exe
2011-03-09 04:53 . 2011-03-09 04:53 203776 ----a-w- c:\windows\system32\atiesrxx.exe
2011-03-09 04:52 . 2011-03-09 04:52 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-03-09 04:51 . 2011-03-09 04:51 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-03-09 04:51 . 2011-03-09 04:51 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-03-09 04:51 . 2011-03-09 04:51 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-03-09 04:51 . 2011-03-09 04:51 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-03-09 04:51 . 2011-03-09 04:51 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-03-09 04:51 . 2011-03-09 04:51 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-03-09 04:48 . 2011-03-09 04:48 4277760 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-03-09 04:34 . 2011-03-09 04:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-03-09 04:34 . 2011-03-09 04:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-03-09 04:34 . 2011-03-09 04:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-03-09 04:34 . 2011-03-09 04:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-03-09 04:34 . 2011-03-09 04:34 7025152 ----a-w- c:\windows\system32\aticaldd64.dll
2011-03-09 04:32 . 2011-03-09 04:32 5618688 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-03-09 04:30 . 2011-03-09 04:30 4294656 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-03-09 04:24 . 2011-03-09 04:24 5438976 ----a-w- c:\windows\system32\atiumd64.dll
2011-03-09 04:18 . 2011-03-09 04:18 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2011-03-09 04:18 . 2011-03-09 04:18 258048 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-03-09 04:18 . 2011-03-09 04:18 14848 ----a-w- c:\windows\system32\atig6pxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-03-09 04:17 . 2011-03-09 04:17 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-03-09 04:17 . 2011-03-09 04:17 300544 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-03-09 04:17 . 2011-03-09 04:17 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-03-09 04:16 . 2011-03-09 04:16 38400 ----a-w- c:\windows\system32\atiu9p64.dll
2011-03-09 04:16 . 2011-03-09 04:16 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-03-09 04:16 . 2011-03-09 04:16 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-03-09 03:42 . 2011-03-09 03:42 1208320 ----a-w- c:\windows\system32\atiumd6v.dll
2011-03-09 03:42 . 2011-03-09 03:42 1912832 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-03-09 03:41 . 2011-03-09 03:41 3239936 ----a-w- c:\windows\system32\atiumd6a.dll
2011-03-09 03:34 . 2011-03-09 03:34 3471872 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-03-09 03:18 . 2011-03-09 03:18 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-03-09 03:18 . 2011-03-09 03:18 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-03-06 10:55 . 2011-03-06 10:55 933888 ----a-w- c:\windows\SysWow64\o2cAreas.ocx
2011-03-06 10:55 . 2011-03-06 10:55 1208320 ----a-w- c:\windows\SysWow64\O2CPlayer.OCX
2011-03-03 20:15 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-03 20:15 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-02-28 20:09 . 2011-02-28 20:09 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2011-02-28 08:00 . 2011-03-04 07:13 80896 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-02-19 12:05 . 2011-03-09 09:49 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-09 09:49 1544192 ----a-w- c:\windows\system32\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-28_07.47.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-28 07:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-28 07:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-28 07:57 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 07:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-28 07:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-28 07:57 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-25 17:08 . 2011-04-28 07:48 32100 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-28 07:36 33424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-28 07:48 33424 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-02-25 17:40 . 2011-04-28 07:36 9912 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-746906850-708434209-923399738-1001_UserData.bin
+ 2011-02-25 17:40 . 2011-04-28 07:48 9912 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-746906850-708434209-923399738-1001_UserData.bin
+ 2011-04-28 07:57 . 2011-04-28 07:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-28 07:46 . 2011-04-28 07:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-04-28 07:46 310276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-28 07:56 310276 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-08 22:52 . 2011-04-28 07:46 19683272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-746906850-708434209-923399738-1001-12288.dat
+ 2011-03-08 22:52 . 2011-04-28 07:56 19683272 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-746906850-708434209-923399738-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ALSysIO;ALSysIO;c:\users\dominik2\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [x]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R3 atillk64;atillk64;c:\program files (x86)\GIGABYTE\atBIOS\ATITool\atillk64.sys [x]
R3 DualCoreCenter;DualCoreCenter;c:\program files (x86)\MSI\OverclockingCenter\NTGLM7X64.sys [x]
R3 FLASHSYS;FLASHSYS;e:\programs(x86)\Live Update 4\LU4\FLASHSYS64.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 HWiNFO32;HWiNFO32 Kernel Driver;e:\programs(x86)\HWiNFO32\HWiNFO64A.SYS [2010-09-29 28032]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://
www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\dominik2\AppData\Roaming\Mozilla\Firefox\Profiles\lp7of6qi.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-746906850-708434209-923399738-1001\Software\SecuROM\License information*]
"datasecu"=hex:c1,f3,ae,da,de,14,51,41,22,9b,ab,45,99,bf,66,b7,01,d0,6c,8f,c5,
d9,5c,77,f3,ee,56,4f,a4,45,a8,71,b2,59,d1,d0,9f,c9,82,b1,c7,e0,e5,fb,6d,63,\
"rkeysecu"=hex:ec,08,d7,f4,32,26,f3,81,28,ab,6d,33,ee,0a,80,af
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Celkový čas: 2011-04-28 09:59:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-04-28 07:59
ComboFix2.txt 2011-04-28 07:48
.
Před spuštěním: Volných bajtů: 129 375 195 136
Po spuštění: Volných bajtů: 129 317 228 544
.
- - End Of File - - BC8B97B47AA997330FE99A43E963E1D4
je to tam pořád
Re: explorer.exe
Napsal: 28 dub 2011 19:15
od hugostieglitz
jaký soubor mám nahrát? jestli celý explorer.exe tak je zde
Antivirus Version Last Update Result
AhnLab-V3 2011.04.29.00 2011.04.28 -
AntiVir 7.11.7.79 2011.04.28 -
Antiy-AVL 2.0.3.7 2011.04.28 -
Avast 4.8.1351.0 2011.04.28 -
Avast5 5.0.677.0 2011.04.28 -
AVG 10.0.0.1190 2011.04.28 -
BitDefender 7.2 2011.04.28 -
CAT-QuickHeal 11.00 2011.04.28 -
ClamAV 0.97.0.0 2011.04.28 -
Comodo 8509 2011.04.28 -
DrWeb 5.0.2.03300 2011.04.28 -
eSafe 7.0.17.0 2011.04.28 -
eTrust-Vet 36.1.8296 2011.04.28 -
F-Prot 4.6.2.117 2011.04.28 -
F-Secure 9.0.16440.0 2011.04.28 -
Fortinet 4.2.257.0 2011.04.28 -
GData 22 2011.04.28 -
Ikarus T3.1.1.103.0 2011.04.28 -
Jiangmin 13.0.900 2011.04.28 -
K7AntiVirus 9.98.4509 2011.04.28 -
Kaspersky 9.0.0.837 2011.04.28 -
McAfee 5.400.0.1158 2011.04.28 -
McAfee-GW-Edition 2010.1D 2011.04.28 -
Microsoft 1.6802 2011.04.28 -
NOD32 6079 2011.04.28 -
Norman 6.07.07 2011.04.28 -
Panda 10.0.3.5 2011.04.28 -
PCTools 7.0.3.5 2011.04.28 -
Prevx 3.0 2011.04.28 -
Rising 23.55.03.06 2011.04.28 -
Sophos 4.64.0 2011.04.28 -
SUPERAntiSpyware 4.40.0.1006 2011.04.28 -
Symantec 20101.3.2.89 2011.04.28 -
TheHacker 6.7.0.1.184 2011.04.27 -
TrendMicro 9.200.0.1012 2011.04.28 -
TrendMicro-HouseCall 9.200.0.1012 2011.04.28 -
VBA32 3.12.16.0 2011.04.27 -
VIPRE 9145 2011.04.28 -
ViRobot 2011.4.28.4435 2011.04.28 -
VirusBuster 13.6.326.1 2011.04.28 -
Additional information
MD5 : 8b88ebbb05a0e56b7dcc708498c02b3e
SHA1 : cea0890d4b99bae3f635a16dae71f69d137027b9
SHA256: 9e1ec8b43a88e68767fd8fed2f38e7984357b3f4186d0f907e62f8b6c9ff56ad
ssdeep: 49152:IzgnSGNltHozKeCwQvYYYYYYYYYYYRYYYYYYYYYYE3iA7/eFUJN9ojoso2xnoq2:OqltH
ozK1vYYYYYYYYYYYRYYYYYYYYYL
File size : 2616320 bytes
First seen: 2011-04-27 13:48:07
Last seen : 2011-04-28 18:21:40
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows Explorer
original name: EXPLORER.EXE
internal name: explorer
file version.: 6.1.7601.17567 (win7sp1_gdr.110224-1502)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information
[[ basic data ]]
entrypointaddress: 0x30F02
timedatestamp....: 0x4D6727A7 (Fri Feb 25 03:53:11 2011)
machinetype......: 0x14c (I386)
[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xAF441, 0xAF600, 6.39, d9250025cf70191307c2d33da230269b
.data, 0xB1000, 0x2FD0, 0x2C00, 0.88, eb92ba38e6a3df2d3f1348e93c94eca5
.rsrc, 0xB4000, 0x1C2E88, 0x1C3000, 5.52, 67a0d9306fa543850a8b901322fdc717
.reloc, 0x277000, 0x9304, 0x9400, 6.75, 31c42787ccdfbd3617011dad0ecffd3f
[[ 19 import(s) ]]
ADVAPI32.dll: RegCloseKey, RegCreateKeyW, RegGetValueW, RegOpenKeyExW, GetTraceEnableFlags, GetTraceEnableLevel, GetTraceLoggerHandle, RegisterTraceGuidsW, UnregisterTraceGuids, RegCreateKeyExW, RegQueryValueExW, EventRegister, EventUnregister, EventWrite, EventEnabled, GetLengthSid, GetTokenInformation, OpenProcessToken, RegSetValueExW, RegDeleteKeyExW, TraceMessage, RegOpenKeyW, RegDeleteValueW, RegEnumValueW, RegQueryInfoKeyW, ConvertStringSidToSidW, CloseServiceHandle, OpenServiceW, OpenSCManagerW, RegEnumKeyExW, CreateWellKnownSid, StartServiceW, CryptAcquireContextW, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, StartTraceW, EnableTraceEx, StopTraceW, LsaLookupSids, IsValidSid, GetSidSubAuthorityCount, GetSidSubAuthority, LsaOpenPolicy, LsaFreeMemory, LsaClose, OpenThreadToken, ConvertSidToStringSidW, ConvertStringSecurityDescriptorToSecurityDescriptorW, CheckTokenMembership, QueryServiceStatus
KERNEL32.dll: LoadLibraryExA, DelayLoadFailureHook, CreateFileW, GetFileSize, ReadFile, RaiseException, FlushInstructionCache, SetLastError, OpenThread, GetSystemTimeAsFileTime, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetLocalTime, InterlockedCompareExchange, FindFirstFileW, lstrcmpiW, FindNextFileW, FindClose, GetFileAttributesW, GetSystemTime, SystemTimeToFileTime, ExpandEnvironmentStringsW, InterlockedIncrement, InterlockedDecrement, GetLastError, SetInformationJobObject, CreateJobObjectW, GetPriorityClass, SetPriorityClass, SearchPathW, GetSystemDefaultUILanguage, UnmapViewOfFile, MapViewOfFile, GetTimeZoneInformation, GetDynamicTimeZoneInformation, GetBinaryTypeW, QueryPerformanceFrequency, QueueUserWorkItem, GetTickCount64, MulDiv, GetLongPathNameW, GetThreadPriority, MultiByteToWideChar, GlobalGetAtomNameW, GetCurrentThread, SetThreadPriority, LoadLibraryExW, GetProductInfo, TerminateThread, CreateIoCompletionPort, GetQueuedCompletionStatus, DeleteFileW, GetWindowsDirectoryW, GetProcessId, CompareStringW, QueryFullProcessImageNameW, CompareFileTime, CreateFileMappingW, ResetEvent, WideCharToMultiByte, GlobalAlloc, GlobalLock, GlobalUnlock, GlobalFree, DuplicateHandle, GetCurrentDirectoryW, WaitForMultipleObjects, GetComputerNameW, DeactivateActCtx, ActivateActCtx, ReleaseActCtx, CreateActCtxW, FindResourceExW, LoadResource, LockResource, OpenProcess, CloseHandle, LocalFree, LocalAlloc, QueryInformationJobObject, Sleep, ResumeThread, AssignProcessToJobObject, CreateThread, CreateProcessW, WaitForSingleObject, FreeLibrary, GetProcAddress, LoadLibraryW, GetUserDefaultUILanguage, CreateEventW, lstrlenW, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, HeapSetInformation, GetVersionExW, DeleteCriticalSection, InitializeCriticalSection, HeapDestroy, GetPrivateProfileStringW, GetModuleFileNameW, GetCommandLineW, GetSystemDirectoryW, ExitProcess, RegisterApplicationRestart, SetProcessShutdownParameters, GetStartupInfoW, ReleaseMutex, CreateMutexW, SetErrorMode, SetProcessDEPPolicy, GetUserDefaultLangID, SetEvent, LeaveCriticalSection, EnterCriticalSection, GetTickCount, OpenEventW, SetTermsrvAppInstallMode, GetCurrentProcessId, GetModuleHandleW, GetCurrentThreadId, QueryPerformanceCounter, UnhandledExceptionFilter, TerminateProcess, CompareStringOrdinal, GetModuleHandleA, SetUnhandledExceptionFilter, InterlockedExchange, VirtualAlloc, VirtualFree, LoadLibraryA
GDI32.dll: GetStockObject, SetWindowOrgEx, StretchBlt, GetTextMetricsW, CombineRgn, Polyline, CreatePen, GetTextColor, ExtCreateRegion, GetRegionData, SetLayout, GetLayout, GetTextExtentPoint32W, OffsetRgn, LPtoDP, GetRgnBox, OffsetViewportOrgEx, GdiFlush, ExtTextOutW, SetDIBits, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, GetBkColor, SetBkMode, CreateBitmap, PatBlt, CreateCompatibleBitmap, OffsetWindowOrgEx, SetBkColor, SetTextColor, GetTextExtentPointW, GetClipBox, CreateDIBSection, GetObjectW, CreateRectRgnIndirect, DeleteObject, CreateCompatibleDC, SelectObject, BitBlt, GetDeviceCaps, CreateFontIndirectW, DeleteDC, GdiAlphaBlend
USER32.dll: PtInRect, GetWindowRect, GetWindow, SendMessageW, EnumChildWindows, GetWindowLongW, CharPrevW, CharNextW, GetSystemMetrics, CreateWindowExW, DialogBoxParamW, GetClassInfoW, GetClassInfoExW, GetMenuItemInfoW, GetMenuItemCount, GetClassNameW, GetKeyboardLayout, ActivateKeyboardLayout, IsChild, InsertMenuW, GetMenuStringW, SetMenuItemInfoW, InsertMenuItemW, IsWinEventHookInstalled, IsProcessDPIAware, GetNextDlgGroupItem, GetNextDlgTabItem, GetDlgCtrlID, MoveWindow, IsRectEmpty, UnionRect, ChildWindowFromPointEx, GetGUIThreadInfo, SetClassLongW, GetClassLongW, WindowFromDC, CharUpperW, UnregisterClassW, FrameRect, GetWindowDC, SendMessageCallbackW, UpdateLayeredWindow, GetUserObjectInformationW, GetThreadDesktop, GetProcessWindowStation, GetIconInfo, ShowWindowAsync, FlashWindowEx, EndTask, SetThreadDesktop, GetMenuState, SetScrollInfo, GetScrollInfo, SetScrollPos, BringWindowToTop, DeregisterShellHookWindow, IsZoomed, CloseDesktop, OpenInputDesktop, RegisterShellHookWindow, InternalGetWindowText, GetWindowInfo, GetLayeredWindowAttributes, SetLayeredWindowAttributes, GetCaretBlinkTime, UnhookWindowsHookEx, CallNextHookEx, SetWindowsHookExW, GetUpdateRect, SystemParametersInfoW, FindWindowW, ReleaseDC, GetDC, DispatchMessageW, TranslateMessage, GetMessageW, DestroyMenu, GetMenuDefaultItem, CreatePopupMenu, PostMessageW, MsgWaitForMultipleObjectsEx, PeekMessageW, SetWindowLongW, ShutdownBlockReasonCreate, LoadStringW, DestroyWindow, PostQuitMessage, SetWindowPos, KillTimer, SetTimer, SetPropW, ShowWindow, MapWindowPoints, RegisterClassW, LoadCursorW, SetActiveWindow, UpdateLayeredWindowIndirect, GetLastInputInfo, SendDlgItemMessageW, EndDialog, GetDesktopWindow, GetShellWindow, DestroyIcon, GetMonitorInfoW, CopyRect, ModifyMenuW, CheckMenuItem, EnableMenuItem, GhostWindowFromHungWindow, DeleteMenu, ReleaseCapture, GetCursorPos, DefWindowProcW, TrackMouseEvent, GetDoubleClickTime, InvalidateRect, LockWorkStation, TileWindows, UpdateWindow, CascadeWindows, GetWindowTextW, TrackPopupMenu, ClientToScreen, WindowFromPoint, AppendMenuW, EndPaint, DrawEdge, FillRect, LockSetForegroundWindow, InflateRect, IsWindowVisible, GetForegroundWindow, GetParent, WaitMessage, RegisterWindowMessageW, TrackPopupMenuEx, GetClientRect, MonitorFromRect, EqualRect, SubtractRect, RedrawWindow, EnumDisplayMonitors, SetWindowTextW, IntersectRect, GetWindowPlacement, SendNotifyMessageW, RemovePropW, SetWindowCompositionAttribute, HungWindowFromGhostWindow, SetFocus, SendMessageTimeoutW, EnumWindows, UnregisterHotKey, RegisterHotKey, MonitorFromWindow, IsWindow, SetCursor, GetAsyncKeyState, SetForegroundWindow, ChildWindowFromPoint, SetCursorPos, GetMessagePos, IsIconic, LoadIconW, DeferWindowPos, OffsetRect, GetWindowThreadProcessId, ScreenToClient, GetAncestor, MonitorFromPoint, SetRectEmpty, ChangeWindowMessageFilterEx, LoadAcceleratorsW, TranslateAcceleratorW, GetKeyState, SetWindowRgn, GetWindowRgnBox, LoadImageW, GetFocus, GetActiveWindow, MessageBeep, BeginPaint, SwitchToThisWindow, GetLastActivePopup, EndDeferWindowPos, BeginDeferWindowPos, SetWindowPlacement, IsHungAppWindow, RegisterClipboardFormatW, SetRect, GetSysColorBrush, GetPropW, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetMenuDefaultItem, GetCapture, DrawIconEx, GetMessageExtraInfo, SetGestureConfig, AdjustWindowRect, CalculatePopupWindowPosition, DrawTextW, SetCapture, CallWindowProcW, CheckDlgButton, IsDlgButtonChecked, IsWindowEnabled, GetDlgItemInt, SetDlgItemInt, GetDlgItem, EnableWindow, SetWinEventHook, MsgWaitForMultipleObjects, RegisterClassExW, CopyIcon, AdjustWindowRectEx, GetSysColor, DrawFocusRect, NotifyWinEvent, ExitWindowsEx, GetSystemMenu
msvcrt.dll: _controlfp, _terminate@@YAXXZ, _onexit, _lock, __dllonexit, _unlock, _except_handler4_common, __set_app_type, __p__fmode, memcpy, memmove, _CIsin, _ftol2, _CIcos, _wtoi, wcsncmp, _wcsnicmp, _wcsicmp, bsearch, __p__commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _exit, _cexit, __wgetmainargs, _ftol2_sse, malloc, _CIsqrt, ceil, realloc, wcschr, iswalpha, wcsstr, free, _vsnwprintf, memset
ntdll.dll: WinSqmSetString, NtQueryInformationProcess, NtSetInformationProcess, WinSqmIsOptedIn, NtOpenThreadToken, NtOpenProcessToken, NtClose, WinSqmAddToStreamEx, NtSetSystemInformation, WinSqmAddToStream, WinSqmEventEnabled, WinSqmSetDWORD, EtwEventWrite, EtwEventEnabled, NtQueryInformationToken, RtlGetProductInfo
SHLWAPI.dll: SHStrDupA, StrCmpW, -, -, PathCommonPrefixW, PathRemoveExtensionW, -, PathIsFileSpecW, -, -, -, StrRetToStrW, -, AssocCreate, -, StrRetToBufW, AssocQueryStringW, -, PathQuoteSpacesW, -, -, SHDeleteKeyW, -, SHRegGetUSValueW, -, -, PathIsNetworkPathW, -, -, -, -, SHOpenRegStream2W, -, -, -, -, -, -, PathRemoveFileSpecW, -, -, -, -, SHRegGetBoolUSValueW, -, -, PathGetDriveNumberW, PathFileExistsW, PathIsDirectoryW, -, -, PathFindExtensionW, StrChrIW, -, -, PathAppendW, SHDeleteValueW, -, SHSetValueW, -, -, PathRemoveArgsW, PathRemoveBlanksW, StrCmpNIW, -, PathGetArgsW, PathFindFileNameW, SHGetValueW, SHCreateThreadRef, SHSetThreadRef, PathCombineW, SHRegGetValueW, -, -, -, -, StrToIntW, -, StrChrW, -, -, -, -, -, -, SHStrDupW, PathStripToRootW, -, -, -, StrTrimW, StrCmpNW, SHQueryInfoKeyW, SHCreateStreamOnFileW, -, -, -, -, -, -, PathIsPrefixW, -, StrCmpIW, PathParseIconLocationW, PathIsRootW, -, -, -, AssocQueryKeyW, PathStripPathW, ChrCmpIW, StrStrIW, -
SHELL32.dll: -, -, -, SHGetPropertyStoreForWindow, -, -, SHGetStockIconInfo, -, -, -, -, -, -, -, -, -, Shell_GetCachedImageIndexW, -, -, -, SHGetLocalizedName, SHCreateDataObject, -, -, -, -, -, -, SHCreateShellItemArrayFromShellItem, SHGetKnownFolderPath, SHCreateShellItemArrayFromIDLists, -, -, SHBindToFolderIDListParentEx, SHGetFileInfoW, -, SHCreateItemWithParent, -, -, -, -, -, SHGetFolderLocation, -, SHParseDisplayName, SHGetSpecialFolderPathW, -, ShellExecuteExW, SHGetKnownFolderIDList, SHBindToObject, -, -, -, -, -, -, -, -, -, -, -, SHGetNameFromIDList, SHCreateShellItem, -, -, -, -, -, -, -, -, -, -, SHGetPathFromIDListW, ShellExecuteW, SHEnableServiceObject, -, SHGetIDListFromObject, -, SHChangeNotifyRegisterThread, -, -, -, -, SHUpdateRecycleBinIcon, -, -, SHCreateItemFromIDList, -, -, SHFileOperationW, SHGetFolderPathEx, -, -, -, -, -, SHGetPathFromIDListA, SHGetFolderPathW, SHBindToParent, -, SHAddToRecentDocs, Shell_NotifyIconW, Shell_NotifyIconGetRect, ExtractIconExW, SHEvaluateSystemCommandTemplate, SHChangeNotify, SHCreateItemFromParsingName, -, DragQueryFileW, -, -, SHGetSpecialFolderLocation, SHBindToFolderIDListParent
ole32.dll: OleInitialize, StringFromGUID2, CoRegisterMessageFilter, RegisterDragDrop, RevokeDragDrop, OleUninitialize, CoRevokeClassObject, CoCreateFreeThreadedMarshaler, CreateBindCtx, PropVariantClear, ReleaseStgMedium, CoInitializeEx, CreateStreamOnHGlobal, CoRegisterClassObject, CoCreateInstance, CoTaskMemFree, CoGetInterfaceAndReleaseStream, CoMarshalInterThreadInterfaceInStream, CoUninitialize, CoInitialize, CoGetMalloc, CoTaskMemAlloc, CLSIDFromString, CoFreeUnusedLibraries
OLEAUT32.dll: -, -, -, -, -, -
EXPLORERFRAME.dll: -, -
UxTheme.dll: BeginBufferedPaint, IsCompositionActive, IsAppThemed, GetThemeMetric, CloseThemeData, OpenThemeData, SetWindowTheme, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, DrawThemeParentBackground, GetWindowTheme, GetThemePartSize, GetThemeBackgroundContentRect, EndBufferedPaint, GetThemeMargins, DrawThemeTextEx, BufferedPaintInit, BufferedPaintUnInit, IsThemeActive, -, GetThemeRect, IsThemePartDefined, GetThemeBackgroundRegion, GetThemeColor, GetThemeBool, DrawThemeIcon, GetBufferedPaintBits, BufferedPaintClear, GetThemeBackgroundExtent
POWRPROF.dll: CallNtPowerInformation, GetPwrCapabilities, PowerDeterminePlatformRole
dwmapi.dll: -, -, DwmEnableBlurBehindWindow, DwmIsCompositionEnabled, DwmSetWindowAttribute, -, DwmQueryThumbnailSourceSize, DwmUnregisterThumbnail, DwmUpdateThumbnailProperties, -, -
slc.dll: SLGetWindowsInformationDWORD
gdiplus.dll: GdipAlloc, GdiplusStartup, GdiplusShutdown, GdipFree, GdipDeleteGraphics, GdipDisposeImage, GdipGetImageWidth, GdipGetImageHeight, GdipCreateBitmapFromHBITMAP, GdipCreateFromHDC, GdipSetCompositingMode, GdipSetInterpolationMode, GdipDrawImageRectI, GdipCloneImage
Secur32.dll: GetUserNameExW
RPCRT4.dll: RpcBindingFree, RpcBindingSetAuthInfoExW, RpcStringFreeW, RpcBindingFromStringBindingW, RpcStringBindingComposeW, I_RpcExceptionFilter, NdrClientCall2
PROPSYS.dll: PropVariantToUInt32, PropVariantToStringAlloc, PropVariantToUInt64, PropVariantToBoolean, VariantToStringAlloc, VariantToStringWithDefault, PropVariantToString, VariantToBooleanWithDefault, VariantToInt32WithDefault, PSCreateMemoryPropertyStore, PropVariantToInt64
