1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Control Panel restrictions, probably malware

Discussion in 'Virus & Other Malware Removal' started by kwakuu1, Dec 21, 2012.

Thread Status:
Not open for further replies.
  1. kwakuu1

    kwakuu1 Thread Starter

    Joined:
    Dec 21, 2012
    Messages:
    1
    Hello,
    I tried to check if there are any Skype skins other than default and what I found out was: ( becareful, I downloaded "skin" from this site and my problems started ) http://skypeskins.com/
    But anyway, after one of their "skins" my regedit, control panel, menu start was disabled. Regedit and menu start are working now, but still can't access control panel or personalize desktop etc.
    I tried running spybot.

    I'm attaching logs from Hijack and ComboFix:

    Hijack:
    Code:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:28:38, on 2012-12-21
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\ASUS\PC Probe II\Probe2.exe
    C:\Program Files (x86)\ASUS\AASP\1.00.95\aaCenter.exe
    C:\Program Files (x86)\Opera\opera.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Hijack\Trend Micro\HiJackThis\HiJackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    R3 - URLSearchHook: (no name) - {5c5b9468-d672-4eb7-b52f-b5afabf28c5b} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Start BT in service - Unknown owner - C:\Program Files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    
    --
    End of file - 8480 bytes
    ComboFix:
    Code:
    ComboFix 12-12-20.02 - Tommy 2012-12-21  18:33:37.2.4 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1250.48.1033.18.8191.5874 [GMT 1:00]
    Uruchomiony z: c:\users\Tommy\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
     * Utworzono nowy punkt przywracania
    .
    .
    (((((((((((((((((((((((((   Pliki utworzone od 2012-11-21 do 2012-12-21  )))))))))))))))))))))))))))))))
    .
    .
    2012-12-21 17:37 . 2012-12-21 17:37	--------	d-----w-	c:\users\Default\AppData\Local\temp
    2012-12-21 16:59 . 2012-12-21 16:59	76232	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{263ED6DD-1270-49FB-A4BF-537CAB88E9D9}\offreg.dll
    2012-12-21 16:33 . 2012-12-21 16:33	--------	d-----w-	C:\RRTVAULT
    2012-12-21 15:26 . 2012-12-21 15:26	388096	----a-r-	c:\users\Tommy\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-12-21 15:26 . 2012-12-21 15:26	--------	d-----w-	c:\program files (x86)\Hijack
    2012-12-21 14:45 . 2012-12-21 15:21	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
    2012-12-21 14:45 . 2009-01-25 11:14	17272	----a-w-	c:\windows\system32\sdnclean64.exe
    2012-12-21 14:45 . 2012-12-21 14:45	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
    2012-12-21 14:44 . 2012-12-21 14:44	--------	d-----w-	c:\users\Tommy\AppData\Local\Programs
    2012-12-21 13:48 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{263ED6DD-1270-49FB-A4BF-537CAB88E9D9}\mpengine.dll
    2012-12-21 13:42 . 2012-12-16 17:11	46080	----a-w-	c:\windows\system32\atmlib.dll
    2012-12-21 13:42 . 2012-12-16 14:45	367616	----a-w-	c:\windows\system32\atmfd.dll
    2012-12-21 13:42 . 2012-12-16 14:13	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
    2012-12-21 13:42 . 2012-12-16 14:13	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
    2012-12-19 22:20 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-14 14:21 . 2012-12-14 14:21	--------	d-----w-	c:\program files (x86)\Winamp Detect
    2012-12-14 14:21 . 2012-12-14 14:21	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
    2012-12-14 14:21 . 2012-12-14 14:22	--------	d-----w-	c:\users\Tommy\AppData\Roaming\Winamp
    2012-12-14 14:21 . 2012-12-14 14:21	--------	d-----w-	c:\program files (x86)\Winamp
    2012-12-13 12:39 . 2012-10-04 17:41	424960	----a-w-	c:\windows\system32\KernelBase.dll
    2012-12-09 23:41 . 2012-12-09 23:41	--------	d-----w-	c:\users\Tommy\AppData\Roaming\Downloaded Installations
    2012-12-07 22:57 . 2012-12-07 22:57	--------	d-----w-	c:\program files (x86)\Hedgewars 0.9.18
    2012-12-07 12:56 . 2012-12-07 14:27	--------	d-----w-	c:\program files (x86)\Mirillis
    2012-11-28 23:19 . 2012-11-28 23:19	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{816DD20A-D1B7-4B91-8B8F-8B0C1B3D1CDC}\gapaengine.dll
    2012-11-21 22:41 . 2012-11-21 22:41	--------	d-----w-	c:\program files (x86)\Common Files\Skype
    2012-11-21 22:41 . 2012-11-21 22:41	--------	d-----r-	c:\program files (x86)\Skype
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-13 12:41 . 2011-08-12 12:26	67413224	----a-w-	c:\windows\system32\MRT.exe
    2012-12-11 21:11 . 2012-05-20 17:03	697272	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-11 21:11 . 2012-05-20 17:03	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-11-06 13:49 . 2012-11-06 03:52	122904	----a-w-	c:\windows\system32\OpenAL32.dll
    2012-11-06 13:49 . 2012-09-04 22:03	466456	----a-w-	c:\windows\system32\wrap_oal.dll
    2012-11-06 13:49 . 2012-09-04 22:03	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
    2012-11-06 13:49 . 2012-09-04 22:03	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
    2012-10-30 00:52 . 2012-10-30 00:52	178800	----a-w-	c:\windows\SysWow64\CmdLineExt_x64.dll
    2012-10-04 16:40 . 2012-12-13 12:39	44032	----a-w-	c:\windows\apppatch\acwow64.dll
    2012-09-28 14:37 . 2012-09-28 14:37	221696	----a-w-	c:\windows\system32\clinfo.exe
    2012-09-28 14:36 . 2012-09-28 14:36	75776	----a-w-	c:\windows\system32\OpenVideo64.dll
    2012-09-28 14:36 . 2012-09-28 14:36	65536	----a-w-	c:\windows\SysWow64\OpenVideo.dll
    2012-09-28 14:36 . 2012-09-28 14:36	63488	----a-w-	c:\windows\system32\OVDecode64.dll
    2012-09-28 14:36 . 2012-09-28 14:36	56320	----a-w-	c:\windows\SysWow64\OVDecode.dll
    2012-09-28 14:36 . 2012-09-28 14:36	32635904	----a-w-	c:\windows\system32\amdocl64.dll
    2012-09-28 14:32 . 2012-09-28 14:32	27341824	----a-w-	c:\windows\SysWow64\amdocl.dll
    2012-09-28 02:23 . 2012-09-28 02:23	5557928	----a-w-	c:\windows\SysWow64\atiumdag.dll
    2012-09-28 02:21 . 2012-09-28 02:21	10697216	----a-w-	c:\windows\system32\drivers\atikmdag.sys
    2012-09-28 02:05 . 2012-09-28 02:05	70144	----a-w-	c:\windows\system32\coinst_9.002.dll
    2012-09-28 02:03 . 2012-09-28 02:03	163840	----a-w-	c:\windows\system32\atiapfxx.exe
    2012-09-28 02:02 . 2012-09-28 02:02	51200	----a-w-	c:\windows\system32\aticalrt64.dll
    2012-09-28 02:02 . 2012-09-28 02:02	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
    2012-09-28 02:02 . 2012-09-28 02:02	44544	----a-w-	c:\windows\system32\aticalcl64.dll
    2012-09-28 02:02 . 2012-09-28 02:02	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
    2012-09-28 02:02 . 2012-09-28 02:02	16082432	----a-w-	c:\windows\system32\aticaldd64.dll
    2012-09-28 01:59 . 2012-09-28 01:59	23825920	----a-w-	c:\windows\system32\atio6axx.dll
    2012-09-28 01:57 . 2012-09-28 01:57	13703168	----a-w-	c:\windows\SysWow64\aticaldd.dll
    2012-09-28 01:43 . 2012-09-28 01:43	935424	----a-w-	c:\windows\SysWow64\aticfx32.dll
    2012-09-28 01:41 . 2012-07-28 02:13	1120768	----a-w-	c:\windows\system32\aticfx64.dll
    2012-09-28 01:41 . 2012-09-28 01:41	19624960	----a-w-	c:\windows\SysWow64\atioglxx.dll
    2012-09-28 01:39 . 2012-09-28 01:39	6536192	----a-w-	c:\windows\SysWow64\atidxx32.dll
    2012-09-28 01:39 . 2012-09-28 01:39	442368	----a-w-	c:\windows\system32\atidemgy.dll
    2012-09-28 01:39 . 2012-09-28 01:39	538112	----a-w-	c:\windows\system32\atieclxx.exe
    2012-09-28 01:38 . 2012-09-28 01:38	239616	----a-w-	c:\windows\system32\atiesrxx.exe
    2012-09-28 01:36 . 2012-09-28 01:36	120320	----a-w-	c:\windows\system32\atitmm64.dll
    2012-09-28 01:36 . 2012-09-28 01:36	21504	----a-w-	c:\windows\system32\atimuixx.dll
    2012-09-28 01:36 . 2012-09-28 01:36	59392	----a-w-	c:\windows\system32\atiedu64.dll
    2012-09-28 01:36 . 2012-09-28 01:36	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
    2012-09-28 01:31 . 2012-09-28 01:31	3127296	----a-w-	c:\windows\system32\atiumd6a.dll
    2012-09-28 01:25 . 2012-09-28 01:25	6704640	----a-w-	c:\windows\system32\atiumd64.dll
    2012-09-28 01:22 . 2012-07-28 01:51	7167488	----a-w-	c:\windows\system32\atidxx64.dll
    2012-09-28 01:22 . 2012-09-28 01:22	2691584	----a-w-	c:\windows\SysWow64\atiumdva.dll
    2012-09-28 01:13 . 2012-09-28 01:13	595456	----a-w-	c:\windows\system32\atiadlxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13	405504	----a-w-	c:\windows\SysWow64\atiadlxy.dll
    2012-09-28 01:13 . 2012-09-28 01:13	17920	----a-w-	c:\windows\system32\atig6pxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\SysWow64\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13	14848	----a-w-	c:\windows\system32\atiglpxx.dll
    2012-09-28 01:13 . 2012-09-28 01:13	41984	----a-w-	c:\windows\system32\atig6txx.dll
    2012-09-28 01:13 . 2012-09-28 01:13	33280	----a-w-	c:\windows\SysWow64\atigktxx.dll
    2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\atimpc64.dll
    2012-09-28 01:12 . 2012-09-28 01:12	56320	----a-w-	c:\windows\system32\amdpcom64.dll
    2012-09-28 01:12 . 2012-09-28 01:12	460288	----a-w-	c:\windows\system32\drivers\atikmpag.sys
    2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\atimpc32.dll
    2012-09-28 01:12 . 2012-09-28 01:12	56832	----a-w-	c:\windows\SysWow64\amdpcom32.dll
    2012-09-28 01:11 . 2012-07-28 01:13	129536	----a-w-	c:\windows\system32\atiuxp64.dll
    2012-09-28 01:11 . 2012-09-28 01:11	109568	----a-w-	c:\windows\SysWow64\atiuxpag.dll
    2012-09-28 01:11 . 2012-09-28 01:11	103424	----a-w-	c:\windows\system32\atiu9p64.dll
    2012-09-28 01:10 . 2012-09-28 01:10	82944	----a-w-	c:\windows\SysWow64\atiu9pag.dll
    2012-09-28 01:09 . 2012-09-28 01:09	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
    2012-09-25 22:47 . 2012-11-18 17:32	78336	----a-w-	c:\windows\SysWow64\synceng.dll
    2012-09-25 22:46 . 2012-11-18 17:32	95744	----a-w-	c:\windows\system32\synceng.dll
    2012-09-25 10:31 . 2011-09-08 13:05	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-09-24 13:32 . 2012-06-24 12:33	477168	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
    2012-09-24 13:32 . 2011-08-12 13:49	473072	----a-w-	c:\windows\SysWow64\deployJava1.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
    "SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
    R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
    R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [2008-12-07 35848]
    R3 cpuz130;cpuz130;c:\users\Tommy\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
    R3 GPU-Z;GPU-Z;c:\users\Tommy\AppData\Local\Temp\GPU-Z.sys [x]
    R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [2008-07-02 31624]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R4 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2011-08-24 83240]
    R4 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2011-09-02 75048]
    R4 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe [2011-09-02 292136]
    R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
    S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [2009-01-07 24840]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-08-12 503352]
    S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2012/03/09 13:53];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [2011-09-02 11:08 148976]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
    S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
    S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2011-08-24 75248]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [2010-11-16 15672]
    S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
    S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
    S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
    S2 Start BT in service;Start BT in service;c:\program files (x86)\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2008-03-19 51816]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
    .
    .
    Zawartość folderu 'Zaplanowane zadania'
    .
    2012-12-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-20 21:11]
    .
    2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 21:10]
    .
    2012-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-12 21:10]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
    .
    ------- Skan uzupełniający -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&ksport do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - USUNIĘTO PUSTE WPISY - - - -
    .
    Notify-SDWinLogon - SDWinLogon.dll
    AddRemove-{1AA94747-3BF6-4237-9E1A-7B3067738FE1} - c:\program files (x86)\InstallShield Installation Information\{1AA94747-3BF6-4237-9E1A-7B3067738FE1}\setup.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{329F96B6-DF1E-4328-BFDA-39EA953C1312}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl"
    .
    --------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Czas ukończenia: 2012-12-21  18:39:34
    ComboFix-quarantined-files.txt  2012-12-21 17:39
    ComboFix2.txt  2012-12-21 17:29
    .
    Przed: 28*140*654*592 bytes free
    Po: 28*070*154*240 bytes free
    .
    - - End Of File - - 1617EF9F4ED43E46D0FD2509B0855BFE

    Thanks in advance!

    EDIT: Also I redownloaded the "skin file" to show You how does it looks like.
    http://i7.photobucket.com/albums/y278/eSbeK/bs_zpsb8e250ef.png
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1081858

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice