Dzis znalazlem u siebie dialera “delsim” ktorego chcialem sie pozbyc i chyba nie za dobrze mi poszlo, po wlaczeniu kompa zostaje dodawany modem z ktorego korzystal dialer. Jest to o tyle uciazliwe poniewaz gdy go recznie nie usune to komp mi muli, programy sie wieszaja i dzieja sie cuda.
Zamieszczam logi:
-
Hijack
Logfile of HijackThis v1.99.1
Scan saved at 22:54:29, on 2007-07-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
F:\Programy\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\Winampa.exe
F:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
F:\Programy\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Programy\Avast\aswUpdSv.exe
F:\Programy\Avast\ashServ.exe
F:\Programy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Programy\Spyware Terminator\sp_rsser.exe
C:\Program Files\Winamp\winamp.exe
F:\Programy\Konnekt\konnekt.exe
F:\Programy\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
F:\Programy\Instalki\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM…\Run: [avast!] F:\Programy\Avast\ashDisp.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\Winampa.exe”
O4 - HKLM…\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [SpywareTerminator] “F:\Programy\Spyware Terminator\SpywareTerminatorShield.exe”
O4 - HKLM…\Run: [!AVG Anti-Spyware] “F:\Programy\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU…\Run: [Uniblue Registry Booster] D:\ares download\registrybooster(2).exe /S
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet’a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet’a - F:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra ‘Tools’ menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programy\Avast\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programy\Avast\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Programy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programy\Spyware Terminator\sp_rsser.exe
-DSS
Deckard's System Scanner v20070611.50
Run by Michał on 2007-07-04 at 23:05:27
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis (run as Michał.exe) ----------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:05:35, on 2007-07-04
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
F:\Programy\Avast\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\Winampa.exe
F:\Programy\Spyware Terminator\SpywareTerminatorShield.exe
F:\Programy\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
F:\Programy\Avast\aswUpdSv.exe
F:\Programy\Avast\ashServ.exe
F:\Programy\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
F:\Programy\Spyware Terminator\sp_rsser.exe
C:\Program Files\Winamp\winamp.exe
F:\Programy\Konnekt\konnekt.exe
F:\Programy\mIRC\mirc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
E:\dss.exe
F:\Programy\Instalki\HIJACK~1\MICHAŁ.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - F:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - F:\PROGRA~1\FLASHGET\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [avast!] F:\Programy\Avast\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SpywareTerminator] "F:\Programy\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Programy\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Uniblue Registry Booster] D:\ares download\registrybooster(2).exe /S
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a - F:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FLASHGET\flashget.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Programy\Avast\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - F:\Programy\Avast\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Programy\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Program Files\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - F:\Programy\Spyware Terminator\sp_rsser.exe
-- Files created between 2007-06-04 and 2007-07-04 -----------------------------
2007-07-04 17:10:03 104 --a------ C:\FIX.BAT
2007-07-04 16:27:48 0 d-------- C:\Program Files\WinClamAVShield
2007-07-04 16:25:32 138368 --a------ C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
2007-07-03 09:54:14 391168 --a------ C:\WINDOWS\System32\setup_18087.exe
2007-07-02 22:01:52 70 --a------ C:\WINDOWS\System32\i
2007-07-01 21:59:35 0 d-------- C:\Program Files\sXe Injected
2007-07-01 15:11:20 0 d-------- C:\Program Files\VCop2
2007-06-26 19:11:34 0 d-------- C:\Documents and Settings\Michał\Application Data\Spyware Terminator
2007-06-26 11:43:07 0 d-------- C:\Program Files\TortoiseSVN
2007-06-26 11:29:40 266752 --a------ C:\WINDOWS\System32\XSTools.dll
2007-06-26 11:29:40 64512 --a------ C:\WINDOWS\System32\NetRedirect.dll
2007-06-26 11:29:35 266752 --a------ C:\WINDOWS\system\XSTools.dll
2007-06-26 11:29:35 64512 --a------ C:\WINDOWS\system\NetRedirect.dll
2007-06-20 17:31:46 0 d-------- C:\Program Files\HaftiX
2007-06-04 19:56:30 0 d--h----- C:\WINDOWS\System32\GroupPolicy
-- Find3M Report ---------------------------------------------------------------
2007-07-04 22:35:00 769 --ahs---- C:\WINDOWS\System32\mmf.sys
2007-07-04 20:04:28 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Grisoft
2007-07-04 17:55:12 436322 --a------ C:\WINDOWS\System32\perfh015.dat
2007-07-04 17:55:12 67298 --a------ C:\WINDOWS\System32\perfc015.dat
2007-07-04 16:39:16 16896 --a------ C:\WINDOWS\System32\tftp.exe
2007-07-04 16:39:16 42496 --a------ C:\WINDOWS\System32\ftp.exe
2007-07-04 10:29:16 133120 --a------ C:\WINDOWS\System32\sfc_os.dll
2007-06-26 11:43:40 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Subversion
2007-05-04 13:45:12 0 d-------- C:\Program Files\podatki.pl
2007-05-04 13:39:40 0 d-------- C:\Documents and Settings\Michał\Dane aplikacji\Dokumenty AFi
2007-05-04 10:50:50 0 d-------- C:\Program Files\IPSPI
-- Registry Dump ---------------------------------------------------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} F:\Programy\Adobe Reader\ActiveX\AcroIEHelper.dll
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} F:\PROGRA~1\FLASHGET\jccatch.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{F156768E-81EF-470C-9057-481BA8380DBA} F:\PROGRA~1\FLASHGET\getflash.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="F:\\Programy\\Avast\\ashDisp.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"WinampAgent"="\"C:\\Program Files\\Winamp\\Winampa.exe\""
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"SpywareTerminator"="\"F:\\Programy\\Spyware Terminator\\SpywareTerminatorShield.exe\""
"!AVG Anti-Spyware"="\"F:\\Programy\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Uniblue Registry Booster"="D:\\ares download\\registrybooster(2).exe /S"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Michał^Menu Start^Programy^Autostart^ABC.lnk]
"backup"="C:\\WINDOWS\\pss\\ABC.lnkStartup"
"location"="Startup"
"command"="F:\\Programy\\abc\\abc.exe "
"item"="ABC"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FAST Defrag]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_AVGASCLN
-- End of Deckard's System Scanner: finished at 2007-07-04 at 23:06:26 ---------
Da rade cos z tym problemem zrobic?