Gość: magda IP: *.zamosc.mm.pl 29.06.06, 15:45 gg mi się psuje i co nie włącze to po chwili pisze wystąpił bład z aplikacją gg i ozstanie ona zamknięta i wogóle wszystko mi się wiesza często. nie wiem czemu. Odpowiedz Link Zgłoś czytaj wygodnie posty
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 15:52 jeśli to coś pomoże to moge wkleić tu swojego loga. Logfile of HijackThis v1.99.1 Scan saved at 15:49:09, on 2006-06-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Opera\Opera.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\xxx\USTAWI~1\Temp\Rar$EX00.183\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: (no name) - {DD3D6F6B-3A04-B93E-4147-19F2EA0D9820} - Uint32.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O1 - Hosts: localhost 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43" O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [porka_] MON76234.exe O4 - HKLM\..\Run: [mozilla-text] MsNetHelper.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe" O4 - HKCU\..\Run: [ATLIEHELPER] FLKPT.exe O4 - HKCU\..\Run: [BoundRec] gabber.exe O4 - HKCU\..\Run: [TorontoMail] Trayz.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Unknown owner - -C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - -C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe Odpowiedz Link Zgłoś
Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 16:17 Wiec zamknij porty w wwdc o ile jeszcze tego nie zrobilas. Oczywiscie nie uzywaj wiecej IE skoro nie masz do niego aktualizacji. Uzyj: downloads.subratam.org/Fixwareout.exe Odinstaluj: Trojan Remover W hjt usun: R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {DD3D6F6B-3A04-B93E-4147-19F2EA0D9820} - Uint32.dll (file missing) F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O1 - Hosts: localhost 127.0.0.1 O4 - HKLM\..\Run: [porka_] MON76234.exe <- plik usun z dysku. O4 - HKLM\..\Run: [mozilla-text] MsNetHelper.exe <- plik usun z dysku. O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe" <- usun caly katalog KillAndClean z dysku. O4 - HKCU\..\Run: [ATLIEHELPER] FLKPT.exe <- plik usun z dysku. O4 - HKCU\..\Run: [BoundRec] gabber.exe <- plik usun z dysku. O4 - HKCU\..\Run: [TorontoMail] Trayz.exe <- plik usun z dysku. Podmienione dnsy: O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 Do tego zrob skan przy pomocy ewido (link na google lub w przyklejonym poscie na forum to samo wwdc). Po wszystkim wklej nowy log. Odpowiedz Link Zgłoś
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 16:54 mOj nowy log: Logfile of HijackThis v1.99.1 Scan saved at 16:52:41, on 2006-06-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\xxx\USTAWI~1\Temp\Rar$EX01.415\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43" O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43" O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - www.mks.com.pl/skaner/SkanerOnline.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: C-DillaCdaC11BA - Unknown owner - -C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing) O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - -C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe ale nie wiem co to sa te podmienione dnsy i co mam ztym zrobic. Odpowiedz Link Zgłoś
Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 17:11 Wklej na forum log z fixwareout. > ale nie wiem co to sa te podmienione dnsy i co mam ztym zrobic. Usunac i ewentualnie ustawic poprawne adresy takie jak zalecta Twoj dostawca netu (ustawiasz to we wlasciwosciach tcp/ip ktore sa we wlasciwosciach polaczenia internetowego) Teraz mi wytlumacz dalczego nie przeskanowalas systemu przy pomocy ewido? (chyba, ze juz go odinstalowalas?). Do kasacji w hjt (nowego log'a juz nie chce): O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16 Odpowiedz Link Zgłoś
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:21 oto chodzi ze niemam juz ewidfo na kompie. pewnie brat odinsatlowal. musze go zainstalowac i przeskanuje wszytko ewido. Odpowiedz Link Zgłoś
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:25 Fixwareout ver 1.003 Last edited 04/26/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nlcalik HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF601647744C-F3C9-F244-4650-76C1C464{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B3660861F8F-DE0B-81E4-A55D-9A6B543A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B77CEC0DB115-9FB8-98B4-5617-C9E78301{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}325E249B5B75-2FD8-9BD4-2D77-E15CF8F7{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0FD1869680BF-C509-C224-9FCA-251673A8{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE2ED8DC9AF5-EBB9-82B4-20CE-184BFEC2{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}446FB8210D20-588A-91C4-DBA7-01A02485{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28F328F50C16-298B-4C54-3135-F9D9A3AA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1520E4AD1753-CAFA-7304-CD67-3CC60B5D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84D7FF7EFEF8-D84A-6AF4-2B5E-E77DADE5{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}302B697F1575-DE49-5704-781C-C1FD68E1{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2990131AE18-C08B-3584-CA8B-EE947317{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E2E751AEC507-82FB-FE34-2801-EC12AF39{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83F3D3343AE5-F1D8-B224-47E3-EA4897E3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B2E0F62446E-64C8-6834-3D2E-8CD89437{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27C53A318B65-1E89-3624-4A4A-42238E5C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F011F2690FD5-CB0B-57E4-0D3C-FE2DAE83{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66509F2B7D5E-9D59-6604-506C-1456DF9D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E00FF89C343B-960B-55B4-B6AA-702DFC70{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}494DDD2144FA-68DB-6974-955A-4670FE17{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4A389CE2D4D-D199-6704-EB02-59E1517F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}359D9558BDFB-09EB-3D44-A21A-5E8A171C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4EA0126D2ED-E76B-5194-E841-BC566778{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C7D2DCCE3F9-D19B-63F4-B9B1-9E2EA698{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D367CFE22CA-EB19-8714-FE02-5EF8FE41{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC08E23F6AE0-AFE8-4124-A577-45770A32{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4B24C51A88D-ADAB-BA94-B24A-654A62C9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8283E113F02-5BF9-1B44-8B69-B50AFE20{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A45D1C1804E-3ECA-8DB4-EAF1-5B2E555F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5786D376F94-1058-ED74-558B-EFA641D6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1F0E97133C3-4BCA-F3E4-821D-036CF4B0{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}516250EE035E-D69A-B674-AA60-DB4FFD02{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F97585940532-6758-C0B4-C9A5-56058F2D{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74DD755C1BD4-AE98-E8C4-EE8A-984A7133{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}73C2E544AA2C-8C2B-A334-E956-FC3292C3{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8FD4C50B2127-F2F8-8554-BAD5-6DFD27BB{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0F79F1721620-ECDA-EB04-6F6D-698863CA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6146493E13A-4788-E1D4-67D3-DCE184DF{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5118EEA7038-4D79-9E54-7556-1D7E264A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F43E8026E80-DAB9-C324-232E-2DE2084B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}511C1C0ED09F-12DB-3444-44A7-A7BD61B9{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6EBE923B8C58-BA2A-EB64-E83B-0736DFD2{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8813897EA936-8E29-9EF4-E3B2-FA1DA07C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F39F3D202A6-7068-58E4-2BD4-5837F5EA{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EF3683B7FD1-A11A-3654-D402-D42F631B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F56B288E00B-16E9-0014-B640-A8053C99{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7043BB4E4C2A-7D78-B354-8AED-9B1CC2EE{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0FF32E5BE81-2D18-A7C4-C59E-A5805938{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DACD11E8694-D198-FF84-F5E4-B888B1E6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E8443D3B255-96FA-D714-B7F9-3FCE4CD6{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A8B9D49F280C-A02A-5EE4-BCE8-0BF68AE0{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}682B8C25EEC4-3D0B-0D04-DFBF-B3E7550B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CD02C5BE9BC-6D8B-F4A4-04B4-B31BBF7A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DADFC17EB486-795A-8014-AEB1-EB3FDB4B{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED26D3A22D71-CBB8-19E4-6DFA-8A40DBC1{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E528A939E2CE-FA48-8E04-63F3-B9000D2C{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5ECCC4B8655-4DFB-E264-C017-AF964A79{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A9E54CA9AA3-6649-2034-CB7D-C1DEF40E{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C5041FF412D-0A78-F6C4-0919-8B6FCC1F{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1968CE79929C-0CD8-1DD4-74BE-B94455B2{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF156087AB29-380B-7F44-9E01-41063933{ Odpowiedz Link Zgłoś
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:25 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jymmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht ... Random Runs removed from HKLM "dmmyj.exe"=- ... PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Example ipsec6.exe is lagitamate »»»»» Search by size and names... * csr.exe C:\WINDOWS\System32\CSCRZ.EXE »»»»» Misc files »»»»» Checking for older varients covered by the Rem3 tool »»»»» Search five digit cs, dm and jb files This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSCRZ.EXE 51 225 2006-06-07 C:\WINDOWS\SYSTEM32\DMMYJ.EXE 44 087 2001-10-26 Odpowiedz Link Zgłoś
Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 17:42 Usun z dysku oba te pliki: C:\WINDOWS\SYSTEM32\CSCRZ.EXE C:\WINDOWS\SYSTEM32\DMMYJ.EXE Odpowiedz Link Zgłoś
Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 21:54 juz usunełam. dziękuje ślicznie za pomoc. pa. Odpowiedz Link Zgłoś