co z tym zrobić?

IP: *.zamosc.mm.pl 29.06.06, 15:45
gg mi się psuje i co nie włącze to po chwili pisze wystąpił bład z aplikacją gg i ozstanie ona zamknięta i wogóle wszystko mi się wiesza często. nie wiem czemu.
    • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 15:52
      jeśli to coś pomoże to moge wkleić tu swojego loga.
      Logfile of HijackThis v1.99.1
      Scan saved at 15:49:09, on 2006-06-29
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\ctfmon.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Opera\Opera.exe
      C:\Program Files\WinRAR\WinRAR.exe
      C:\DOCUME~1\xxx\USTAWI~1\Temp\Rar$EX00.183\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.onet.pl/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: (no name) - {DD3D6F6B-3A04-B93E-4147-19F2EA0D9820} - Uint32.dll (file missing)
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
      O1 - Hosts: localhost 127.0.0.1
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
      O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
      O4 - HKLM\..\Run: [porka_] MON76234.exe
      O4 - HKLM\..\Run: [mozilla-text] MsNetHelper.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [KillAndClean] "C:\Program Files\KillAndClean\KillAndClean.exe"
      O4 - HKCU\..\Run: [ATLIEHELPER] FLKPT.exe
      O4 - HKCU\..\Run: [BoundRec] gabber.exe
      O4 - HKCU\..\Run: [TorontoMail] Trayz.exe
      O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - www.mks.com.pl/skaner/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
      O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: C-DillaCdaC11BA - Unknown owner - -C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
      O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - -C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

      • Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 16:17
        Wiec zamknij porty w wwdc o ile jeszcze tego nie zrobilas. Oczywiscie nie
        uzywaj wiecej IE skoro nie masz do niego aktualizacji.

        Uzyj:
        downloads.subratam.org/Fixwareout.exe
        Odinstaluj:
        Trojan Remover


        W hjt usun:
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R3 - URLSearchHook: (no name) - {DD3D6F6B-3A04-B93E-4147-19F2EA0D9820} -
        Uint32.dll (file missing)
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
        O1 - Hosts: localhost 127.0.0.1
        O4 - HKLM\..\Run: [porka_] MON76234.exe <- plik usun z dysku.
        O4 - HKLM\..\Run: [mozilla-text] MsNetHelper.exe <- plik usun z dysku.
        O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
        O4 - HKCU\..\Run: [KillAndClean] "C:\Program
        Files\KillAndClean\KillAndClean.exe" <- usun caly katalog KillAndClean z dysku.
        O4 - HKCU\..\Run: [ATLIEHELPER] FLKPT.exe <- plik usun z dysku.
        O4 - HKCU\..\Run: [BoundRec] gabber.exe <- plik usun z dysku.
        O4 - HKCU\..\Run: [TorontoMail] Trayz.exe <- plik usun z dysku.
        Podmienione dnsy:
        O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
        NameServer = 85.255.114.53,85.255.112.16
        O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53
        85.255.112.16
        O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
        NameServer = 85.255.114.53,85.255.112.16
        O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53
        85.255.112.16
        O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
        NameServer = 85.255.114.53,85.255.112.16
        O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53
        85.255.112.16

        Do tego zrob skan przy pomocy ewido (link na google lub w przyklejonym poscie
        na forum to samo wwdc).
        Po wszystkim wklej nowy log.
        • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 16:54
          mOj nowy log:
          Logfile of HijackThis v1.99.1
          Scan saved at 16:52:41, on 2006-06-29
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\Program Files\Messenger\msmsgs.exe
          C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
          C:\Program Files\Skype\Phone\Skype.exe
          C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
          C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
          C:\Program Files\Opera\Opera.exe
          C:\Program Files\Gadu-Gadu\gg.exe
          C:\Program Files\WinRAR\WinRAR.exe
          C:\DOCUME~1\xxx\USTAWI~1\Temp\Rar$EX01.415\HijackThis.exe
          C:\WINDOWS\system32\NOTEPAD.EXE

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
          O4 - HKLM\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /O6 "USB001" /M "Stylus C43"
          O4 - HKLM\..\Run: [AVK Mail Checker] "C:\Program Files\Common Files\G DATA\AVKMail\AVKPOP.EXE"
          O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C43 Series" /M "Stylus C43"
          O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
          O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
          O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
          O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - www.mks.com.pl/skaner/SkanerOnline.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
          O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
          O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
          O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
          O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}: NameServer = 85.255.114.53,85.255.112.16
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53 85.255.112.16
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: C-DillaCdaC11BA - Unknown owner - -C:\WINDOWS\System32\drivers\CDAC11BA.EXE (file missing)
          O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - Unknown owner - -C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (file missing)
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

          ale nie wiem co to sa te podmienione dnsy i co mam ztym zrobic.
          • Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 17:11
            Wklej na forum log z fixwareout.

            > ale nie wiem co to sa te podmienione dnsy i co mam ztym zrobic.

            Usunac i ewentualnie ustawic poprawne adresy takie jak zalecta Twoj dostawca
            netu (ustawiasz to we wlasciwosciach tcp/ip ktore sa we wlasciwosciach
            polaczenia internetowego)

            Teraz mi wytlumacz dalczego nie przeskanowalas systemu przy pomocy ewido?
            (chyba, ze juz go odinstalowalas?).

            Do kasacji w hjt (nowego log'a juz nie chce):
            O17 - HKLM\System\CCS\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
            NameServer = 85.255.114.53,85.255.112.16
            O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.53
            85.255.112.16
            O17 - HKLM\System\CS1\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
            NameServer = 85.255.114.53,85.255.112.16
            O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.53
            85.255.112.16
            O17 - HKLM\System\CS2\Services\Tcpip\..\{1339193C-4083-46A6-BA4E-7FBE1A27394E}:
            NameServer = 85.255.114.53,85.255.112.16
            O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.53
            85.255.112.16
            • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:21
              oto chodzi ze niemam juz ewidfo na kompie. pewnie brat odinsatlowal. musze go zainstalowac i przeskanuje wszytko ewido.
            • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:25

              Fixwareout ver 1.003
              Last edited 04/26/2006
              Post this report in the forums please

              Reg Entries that were deleted
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\nlcalik
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}CF601647744C-F3C9-F244-4650-76C1C464{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0B3660861F8F-DE0B-81E4-A55D-9A6B543A{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}B77CEC0DB115-9FB8-98B4-5617-C9E78301{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}325E249B5B75-2FD8-9BD4-2D77-E15CF8F7{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0FD1869680BF-C509-C224-9FCA-251673A8{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}BE2ED8DC9AF5-EBB9-82B4-20CE-184BFEC2{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}446FB8210D20-588A-91C4-DBA7-01A02485{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}28F328F50C16-298B-4C54-3135-F9D9A3AA{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1520E4AD1753-CAFA-7304-CD67-3CC60B5D{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}84D7FF7EFEF8-D84A-6AF4-2B5E-E77DADE5{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}302B697F1575-DE49-5704-781C-C1FD68E1{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D2990131AE18-C08B-3584-CA8B-EE947317{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E2E751AEC507-82FB-FE34-2801-EC12AF39{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}83F3D3343AE5-F1D8-B224-47E3-EA4897E3{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9B2E0F62446E-64C8-6834-3D2E-8CD89437{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}27C53A318B65-1E89-3624-4A4A-42238E5C{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F011F2690FD5-CB0B-57E4-0D3C-FE2DAE83{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}66509F2B7D5E-9D59-6604-506C-1456DF9D{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E00FF89C343B-960B-55B4-B6AA-702DFC70{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}494DDD2144FA-68DB-6974-955A-4670FE17{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4A389CE2D4D-D199-6704-EB02-59E1517F{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}359D9558BDFB-09EB-3D44-A21A-5E8A171C{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E4EA0126D2ED-E76B-5194-E841-BC566778{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9C7D2DCCE3F9-D19B-63F4-B9B1-9E2EA698{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5D367CFE22CA-EB19-8714-FE02-5EF8FE41{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}FC08E23F6AE0-AFE8-4124-A577-45770A32{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A4B24C51A88D-ADAB-BA94-B24A-654A62C9{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D8283E113F02-5BF9-1B44-8B69-B50AFE20{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1A45D1C1804E-3ECA-8DB4-EAF1-5B2E555F{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E5786D376F94-1058-ED74-558B-EFA641D6{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D1F0E97133C3-4BCA-F3E4-821D-036CF4B0{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}516250EE035E-D69A-B674-AA60-DB4FFD02{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F97585940532-6758-C0B4-C9A5-56058F2D{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}74DD755C1BD4-AE98-E8C4-EE8A-984A7133{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}73C2E544AA2C-8C2B-A334-E956-FC3292C3{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8FD4C50B2127-F2F8-8554-BAD5-6DFD27BB{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0F79F1721620-ECDA-EB04-6F6D-698863CA{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}D6146493E13A-4788-E1D4-67D3-DCE184DF{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}F5118EEA7038-4D79-9E54-7556-1D7E264A{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F43E8026E80-DAB9-C324-232E-2DE2084B{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}511C1C0ED09F-12DB-3444-44A7-A7BD61B9{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}6EBE923B8C58-BA2A-EB64-E83B-0736DFD2{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8813897EA936-8E29-9EF4-E3B2-FA1DA07C{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}9F39F3D202A6-7068-58E4-2BD4-5837F5EA{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}8EF3683B7FD1-A11A-3654-D402-D42F631B{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}2F56B288E00B-16E9-0014-B640-A8053C99{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}7043BB4E4C2A-7D78-B354-8AED-9B1CC2EE{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E0FF32E5BE81-2D18-A7C4-C59E-A5805938{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}5DACD11E8694-D198-FF84-F5E4-B888B1E6{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}3E8443D3B255-96FA-D714-B7F9-3FCE4CD6{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A8B9D49F280C-A02A-5EE4-BCE8-0BF68AE0{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}682B8C25EEC4-3D0B-0D04-DFBF-B3E7550B{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1CD02C5BE9BC-6D8B-F4A4-04B4-B31BBF7A{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DADFC17EB486-795A-8014-AEB1-EB3FDB4B{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}ED26D3A22D71-CBB8-19E4-6DFA-8A40DBC1{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}E528A939E2CE-FA48-8E04-63F3-B9000D2C{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}A5ECCC4B8655-4DFB-E264-C017-AF964A79{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}0A9E54CA9AA3-6649-2034-CB7D-C1DEF40E{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1C5041FF412D-0A78-F6C4-0919-8B6FCC1F{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}1968CE79929C-0CD8-1DD4-74BE-B94455B2{
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}DF156087AB29-380B-7F44-9E01-41063933{
            • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 17:25
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\jymmd
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nlcalik
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\swen
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eno
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ruof
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\evif
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ogol
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\owt
              HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\eerht
              ...

              Random Runs removed from HKLM
              "dmmyj.exe"=-
              ...

              PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
              Example ipsec6.exe is lagitamate

              »»»»» Search by size and names...
              * csr.exe C:\WINDOWS\System32\CSCRZ.EXE

              »»»»» Misc files

              »»»»» Checking for older varients covered by the Rem3 tool

              »»»»»
              Search five digit cs, dm and jb files
              This WILL/CAN also list Legit Files, Submit them at Virustotal
              C:\WINDOWS\SYSTEM32\CSCRZ.EXE 51 225 2006-06-07
              C:\WINDOWS\SYSTEM32\DMMYJ.EXE 44 087 2001-10-26
              • Gość: k Re: co z tym zrobić? IP: *.warszawa.sdi.tpnet.pl 29.06.06, 17:42
                Usun z dysku oba te pliki:
                C:\WINDOWS\SYSTEM32\CSCRZ.EXE
                C:\WINDOWS\SYSTEM32\DMMYJ.EXE
                • Gość: magda Re: co z tym zrobić? IP: *.zamosc.mm.pl 29.06.06, 21:54
                  juz usunełam. dziękuje ślicznie za pomoc. pa.
Pełna wersja