Jump to content

Gemmy

Stały użytkownik
  • Content Count

    753
  • Joined

  • Last visited

Everything posted by Gemmy

  1. Uwaga oszust, pieniądze otrzymał i nagle zniknął

  2. Witam serdecznie,dziś do sprzedania mam fajny zestawik. Jak wyżej I7 box robi waryjot 4GHz-1,2V na box-sie,grafa dodatkowo wyposażona w backplate koszt ok 200pln,mobo bezproblemowe ,memki 1600 cl7. Ceny cpu ok 650 gpu ok 700 mobo ok 550 memy ok 300 psu ok 150 W zestawie pewnie jakiś rabacik się znajdzie.Foty,allegro na życzenie.Pozdrawiam
  3. Gemmy

    Audigy 2 ZS Gold

    Witam,mam do sprzedania karcioszke grajaca.Stan bd,na życzenie dołaczę all stery i foty,tak na alledrogo też mogę wystawić.Cena ok 100pln
  4. Nie wierzę, Gemmy się na forum pojawił. Witamy.

  5. Gemmy

    PSP 3004

    Mam na sprzedaż 2szt psp slim,nówki full komplet + gra Toy story. Cena za szt ok 350pln.
  6. Pilnie pod młotek z powodu wyjazdu idzie w/w zestawik: -cpu i7920@4GHz 1.38V na AC po szlifie cena 650 -gpu GTX 275 gwara komputronik cena 650 -mobo MSI proE x58 cena 400 -DDR3 3x2GB OCZ 1600cl8 cena 550 -zasiłka corsair 620HX gwara komputronik cena 300 -wentyle 4x Scythe Kama FLEX 120mm 1000rpm gwara cena 150 -Thermalright Ultra 120 extreme full gwara cena 150 Najchętniej sprzedam wszystko za jednym zamachem,ale jak są jakieś pytania,lub inne propozycje to pisać śmiało na pm.Pozdro
  7. Gemmy

    F1 Sezon 2010

    Webber myślał że Redbull doda mu skrzydeł:D Gratki dla Kobayashi-iego bo,Roberto zrobił swoje;)
  8. Gemmy

    2xdfi Lp 775 P35

    Jak w temacie 2x wyśmienite mobasy na 775 UT i LT robia spokojnie 600 fsb up,full gwara 400pln za szt. z wysyłką,foty dla zaintesowanych.Pisać na pw.Pozdro
  9. No w tym przypadku większych problemów nie napotkaliśmy,Tu max stabilne 32M które brykało praktycznie z łapy,przy napięciach: Cpu 1.41V Vpll 1.89V Vtt 1.32V Vnb 1.38V Vddr 1.85V boot na 210bclk (taki bezpieczny;) i up use clock do 240valid,na grubsze testy z użyciem ln2 zabrakło czasu
  10. nam akurat przyszło testować model GD80 i z opcją lowVdroop-(chyba tak to się zwało) ;) droop praktycznie nie istnieje,przynajmniej w zakresie 1.3V-1.5V .Oczywiście 4core+HT jak miałeś puszczone memki w tym secie? BTW. z tym padaniem,piszczeniem mobo,to po prostu mieliście pecha tak jak ja,z 4xP5B-deluxe,2xP5B,biostarem p45,2XDFI LP P35,i paroma GPU-też piszczały świnki:D Ale akurat w przypadku MSI skok jakościowy w porównaniu do P35 itp... jest lekko mówiąc, dość znaczny.
  11. ogląda ktoś teraz polsat news? w trakcie narratora leci niezwykle kojąca zmysły melodyjka -zna ktoś to?
  12. niech jeszcze troszku porządzą bo muszę studia skończyć :lol2:
  13. Gemmy

    Zacny Zestawik

    tia chyba tracery z tymi pirdonymi diodkami 1066 kupione jakieś 1,5 roku temu w UK chodzą bez zająknięcia.Kartoniki plomby wszystko jest.
  14. Gemmy

    Zacny Zestawik

    Witam.Pod mlotek idzie taki oto zestawik DFI lp UT p35,E8600,4x1GB crucki 1066,4870 512MB,zasilka tagan 530W odpinane kabelki Mobo spisuje się wyśmienicie,procuś lata 4.4 na 1.33V AC,memki nie kręcone ustawione od nowości na ok 530 5-5-5-12 2.1V,grafa nowka w kartoniku,a zasilke dam w gratisie jak ktoś się zdecyduje na cały zestawik. Wszystkie części na gwarancji Przybliżone ceny mobo 500,cpu 650,memki 200,grafa 450,zasilka 150 Pozdrawiam
  15. widzę nadal trzymasz poziom Międzychodzkiej katolickiej szui :lol:
  16. Vtt(qpi) ok.1.5V Vddr3 1.9V Vcpu 1.5V Wszystko stabilne do ustawie z próbki 16M,później zaczynają się schody,i skok o zaledwie 1bclk powoduje wyraźną niestabilność, gdzie przechodzi tylko 1M.Nie wiem stawiam na uncore? btw.na resztkach ln2 temp.-35C
  17. Gemmy

    World of Warcraft

    To jak jest pełen to skorzystaj z darmowej migracji np na serv Shattered Halls gdzie serdecznie zapraszam
  18. tak jak ent napisał proc przy tych taktach łapał CB w okolicach -50C,na def cpu to wciągał -70C.Także taka sztuka idealna pod mocne FC
  19. Do sprzedania nówka z gwara w komputroniku od 18.02.2009 cena ok 750pln dokładnie ten model 9800GTX+
  20. full komplet na gwarce,cena ok 350.Bez problemu na stockach wciaga 600fsb,nie ma żadnych problemów z memami 4x1GB.
  21. Pieknie! ,do dnia dzisiejszego wszystko wydaje sie być w porządku,7 dniowa udreka zniknęła 8O .Dziekuje za pomoc ah za wcześnie sie ucieszyłem 8O wczoraj o 19 konto zawieszone,na 24h.Powód wirusy,trojany,i udostepnianie konta osobą trzecim-czyli taka notka standardowa Blizzarda. Problem rozwiązałem ,szybko i boleśnie ,przez usuniecie konta z WoW-em.
  22. Uczyniłem ,jak kazałeś i to log po skanie » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - Cfix LOG ComboFix 08-12-28.04 - gemmy 2008-12-29 21:59:09.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.3326.2775 [GMT 1:00] Uruchomiony z: c:\documents and settings\gemmy\Pulpit\ComboFix.exe * Utworzono nowy punkt przywracania * Resident AV is active . ((((((((((((((((((((((((( Pliki utworzone od 2008-11-28 do 2008-12-29 ))))))))))))))))))))))))))))))) . 2008-12-28 11:15 . 2008-12-28 11:15 <DIR> d-------- c:\program files\K-Lite Codec Pack 2008-12-28 11:15 . 2007-09-04 17:56 164,352 --a------ c:\windows\system32\unrar.dll 2008-12-28 11:15 . 2008-07-30 20:09 38 --a------ c:\windows\avisplitter.ini 2008-12-28 11:03 . 2008-12-28 11:03 85,504 -r-hs---- c:\windows\system32\vbsdfe1.dll 2008-12-27 21:57 . 2008-12-27 21:57 <DIR> d-------- c:\program files\NEC-Mitsubishi 2008-12-27 21:57 . 2008-12-27 21:57 95,642 --a------ c:\windows\Brightness Controller Uninstaller.exe 2008-12-27 21:36 . 2008-12-29 20:27 <DIR> d-------- c:\program files\Foobar_0.9.4.5 2008-12-27 14:27 . 2008-12-27 14:27 <DIR> d-------- c:\program files\FileZilla FTP Client 2008-12-27 14:27 . 2008-12-27 14:37 <DIR> d-------- c:\documents and settings\gemmy\Dane aplikacji\FileZilla 2008-12-27 14:04 . 2008-12-27 14:04 <DIR> d-------- c:\program files\Trend Micro 2008-12-27 13:58 . 2008-12-28 17:02 117,640 --a------ C:\test.htm 2008-12-27 13:49 . 2008-12-27 13:49 <DIR> d-------- c:\program files\ESET 2008-12-27 13:43 . 2008-12-27 13:43 <DIR> d-------- c:\documents and settings\gemmy\Dane aplikacji\DAEMON Tools Pro 2008-12-27 13:43 . 2008-12-27 13:43 <DIR> d-------- c:\documents and settings\gemmy\Dane aplikacji\DAEMON Tools 2008-12-27 13:42 . 2008-12-27 13:42 <DIR> d-------- c:\program files\DAEMON Tools Lite 2008-12-27 13:42 . 2008-12-27 13:42 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\DAEMON Tools Lite 2008-12-27 13:40 . 2008-12-27 13:40 <DIR> d-------- c:\documents and settings\gemmy\Dane aplikacji\DAEMON Tools Lite 2008-12-27 13:40 . 2008-12-27 13:40 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2008-12-27 13:31 . 2008-12-27 13:31 0 --a------ c:\windows\nsreg.dat 2008-12-27 13:17 . 2008-12-27 13:17 <DIR> d-------- c:\documents and settings\gemmy\Dane aplikacji\ATI 2008-12-27 13:17 . 2008-12-27 13:17 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ATI 2008-12-27 13:17 . 2008-12-27 13:17 0 --a------ c:\windows\ativpsrm.bin 2008-12-27 13:15 . 2008-12-27 13:16 <DIR> d-------- c:\program files\ATI Technologies 2008-12-27 13:15 . 2008-12-01 14:35 593,920 --------- c:\windows\system32\ati2sgag.exe 2008-12-27 13:14 . 2008-12-27 13:14 <DIR> d-------- C:\ATI 2008-12-27 13:07 . 2008-12-28 11:03 115,259 -r-hs---- c:\windows\system32\vamsoft.exe 2008-12-27 13:07 . 2008-12-29 17:34 85,504 -r-hs---- c:\windows\system32\vbsdfe0.dll 2008-12-27 13:06 . 2008-12-29 00:23 1,080 --a------ c:\windows\system32\settingsbkup.sfm 2008-12-27 13:06 . 2008-12-29 00:23 1,080 --a------ c:\windows\system32\settings.sfm 2008-12-27 13:04 . 2008-12-27 13:05 <DIR> d----c--- c:\windows\system32\DRVSTORE 2008-12-27 13:04 . 2008-12-27 13:04 <DIR> d-------- c:\program files\Intel 2008-12-27 13:04 . 2008-12-29 21:57 4,958,588 --a------ c:\windows\{00000006-00000000-00000002-00001102-00000004-20021102}.BAK 2008-12-27 13:04 . 2008-12-27 13:03 53,248 --a------ c:\windows\system32\CSVer.dll 2008-12-27 13:04 . 2008-12-29 00:23 31,056 --a------ c:\windows\system32\BMXStateBkp-{00000006-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-27 13:04 . 2008-12-29 00:23 31,056 --a------ c:\windows\system32\BMXState-{00000006-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-27 13:04 . 2008-12-29 00:23 30,528 --a------ c:\windows\system32\BMXCtrlState-{00000006-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-27 13:04 . 2008-12-29 00:23 30,528 --a------ c:\windows\system32\BMXBkpCtrlState-{00000006-00000000-00000002-00001102-00000004-20021102}.rfx 2008-12-27 13:04 . 2008-12-29 00:23 11,564 --a------ c:\windows\system32\DVCState-{00000006-00000000-00000002-00001102-00000004-20021102}.rfx . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-27 12:44 504,832 ----a-w c:\windows\system32\winlogon.exe 2008-12-27 12:15 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-27 12:14 --------- d-----w c:\program files\Common Files\InstallShield 2008-12-27 11:51 --------- d-----w c:\program files\Gadu-Gadu 2008-12-27 11:50 --------- d-----w c:\program files\Creative 2008-12-27 11:49 --------- d-----w c:\documents and settings\gemmy\Dane aplikacji\Creative 2008-12-27 11:21 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\ESET 2008-12-27 11:03 635,337 ----a-w c:\windows\unins000.exe 2008-12-27 11:03 --------- d-----w c:\program files\Pro Imaging Powertoys 2008-12-27 11:03 --------- d-----w c:\program files\Microsoft Calculator Plus 2008-12-27 11:03 --------- d-----w c:\program files\Java 2008-12-27 11:03 --------- d-----w c:\program files\Common Files\Java 2008-12-27 11:00 635,337 ----a-w c:\windows\system32\unins000.exe 2008-12-27 10:53 --------- d-----w c:\program files\Windows Media Connect 2 2008-12-27 10:52 --------- d-----w c:\program files\Reference Assemblies 2008-12-27 10:52 --------- d-----w c:\program files\MSBuild 2008-12-27 10:48 --------- d-----w c:\program files\HighMAT CD Writing Wizard 2008-12-27 10:43 --------- d-----w c:\program files\MSXML 6.0 2008-12-27 10:35 --------- d-----w c:\program files\SGJ 2008-12-27 10:18 --------- d-----w c:\program files\microsoft frontpage 2008-12-27 10:17 --------- d-----w c:\program files\Usługi online 2008-12-01 22:13 3,452,928 ----a-w c:\windows\system32\drivers\ati2mtag.sys 2008-12-01 20:52 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll 2008-12-01 20:51 318,464 ----a-w c:\windows\system32\ati2dvag.dll 2008-12-01 20:46 11,304,960 ----a-w c:\windows\system32\atioglxx.dll 2008-12-01 20:41 188,416 ----a-w c:\windows\system32\atipdlxx.dll 2008-12-01 20:40 43,520 ----a-w c:\windows\system32\ati2edxx.dll 2008-12-01 20:40 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe 2008-12-01 20:40 147,456 ----a-w c:\windows\system32\Oemdspif.dll 2008-12-01 20:40 143,360 ----a-w c:\windows\system32\ati2evxx.dll 2008-12-01 20:38 598,016 ----a-w c:\windows\system32\ati2evxx.exe 2008-12-01 20:37 53,248 ----a-w c:\windows\system32\ATIDDC.DLL 2008-12-01 20:27 4,120,384 ----a-w c:\windows\system32\ati3duag.dll 2008-12-01 20:19 307,200 ----a-w c:\windows\system32\atiiiexx.dll 2008-12-01 20:11 2,495,360 ----a-w c:\windows\system32\ativvaxx.dll 2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2008-12-01 19:53 401,408 ----a-w c:\windows\system32\atikvmag.dll 2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll 2008-12-01 19:52 17,408 ----a-w c:\windows\system32\atitvo32.dll 2008-12-01 19:51 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll 2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll 2008-12-01 19:50 286,720 ----a-w c:\windows\system32\atiok3x2.dll 2008-12-01 19:45 577,536 ----a-w c:\windows\system32\ati2cqag.dll 2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe 2008-10-21 17:40 81,920 ----a-w c:\windows\system32\ATIODE.exe 2008-10-21 17:40 45,056 ----a-w c:\windows\system32\ATIODCLI.exe . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "Gadu-Gadu"="c:\program files\Gadu-Gadu\gg.exe" [2005-09-15 1712128] "vamsoft"="c:\windows\system32\vamsoft.exe" [2008-12-28 115259] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-12-01 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "CTHelper"="CTHELPER.EXE" [2006-08-11 c:\windows\CTHELPER.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\gemmy\Menu Start\Programy\Autostart\ Brightness Controller.lnk - c:\program files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe [2002-06-15 69632] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" [2008-07-01 468224] *Newly Created Service* - PROCEXP90 . - - - - USUNIĘTO PUSTE WPISY - - - - HKLM-Run-NodLogin - c:\program files\ESET\ESET NOD32 Antivirus\nodlogin.exe . ------- Skan uzupełniający ------- . FF - ProfilePath - c:\documents and settings\gemmy\Dane aplikacji\Mozilla\Firefox\Profiles\8uh0s3u1.default\ FF - component: c:\documents and settings\gemmy\Dane aplikacji\Mozilla\Firefox\Profiles\8uh0s3u1.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-29 21:59:37 Windows 5.1.2600 Dodatek Service Pack 2 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** . --------------------- Pliki DLL ładowane pod uruchomionymi procesami --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\Ati2evxx.dll . Czas ukończenia: 2008-12-29 21:59:58 ComboFix-quarantined-files.txt 2008-12-29 20:59:45 Przed: 26 210 185 216 bajtów wolnych Po: 26,260,291,584 bajtów wolnych WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 163
  23. Jak w temacie Blizzard zawiesza mi konto (praktycznie co 24h),twierdząc że posiadam jakiś syf w postaci trojanow itp.. Sys po formacie,po kilku krotnych skanach nod32,kav,mks:d i nic niby czysto. » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - HJT LOG Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:08:10, on 2008-12-29 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\taskswitch.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\CTHELPER.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\gemmy\Pulpit\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Brightness Controller.lnk = C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- End of file - 4160 bytes » Naciśnij aby pokazać/ukryć tekst oznaczony jako spoiler « - SR LOG "Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] "vamsoft" = "C:\WINDOWS\system32\vamsoft.exe" [null data] "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "NodLogin" = "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS] "{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager" -> {HKCU...CLSID} = "Desktop Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data] "{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy" -> {HKCU...CLSID} = "CD Burn Slideshow Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\gemmy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "gemmy" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\gemmy\Menu Start\Programy\Autostart "Brightness Controller" -> shortcut to: "C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe" ["NEC-Mitsubishi Display Electronics America Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] ---------- (launch time: 2008-12-29 20:11:29) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 4 seconds. ---------- (total run time: 23 seconds)"Silent Runners.vbs", revision 59, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} "CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS] "Gadu-Gadu" = ""C:\Program Files\Gadu-Gadu\gg.exe" /tray" ["Gadu-Gadu Sp. z oo"] "vamsoft" = "C:\WINDOWS\system32\vamsoft.exe" [null data] "WMPNSCFG" = "C:\Program Files\Windows Media Player\WMPNSCFG.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "CoolSwitch" = "C:\WINDOWS\system32\taskswitch.exe" [null data] "SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."] "CTHelper" = "CTHELPER.EXE" ["Creative Technology Ltd"] "StartCCC" = ""C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun" ["Advanced Micro Devices, Inc."] "egui" = ""C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice" ["ESET"] "NodLogin" = "C:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe" [file not found] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Rozszerzenie CPL kadrowania wyświetlania" -> {HKLM...CLSID} = "Rozszerzenie CPL kadrowania wyświetlania" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Rozszerzenie ikony HyperTerminalu" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."] "{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys" -> {HKCU...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS] "{709C6E11-538F-4759-86AC-6ACB302AA0DE}" = "Desktop Manager" -> {HKCU...CLSID} = "Desktop Manager" \InProcServer32\(Default) = "C:\WINDOWS\system32\msvdm.dll" [null data] "{efb97cb8-a4a4-4357-a261-002ffaed0267}" = "CD Slideshow Powertoy" -> {HKCU...CLSID} = "CD Burn Slideshow Hook" \InProcServer32\(Default) = "C:\WINDOWS\system32\slideshow.dll" [MS] "{5E2121EE-0300-11D4-8D3B-444553540000}" = "Catalyst Context Menu extension" -> {HKLM...CLSID} = "SimpleShlExt Class" \InProcServer32\(Default) = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll" ["Advanced Micro Devices, Inc."] "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" = "Eset Smart Security - Context Menu Shell Extension" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ "WPDShServiceObj" = "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" -> {HKLM...CLSID} = "WPDShServiceObj Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\WPDShServiceObj.dll" [MS] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ <<!>> AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ Eset Smart Security - Context Menu Shell Extension\(Default) = "{B089FE88-FB52-11D3-BDF1-0050DA34150D}" -> {HKLM...CLSID} = "Eset Smart Security - Context Menu Shell Extension" \InProcServer32\(Default) = "C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll" ["ESET"] Group Policies {GPedit.msc branch and setting}: ----------------------------------------------- Note: detected settings may not have any effect. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ "shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Shutdown: Allow system to be shut down without having to log on} "undockwithoutlogon" = (REG_DWORD) dword:0x00000001 {Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options| Devices: Allow undock without having to log on} Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop enabled and wallpaper not set by Group Policy: HKCU\Software\Microsoft\Internet Explorer\Desktop\General\ "Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\Documents and Settings\gemmy\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp" Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MPCPlayCDAudioOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayCDAudio" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /cd" ["mpc-hc@Sourceforge"] MPCPlayDVDMovieOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayDVDMovie" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1 /dvd" ["mpc-hc@Sourceforge"] MPCPlayMusicFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayMusicFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MPCPlayVideoFilesOnArrival\ "Provider" = "Media Player Classic" "InvokeProgID" = "MediaPlayerClassic.Autorun" "InvokeVerb" = "PlayVideoFiles" HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = ""C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" %1" ["mpc-hc@Sourceforge"] MSWPDShellNamespaceHandler\ "Provider" = "@%SystemRoot%\System32\WPDShextRes.dll,-501" "CLSID" = "{A55803CC-4D53-404c-8557-FD63DBA95D24}" "InitCmdLine" = " " -> {HKLM...CLSID} = "WPDShextAutoplay" \LocalServer32\(Default) = "C:\WINDOWS\system32\WPDShextAutoplay.exe" [MS] Startup items in "gemmy" & "All Users" startup folders: ------------------------------------------------------- C:\Documents and Settings\gemmy\Menu Start\Programy\Autostart "Brightness Controller" -> shortcut to: "C:\Program Files\NEC-Mitsubishi\Brightness Controller\BrightnessController.exe" ["NEC-Mitsubishi Display Electronics America Inc."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Sun Java Console" "CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.6.0_03" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."] Eset Service, ekrn, ""C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"" ["ESET"] Usługa udostępniania w sieci programu Windows Media Player, WMPNetworkSvc, ""C:\Program Files\Windows Media Player\WMPNetwk.exe"" [MS] ---------- (launch time: 2008-12-29 20:11:29) <<!>>: Suspicious data at a malware launch point. + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 4 seconds. ---------- (total run time: 23 seconds) Jeżeli ktoś wychwyci jakiś błąd to będę wdzięczny.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.