Премини към съдържанието

cveteelina

Потребител
  • Публикации

    246
  • Регистрация

  • Последно онлайн

Харесвания

4 Неутрална репутация

4 Последователи

Всичко за cveteelina

  • Титла
    Почетен потребител
  • Рожден ден 2.05.1982

Информация

  • Пол
    Жена
  1. cveteelina

    Мнения,препоръки за таблет Asus Memo

    Здравей. Доволен ли си от този калъф ? Дали има някъде силиконови "гръбчета" за този модел ? Търсих в ebay , но не открих.
  2. http://www.youtube.com/watch?v=Ky4AinSeiE8&feature=fvst
  3. cveteelina

    Мнението ви за предишния

    Не ми е познат (преди май влизах много по често)
  4. cveteelina

    За какво си мислите ?

    Слушайки музика си мисля , колко ми липсва времето преди 5-6 години
  5. cveteelina

    Какво слушате в момента? (част 5)

    http://www.youtube.com/watch?v=l9lq8oaK5Mw
  6. Мнооооооого благодаря за помоща CCleaner ми се стартира с всяко включване на компа и другата която знам (казвам знам, защото може да съм инсталирала нещо без да знам за какво е) , че ползвам е TuneUp Utilities. Дефрагмирам единствено с вградената програма на Windows, но не толкова често Още един път едно голямо БЛАГОДАРЯ !!! Ще се постарая да съм стриктна и да следвам препоръките ви
  7. Значи, като сложих отметки на Drivers Processes SSDT Hidden Services и натиснах ОК, се появи това ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/02/01 13:22 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xA3D85000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79C9000 Size: 8192 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA123E000 Size: 49152 File Visible: No Signed: - Status: - SSDT ------------------- #: 002 Function Name: NtAccessCheckAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0f35 #: 003 Function Name: NtAccessCheckByType Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dac47 #: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0fbc #: 005 Function Name: NtAccessCheckByTypeResultList Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063fcc4 #: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e55 #: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641e9e #: 009 Function Name: NtAddBootEntry Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 010 Function Name: NtAdjustGroupsToken Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063f483 #: 011 Function Name: NtAdjustPrivilegesToken Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0787 #: 012 Function Name: NtAlertResumeThread Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063779a #: 014 Function Name: NtAllocateLocallyUniqueId Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805df8e8 #: 015 Function Name: NtAllocateUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e442 #: 016 Function Name: NtAllocateUuids Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d8781 #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65b94 #: 018 Function Name: NtAreMappedFilesTheSame Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7258 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65586 #: 021 Function Name: NtCancelDeviceWakeupRequest Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b #: 022 Function Name: NtCancelIoFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc537 #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa3e416b8 #: 026 Function Name: NtCloseObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0b65 #: 027 Function Name: NtCompactKeys Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655cf4 #: 028 Function Name: NtCompareTokens Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfff3 #: 030 Function Name: NtCompressKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655f61 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a655da #: 033 Function Name: NtCreateDebugObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661378 #: 036 Function Name: NtCreateEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650200 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65640 #: 038 Function Name: NtCreateIoCompletion Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805da662 #: 039 Function Name: NtCreateJobObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5cd6 #: 040 Function Name: NtCreateJobSet Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637c43 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa3e41574 #: 042 Function Name: NtCreateMailslotFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6e7f #: 045 Function Name: NtCreatePagingFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b4823 #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a6572e #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a657ba #: 049 Function Name: NtCreateProfile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650837 #: 052 Function Name: NtCreateSymbolicLinkObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e6e56 #: 053 Function Name: NtCreateThread Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a6584a #: 057 Function Name: NtDebugActiveProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65980 #: 058 Function Name: NtDebugContinue Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8066264b #: 059 Function Name: NtDelayExecution Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb07 #: 060 Function Name: NtDeleteAtom Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dcc8b #: 061 Function Name: NtDeleteBootEntry Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b #: 062 Function Name: NtDeleteFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d54ac #: 064 Function Name: NtDeleteObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80641ef5 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa3e41a52 #: 067 Function Name: NtDisplayString Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805b5cd8 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a659d4 #: 070 Function Name: NtEnumerateBootEntries Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb87 #: 074 Function Name: NtExtendSection Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062d3f9 #: 075 Function Name: NtFilterToken Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce473 #: 076 Function Name: NtFindAtom Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e26f2 #: 079 Function Name: NtFlushKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d93bb #: 080 Function Name: NtFlushVirtualMemory Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e8ab6 #: 081 Function Name: NtFlushWriteBuffer Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062eca1 #: 082 Function Name: NtFreeUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062e7f7 #: 085 Function Name: NtGetContextThread Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635721 #: 086 Function Name: NtGetDevicePowerState Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bf7 #: 090 Function Name: NtImpersonateClientOfPort Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dfd66 #: 093 Function Name: NtInitiatePowerAction Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806339c3 #: 094 Function Name: NtIsProcessInJob Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637af7 #: 095 Function Name: NtIsSystemResumeAutomatic Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633bde #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65a3a #: 098 Function Name: NtLoadKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce7e5 #: 099 Function Name: NtLoadKey2 Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805ce944 #: 100 Function Name: NtLockFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd058 #: 101 Function Name: NtLockProductActivationKeys Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdce7 #: 102 Function Name: NtLockRegistryKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c7155 #: 104 Function Name: NtMakePermanentObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e704c #: 105 Function Name: NtMakeTemporaryObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e7113 #: 106 Function Name: NtMapUserPhysicalPages Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062da9e #: 107 Function Name: NtMapUserPhysicalPagesScatter Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062def7 #: 109 Function Name: NtModifyBootEntry Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb9b #: 110 Function Name: NtNotifyChangeDirectoryFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd2ef #: 111 Function Name: NtNotifyChangeKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e218f #: 112 Function Name: NtNotifyChangeMultipleKeys Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e1fa1 #: 115 Function Name: NtOpenEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806502f3 #: 117 Function Name: NtOpenIoCompletion Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806210b3 #: 118 Function Name: NtOpenJobObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80637e9b #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65a8c #: 121 Function Name: NtOpenObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e9252 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa3e4108c #: 125 Function Name: NtOpenSection Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65ae4 #: 126 Function Name: NtOpenSemaphore Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e71ca #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65b3c #: 131 Function Name: NtOpenTimer Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650129 #: 135 Function Name: NtPrivilegeObjectAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d88c7 #: 136 Function Name: NtPrivilegedServiceAuditAlarm Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cd91a #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65bfa #: 140 Function Name: NtQueryBootEntryOrder Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 141 Function Name: NtQueryBootOptions Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 147 Function Name: NtQueryEaFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621300 #: 153 Function Name: NtQueryInformationPort Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b0a5 #: 158 Function Name: NtQueryIntervalProfile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650ce7 #: 159 Function Name: NtQueryIoCompletion Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621174 #: 161 Function Name: NtQueryMultipleValueKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806556d8 #: 162 Function Name: NtQueryMutant Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065066c #: 164 Function Name: NtQueryOpenSubKeys Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806558e1 #: 166 Function Name: NtQueryQuotaInformationFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621bb7 #: 168 Function Name: NtQuerySecurityObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9eab #: 169 Function Name: NtQuerySemaphore Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f459 #: 171 Function Name: NtQuerySystemEnvironmentValue Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbd7 #: 172 Function Name: NtQuerySystemEnvironmentValueEx Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb73 #: 175 Function Name: NtQueryTimer Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3c32 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa3e4176e #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e3b8d #: 182 Function Name: NtRaiseHardError Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064f195 #: 184 Function Name: NtReadFileScatter Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062248f #: 185 Function Name: NtReadRequestData Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e050e #: 188 Function Name: NtReleaseMutant Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056eb72 #: 191 Function Name: NtRemoveProcessDebug Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806625c6 #: 192 Function Name: NtRenameKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80655b56 #: 193 Function Name: NtReplaceKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806564b2 #: 197 Function Name: NtReplyWaitReplyPort Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062b184 #: 198 Function Name: NtRequestDeviceWakeup Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633b6b #: 199 Function Name: NtRequestPort Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e94d0 #: 201 Function Name: NtRequestWakeupLatency Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80633964 #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65c58 #: 205 Function Name: NtResumeProcess Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063773a #: 206 Function Name: NtResumeThread Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65cb6 #: 207 Function Name: NtSaveKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065614a #: 208 Function Name: NtSaveKeyEx Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656235 #: 209 Function Name: NtSaveMergedKeys Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80656362 #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65d74 #: 211 Function Name: NtSetBootEntryOrder Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 212 Function Name: NtSetBootOptions Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbaf #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80635947 #: 214 Function Name: NtSetDebugFilterState Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80663fa8 #: 216 Function Name: NtSetDefaultLocale Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d6343 #: 217 Function Name: NtSetDefaultUILanguage Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d62ea #: 218 Function Name: NtSetEaFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621847 #: 221 Function Name: NtSetHighEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806505f3 #: 222 Function Name: NtSetHighWaitLowEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650513 #: 223 Function Name: NtSetInformationDebugObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661f67 #: 225 Function Name: NtSetInformationJobObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d5e2a #: 226 Function Name: NtSetInformationKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065523b #: 231 Function Name: NtSetIntervalProfile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650813 #: 233 Function Name: NtSetLdtEntries Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80636653 #: 234 Function Name: NtSetLowEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650587 #: 235 Function Name: NtSetLowWaitHighEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065049f #: 236 Function Name: NtSetQuotaInformationFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80621b8f #: 237 Function Name: NtSetSecurityObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805d9cac #: 238 Function Name: NtSetSystemEnvironmentValue Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fe74 #: 239 Function Name: NtSetSystemEnvironmentValueEx Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fb73 #: 242 Function Name: NtSetSystemTime Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064ee49 #: 243 Function Name: NtSetThreadExecutionState Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb0b7 #: 245 Function Name: NtSetTimerResolution Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805eb37e #: 246 Function Name: NtSetUuidSeed Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cdac6 #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65d08 #: 248 Function Name: NtSetVolumeInformationFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806220cd #: 249 Function Name: NtShutdownSystem Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064e597 #: 251 Function Name: NtStartProfile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650a7e #: 252 Function Name: NtStopProfile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650c37 #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65dde #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806375fb #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65e30 #: 256 Function Name: NtTerminateJobObject Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8063800d #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65e90 #: 261 Function Name: NtTranslateFilePath Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8064fbc3 #: 262 Function Name: NtUnloadDriver Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80624780 #: 263 Function Name: NtUnloadKey Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654db2 #: 264 Function Name: NtUnloadKeyEx Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80654fdb #: 265 Function Name: NtUnlockFile Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805dd1b8 #: 266 Function Name: NtUnlockVirtualMemory Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8062ed15 #: 269 Function Name: NtWaitForDebugEvent Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80661cb2 #: 270 Function Name: NtWaitForMultipleObjects Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8056ec4d #: 272 Function Name: NtWaitHighEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80650433 #: 273 Function Name: NtWaitLowEventPair Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x806503c7 #: 275 Function Name: NtWriteFileGather Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805cc824 #: 276 Function Name: NtWriteRequestData Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805e0592 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\WINDOWS\system32\drivers\PCTAppEvent.sys" at address 0xa0a65ef4 #: 279 Function Name: NtCreateKeyedEvent Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x805c291a #: 281 Function Name: NtReleaseKeyedEvent Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x8065120b #: 282 Function Name: NtWaitForKeyedEvent Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80651476 #: 283 Function Name: NtQueryPortInformationProcess Status: Hooked by "C:\WINDOWS\system32\TUKERNEL.EXE" at address 0x80634f55 ==EOF====EOF== После за да отметна дяловете C:\ , D:\ отворих долу Files. След сканиране запаметих това ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/02/01 13:29 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\documents and settings\tsveti\application data\utorrent\resume.dat Status: Size mismatch (API: 29802, Raw: 30198) Path: C:\Documents and Settings\TSVETI\Application Data\uTorrent\resume.dat.old Status: Could not get file information (Error 0xc0000008)
  8. Стъпка 1: прикачените файлове DDS.txt Attach.txt
  9. Ето лога от HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:16:42, on 01.2.2010 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnpstd3.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\VTech\VTech Electronic Learning Desktop Software\pclink.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\Kaldata.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.bg/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: PC Connection Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/39.24/uploader2.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fotobravo.com/upload/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248285379546 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.snimkitemi.com/store/ImageUploader4.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://e-postbank.bg/capicom.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F6520392-850A-4BBC-807C-6CA86035AF98}: NameServer = 77.76.148.1,77.76.146.254 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9298 bytes
  10. Това е от стъпка 4 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:19:49, on 01.2.2010 г. Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16981) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\vsnpstd3.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\VTech\VTech Electronic Learning Desktop Software\pclink.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\PC Tools Firewall Plus\FWService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HJT\Kaldata.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.start.bg/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: PC Connection Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/39.24/uploader2.cab O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.fotobravo.com/upload/ImageUploader5.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1248285379546 O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.snimkitemi.com/store/ImageUploader4.cab O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://e-postbank.bg/capicom.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F6520392-850A-4BBC-807C-6CA86035AF98}: NameServer = 77.76.148.1,77.76.146.254 O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 9585 bytes С Еверест нали мога да видя дали имам видео карта ? И къде да гледам по точно ? Да кажа, че неактивните команди в Свойства на дисплея - вече са активни От по горните неща нищо не разбирам, но ще се радвам ако ми кажете какъв е бил проблема и дали окончателно е решен
  11. Това е от стъпка 3 Malwarebytes' Anti-Malware 1.44 Database version: 3670 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 01.2.2010 г. 10:46:02 mbam-log-2010-02-01 (10-46-02).txt Scan type: Full Scan (C:\|D:\|) Objects scanned: 207856 Time elapsed: 26 minute(s), 49 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 5 Folders Infected: 1 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\winlogon86.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Application Data\CrucialSoft Ltd (Rogue.Multiple) -> Quarantined and deleted successfully. Files Infected: C:\SDFix\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\SDFix\apps\dummy.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\TDSSojad.dll (Rootkit.TDSS) -> Quarantined and deleted successfully. Поиска да рестартирам. Продължавам нататък ... П.П. the professor - мисля , че имам видеокарта.
  12. Вече като съм тук (в тази тема) ще ми помогнете ли как да го оправя това ?
  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

×

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите условия за ползване.