problem sa D particijom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ako ne smetam..imam problem...
nece da mi je otvori D particiju..jednostavno..udjem u my computer,dvaput klik na D ne reaguje,kao da nista.msm nista nece..ali C otvara..al D nece..nzm zasto..al kad udjem desni klik na D pa na EXPLORE..oke,je,sve mogu da vidim,msm radi..al ovako nece..sta li moze biti problem??

i jos jedan problem..nijedan antivirus nece da instalira..uvek neku gresku,kao nije uspelo i tako to..il nece da apdejtuje..bilo koji da instaliram..a tek sam reinstalirao sistem...sad nzm sta moze biti problem..al D je ostao ne taknut..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Problem je verovatno prouzrokovan malware-om.

Isprati ovo uputstvo i postavi ovde potrebne logove pa ćemo proveriti o čemu se radi: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 31 Jan 2010 13:26

DDS (Ver_09-12-01.01) - NTFSx86
Run by Fedek at 12:58:30.89 on Sun 01/31/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1407.885 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\HDDSvc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Fedek\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.rs/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\documents and settings\fedek\start menu\programs\startup\wwwpos32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - c:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\fedek\applic~1\mozilla\firefox\profiles\4ea2ncb3.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R2 PowerManager;Power Manager;c:\windows\svchost.exe [2001-8-24 36352]

=============== Created Last 30 ================

2010-01-31 10:52:25 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2010-01-30 19:56:57 763904 ----a-w- c:\windows\system32\drivers\ttvrpxht.sys
2010-01-30 19:51:35 8 ----a-w- c:\docume~1\fedek\applic~1\anvkgp.dat
2010-01-30 19:51:30 4 ----a-w- c:\docume~1\fedek\applic~1\avdrn.dat
2010-01-30 18:49:46 1645320 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-30 18:49:44 0 d-----w- c:\program files\BurnAware Free
2010-01-30 18:41:04 0 d-----w- c:\docume~1\alluse~1\applic~1\WindowsLiveInstaller
2010-01-30 18:40:22 3533 ----a-w- c:\windows\msnsetuplog.bak
2010-01-30 16:58:19 0 d-----w- c:\program files\Windows Installer 4.5 SDK
2010-01-30 10:09:49 0 d-----w- c:\program files\ESET
2010-01-30 09:42:39 0 d-----w- c:\program files\Hard Drive Inspector
2010-01-30 09:42:28 230 ----a-w- c:\windows\system32\spupdsvc.inf
2010-01-30 09:41:05 68608 ----a-w- c:\windows\system32\plugin.ocx
2010-01-30 09:39:54 0 d-----w- c:\windows\network diagnostic
2010-01-29 20:22:04 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-29 20:22:01 0 d-----w- c:\program files\AoA Audio Extractor
2010-01-29 20:18:30 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2010-01-29 20:13:53 0 d-----w- c:\program files\FreeTime
2010-01-29 19:18:44 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-29 16:05:02 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys
2010-01-29 16:05:00 15360 ----a-w- c:\windows\system32\drivers\StreamIP.sys
2010-01-29 16:04:06 0 d-----w- c:\program files\IVT Corporation
2010-01-29 11:11:23 0 d-----w- c:\program files\Call of Duty
2010-01-28 21:50:57 0 d-----w- c:\program files\common files\PC Tools
2010-01-28 21:50:34 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-28 21:50:26 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-28 21:39:47 0 d-----w- c:\docume~1\fedek\applic~1\Malwarebytes
2010-01-28 21:39:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-28 21:39:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-28 21:13:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-28 21:13:03 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-28 20:19:55 0 d-----w- c:\program files\Yahoo!
2010-01-28 20:19:53 0 d-----w- c:\program files\CCleaner
2010-01-28 20:11:50 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-01-28 20:08:08 0 d-----r- c:\program files\Skype
2010-01-28 19:57:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-28 19:56:54 593920 ------w- c:\windows\system32\ati2sgag.exe
2010-01-28 19:56:24 0 d-----w- C:\ATI
2010-01-28 19:51:09 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2010-01-28 19:51:08 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2010-01-28 19:51:07 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2010-01-28 19:51:03 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2010-01-28 19:50:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-01-28 19:50:51 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-01-28 19:50:47 4096 ----a-w- c:\windows\system32\ksuser.dll
2010-01-28 19:50:47 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2010-01-28 19:50:47 130048 ----a-w- c:\windows\system32\ksproxy.ax
2010-01-28 19:50:19 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-01-28 19:50:06 606684 ----a-w- c:\windows\system32\drivers\ltmdmnt.sys
2010-01-28 19:50:00 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-01-28 19:50:00 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-28 19:49:57 0 d-----w- c:\windows\Logs
2010-01-28 19:49:41 74240 ----a-w- c:\windows\system32\usbui.dll
2010-01-28 19:49:35 0 d-----w- c:\program files\Winamp Detect
2010-01-28 19:49:22 0 d-----w- c:\windows\RegisteredPackages
2010-01-28 19:47:35 458340 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-01-28 19:47:35 0 d-----w- c:\program files\common files\ODBC
2010-01-28 19:47:29 0 d-----w- c:\program files\common files\SpeechEngines
2010-01-28 19:46:59 74752 ----a-w- c:\windows\system32\storprop.dll
2010-01-28 19:46:52 0 d-----r- c:\documents and settings\all users\Documents
2010-01-28 19:45:49 0 d-----w- c:\program files\GRETECH
2010-01-28 19:44:47 0 d-----w- C:\Documents and Settings
2010-01-28 19:43:39 632 ----a-w- c:\windows\system32\$winnt$.inf
2010-01-28 19:41:31 0 d-s---w- c:\documents and settings\fedek\UserData
2010-01-28 19:19:40 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2010-01-28 19:19:40 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2010-01-28 19:19:40 0 d-----w- c:\windows\system32\Lang
2010-01-28 19:16:56 16116224 ------r- c:\windows\RTHDCPL.exe
2010-01-28 19:16:55 2193920 ------r- c:\windows\MicCal.exe
2010-01-28 19:16:53 69632 ------r- c:\windows\Alcmtr.exe
2010-01-28 19:16:49 299008 ------r- c:\windows\system32\ALSndMgr.cpl
2010-01-28 19:16:49 2808832 ------r- c:\windows\alcwzrd.exe
2010-01-28 19:16:47 0 d-----w- c:\program files\Realtek
2010-01-28 19:16:32 351744 ----a-w- c:\windows\HideWin.exe
2010-01-28 19:16:31 520192 ------r- c:\windows\RtlExUpd.dll
2010-01-28 19:15:53 85120 ----a-r- c:\windows\system32\drivers\Rtnicxp.sys
2010-01-28 19:14:34 0 d-----w- c:\windows\system32\ReinstallBackups
2010-01-28 19:08:46 307200 ----a-w- c:\windows\system32\atiiiexx.dll
2010-01-28 19:08:41 7167 ----a-w- c:\windows\system32\atifglpf.xml
2010-01-28 19:08:36 3107788 ----a-r- c:\windows\system32\ativvaxx.dat
2010-01-28 19:08:36 180720 ----a-w- c:\windows\system32\atiicdxx.dat
2010-01-28 19:08:32 929 ----a-r- c:\windows\system32\drivers\ativcaxx.vp
2010-01-28 19:08:32 655842 ----a-r- c:\windows\system32\drivers\ativcaxx.cpa
2010-01-28 19:08:32 2096 ----a-r- c:\windows\system32\drivers\ativdkxx.vp
2010-01-28 19:08:31 38944 ----a-r- c:\windows\system32\drivers\ativvpxx.vp
2010-01-28 19:08:31 2096 ----a-r- c:\windows\system32\drivers\ativckxx.vp
2010-01-28 19:08:06 0 d-----w- c:\program files\ATI Technologies
2010-01-28 19:06:09 0 d-----w- c:\windows\system32\Tools
2010-01-28 19:05:10 4864 ----a-r- c:\windows\system32\drivers\PortIo.sys
2010-01-28 19:03:28 0 d-s---w- c:\windows\system32\Microsoft
2010-01-28 19:02:58 8192 ----a-w- c:\windows\REGLOCS.OLD
2010-01-28 18:58:00 0 d-sh--w- c:\documents and settings\all users\DRM
2010-01-28 18:57:40 0 d--h--w- c:\program files\WindowsUpdate
2010-01-28 18:56:14 0 d-----w- c:\program files\common files\MSSoap
2010-01-28 18:54:27 0 d-----w- c:\program files\Online Services
2010-01-28 18:54:21 0 d-----w- c:\program files\Messenger
2010-01-28 18:54:17 0 d-----w- c:\program files\MSN Gaming Zone
2010-01-28 18:53:24 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-01-29 18:03:12 12528 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-01-28 18:54:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat

============= FINISH: 13:00:03.28 ===============



ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/31 13:02
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 187776 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: C:\WINDOWS\System32\drivers\afd.sys
Address: 0xAEF30000 Size: 138368 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9DE5000 Size: 95360 File Visible: - Signed: -
Status: -

Name: ati2cqag.dll
Image Path: C:\WINDOWS\System32\ati2cqag.dll
Address: 0xBF065000 Size: 577536 File Visible: - Signed: -
Status: -

Name: ati2dvag.dll
Image Path: C:\WINDOWS\System32\ati2dvag.dll
Address: 0xBF012000 Size: 339968 File Visible: - Signed: -
Status: -

Name: ati2mtag.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
Address: 0xB78E3000 Size: 3788800 File Visible: - Signed: -
Status: -

Name: atikvmag.dll
Image Path: C:\WINDOWS\System32\atikvmag.dll
Address: 0xBF0F2000 Size: 471040 File Visible: - Signed: -
Status: -

Name: atiok3x2.dll
Image Path: C:\WINDOWS\System32\atiok3x2.dll
Address: 0xBF165000 Size: 303104 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA6E2000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5DA000 Size: 4224 File Visible: - Signed: -
Status: -

Name: blueletaudio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\blueletaudio.sys
Address: 0xBA3B8000 Size: 20480 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: C:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btcusb.sys
Image Path: C:\WINDOWS\System32\Drivers\btcusb.sys
Address: 0xBA430000 Size: 22912 File Visible: - Signed: -
Status: -

Name: BTHidMgr.sys
Image Path: BTHidMgr.sys
Address: 0xBA338000 Size: 28192 File Visible: - Signed: -
Status: -

Name: btnetdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\btnetdrv.sys
Address: 0xBA580000 Size: 10720 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA148000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: C:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA1F8000 Size: 49536 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: dmio.sys
Image Path: dmio.sys
Address: 0xB9DFD000 Size: 153344 File Visible: - Signed: -
Status: -

Name: dmload.sys
Image Path: dmload.sys
Address: 0xBA5AC000 Size: 5888 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\drmk.sys
Address: 0xBA248000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAED94000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA5E0000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xAF049000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: C:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA6B5000 Size: 4096 File Visible: - Signed: -
Status: -

Name: Fastfat.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fastfat.SYS
Address: 0xAC495000 Size: 143360 File Visible: - Signed: -
Status: -

Name: fdc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\fdc.sys
Address: 0xBA3A0000 Size: 27392 File Visible: - Signed: -
Status: -

Name: ffkyrkob.sys
Image Path: C:\DOCUME~1\Fedek\LOCALS~1\Temp\ffkyrkob.sys
Address: 0xAB731000 Size: 93056 File Visible: No Signed: -
Status: -

Name: Fips.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA308000 Size: 34944 File Visible: - Signed: -
Status: -

Name: flpydisk.sys
Image Path: C:\WINDOWS\system32\DRIVERS\flpydisk.sys
Address: 0xBA3F0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: fltMgr.sys
Image Path: fltMgr.sys
Address: 0xB9DC6000 Size: 124800 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5D8000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9E23000 Size: 125056 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: C:\WINDOWS\system32\hal.dll
Address: 0x806CE000 Size: 131968 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB7864000 Size: 151552 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA138000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA420000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xAF4D3000 Size: 9600 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xABE5C000 Size: 263040 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA228000 Size: 52736 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA1E8000 Size: 41856 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xAEE74000 Size: 134912 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xAEFD2000 Size: 74752 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 35840 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA3A8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: C:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: kmixer.sys
Image Path: C:\WINDOWS\system32\drivers\kmixer.sys
Address: 0xAB86F000 Size: 171776 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB7889000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9D9D000 Size: 92544 File Visible: - Signed: -
Status: -

Name: ltmdmnt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
Address: 0xB77CF000 Size: 606656 File Visible: - Signed: -
Status: -

Name: mnmdd.SYS
Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5DC000 Size: 4224 File Visible: - Signed: -
Status: -

Name: Modem.SYS
Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS
Address: 0xBA398000 Size: 30080 File Visible: - Signed: -
Status: -

Name: MODEMCSA.sys
Image Path: C:\WINDOWS\system32\drivers\MODEMCSA.sys
Address: 0xB762B000 Size: 16128 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA3E8000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xAF4CF000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42240 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xAC3C8000 Size: 181248 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xAEE95000 Size: 451456 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA408000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: C:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA288000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA588000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9CC8000 Size: 107904 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9CE3000 Size: 182912 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xBA564000 Size: 9600 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xAC9A4000 Size: 12928 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB776D000 Size: 91776 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xBA2A8000 Size: 38016 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA2F8000 Size: 34560 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: C:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xAEF52000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA410000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D10000 Size: 574592 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: C:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: C:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA740000 Size: 2944 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: C:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB77A6000 Size: 80128 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 18688 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: C:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBA608000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68224 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: C:\WINDOWS\system32\DRIVERS\portcls.sys
Address: 0xB7784000 Size: 139264 File Visible: - Signed: -
Status: -

Name: processr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\processr.sys
Address: 0xBA1D8000 Size: 35328 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: C:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB775C000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: C:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA3C8000 Size: 17792 File Visible: - Signed: -
Status: -

Name: PxHelp20.sys
Image Path: PxHelp20.sys
Address: 0xBA0F8000 Size: 37376 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xB7617000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA258000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA268000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA278000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: C:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA3D0000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xAEF04000 Size: 176512 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5DE000 Size: 4224 File Visible: - Signed: -
Status: -

Name: rdpdr.sys
Image Path: C:\WINDOWS\system32\DRIVERS\rdpdr.sys
Address: 0xB7703000 Size: 196864 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: C:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA208000 Size: 57472 File Visible: - Signed: -
Status: -

Name: RootMdm.sys
Image Path: C:\WINDOWS\System32\Drivers\RootMdm.sys
Address: 0xBA5D0000 Size: 5888 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAB8A9000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: C:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xAF055000 Size: 4628480 File Visible: - Signed: -
Status: -

Name: Rtnicxp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
Address: 0xB77BA000 Size: 85120 File Visible: - Signed: -
Status: -

Name: secdrv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\secdrv.sys
Address: 0xAC195000 Size: 11264 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xBA558000 Size: 15488 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: C:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA218000 Size: 64896 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9DB4000 Size: 73472 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: C:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xAC1BD000 Size: 336256 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5D2000 Size: 4352 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xBA158000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: C:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xAEF7A000 Size: 360320 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA3C0000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: C:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xBA298000 Size: 40704 File Visible: - Signed: -
Status: -

Name: ttvrpxht.sys
Image Path: ttvrpxht.sys
Address: 0xB9E42000 Size: 1204224 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: C:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB762F000 Size: 209408 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5D4000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA390000 Size: 26624 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xBA2D8000 Size: 57600 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: C:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBA388000 Size: 17024 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB78AC000 Size: 143360 File Visible: - Signed: -
Status: -

Name: vbtenum.sys
Image Path: C:\WINDOWS\system32\DRIVERS\vbtenum.sys
Address: 0xBA560000 Size: 11776 File Visible: - Signed: -
Status: -

Name: VComm.sys
Image Path: C:\WINDOWS\system32\DRIVERS\VComm.sys
Address: 0xBA3E0000 Size: 28736 File Visible: - Signed: -
Status: -

Name: VcommMgr.sys
Image Path: C:\WINDOWS\System32\Drivers\VcommMgr.sys
Address: 0xBA238000 Size: 38240 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: C:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA400000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB78CF000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52352 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: C:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xBA318000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: C:\WINDOWS\System32\watchdog.sys
Address: 0xBA440000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xAC61F000 Size: 82944 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: C:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: C:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2057728 File Visible: - Signed: -
Status: -

GMER cu stawiti naknadno...

Dopuna: 31 Jan 2010 13:54

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-31 13:53:21
Windows 5.1.2600 Service Pack 2
Running: 1kljo7fp.exe; Driver: C:\DOCUME~1\Fedek\LOCALS~1\Temp\ffkyrkob.sys


---- Kernel code sections - GMER 1.0.15 ----

.pak2 C:\WINDOWS\system32\drivers\ttvrpxht.sys entry point in ".pak2" section [0xB9F0E168]
? C:\WINDOWS\system32\drivers\ttvrpxht.sys A device attached to the system is not functioning.
PAGE Ntfs.sys B9D35E88 4 Bytes CALL 899ED951
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB78E4000, 0x1B85E6, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[124] USER32.dll!SetFocus + E 77D4E5EA 1 Byte [00]
.text C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe[124] SHLWAPI.dll!StrRetToBufA + 11 77FA4A0A 1 Byte [BA]
.text C:\Program Files\Winamp\winamp.exe[436] ntdll.dll!CsrAllocateMessagePointer + 1127 7C91FD2F 1 Byte [85]
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!SetScrollInfo 77D4902C 7 Bytes JMP 1001C703 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!GetScrollPos 77D4F66F 5 Bytes JMP 1001C6B3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!SetScrollRange 77D4F6BB 5 Bytes JMP 1001C759 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!SetScrollPos 77D4F780 5 Bytes JMP 1001C72E C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!GetScrollRange 77D4F7B7 5 Bytes JMP 1001C6D8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!ShowScrollBar 77D50142 5 Bytes JMP 1001C787 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!GetScrollInfo 77D53A2F 7 Bytes JMP 1001C68B C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[436] USER32.dll!EnableScrollBar 77D97BAD 7 Bytes JMP 1001C663 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[620] GDI32.dll!DdEntry23 + 185 77F1FD2F 1 Byte [00]
.text C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE[620] ole32.dll!CoGetClassObject + 6B4 7753FA0A 1 Byte [80]
.text C:\WINDOWS\system32\ctfmon.exe[636] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\ctfmon.exe[636] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2A6B8 7CAFDD2F 1 Byte [14]
.text C:\Program Files\Messenger\msmsgs.exe[652] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[712] SHELL32.dll!SHAddToRecentDocs + 2E1 7C9FEA0A 1 Byte [A0]
.text C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe[712] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\winlogon.exe[832] msvcrt.dll!_nextafter + 196 77C4EA0A 1 Byte [77]
.text C:\WINDOWS\system32\winlogon.exe[832] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\services.exe[876] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\lsass.exe[896] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\svchost.exe[1072] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\HDDSvc.exe[1112] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\svchost.exe[1136] SHELL32.dll!DragQueryFileAorW + 901E 7CA28D2F 1 Byte [CB]
.text C:\WINDOWS\system32\svchost.exe[1136] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\System32\svchost.exe[1288] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\svchost.exe[1352] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\svchost.exe[1536] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\Skype\Plugin Manager\skypePM.exe[1608] shell32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtQueryDirectoryFile + 6 7C90DF64 4 Bytes [90, 61, F2, 00]
.text C:\WINDOWS\Explorer.EXE[1812] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\spoolsv.exe[1980] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\System32\alg.exe[2364] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] SHELL32.dll!SHCreateDirectoryExA + 77A 7CA67A0A 1 Byte [0A]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2432] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2572] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2572] SHELL32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2960] shell32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2972] ntdll.dll!RtlInitializeSListHead + 14D1F 7C94DD2F 1 Byte [00]
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2972] shell32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]
.text C:\Program Files\Skype\Phone\Skype.exe[3836] shell32.dll!DragQueryFile + 637 7CA745EA 1 Byte [FD]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8993BBC0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] ttvrpxht <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ttvrpxht@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ttvrpxht@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ttvrpxht@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\ttvrpxht@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\ttvrpxht@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ttvrpxht@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\ttvrpxht@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\ttvrpxht@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovde postoji nekoliko infekcija, između ostaloga i file infektor (klasičan virus).

Naravno, stanje nije za čuditi obzirom da nemaš antivirus.


Potrebno je skeniranje antivirusom kako bi se pokušali rešiti file infektora. Ukoliko to uspe, onda ćemo ostalo da rešavamo.

Napomena: Windows je u lošem stanju i nije sigurno da će biti funkcionalan nakon pokušaja uklanjanja malware-a.


Skini Avast! Free Antivirus sa sledeceg linka :

http://www.avast.com/free-antivirus-download

Instaliraj program i po potrebi restartuj računar na kraju postupka.


Pokreni antivirus jednim klikom na ikonicu u donjem desnom uglu ekrana.
Izaberi Scan Computer opciju iz levog menija.
U podmeniju izaberi Boot-time Scan.

Podesi opcije kao na slici i klikni Schedule Now.




Zatim restartuj racunar. U toku pokretanja Windowsa će biti izvršeno skeniranje.

Kada avast! detektuje malware, ponudiće određene opcije - ti izaberi opciju Repair.

Ukoliko file ne može biti popravljen, izaberi Move.


Kada skeniranje bude završeno i Windows pokrenut nemoj otvarati D: particiju.

Pronađi izveštaj o skeniranju: C:\Documents and Settings\All Users\Application Data\Alwil Software\Avast5\report\aswBoot.txt

i priloži ga uz poruku korišćenjem opcije Prikači fajl.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

nisam uspeo da skinem...
An error 1006(0000003ee) has occured.
Last performed action was:
opening the self-extract archive

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Verovatno malware onemogućuje instalaciju AV-a. Pokušaj opet da skineš i pokreneš instalaciju. Ako i dalje ne radi...





Preuzmi Dr.Web CureIt (~28 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ej brate..reinstalirao sam sistem..ceo...i C i D..e i dalje mi pucaju browseri...sta sad moze bit problem???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Formatirao si obe particije?

Instalirao "normalan" Windows (a ne neku modovanu/budženu varijantu)?

Windows je ažuran (Service Pack 3 i svi update-i instalirani)?


Ako je odgovor na sva tri pitanja potvrdan, onda bi sve trebalo da radi.

Ako nije, onda znaš odakle da kreneš sa rešavanjem problema.