Problem sa winusbdriver.vbs

• 1Ovo se svidja korisniku: TwinHeadedEagle
  
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Interesantan problem sa gore naznacenim crvom. Nije on nista posebno, ali me nervira. U pitanju je rodjakin racunar, studentarija i kojesta. Menja foldere na flesu u .lnk, uvali se u root flesa, a inace je u temp fajlu, vidim ga. MCS se rob ubi cisteci. Nema sanse. On ga ocisti, ovaj se vrati i sve tako u krug. Gledam kako otkriva fajlove, a skripta ih skriva i kako se pojavljuju i nestaju. Avast ne detektuje nista, MlwBts isto. Pocinje da me smara, em imam temp i bolestan sam, em ne mogu da resim problem, popizdio sam ...

Na racunaru ima kojeta bitno, pa necu da pustam neke alate "na svoju ruku", eto zato pisem ovde ...

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by servis at 16:08:31 on 2013-12-29
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.511.269 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [WinUsbDriver] wscript.exe //B "c:\docume~1\servis\locals~1\temp\WinUsbDriver.vbs"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [WinUsbDriver] wscript.exe //B "c:\docume~1\servis\locals~1\temp\WinUsbDriver.vbs"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0FF742F1-ADAC-4351-A004-25CC4AE8DBFD} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CE009209-EFA8-4987-9ABD-9635B1D6FB71} : NameServer = 195.222.32.10,195.222.32.20
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\servis\application data\mozilla\firefox\profiles\vf00njw9.default\
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2002-1-1 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2002-1-1 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2002-1-1 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2002-1-1 410528]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2002-1-1 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2002-1-1 50344]
R3 AR9271;Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2013-10-31 1763584]
S2 aswFsBlk;aswFsBlk; [x]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-12-29 12:40:58 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-29 12:40:58 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-29 12:40:58 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-12-29 12:40:58 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-29 12:40:51 43152 ----a-w- c:\windows\avastSS.scr
2013-10-23 14:11:22 114376 ----a-w- c:\windows\system32\drivers\scdemu.sys
.
============= FINISH: 16:09:03,14 ===============



[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi FRST - (Farbar Recovery Scan Tool) i sacuvaj ga na Desktop

Napomena: Potrebno je preuzeti onu verziju koja je kompatibilna sa tvojim sistemom.


Dvoklikom pokreni FRST;
Kada se alat startuje, klikni Yes na disclaimer.
Klikni na dugme Scan;
Alat ce kreirati izvestaj (FRST.txt) u isti direktorijum gde je i FRST.exe sacuvan.
Iskopiraj sadrzaj tog loga u poruku.
Alat bi takodje pri prvom pokretanju trebao da kreira i dodatni izvestaj (Addition.txt). Taj izvestaj okaci u poruku koristeci opciju "Prikaci file".




Ivance95 (AMF Tim)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-12-2013
Ran by servis (administrator) on SERVIS-F8C7FC55 on 29-12-2013 16:45:28
Running from C:\Documents and Settings\servis\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(MyCity) C:\Program Files\MCShield\MCShieldRTM.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software)
HKLM\...\Run: [WinUsbDriver] - C:\Documents and Settings\servis\Local Settings\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION
HKCU\...\Run: [MCShield Monitor] - C:\Program Files\MCShield\MCShieldRTM.exe [607232 2013-10-26] (MyCity)
HKCU\...\Run: [WinUsbDriver] - C:\Documents and Settings\servis\Local Settings\Temp\WinUsbDriver.vbs [172340 2013-08-27] () <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{CE009209-EFA8-4987-9ABD-9635B1D6FB71}: [NameServer]195.222.32.10,195.222.32.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\servis\Application Data\Mozilla\Firefox\Profiles\vf00njw9.default
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\pik.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\tajpi.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll No File
CHR Extension: (Google Wallet) - C:\Documents and Settings\servis\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software)

==================== Drivers (Whitelisted) ====================

R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4127488 2008-01-24] (Realtek Semiconductor Corp.)
R3 AR9271; C:\Windows\System32\DRIVERS\athuw.sys [1763584 2011-07-29] (Atheros Communications, Inc.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2013-12-29] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2013-12-29] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-29] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2013-12-29] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2013-12-29] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2013-12-29] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-29] ()
R1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [114376 2013-10-23] (Power Software Ltd)
R3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32768 2008-04-13] (SiS Corporation)
S2 aswFsBlk; No ImagePath
S3 BLKWGU(Belkin); system32\DRIVERS\BLKWGU.sys [x]
S4 IntelIde; No ImagePath
U1 WS2IFSL;
S3 ZDPSp50; System32\Drivers\ZDPSp50.sys [x]
U3 mbr; \??\C:\DOCUME~1\servis\LOCALS~1\Temp\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-29 16:45 - 2013-12-29 16:45 - 00005914 _____ C:\Documents and Settings\servis\Desktop\FRST.txt
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\FRST
2013-12-29 16:44 - 2013-12-29 16:43 - 01064131 _____ (Farbar) C:\Documents and Settings\servis\Desktop\FRST.exe
2013-12-29 16:09 - 2013-12-29 16:09 - 00004193 _____ C:\Documents and Settings\servis\Desktop\dds.txt
2013-12-29 16:09 - 2013-12-29 16:09 - 00002351 _____ C:\Documents and Settings\servis\Desktop\attach.txt
2013-12-29 16:08 - 2013-12-29 16:07 - 00688992 ____R (Swearware) C:\Documents and Settings\servis\Desktop\dds.scr
2013-12-29 14:45 - 2013-12-29 16:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2013-12-29 14:45 - 2013-12-29 14:45 - 00000000 ____D C:\Program Files\MCShield
2013-12-29 14:45 - 2013-12-29 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\servis\Application Data\Malwarebytes
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-29 13:51 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-12-29 13:46 - 2013-12-29 13:46 - 00000000 ____D C:\Documents and Settings\servis\Application Data\AVAST Software
2013-12-29 13:42 - 2013-12-29 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-12-09 07:45 - 2013-12-09 07:45 - 00000000 ____D C:\WINDOWS\system32\LogFiles

==================== One Month Modified Files and Folders =======

2013-12-29 16:45 - 2013-12-29 16:45 - 00005914 _____ C:\Documents and Settings\servis\Desktop\FRST.txt
2013-12-29 16:45 - 2013-12-29 16:45 - 00000000 ____D C:\FRST
2013-12-29 16:44 - 2013-12-29 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MCShield
2013-12-29 16:43 - 2013-12-29 16:44 - 01064131 _____ (Farbar) C:\Documents and Settings\servis\Desktop\FRST.exe
2013-12-29 16:40 - 2002-01-03 04:26 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 16:09 - 2013-12-29 16:09 - 00004193 _____ C:\Documents and Settings\servis\Desktop\dds.txt
2013-12-29 16:09 - 2013-12-29 16:09 - 00002351 _____ C:\Documents and Settings\servis\Desktop\attach.txt
2013-12-29 16:07 - 2013-12-29 16:08 - 00688992 ____R (Swearware) C:\Documents and Settings\servis\Desktop\dds.scr
2013-12-29 16:04 - 2002-01-01 19:02 - 00285881 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-29 16:03 - 2002-01-01 19:56 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-12-29 15:58 - 2002-01-03 04:26 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 15:58 - 2002-01-01 19:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-29 15:57 - 2002-01-01 19:20 - 00000278 ___SH C:\Documents and Settings\servis\ntuser.ini
2013-12-29 15:57 - 2002-01-01 19:18 - 00032648 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-29 15:55 - 2002-01-01 19:44 - 00000211 ___SH C:\boot.ini
2013-12-29 15:55 - 2001-08-23 13:00 - 00000573 _____ C:\WINDOWS\win.ini
2013-12-29 15:55 - 2001-08-23 13:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-12-29 14:55 - 2002-01-01 04:10 - 00000000 ____D C:\WINDOWS\pss
2013-12-29 14:45 - 2013-12-29 14:45 - 00000000 ____D C:\Program Files\MCShield
2013-12-29 14:45 - 2013-12-29 14:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\MCShield
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\servis\Application Data\Malwarebytes
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-12-29 13:51 - 2013-12-29 13:51 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-12-29 13:46 - 2013-12-29 13:46 - 00000000 ____D C:\Documents and Settings\servis\Application Data\AVAST Software
2013-12-29 13:42 - 2013-12-29 13:42 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Avast
2013-12-29 13:40 - 2002-01-01 19:56 - 00775952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00410528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00270240 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-12-29 13:40 - 2002-01-01 19:56 - 00180248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00067824 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00057672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00054832 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr.sys
2013-12-29 13:40 - 2002-01-01 19:56 - 00049944 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-12-29 13:40 - 2002-01-01 19:54 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-12-29 13:34 - 2002-01-01 19:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVAST Software
2013-12-29 13:32 - 2002-01-01 19:04 - 00002577 _____ C:\WINDOWS\system32\CONFIG.NT
2013-12-29 13:22 - 2002-01-01 19:45 - 00980357 _____ C:\WINDOWS\setupapi.log
2013-12-28 07:06 - 2001-08-23 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-19 11:04 - 2002-01-01 19:46 - 00357748 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-12-19 09:40 - 2002-01-01 19:49 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-12-19 09:40 - 2002-01-01 19:49 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-18 23:05 - 2013-11-03 20:29 - 00000000 ____D C:\Documents and Settings\servis\My Documents\hemija
2013-12-13 22:44 - 2013-11-16 15:36 - 00000000 ____D C:\Documents and Settings\servis\My Documents\fizika
2013-12-09 07:45 - 2013-12-09 07:45 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-12-08 21:00 - 2002-01-03 04:30 - 00001809 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Documents and Settings\servis\Local Settings\Temp\WinUsbDriver.vbs


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2008-04-14 04:42] - [2008-04-14 04:42] - 0108544 ____A (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================



[Link mogu videti samo ulogovani korisnici]

• 1Ovo se svidja korisniku: SlobaBgd
  
  Registruj se da bi pohvalio/la poruku!

Napisano: 30 Dec 2013 14:10

Simke, pošto si ti "naš", evo da probamo nešto "naše" (by dr_Bora).


Preuzmi program sa sledećeg linka:
[Link mogu videti samo ulogovani korisnici]

Pokreni ga i sačekaj da se proces završi. Kada završi restartuj računar i postavi mi svež FRST log.

Dopuna: 30 Dec 2013 14:11

Dostavi mi i log koji dobiješ nakom pokretanja Fix-a.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Heh ...

Racunar je sinoc bio kod mene i trebalo je da se zavrsi za "kratko" vreme, tako da, posto se ovo ovde oduzilo, nisam imao sta drugo nego da sam nadjem resenje, a ono se svelo na safe mode i unlocker-a, malo je potrajalo dok nisam nasao gde se nalazi sve i ocistio reg bazu, rucno, ali sta da se radi, nisam imao drugog izbora ...

Tako da, tema moze u arhivu ...

A taj programcic cu da probam, koliko odmah, ali na mojoj masini ...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini Simke, imao sam nekih privatnih obaveza, mogao je neko od kolega da nastavi da je bilo hitno.
Anyway, bitno je da si rešio problem. Javi kakvi su rezultati. :Beer: