|
![]() |
#1 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
![]() Ovako,vec sam trazio pomoc na jednom forumu i sredio sam pola problema sa EMSI Emergency AntiVirus-om,ali ostao mi je najveci problem...explorer.exe mi se svako malo restarta,iskljci nakon nekoliko sekundi pa opet iskljuci...I tako neprestano,sve dok ga ne pogasim u Procesima...Onda prestane al onda sve moram raditi preko task managera sto nije bas jednostavno...Ostali problemi su mi bili dugo paljenje(sto jos imam al je vjerovatno povezano sa ovim problemom,jer je sad brze od prije),sporo logiranje te gasenje sto je sad sredeno,nisam mogao gledat filmice na youtube,imao sam neki AdBlocking software instaliran itd,uglavnom skoro sve to sam sredio osim ovog explorer.exe-a...Cega se niako nemogu rjesit...Probao sam NOD32,Spybot nemrem pokrenut no koristio sam EMSI-ev program koji je nasao neki Trojan,Vundo!IK kojeg nisam mogao izbrisat jedno 5 puta sam napravio quick scanove pobrisao ga i svaki put se opet napravio,zadnji put sam ga prebacio u karantenu i crashao mi se komp,kad sam opet skenirao nije ga vise bilo...Guglao sam malo o tome al nista puno nisam nasao osim za taj Vundo,no ocito ga vise nema jer sam i sa VundoFix probao pa ga nije nasao...Problem je jos tu...A Anti-Virusi mi nista ne nalaze...Zahvaljujem na svakoj pomoci,i molim sto manje:"Formatiraj si komp,to ti je jedino rjesenje postova."..To znam i sam ![]() |
![]() |
![]() |
![]() |
#2 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Posalji hijack info na forum
__________________
walk the talk |
![]() |
![]() |
|
|
Oglas
|
|
![]() |
#3 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
Naveo sam da nemogu koristiti S&D i sl,e za tako mi je i za neke druge fajlove...Kad skinem HJT nemrem ga instalirat...Kad ga aktiviram samo se pocinje procesirat ali se nista ne dogada...Dal postoji nesto drugo il online HJT scan? |
![]() |
![]() |
![]() |
#4 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
To se ne instalirava. Skines ovaj exe http://download.bleepingcomputer.com...HiJackThis.exe i pokrenes ga i to je program za radit, nije to instalacija...
__________________
walk the talk |
![]() |
![]() |
![]() |
#5 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
Evo uspio sam ga pokrenut.
edit:btw nesto mi je spominjalo Temporary Folder al nije mi bas zvucalo ko nesto vazno pa sam i dalje napravio scan,gdje da stavim HJT a da nije "temporary folder"?i dal da napravim opet scan onda? Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:24. |
![]() |
![]() |
![]() |
#6 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Imas toga puno sto bi ja zbrisao... Ajd za pocetak najednostavnije pogasi u procesima program Rundll32.exe. Javi da li nakon toga explorer.exe prestao padati.
__________________
walk the talk |
![]() |
![]() |
![]() |
#7 | |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
Citiraj:
edit:evo novi Hijack scan,ali dok mi je explorer.exe aktivan,ak pomaze ista. Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:23. |
|
![]() |
![]() |
![]() |
#8 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
ovako nije rundll32 taj koji mi je radio probleme(ovo sta sam napisao da je bilo prije)neg drwn**.dll tak nest...brijem da je isto 32 al nisam siguran(drwn32.dll*ili nesto slicon)...Ovako napravio sam update sa SP2 na SP3 jer je mozda bio neki bug,jer sam zguglao slicne probleme koji su se rjesili sa Updejtovima...No nista se nije promjenilo...No nasao sam neke nove procese,evo novi Hijack.
Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:22. |
![]() |
![]() |
![]() |
#10 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
A bi bio dovoljan Quick Format preko My Computera?Il da napravim potpuni...Nemam windows cd... |
![]() |
![]() |
|
|
Oglas
|
|
![]() |
#13 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
>> Hmm Ok,ako iko moze jos pomoc neka proba,zahvaljujem na bilokakvoj pomoc ![]() |
![]() |
![]() |
![]() |
#14 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Pokreni start --> run --> eventvwr.msc Odi u application i probaj naci zapise u vezi explorer.exe ( valda source kolona). Tu bi trebale biti neke informacije. Posalji dva - tri najnovija zapisa na forum.
__________________
walk the talk |
![]() |
![]() |
![]() |
#15 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
Znam formatirat kroz boot,i formatirao sam komp vise puta...Ne zelim ga formatirat iz 2 razloga,1. imam fajlova koji mi trebaju a nemam przilicu ni dovoljno velik stick(1gb) na koji bi ih stavio a 2. od formatiranja se steti sam disk tako da eto...Uglavnom,zmikic nasao sam samo pod Winlogon(kojih ima tone zbog restartova explorera):
The shell stopped unexpectedly and explorer.exe was restarted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. No mislim da ti nece pomoc puno?E da,i kad idem u find i pod source uopce se ne nalazi u listi explorer.exe.i evo jos jedan Hijack scan kaj si pito za njega.(btw skeniram ih dok je explorer ukljucen). Zadnje izmijenjeno od: domy_os. 22.01.2009. u 00:21. |
![]() |
![]() |
![]() |
#17 |
Banned
Datum registracije: May 2005
Lokacija: Online
Postovi: 2,404
|
Đizus koja trakavica ![]() @revenion Jes ugasio system restore i jel moš u SAFE MOD ? Ako možeš onda od tamo čisti komp, probaj instalirat u safe modu S&D pa proskenirat. Također probaj instalirat Malwarebytes' Anti-Malware i Simply Super Software - Trojan Remover. |
![]() |
![]() |
![]() |
#19 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Nista sumljivo za sada na ovim tvojim ispisima... Vjerovatno nisi do kraja maknuo taj trojan Vundo jer na popisu simptoma navodi se taj simptom resetiranja explorer.exe Probaj ponovo sve te skenove, neki program ce valda vec nesto naci. Ako si i dalje neuspjesan u pronalazenju necega pokreni program ListDlls. Evo link http://download.sysinternals.com/Files/ListDlls.zip Pazi, to ti je command line program, prvo otvoris cmd te odes u direktorij gdje si ga otkompresirao pa ga pokrenes ovako listdlls >popis.txt . To ce napraviti datoteku popis.txt u istom direktoriju. Otvoris popis.txt, pronadjes proces explorer.exe i copy+paste njegove podatke , isto tako i za winlogon.exe. Ta dva popisa posaljes na forum. Neki od tih datoteka sa popisa koji ces poslati su zasluzni za tvoje probleme.
__________________
walk the talk |
![]() |
![]() |
![]() |
#20 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
winlogon: winlogon.exe pid: 1312 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll 0x776c0000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\AUTHZ.dll 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll 0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll 0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll 0x75940000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\NDdeApi.dll 0x75930000 0xa000 5.01.2600.5512 C:\WINDOWS\system32\PROFMAP.dll 0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll 0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll 0x76bf0000 0xb000 5.01.2600.5512 C:\WINDOWS\system32\PSAPI.DLL 0x76bc0000 0xf000 5.01.2600.5512 C:\WINDOWS\system32\REGAPI.dll 0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\SETUPAPI.dll 0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll 0x76360000 0x10000 5.01.2600.5512 C:\WINDOWS\system32\WINSTA.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll 0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll 0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll 0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll 0x007b0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll 0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll 0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll 0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x75970000 0xf8000 5.01.2600.5512 C:\WINDOWS\system32\MSGINA.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74320000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x763b0000 0x49000 6.00.2900.5512 C:\WINDOWS\system32\comdlg32.dll 0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll 0x00930000 0x17000 3.525.1132.0000 C:\WINDOWS\system32\odbcint.dll 0x776e0000 0x23000 6.00.2900.5512 C:\WINDOWS\system32\SHSVCS.dll 0x76bb0000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\sfc.dll 0x76c60000 0x2a000 5.01.2600.5512 C:\WINDOWS\system32\sfc_os.dll 0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\Apphelp.dll 0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\sxs.dll 0x723d0000 0x1c000 5.01.2600.5512 C:\WINDOWS\system32\WINSCARD.DLL 0x76f50000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WTSAPI32.dll 0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll 0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL 0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\uxtheme.dll 0x01550000 0x25000 6.14.0010.4177 C:\WINDOWS\system32\Ati2evxx.dll 0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\system32\cscdll.dll 0x68000000 0x36000 5.01.2600.5507 C:\WINDOWS\system32\rsaenh.dll 0x47020000 0x8000 5.01.2600.5512 C:\WINDOWS\System32\dimsntfy.dll 0x016d0000 0xd000 0.00.0005.0002 C:\Program Files\Common Files\Stardock\mcpstub.dll 0x75950000 0x1a000 5.01.2600.5512 C:\WINDOWS\system32\WlNotify.dll 0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll 0x73000000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\WINSPOOL.DRV 0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\system32\SAMLIB.dll 0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\wldap32.dll 0x77c70000 0x24000 5.01.2600.5512 C:\WINDOWS\system32\msv1_0.dll 0x76d60000 0x19000 5.01.2600.5512 C:\WINDOWS\system32\iphlpapi.dll 0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\system32\cscui.dll 0x01980000 0x34000 5.00.0000.0001 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 0x72d20000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wdmaud.drv 0x01b30000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll 0x72d10000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv 0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll 0x77bd0000 0x7000 5.01.2600.5512 C:\WINDOWS\system32\midimap.dll 0x77690000 0x21000 5.01.2600.5512 C:\WINDOWS\system32\NTMARTA.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL explorer.exe explorer.exe pid: 3280 Command line: "C:\WINDOWS\explorer.exe" Base Size Version Path 0x01000000 0xff000 6.00.2900.5512 C:\WINDOWS\explorer.exe 0x7c900000 0xaf000 5.01.2600.5512 C:\WINDOWS\system32\ntdll.dll 0x7c800000 0xf6000 5.01.2600.5512 C:\WINDOWS\system32\kernel32.dll 0x77dd0000 0x9b000 5.01.2600.5512 C:\WINDOWS\system32\ADVAPI32.dll 0x77e70000 0x92000 5.01.2600.5512 C:\WINDOWS\system32\RPCRT4.dll 0x77fe0000 0x11000 5.01.2600.5512 C:\WINDOWS\system32\Secur32.dll 0x75f80000 0xfd000 6.00.2900.5512 C:\WINDOWS\system32\BROWSEUI.dll 0x77f10000 0x49000 5.01.2600.5698 C:\WINDOWS\system32\GDI32.dll 0x7e410000 0x91000 5.01.2600.5512 C:\WINDOWS\system32\USER32.dll 0x77c10000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x774e0000 0x13d000 5.01.2600.5512 C:\WINDOWS\system32\ole32.dll 0x77f60000 0x76000 6.00.2900.5512 C:\WINDOWS\system32\SHLWAPI.dll 0x77120000 0x8b000 5.01.2600.5512 C:\WINDOWS\system32\OLEAUT32.dll 0x7e290000 0x171000 6.00.2900.5694 C:\WINDOWS\system32\SHDOCVW.dll 0x77a80000 0x95000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x77b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MSASN1.dll 0x754d0000 0x80000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x5b860000 0x55000 5.01.2600.5694 C:\WINDOWS\system32\NETAPI32.dll 0x77c00000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\VERSION.dll 0x771b0000 0xaa000 6.00.2900.5694 C:\WINDOWS\system32\WININET.dll 0x76c30000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x76c90000 0x28000 5.01.2600.5512 C:\WINDOWS\system32\IMAGEHLP.dll 0x76f60000 0x2c000 5.01.2600.5512 C:\WINDOWS\system32\WLDAP32.dll 0x7c9c0000 0x817000 6.00.2900.5512 C:\WINDOWS\system32\SHELL32.dll 0x5ad70000 0x38000 6.00.2900.5512 C:\WINDOWS\system32\UxTheme.dll 0x5cb70000 0x26000 5.01.2600.5512 C:\WINDOWS\system32\ShimEng.dll 0x6f880000 0x1ca000 5.01.2600.5512 C:\WINDOWS\AppPatch\AcGenral.DLL 0x76b40000 0x2d000 5.01.2600.5512 C:\WINDOWS\system32\WINMM.dll 0x77be0000 0x15000 5.01.2600.5512 C:\WINDOWS\system32\MSACM32.dll 0x769c0000 0xb4000 5.01.2600.5512 C:\WINDOWS\system32\USERENV.dll 0x66500000 0xa000 5.05.0000.0000 C:\WINDOWS\system32\wbsys.dll 0x773d0000 0x103000 6.00.2900.5512 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 0x5d090000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x6bd00000 0xd000 0.01.0002.0003 C:\WINDOWS\system32\SYNCOR11.DLL 0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll 0x76080000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x71ab0000 0x17000 5.01.2600.5512 C:\WINDOWS\system32\WS2_32.dll 0x71aa0000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\WS2HELP.dll *** Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image: *** File timestamp: Mon Nov 17 07:07:23 2008 *** Loaded image timestamp: Tue Nov 18 12:01:43 2008 *** 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll 0x76780000 0x9000 6.00.2900.5512 C:\WINDOWS\system32\SHFOLDER.dll 0x76f20000 0x27000 5.01.2600.5625 C:\WINDOWS\system32\DNSAPI.dll 0x7e1e0000 0xa2000 6.00.2900.5694 C:\WINDOWS\system32\urlmon.dll 0x77b40000 0x22000 5.01.2600.5512 C:\WINDOWS\system32\appHelp.dll 0x76fd0000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77050000 0xc5000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x01330000 0x2c5000 5.01.2600.5512 C:\WINDOWS\system32\xpsp2res.dll 0x77a20000 0x54000 5.01.2600.5512 C:\WINDOWS\System32\cscui.dll 0x76600000 0x1d000 5.01.2600.5512 C:\WINDOWS\System32\CSCDLL.dll 0x71ad0000 0x9000 5.01.2600.5512 C:\WINDOWS\system32\wsock32.dll 0x5ba60000 0x71000 6.00.2900.5512 C:\WINDOWS\system32\themeui.dll 0x76380000 0x5000 5.01.2600.5512 C:\WINDOWS\system32\MSIMG32.dll 0x71d40000 0x1b000 6.00.2900.5512 C:\WINDOWS\system32\actxprxy.dll 0x5fc10000 0x33000 5.01.2600.5512 C:\WINDOWS\system32\msutb.dll 0x74720000 0x4c000 5.01.2600.5512 C:\WINDOWS\system32\MSCTF.dll 0x76980000 0x8000 5.01.2600.5512 C:\WINDOWS\system32\LINKINFO.dll 0x76990000 0x25000 5.01.2600.5512 C:\WINDOWS\system32\ntshrui.dll 0x76b20000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x7e720000 0xb0000 5.01.2600.5512 C:\WINDOWS\system32\SXS.DLL 0x77920000 0xf3000 5.01.2600.5512 C:\WINDOWS\system32\setupapi.dll 0x71b20000 0x12000 5.01.2600.5512 C:\WINDOWS\system32\MPR.dll 0x75f60000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\drprov.dll 0x71c10000 0xe000 5.01.2600.5512 C:\WINDOWS\System32\ntlanman.dll 0x71cd0000 0x17000 5.01.2600.5512 C:\WINDOWS\System32\NETUI0.dll 0x71c90000 0x40000 5.01.2600.5512 C:\WINDOWS\System32\NETUI1.dll 0x71c80000 0x7000 5.01.2600.5512 C:\WINDOWS\System32\NETRAP.dll 0x71bf0000 0x13000 5.01.2600.5512 C:\WINDOWS\System32\SAMLIB.dll 0x75f70000 0xa000 5.01.2600.5512 C:\WINDOWS\System32\davclnt.dll |
![]() |
![]() |
![]() |
#21 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Ove dvije datoteke ces preselit u drugi direktorij. 0x00be0000 0x3a000 \\?\globalroot\systemroot\system32\UACflehrtkv.dll *** Loaded C:\WINDOWS\system32\ddcbbXpM.dll differs from file image: *** File timestamp: Mon Nov 17 07:07:23 2008 *** Loaded image timestamp: Tue Nov 18 12:01:43 2008 *** 0x00e40000 0xa2000 4.10.0049.0001 C:\WINDOWS\system32\ddcbbXpM.dll 1. Provjeri da li se te dvije datoteke nalaze u c:\windows\system32. 2. Napravi popis datoteka u c:\windows\system32 direktoriju tako da u cmd odes u taj direktorij i izvrsis dir >popis1.txt jer cemo provjeravati sadrzaj direktorija system32 prije i poslije selidbe tih gore dll-a. 3. Skini ovo http://download.sysinternals.com/Files/PendMoves.zip (isto command-line program ), otkompresiraj u neki direktorij, odi u taj direktorij, izvrsi movefile C:\WINDOWS\system32\ddcbbXpM.dll c:\ i movefile C:\WINDOWS\system32\UACflehrtkv.dll c:\ 4. Izvrsi pendmoves.exe da se uvjeris da ce biti preseljeni. 5. Resetiras kompic 6. Kad se windowsi podignu, pogledas da li su te dvije datoteke preseljene ( da li se nalaze u c:\ i da li su izbrisane u c:\windows\system32 ) 7. Ponovo napravis dir >popis2.txt u system32 direktoriju i usporedis ta dva popisa. Trebas dobiti da ti fale samo ta dvije datoteke... Ajd baci se na posao i javi rezultat. Pazi, ove dvije datoteke mogu biti hidden pa obrati paznju na to ako ih na prvi pogled ne mozes naci. Za usporedivanje popis1.txt popis2.txt imas freeware programa koji ti odmah pokazu razliku. Npr ExamDiff 1.8, http://www.prestosoft.com/download/ed18_setup.zip
__________________
walk the talk |
![]() |
![]() |
![]() |
#22 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
Daj mi samo objasni kako se koristi ovaj Move/pend file pogledao sam na sysinterals ali nije objasnjeno bas...Kad aktiviram movefile,prvi put mi se pokaze onaj license agree i decline il kako vec,i na trenutak se pojavi cmd prozorcic i nestane...i tako svaki put...ne kuzim kak? edit:nvm skuzio sam,vidim da si on aj daj ostani jos kojih 5-10 min ak mozes pa cu stavit rezultate |
![]() |
![]() |
![]() |
#23 |
Registered User
Datum registracije: Oct 2007
Lokacija: Croatia
Postovi: 22
|
dobio sam pm :P,ok anw: 1.Nema ovog UACflehrta,tj ne vidim ga ni u browseru a ni u popis.txt ga nema,(ovog ddcbb ima,u browseru se ne nalazi ali ga nadem u popis.txt),mozda si na to mislio hidden kak da ga otkrijem onda? 2.obavio sam ovu naredbu za ddcbb al se opet napravi novi,ali kod ovog pendmoves kad ga koristim pise mi No Pending File rename operations registered...I tako uvijek...Neznam sta da radim >> ima nest sta sam pogrjesio?btw kad ubacim naredbu movefile pise mi da ce odradit naredbu na boot-u tj da ju je prihvatio ali u popisu pise da je ddcbb isti onaj od 18/01 |
![]() |
![]() |
![]() |
#24 |
Premium
Datum registracije: Jan 2008
Lokacija: Zg
Postovi: 206
|
Dobro za sada. Micanje ovih dll-ova nije rjesenje... Da li jos drzis ove windowse? Da li si pokretao Malwarebytes' Anti-Malware kako ti je stuc rekao? Ako nisi napravi to Znaci, instaliraj ga, updateaj ga (javit ce ti za update na kraju instalacije programa), pokreni i izaberi Perform Full Scan pa stisni Scan. Kad zavrsi, stisni Show Results pa na Remove Selected. Otvorit ce ti se log, njega snimi i budes mi ga poslao na forum. Nakon toga obavi Hijack scan. Sa Hijack napravi Do a system scan and save a logfile. Kad zavrsi otvoriti ce ti se zapis koji snimi u datoteku. Ove dvije datoteke mozes poslati kao privitak uz post ili ih mozes hostat na recimo rapidshare.com pa posaljes samo linkove. Stvar je sto ces mi slat jos par tih logova pa da drzimo postove urednim.
__________________
walk the talk |
![]() |
![]() |
|
|
Oglas
|
|
![]() |
|
|