Reg i Menadzer


(Valthar) #1

Siema mam pewien problem jak chce wlaczyc menadzera zadan to wyskakuje mi ze zostal wylaczony przez admina jak chce regedit to wyskakuje ze tez przez admina ale sieci niewiem co jest grane sciagnolem regalizera ale jak zmienie te wartosci na 0 to dziala ale jak zamkne ten program to znow wszystko wraca do normy plis help :frowning:

log z combofix:

ComboFix 08-11-05.02 - Valthar 2008-11-06 14:52:04.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.733 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Valthar\Moje dokumenty\ComboFix.exe

 * Utworzono nowy punkt przywracania

.


((((((((((((((((((((((((((((((((((((((( Usuni臋to )))))))))))))))))))))))))))))))))))))))))))))))))

.


C:\Autorun.inf

c:\program files\Mozilla Firefox\plugins\NPMyGlSh.dll

c:\program files\myglobalsearch

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR

c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.MANIFEST

c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL

c:\program files\myglobalsearch\bar\1.bin\MGSBAR.DLL

c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL

c:\program files\myglobalsearch\bar\Cache\[u]0[/u]12274A0

c:\program files\myglobalsearch\bar\Cache\[u]0[/u]1227646

c:\program files\myglobalsearch\bar\Cache\[u]0[/u]122776F.bin

c:\program files\myglobalsearch\bar\Cache\[u]0[/u]12278C7.bin

c:\program files\myglobalsearch\bar\Cache\[u]0[/u]12279FF.bin

c:\program files\myglobalsearch\bar\Cache\files.ini

c:\program files\myglobalsearch\bar\History\search

c:\program files\myglobalsearch\bar\Settings\prevcfg.htm

C:\rqq2v.bat

c:\windows\system32\amvo.exe

c:\windows\system32\amvo0.dll

c:\windows\system32\amvo1.dll

c:\windows\system32\Bitkv0.dll

c:\windows\system32\ckvo.exe

c:\windows\system32\ckvo1.dll

c:\windows\system32\wmdrtc32.dl_

c:\windows\system32\wmdrtc32.dll

D:\rqq2v.bat


.

((((((((((((((((((((((((( Pliki utworzone od 2008-10-06 do 2008-11-06 )))))))))))))))))))))))))))))))

.


2008-11-06 13:30 . 2008-11-06 14:56	5,477	--a------	c:\windows\system32\drivers\nnpghi.sys

2008-11-05 19:10 . 2008-11-05 19:10	






a tu z hjackthis

[code] Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:39:30, on 2008-11-06 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Gadu-Gadu\gg.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\Valthar\USTAWI~1\Temp\winvoluve.exe C:\DOCUME~1\Valthar\USTAWI~1\Temp\wingubnd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 艁膮cza R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: My Global Search Bar - {37B85A29-692B-4205-9CAD-2626E4993404} - C:\Program Files\MyGlobalSearch\bar\1.bin\MGSBAR.DLL (file missing) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'US艁UGA LOKALNA') O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'US艁UGA SIECIOWA') O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 3003 bytes


(Frog) #2

Valthar , popraw tytu艂 tematu, u偶ywaj膮c przycisku ac7a4cd89050aa6e.gif

Poza tym na forum u偶ywamy polskich znak贸w (偶, 藕, 膰, 膮, 艣 itp.). Korzystaj膮c z przycisku ac7a4cd89050aa6e.gif


(Olixxx94) #3

Fix w Hijackthis.