Stergere hijack regedit, taskmanager

[Xcite]

Am niste probleme cu registry editor si task manager , sunt dezactivate. Am incercat metodele sa le reactivez , dar am scanat cu malwarebytes' si mi-au fost gasite cateva hijackuri si alti virusi. Am dat remove la toti , restart la pc ... dar tot nu s-a rezolvat nimic , virusii inca mai apar la scanare iar task manager la fel. Nu se sterg hijackurile. Am incercat o gramada de metode dar nimic...

Niste loguri din MBAM:

Code: Select all

Registry Keys Detected: 2
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AMSINT32 (Virus.Sality) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\amsint32 (Virus.Sality) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RRT-Auto (Autorun.RRT) -> Data: C:\Documents and Settings\Ionut\My Documents\Descarcari\RRT.exe auto -> Quarantined and deleted successfully.

Registry Data Items Detected: 5
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Cum pot rezolva ? chiar ieri am reinstalat windowsului, deci exclus cu reinstalarea.

[realtime]

prietene ala e virus care nu te lasa sa actinoezi task manager. cel ami probabil un logger ceva

[-|AdyTza|-]

Fa o scanare completa cu "hijackthis" în Safe Mode fără internet.Dupa ce termina dai un restart la PC și gata :)

[Xcite]

prietene ala e virus care nu te lasa sa actinoezi task manager. cel ami probabil un logger ceva

Citeste de mai multe ori ce am scris , e clar ca nu ma lasa sa deschid taskmanager / regedit . Dar dupa ce dau repair la regedit in 2-3 secunde iarasi e dezactivat.

Adytza , tocmai am scanat ... si imi da sa dau fix la care vreau , pe care sa le bifez ? nu ma pricep la dezvirusare Uite logul:

Code: Select all

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:36:02, on 05.01.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\s3graphics\chrome3\S3ScrnToys.exe
C:\Program Files\s3graphics\chrome3\S3Funkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ionut\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Ionut\LOCALS~1\Temp\gwpl.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Ionut\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Chrome3] C:\Program Files\s3graphics\chrome3\S3ScrnToys.exe
O4 - HKLM\..\Run: [S3Funkey] C:\Program Files\s3graphics\chrome3\S3Funkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Ionut\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E00CBA89-8E7E-4F57-B4DB-20AC6D428321}: NameServer = 213.154.124.1 193.231.252.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5911 bytes

[-|AdyTza|-]

Scanarea trebuie făcuta în Safe Mode și bifează aceleași opțiuni care erau și când ai scanat cu anti-virusul tău.Daca nu merge nici asa bifează-le pe toate,după fa o scanare cu amândouă din nou și vezi rezultatul.Nu ar trebuie sa se întâmple nimic dacă le bifezi pe toate pentru ca programul încearcă sa le înlăture.

[Xcite]

Nu-mi porneste pc in safe mode , isi da restart si tot ma pune sa aleg. Malwarebytes' mi le sterge si la baga in quarantine dar cand scanez le gasesc dinou.

[-|AdyTza|-]

Pai fa o poza cu problemele care le găsește Malwarebytes și le selectezi și în hijackthis.

[Xcite]

Nu imi dau seama care de aici sunt in hijackthis.. cred ca nici nu apar in hijackthis.

EDIT: Am gasit in hijackthis : O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

Am bifat + am dat fix checked dar cand scanez apare dinou sau trebuie sa dau restart la pc dinou ?

[-|AdyTza|-]

Acum am văzut ceva,înainte de scanare intra în drepta la "config" și bifează căsuțele 2,3,4,5.Una dintre ele spune ca:iți fixează anumite probleme care le găsește programul dar trebuie sa fii în Safe Mode.Oricând faci o scanare cu un anti-virus trebuie făcuta în Safe Mode.

[Xcite]

Acum am văzut ceva,înainte de scanare intra în drepta la "config" și bifează căsuțele 2,3,4,5.Una dintre ele spune ca:iți fixează anumite probleme care le găsește programul dar trebuie sa fii în Safe Mode.Oricând faci o scanare cu un anti-virus trebuie făcuta în Safe Mode.

Nu pot rula in safe mode... si la care program te referi ? hijackthis ? e setat cum zici tu..

[-|AdyTza|-]

Da.Mai bine vorbim pe mess ca facem mai rapid. adytza_spy94

[!UL!@N]

Daca ai windows xp:

blog.atweb.ro/wp-content/uploads/2009/07/safeboot-for-windows-xp-sp2.reg (pentru SP2)

blog.atweb.ro/wp-content/uploads/2009/07/safeboot-for-windows-xp-sp3.reg (pentru SP3)

instaleaza asta si iti va merge safe mode

Ai cam multe lucruri prin windowsul tau, in caz ca reusesti sa scapi de virusi, ramaii cu problemele si modificarile pe care le-au facut...

Daca ai reinstalat win. ieri, de ce nu o mai faci odata? nu cred ca ai ce pierde...insa recomand alta versiune. Gasesti pe FL mai multe torrente cu XP ...sau daca vrei w7