Windows problem! Need help urgently.
Hello! I have Windows Vista Ultimate on my computer. I don’t know why, but once I started Windows, I saw that the beautiful design was gone and everything became like on the 98th, exe files do not start, that is, they start but all a couple, of course, the games do not start, when you try to close any folder, it writes: The operation was canceled due to the restrictions on the computer. Contact the network administrator. The right mouse button works only in programs, you cannot use it in folders, you have to do everything in the total commander ( (((I really need your help, you should take into account that I cannot reinstall Windows, there is a lot of important information, about 500 GB.node 32 was, and where did it go)))))))) I just checked it, but it is possible to install it, imagine what is, what to do next?
Download this program
http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis.zip (310 kb)
Extract from archive and press: Do a system scan and save a logfile
File contents here.
Damn writes like the word Hook is found in the text, replace the last letter with u))) where the thread will fill this file.
http://narod.ru/disk/4847884000/hijackthis.log.html --- here is the link sorry for the inconvenience)
Check here http: virustotal.com/ru/ for post results.
E: Windows System32 user32dll.exe
Download this program
http://z-oleg.com/avz4.zip (3.47 mb) Select the File menu - Run script, copy the text below and click Start, after which the computer will reboot.
begin
SetAVZGuardStatus (True);
SearchRootkit (true, true);
DeleteFile ('E: Windows services.exe');
DeleteFile ('E: Windows system32 ltzlib.dll');
ExecuteSysClean;
RebootWindows (true);
end.
Right now I'm going to sleep, in the afternoon I will give further recommendations.
Hello everybody . I have a small desktop problem on Windows XP. All shortcuts and folders on the desktop are highlighted in blue.
HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies in this registry key, right-click on the Policies subsection and select the export item. You will be asked where to save, choose a convenient place for yourself and click Save. Open the file with the reg extension with notepad and drop its contents here.
Extract AVZ files from the archive, select: File - Standard scripts, where check item 2 and click Run marked scripts. After a window appears with the words Scripts executed, a folder named LOG will appear in the folder with AVZ, in which there will be an archive named virusinfo_syscheck.zip.
Upload the archive with the name virusinfo_syscheck.zip to http://webfile.ru
PS Did the
script have any results?
I did not quite understand the first line, where to find this registry? What to look for?
performed the following steps, please explain about the first paragraph.
ZY No, I haven't noticed any visible results yet.
Here is a link to virusinfo http://webfile.ru/2540157
Press Ctrl + R, type regedit, press Enter. And you will see a great window with the great name Registry Editor ...
yeah, thanks, I just misunderstood at first, ctrl + r did not work, so I had to do it differently.
here is the file:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies]
[HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Attachments]
"ScanWithAntiVirus" = dword: 0000L0003
[HKEY_LOCAL_MACHINE Windows CurrentVersion Policies Explorer]
"DisableLocalMachineRun" = dword: 00000001
[HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer Run]
[HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies
" -C265-11D0-BCED-00A0C90AB50F} "= dword: 00000001
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} " = dword: 40000021
"{0DF44EAA-FF21-4412-828E-260A8728E7F1} " = dword: 00000020
[HKEY_LOCAL_MACHINE SOFTWARE the Microsoft the Windows CurrentVersion the Policies Ratings has]
[ HKEY_LOCAL_MACHINE SOFTWARE the Microsoft the Windows CurrentVersion the Policies the System]
"ConsentPromptBehaviorAdmin" = dword: 00000002
"ConsentPromptBehaviorUser" = dword: 00000001
"EnableInstallerDetection" = dword: 00000001
"EnableSecureUIAPaths" = dword: 00000001
"EnableVirtualization" = dword: 00000001
" PromptOnSecureDesktop "= dword: 00000001
" ValidateAdminCodeSignatures "= dword: 00000000
" dontdisplaylastusername "= dword: 00000000
"legalnoticecaption "=" "
" legalnoticetext "=" "
"scforceoption" = dword: 00000000
"shutdownwithoutlogon" = dword: 00000001
"undockwithoutlogon" = dword: 00000001
"FilterAdministratorToken" = dword: 00000000
"EnableUIADesktopToggle" = dword: 00000000
"EnableLUA" = dword: 00000000
Microsoft_Withoutlogon CurrentVersion the Policies the System UIPI]
[HKEY_LOCAL_MACHINE SOFTWARE the Microsoft the Windows CurrentVersion the Policies the System UIPI a Clipboard]
[HKEY_LOCAL_MACHINE SOFTWARE the Microsoft the Windows CurrentVersion the Policies the System UIPI a Clipboard ExceptionFormats]
" CF_TEXT "= dword: 00000001
" CF_BITMAP "= dword: 00000002
" CF_OEMTEXT "= dword: 00000007
" CF_DIB "= dword:00000008
"CF_PALETTE" = dword: 00000009
"CF_UNICODETEXT" = dword: 0000000d
"CF_DIBV5" = dword: 00000011
J-S1nk !!! Sorry I'm wrong !!! We need not Ctrl + R, but Win + R !!! I just hurried ... =))
Disable System Restore for the duration of the recommendations! Control Panel - System - Advanced System Settings - System Protection tab, in which you need to uncheck all drives.
Check here http: virustotal.com/ru/ for post results.
E: Windows system32 pr2am84b.exe
E: Windows System32 appdrvrem01.exe
E: Windows system32 CmdLineExt.dll
E: Windows gdrv.sys
E: Windows System32 Drivers appdrv01.sys
Go to this address, see what files are there and post them.
E: Users _MC J_SINK_ AppData Roaming Microsoft Windows Start Menu Programs Startup
In AVZ, select File Menu - execute the script. Copy the text below.
When executed, the computer will restart.
begin
SetAVZGuardStatus (True);
SearchRootkit (true, true);
QuarantineFile ('E: autorun.inf', '');
QuarantineFile ('C: autorun.inf', '');
DelBHO ('{2E63DB08-4E02-42DB-969D-3AE22420D2F8}');
DeleteFile ('E: autorun.inf');
DeleteFile ('C: autorun.inf');
ExecuteSysClean;
RebootWindows (true);
end.
After rebooting, in AVZ select File menu - execute the script. Copy the text below.
begin
CreateQurantineArchive (GetAVZDirectory + 'quarantine.zip');
end.
As a result, a zip-archive with the name quarantine.zip will appear in the folder with avz, which you can drop here zappbreniganDWCgmail.com, where DWC = @ In the name of the letter, indicate the subject and your nickname on the forum.
In AVZ, select the File menu - Troubleshooting Wizard, where in the problem category set System problems, in the degree of danger All problems and press start. check the Violation of EXE file association checkbox and click Fix the noted problems.
Remove the DisableLocalMachineRun parameter from this registry key.
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Policies Explorer
You threw off not what I said, but this branch is also needed. Branch HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies
What's the problem? Describe what is left after all the above actions?
what I stepped on)
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies]
[HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies Explorer]
"NoDriveTypeAutoRun" = dword: 00000091
"NoView =ContextMenu : 00000001
"DisableCurrentUserRun" = dword: 00000001
[HKEY_CURRENT_USER Software Microsoft Windows CurrentVersion Policies System]
"LogonHoursAction" = dword: 00000002
"DontDisplayLogonHoursWarnings" = dword: 00000001
MEDVEDKO
right click on the desktop> arrange icons> checkbox shouldn't "pin web elements to desktop"?