Sunday, February 22, 2009

nak munculkan run command

Run Regedit:
Ctrl-Alt-Del
Click "Task List"
Click "File"
Click "New Task (run...)"
Type "RegEdit"
Press "Enter"

Go to: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

Make Sure entry for NoRun is set to 0
Make sure entry for DisallowRun is set to 0

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\sppolsv.exe
C:\hjt\HijackThis.exe

O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\system32\drivers\sppolsv.exe

Friday, February 13, 2009

unix command shutdown

NAME
shutdown - bring the system down
SYNOPSIS
/sbin/shutdown [-t sec] [-arkhncfF] time [warning-message]
DESCRIPTION
shutdown brings the system down in a secure way. All logged-in users are notified that the system is going down, and login(1) is blocked. It is possible to shut the system down immediately or after a specified delay. All processes are first notified that the system is going down by the signal SIGTERM. This gives programs like vi(1) the time to save the file being edited, mail and news processing programs a chance to exit cleanly, etc. shutdown does its job by signalling the init process, asking it to change the runlevel. Runlevel 0 is used to halt the system, runlevel 6 is used to reboot the system, and runlevel 1 is used to put to system into a state where administrative tasks can be performed; this is the default if neither the -h or -r flag is given to shutdown. To see which actions are taken on halt or reboot see the appropriate entries for these runlevels in the file /etc/inittab.
OPTIONS
-a Use /etc/shutdown.allow.
-t sec Tell init(8) to wait sec seconds between sending processes the warning
and the kill signal, before changing to another runlevel.
-k Don't really shutdown; only send the warning messages to everybody.
-r Reboot after shutdown.
-h Halt after shutdown.
-n [DEPRECATED] Don't call init(8) to do the shutdown but do it ourself.
The use of this option is discouraged, and its results are not always
what you'd expect.
-f Skip fsck on reboot.
-F Force fsck on reboot.
-c Cancel an already running shutdown. With this option it is of course not possible to give the time argument, but you can enter a explanatory message on the command line that will be sent to all users.
time
When to shutdown.
warning-message
Message to send to all users.
The time argument can have different formats. First, it can be an absolute time in the format hh:mm, in which hh is the hour (1 or 2 digits) and mm is the minute of the hour (in two digits). Second, it can be in the format +m, in which m is the number of minutes to wait. The word now is an alias for +0.
If shutdown is called with a delay, it creates the advisory file /etc/nologin which causes programs such as login(1) to not allow new user logins. Shutdown removes this file if it is stopped before it can signal init (i.e. it is cancelled or something goes wrong). It also removes it before calling init to change the runlevel.
The
-f flag means `reboot fast'. This only creates an advisory file /fastboot which can be tested by the system when it comes up again. The boot rc file can test if this file is present, and decide not to run fsck(1) since the system has been shut down in the proper way. After that, the boot process should remove /fastboot.
The -F
flag means `force fsck'. This only creates an advisory file /forcefsck which can be tested by the system when it comes up again. The boot rc file can test if this file is present, and decide to run fsck(1) with a special `force' flag so that even properly unmounted filesystems get checked. After that, the boot process should remove /forcefsck.
The -n flag causes shutdown not to call init, but to kill all running processes itself. shutdown will then turn off quota, accounting, and swapping and unmount all filesystems.
ACCESS CONTROL
shutdown can be called from init(8) when the magic keys CTRL-ALT-DEL are pressed, by creating an appropriate entry in /etc/inittab. This means that everyone who has physical access to the console keyboard can shut the system down. To prevent this, shutdown can check to see if an authorized user is logged in on one of the virtual consoles. If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. Otherwise it will write the message
shutdown: no authorized users logged in
to the (physical) system console. The format of /etc/shutdown.allow is one user name per line. Empty lines and comment lines (prefixed by a #) are allowed. Currently there is a limit of 32 users in this file.
Note that if /etc/shutdown.allow is not present, the -a argument is ignored.