problem z menadzerem zadan

**Posty:** 3 · przez **ocelot1988** 18 Mar 2008, 18:07

wiem że był już taki temat ale czytając go stwierdziłem że nie jest to dokładna analogia mojego problemu dlatego proszę o pomoc. Mianowicie po wciśnięciu kombinacji ctrl+alt+del nie wyskakuje mi medadzer zadan ani rowniez niewyskakuje mi zadna wiadomosc po prostu nic sie nie dzieje

**Posty:** 8001 · przez **Okocza** 18 Mar 2008, 18:25

http://www.pctips.pl/news/76005.html

przeczytaj i sprawdź czy pomoże.

**Posty:** 3 · przez **ocelot1988** 18 Mar 2008, 18:35

niestety nic nie pomogło dalej nic sie nie dzieje

**Posty:** 7838 · przez **Lukesh** 18 Mar 2008, 18:37

Temat jak na razie przenosze do dzialu Bezpieczenstwo.

:arrow:

Zastosuj sie do wskazowek z tematu: http://forum.programosy.pl/bad-generic-host-process-for-win32-services-vt79489.html
:arrow:

Zrob skan on-line www.ewido.com
:arrow:

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

zastosuj:
SDFix

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt

:arrow:

Pokaz log z ComboFix: http://www.programosy.pl/program,combofix.html
:arrow:

na sam koniec wstaw logi z HJ: http://forum.programosy.pl/hijackthis-amp-silent-runners-gtobsuga-i-umieszczanie-vt9452.html

**Posty:** 3 · przez **ocelot1988** 18 Mar 2008, 19:25

SDFix: Version 1.158

Run by Administrator on 2008-03-18 at 17:59

Microsoft Windows XP [Wersja 5.1.2600]
Running From: C:\SDFix\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\Program Files\outlook\outlook.exe - Deleted
C:\Program Files\outlook\p.zip - Deleted
C:\Program Files\outlook\v.tmp - Deleted
C:\WINDOWS\dat.txt - Deleted
C:\WINDOWS\rs.txt - Deleted
C:\WINDOWS\search_res.txt - Deleted
C:\WINDOWS\system32\cmd.com - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\netstat.com - Deleted
C:\WINDOWS\system32\ping.com - Deleted
C:\WINDOWS\system32\regedit.com - Deleted
C:\WINDOWS\system32\taskkill.com - Deleted
C:\WINDOWS\system32\tasklist.com - Deleted
C:\WINDOWS\system32\tracert.com - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,

http://www.gmer.net
Rootkit scan 2008-03-18 18:08:41
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90

D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:a7,5a,de,18,68,5e,e6,60,7b,cd,1a,8b,71,69,da,e8,8f,33,7a,c1,7d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53

EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:46,20,25,93,44,53,b4,4a,96,7c,1b,33,e9,29,a8,76,cb,3a,cd,ba,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53

EA4\00000001]
"a0"=hex:20,01,00,00,1f,d3,73,bc,a4,e8,1a,2e,f3,76,2f,b2,a1,f4,0b,2b,41,..
"khjeh"=hex:3d,3e,ce,65,aa,ca,2c,46,5a,e3,a2,f1,b1,69,06,80,da,25,18,d3,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53

EA4\00000001\0Jf40]
"khjeh"=hex:a7,73,61,8c,f8,14,ce,15,3e,14,55,be,f0,fd,42,d9,28,86,60,e9,58,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
"h0"=dword:00000001
"ujdew"=hex:a7,5a,de,18,68,5e,e6,60,7b,cd,1a,8b,71,69,da,e8,8f,33,7a,c1,7d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:46,20,25,93,44,53,b4,4a,96,7c,1b,33,e9,29,a8,76,cb,3a,cd,ba,b4,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\

00000001]
"a0"=hex:20,01,00,00,1f,d3,73,bc,a4,e8,1a,2e,f3,76,2f,b2,a1,f4,0b,2b,41,..
"khjeh"=hex:3d,3e,ce,65,aa,ca,2c,46,5a,e3,a2,f1,b1,69,06,80,da,25,18,d3,30,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\

00000001\0Jf40]
"khjeh"=hex:a7,73,61,8c,f8,14,ce,15,3e,14,55,be,f0,fd,42,d9,28,86,60,e9,58,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\

1\5\1c]
"Order"=hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019"
"C:\\Program Files\\Gadu-Gadu\\gg.exe"="C:\\Program

Files\\Gadu-Gadu\\gg.exe:*:Enabled:Gadu-Gadu - program g˘wny"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program

Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program

Files\\BitComet\\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing

Eye\\eye.exe:*:Disabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Common

Files\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\NAPI-PROJEKT\\napisy.exe"="C:\\Program

Files\\NAPI-PROJEKT\\napisy.exe:*:Enabled:www.napiprojekt.pl"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"="E:\\Program Files\\EA

GAMES\\MOHAA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Documents and Settings\\Paziki\\Pulpit\\zuzel2002full\\mot.exe"="C:\\Documents and

Settings\\Paziki\\Pulpit\\zuzel2002full\\mot.exe:*:Disabled:zuzel"
"D:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="D:\\Program

Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy

\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-

22019"

Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes :

Fri 1 Feb 2008 88 ..SHR --- "C:\WINDOWS\system32\2FC296E392.sys"
Thu 24 Jan 2008 56 ..SHR --- "C:\WINDOWS\system32\92E396C22F.sys"
Fri 1 Feb 2008 6,580 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Thu 26 Jul 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Finished!

[ Dodano: Dzisiaj o 18:25 ]
pomogło wielkie dzieki i pytanie w zwiazku z tym czy przy ponownym powtorzeniu sie problemu robic to samo?

**Posty:** 18165 · przez **wojtas** 18 Mar 2008, 19:51

daj loga z hijacka i combofixa w tagach

problem z menadzerem zadan

problem z menadzerem zadan

Kto jest na forum