Problem sa task manager-om

[ mastashiki @ 15.06.2009. 19:54 ] @

Problem je sledeci..Ne mogu da otvorim Task Manager(nece ni sa ctrl+alt+del , niti desnim klikom

na taskbar, niti iz system32). Task Manager ne radi ni u safe mode-u. Malo sam trazio po forumu,

gledao slicne teme, ali nisam uspeo da resim problem. Samo da napomenem da kada pokusam da

otvorim task manager sistem mi ne izbacuje nikakvu poruku (kao sto je bio slucaj kod nekih na

forumu).

Odradio sam ovo:

Start>Run>gpedit.msc
User Configuration>Administrative Templates>System>Ctrl+Alt+Del Options > Remove Task ....

stavljeno na Disabled

Skenirao sam windows avastom i sa Malwarebytes' Anti-Malware...i nista nisu nasli.

Imao sam pre par dana problem sa virusom/trojancem Win32:Kavos, i avast ga je uklonio.

Evo i HijackThis loga..

Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:48:57 PM, on 6/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Mladen\Desktop\1\123.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.co...t/wuweb_site.cab?1210772868796
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\XEClient\BIN\omtsreco.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe

--
End of file - 8355 bytes

[ Dashkes @ 15.06.2009. 20:10 ] @

Otvorite Notepad i unesite sledece:

Code:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=dword:0

sacuvajte kao restoreTM.reg i pokrenite.

[ mastashiki @ 15.06.2009. 20:18 ] @

Kada pokrenem restoreTM.reg sistem izbaci sledecu poruku:

Code:

Cannot import C:\....\restoreTM.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor.

[ Dashkes @ 15.06.2009. 20:29 ] @

Start > Run... > regedit > HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System > DisableTaskMgr, Value izmenite na 0.

[ mastashiki @ 15.06.2009. 20:32 ] @

Problem je u tome sto ja nemam uopste taj registar

[ Dashkes @ 15.06.2009. 20:40 ] @

Hmm... A Start > Run... > reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0
Da li ce to pomoci? Kako nema? Mozda je TASKMAN.EXE ostecen.

[ mastashiki @ 15.06.2009. 20:50 ] @

Taj red je ubacio registar i vrednost mu je postavljena na 0.

Ali i dalje ne radi task manager....Izgleda da cu morati da formatiram disk :D

[ Dashkes @ 15.06.2009. 20:53 ] @

A ako ga zamenite sa novim Task Manager-om?
Moj Task Manager - taskman.exe.

[ mastashiki @ 15.06.2009. 20:56 ] @

Nece i dalje

[ Dashkes @ 15.06.2009. 20:58 ] @

A ako restartujete racunar? Hm... Stvarno mi ne ide u glavu sta bi moglo biti. :/

[ mastashiki @ 15.06.2009. 21:04 ] @

Restartovao sam racunar i kada sam ubacio onaj registar i sada opet..i i dalje ne radi

Hvala u svakom slucaju :D

[ Zoran Rodic @ 15.06.2009. 22:17 ] @

uf, čekaj

http://www.kellys-korner-xp.com/regs_edits/nodesktop.reg restore taskamanger
http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg enable taskmanager

http://www.kellys-korner-xp.com/regs_edits/TaskManager_Reset.reg reset taskmanager

http://www.kellys-korner-xp.co.../xp_taskbar_desktop_fixall.vbs restore 2

Probaj ovim redosledom, sačuvaj reg fajl pa ga pokreni

PS
Neki će odmah ponuditi Save AS a neke ćeš morati da sačuvaš preko File=>SaveAs

[ mastashiki @ 15.06.2009. 22:48 ] @

Pokrenuo sam sva 4, restartovao sam komp...i dalje ne radi

[ Zoran Rodic @ 15.06.2009. 22:57 ] @

Meni to deluje kao da su ostali neki repovi

U ovakvim situacijama Kaspersky dobro dodje a nije zgoreg probati i http://download.sysinternals.com/Files/RootkitRevealer.zip
Probaj prvo Rootkit Revealer

[ valjan @ 16.06.2009. 07:46 ] @

U HJThis logu sam primetio sledece:

C:\WINDOWS\System32\TUProgSt.exe

Ovaj proces pripada TuneUp Software-u i koliko vidim na netu taj alat moze da izazove takve probleme kakve ti imas. On ima neku svoju verziju Task Managera i ne bi me cudilo da namerno onesposobi Windowsov kako bi se koristio samo njegov. Ako je Task Manager prestao da radi nakon sto si instalirao ovaj program, ili nakon sto si nesto menjao u njemu, eto ti uzrok, pa probaj da privremeno onesposobis isti ili da ga uklonis pa da vidis da li Task Manager posle toga radi.

[ Goran Mijailovic @ 16.06.2009. 08:13 ] @

Hm.. http://www.systemlookup.com/O23/4316-TUProgSt_exe.html

mada, nista ga ne kosta da proba da deinstalira TU utilities.

[ mastashiki @ 16.06.2009. 10:41 ] @

Obrisao sam Tune Up i dalje ne radi

[ Dashkes @ 16.06.2009. 10:54 ] @

Kao sto je rekao Zoran, moguce je da je u pitanju rootkit.
Skinite RootRepal i uradite sve po redu kao na slici. Log iskopirajte ovde.

[ Mixi7650 @ 16.06.2009. 20:36 ] @

Za repove koji su sigurno tu probaj http://www.malwarebytes.org/ .
Nakon toga sledi:Start > Run... > reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0

[ malidebeli @ 17.06.2009. 22:01 ] @

Da se ubacim i Ja u pricu, ali nazalost nemam resenje , vec identican problem , znaci nista od ponudjenog ne pomaze, ima li neka svezija ideja..

[ Dashkes @ 17.06.2009. 22:04 ] @

• Preuzmite i instalirajte program Malwarebytes` Anti-Malware - http://www.malwarebytes.org/mbam-download.php
• Pokrenite ga i izvrsite update(Update > Check for Updates) i po zavrsetku potvrdite sa OK.
• Posle update-a odaberi Scanner, oznacite Perform full scan i pritisnite Scan.
• Kada se skeniranje zavrsi pritisnite OK, pa Show Results da vidite izvestaj.
• Proverite da li su svi pronadjeni fajlovi stiklirani(ako nisu selektujte ih), pritisnite Remove Selected i potvrdite sa OK.
• Program ce vas upitati da restartujes racunar i vi to potvrdite.
• Takodje posle ukljanjanje malware-a sa racunara dobicete log fajl(izvestaj) koji cete iskopirati ovde.

Preuzmite program Dr.Web CureIt!.

• Posle preuzimanja restartujte racunar u Safe Mode-u(dok se pali racunar pritiskajte F8 pa kada se pojavi meni odaberite Safe Mode).
• Kada se ucita Safe Mode pokrenite Dr.Web CureIt!.
• Kad se upali odaberite Start. On ce automatski poceti da skenira racunar. Pustiti da skenira(to je Express Scan).
• Kada zavrsi sa skeniranjem odaberite kompletno skeniranje - Complete scan i sa desne strane pritisnite dugme Start Scanning(izgleda kao Play dugme).
Moram da vas upozorim da kompletno skeniranje moze da potraje nekoliko sati!

Pokazite log CureIt!-a koji se nalazi u C:\Documents and Settings\USERNAME\DoctorWeb\

[ Goran Mijailovic @ 18.06.2009. 07:18 ] @

Citat:

malidebeli: Da se ubacim i Ja u pricu, ali nazalost nemam resenje , vec identican problem , znaci nista od ponudjenog ne pomaze, ima li neka svezija ideja..

Ovaj alat ce vam napraviti upotrebljive kopije REGEDIT, MSCONFIG i Task Manager-a koje mozete koristiti dok ne ocistite racunar.

Download:
http://www.dougknox.com/xp/utils/xp_emergencyutil.zip

Vise ovde: http://www.dougknox.com/xp/utils/xp_emerutils.htm

_{[Ovu poruku je menjao Goran Mijailovic dana 18.06.2009. u 09:10 GMT+1]}

[ Goran Mijailovic @ 18.06.2009. 08:08 ] @

Ovde imate kako ukljuciti Task Manager (upotrebom reg fajla) ako je njegova upotreba zabranjena, ako je iskljucen ili ne postoji njegov fajl.

Ukljuciti Task Manager 1 (linija 51)
http://www.kellys-korner-xp.com/xp_tweaks.htm
http://www.kellys-korner-xp.com/regs_edits/taskmanager.reg

Ukljuciti Task Manager 2 (linija 113)
http://www.kellys-korner-xp.com/xp_tweaks.htm
http://www.kellys-korner-xp.com/regs_edits/taskmgrenable.reg
http://www.kellys-korner-xp.com/regs_edits/TaskManager_Reset.reg

Problem: Task Manager - ne radi Control/Alt/Delete
Resenje: uklanjanje ogranicenja - TM, Regedit and CMD (Linija 275)
http://www.kellys-korner-xp.com/xp_tweaks.htm
http://www.kellys-korner-xp.com/regs_edits/regtmcmdrestore.vbs

*Napomena
potrebno je preuzeti potreban .reg ili .vbs fajl sa datih linkova i izvrsiti ga na racunaru, za izrsenje .vbs fajla ce mozda biti potrebno iskljuciti antivirus.

Problem: ne postoji Task Manager

Taskmgr.exe treba da se nalazi u %SystemRoot%\system32 folderu (obicno C:\WINDOWS\system32). Ako ne mozete da pronadjete fajl u tom folderu, mozete da ga raspakujete sa Windows XP CD-a. Postupak je sledeci:

a. Ubaciti Windows XP CD u CD-ROM
b. Kliknuti Start, Run, otkucati cmd i pritisnuti Enter.
c. U Command Prompt-u, ukucati sledece komande:

Na primer, ako je vas CD-ROM oznacen slovom F, ukucajte sledece komande:

F:
cd \i386
expand taskmgr.ex_ %SystemRoot%\SYSTEM32\taskmgr.exe

**
Takodje treba znati da se Task Manager moze startovati na tri nacina
Prvi nacin:
Pritisnuti CTRL + ALT + DELETE i onda kliknuti na 'Task Manager...

drugi nacin:
Desni klik na na Windows Notification oblast (tamo gde je sat

) ili taskbar i izabrati 'Task Manager...

treci nacin:
Pritisnuti CTRL + SHIFT + ESC i Task Manager ce se odmah startovati.

[ malidebeli @ 18.06.2009. 16:36 ] @

Hvala i pored svih skeniranja / bilo je i gamadi/ nisam uspeo vratiti task manager, sve dok nisam ubacio CD od Win-a i po uputstvu vratio ga .

Hvala svima.

ovo je fajl od :

Malwarebytes' Anti-Malware 1.38
Database version: 2299
Windows 5.1.2600 Service Pack 3

6/18/2009 06:13:10
mbam-log-2009-06-18 (06-13-02).txt

Scan type: Full Scan (C:\|D:\|H:\|)
Objects scanned: 293853
Time elapsed: 48 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\TA\globo\opticum_toolbox_2.0\OptiBox_2.0.exe (Rogue.Installer) -> No action taken.

——

[ zexoni @ 25.08.2009. 19:19 ] @

Pisem ovo da bih se zahvalio korisniku Goranu Mijailovicu.Meni je,naime,BitDefender obrisao task manager jer je bio zarazen.Sad sam ga reinstalirao prema njegovom uputstvu,uz pomoc xp instalacionog diska.Pozdrav svima