Help

[alex76]

ciao a tutti....ho un problema...da un paio di giorni il pc mi risulta un pò lento e all'improvviso non riesco più ad accedere al task manager con ctrl+alt+canc perchè mi dice che il task manager è disabilitato dall'amministratore....vi allego il log di hijackthis...grazie mille


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50, on 2009-11-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.093\HijackThis.exe
C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.422\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.156\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Internet Explorer Plugin - {5BB5E88B-7AD7-475D-9729-CF04952B533D} - ltnjumga.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} (Conviva LivePass) -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwar ... TSUEng.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.virgilio.it/downloa ... ctiveX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

--
End of file - 9251 bytes

[shel]

ciao

Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Internet Explorer Plugin - {5BB5E88B-7AD7-475D-9729-CF04952B533D} - ltnjumga.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1


se non conosci questo, fixa insieme alle altre

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')


Scarica e installa malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto e per ora non rimuovere nulla

[alex76]

ho seguito le tue indicazioni e ti allego il report di malwarebytes...

Malwarebytes' Anti-Malware 1.41
Versione del database: 3208
Windows 5.1.2600 Service Pack 3

2009-11-21 19:24:09
mbam-log-2009-11-21 (19-24-03).txt

Tipo di scansione: Scansione completa (C:\|D:\|J:\|)
Elementi scansionati: 216457
Tempo trascorso: 51 minute(s), 23 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 2
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

[shel]

ciao

lascia la spunta accanto agli oggetti trovati infetti e premi ''rimuovi selezionati''

hai ancora il problema iniziale?

[alex76]

ho seguito passo passo le tue indicazioni ma purtroppo il task manager mi risulta sempre disabilitato dall'amministratore...

[shel]

se sei tu l'amministratore, vai qui e scarica l'utility

http://www.suspectfile.com/forum/viewto ... f=8&t=2761

clicca sul secondo pulsante dove e' scritto ''enable task manager e regedit'' e vedi se torna a posto

[alex76]

allora lo disabilita e funziona...ma se chiudo il task manager e lo riapro la seconda volta mi esce la solita scritta "task manager è stato disabilitato dall'amministratore"....

[shel]

apri il registro (start\esegui\regedit)

portati su questa chiave

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Policies\system --> DisableTaskMgr e imposta il valore a 0.dovrebbe trovarsi su 1,dimmi se è così.

[alex76]

se faccio regedit da esegui mi dice che l'editor del registro di sistema è stato disabilitato dall'amministratore...

[shel]

ma si o no l'amministratore del sistema?

prova con TaskManagerFix

http://www.recoverdatasoftware.com/tool ... gerFix.exe

[alex76]

mi fa la stessa di prima...prima mi funziona appena lo abilito ma chiudendo e aprendolo il task manager mi esce sempre la solita scritta....non è mai successa una cosa simile è la prima volta....

[shel]

vediamo se torna a posto

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disconnettiti da internet e disattiva l'antivirus
Lascia lavorare il programma senza interferire (non installare la recovery console)
Allega il rapporto C:\ComboFix.txt nella tua risposta.

[alex76]

ho fatto come mi hai suggerito....ti allego il rapporto di combofix...


ComboFix 09-11-20.05 - HP_Proprietario 2009-11-21 22:38.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.959.519 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091121-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Creati Da 2009-10-21 al 2009-11-21 )))))))))))))))))))))))))))))))))))
.

2009-11-21 17:31 . 2009-11-21 17:31 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-21 16:27 . 2009-11-21 16:28 -------- d-----w- C:\ComboFix2
2009-11-21 16:27 . 2009-11-21 16:26 398336 ----a-w- c:\windows\system32\CF763.exe
2009-11-21 15:35 . 2009-11-21 15:35 43008 ----a-w- c:\windows\system32\ltnjumga.dll
2009-11-04 08:46 . 2009-11-04 08:46 152576 ----a-w- c:\documents and settings\HP_Proprietario\Dati applicazioni\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 08:38 . 2009-11-04 08:38 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 17:31 . 2009-09-07 19:46 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-11-21 16:59 . 2009-04-24 14:37 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-11-21 16:24 . 2009-04-24 14:37 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-11-21 15:35 . 2009-02-21 09:53 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\uTorrent
2009-11-21 15:30 . 2009-07-21 08:29 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\vlc
2009-11-15 16:09 . 2009-02-17 09:01 -------- d-----w- c:\programmi\eMule
2009-11-08 09:25 . 2009-02-16 22:43 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-11-04 08:46 . 2006-08-24 07:49 -------- d-----w- c:\programmi\Java
2009-10-25 07:53 . 2004-12-10 14:24 64872 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 07:53 . 2004-12-10 14:24 429538 ----a-w- c:\windows\system32\perfh010.dat
2009-10-11 03:17 . 2009-02-17 22:23 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-02 13:39 . 2009-10-02 13:39 -------- d-----w- c:\programmi\Microsoft
2009-09-15 10:59 . 2009-02-16 23:01 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-15 10:56 . 2009-02-16 23:01 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-15 10:56 . 2009-02-16 23:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-15 10:55 . 2009-02-16 23:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-15 10:55 . 2009-02-16 23:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-15 10:54 . 2009-02-16 23:02 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-15 10:54 . 2009-02-16 23:02 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-15 10:53 . 2009-02-16 23:02 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-15 10:53 . 2009-02-16 23:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-10 13:54 . 2009-09-07 19:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-09-07 19:46 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-29 14:52 . 2009-02-16 22:33 67816 ----a-w- c:\documents and settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-29 09:12 . 2009-08-29 09:12 75040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2006-11-08 01:38 . 2009-02-17 05:01 22 -csha-w- c:\windows\SMINST\HPCD.SYS
.

((((((((((((((((((((((((((((( SnapShot_2009-11-21_16.35.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-21 20:31 . 2009-11-21 20:31 16384 c:\windows\Temp\Perflib_Perfdata_7c8.dat
+ 2009-11-21 20:31 . 2009-11-21 20:31 16384 c:\windows\Temp\Perflib_Perfdata_434.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative Detector"="c:\programmi\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPHUPD08"="c:\programmi\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\programmi\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPwuSchd2.exe" [2005-12-15 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\programmi\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-03-08 16010240]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^HP_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^C6 Messenger.lnk]
path=c:\documents and settings\HP_Proprietario\Menu Avvio\Programmi\Esecuzione automatica\C6 Messenger.lnk
backup=c:\windows\pss\C6 Messenger.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 3"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Spooler"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-17 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-17 20560]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-05-29 12672]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7CA86431-BD73-440B-B5CE-B02A4DC6D393}]
rundll32 ltnjumga.dll,laspi
.
Contenuto della cartella 'Scheduled Tasks'

2009-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.libero.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = local
IE: &Cerca con Google - c:\programmi\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Traduci parola in italiano - c:\programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Link a ritroso - c:\programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Pagine simili - c:\programmi\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Versione cache della pagina - c:\programmi\Google\GoogleToolbar1.dll/cmcache.html
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} - hxxp://c6.community.virgilio.it/downloa ... ctiveX.cab
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{5BB5E88B-7AD7-475D-9729-CF04952B533D} - (no file)
AddRemove-HijackThis - c:\docume~1\HP_PRO~1\IMPOST~1\Temp\Rar$EX00.125\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 22:44
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTJBNS2.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTIntrfc.dll
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\CTConfig.DLL
c:\programmi\Creative\Creative Zen Micro\Zen Micro Media Explorer\JBNSRES.DLL
c:\windows\system32\webcheck.dll
.
Ora fine scansione: 2009-11-21 22:46
ComboFix-quarantined-files.txt 2009-11-21 21:46
ComboFix2.txt 2009-08-30 08:34
ComboFix3.txt 2009-08-30 08:22
ComboFix4.txt 2009-03-28 13:33

Pre-Run: 131,944,140,800 byte disponibili
Post-Run: 131,935,432,704 byte disponibili

- - End Of File - - 3B1A7BDB1F33E7033FDC4649E2C11C84

[shel]

sembri infetto

fai una scansione completa con superantyspyware e controlla se rileva qualcosa- posta il report che rilascia

http://translate.googleusercontent.com/ ... 3SfSQc5JMQ

[alex76]

ok...l'ho scaricato ma la scansione la potrò fare lunedì mattina....appena posso allego qui il rapporto...buon weekend e grazie!!

[shel]

nel frattempo controlla se il task manager funziona

ciao

[alex76]

ciao....allora il task manager continua a non funzionare....cmq ti allego il rapporto di sueprantispyware....


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/23/2009 at 02:09 PM

Application Version : 4.30.1004

Core Rules Database Version : 4301
Trace Rules Database Version: 2170

Scan type : Complete Scan
Total Scan Time : 00:44:18

Memory items scanned : 557
Memory threats detected : 0
Registry items scanned : 6730
Registry threats detected : 0
File items scanned : 26471
File threats detected : 6

Adware.Tracking Cookie
C:\Documents and Settings\HP_Proprietario\Cookies\hp_proprietario@atdmt[2].txt

Trojan.Agent/Gen
C:\COMBOFIX2\PEV.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB17C91D-6F24-4899-93E1-D643B10B0F84}\RP167\A0045183.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB17C91D-6F24-4899-93E1-D643B10B0F84}\RP167\A0045257.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{EB17C91D-6F24-4899-93E1-D643B10B0F84}\RP273\A0064793.EXE

Trojan.Agent/Gen-Polax
C:\WINDOWS\SYSTEM32\LTNJUMGA.DLL

[shel]

ciao

fai questo controllo

Start->Esegui
- Digita regedit e premi invio.
segui questo percorso
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\system
- Sulla destra dovrebbe comparire la chiave DisableTaskMgr - dimmi se e' impostata a >>> 0 opppure a >>> 1

[alex76]

purtroppo mi esce la stessa scritta di prima....se faccio regedit mi dice che l'editor del registro del sistema è stato disabilitato dall'amministratore....

[Luke57]

Ciao, scarica questa utility:
http://www.suspectfile.com/download/utility.zip
avviala, esegui l'opzione 2 (Enable Task Manager and Regedit)
riavvia il sistema, fai sapere