www.MegaLab.it

[genchi]

Mi hanno portato un notebook packard bell con un problema strano.
Nonstante abbiano installato un modulo ram da 1gb rallenta all'accensione e nel aprire le finestra o programmi, inoltre quando da start spegni pc si blocca nella videata iniziale packard bel e per spegnerlo devo utilizzare il tasto interruttore.
Potete darmi qualche indicazione?
Grazie

[Amantide]

Per iniziare posta il log di Hijackthis, vediamo se si tratta di qualche malware prima di pensare ad un problema hardware.

[genchi]

Per adesso ho fatto una scansione con malwarebytes e mi ha trovato 60 tra a-daware e trojan,poi provo anche con cosa mi hai detto tu,ho gia' lanciato anche atf cleaner per precauzione eccleaner
Grazie ci aggiorniamo

[Amantide]

Allora, visto che Malwarebytes ha già mostrato che il pc era pieno di malware, puoi anche sorvolare il log di Hijackthis.

Se vedi che dopo queste pulizie il pc resta comunque lento, scarica anche ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:

Codice: Seleziona tutto

[LOG]qui va inserito il log[/LOG]

EDIT:
Mica me n'ero accorta subito che hai postato nella sezione Linux... la prossima volta presta attenzione scegliendo la sezione dopo postare il problema.

[genchi]

Ho effettuato la scansione con hjthis come mi hai detto, o postato il log direttamente a loro e non ha trovato nulla di irregolare,
il notebook e' piu' veloce, rimane il problema che all' accensione e' lentissimo e per spegnerlo devo spegnerlo con il tasto on - off
Attendo consigli

[genchi]

neanche io me ne ero accorto

[genchi]

ComboFix 09-03-25.02 - GIONNNY 2009-03-26 9:24:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1215.818 [GMT 1:00]
Eseguito da: c:\documents and settings\GIONNNY\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.

2009-03-26 09:09 . 2009-03-26 09:09 <DIR> d----c--- C:\VundoFix Backups
2009-03-26 09:07 . 2009-03-26 09:07 <DIR> d-------- c:\windows\LastGood
2009-03-26 08:38 . 2009-03-26 08:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-26 08:38 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-26 08:34 . 2009-03-26 08:47 <DIR> d-------- c:\programmi\Notebook Hardware Control
2009-03-26 08:03 . 2009-03-26 08:03 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 08:01 . 2009-03-26 08:08 <DIR> d-------- c:\programmi\HIJIACTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 07:36 --------- d-----w c:\programmi\NEXT 3D ARREDAMENTO D'INTERNI
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2009-02-08 15:52 --------- d-----w c:\programmi\Metin2_Italiano
2009-01-30 14:05 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-30 14:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-30 14:05 --------- d-----w c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-29 11:07 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\TuneUp Software
2009-01-29 11:06 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-29 11:06 --------- d-----w c:\programmi\TuneUp Utilities 2008
2009-01-29 11:02 --------- d-----w c:\programmi\VS Revo Group
2009-01-29 10:31 --------- d-----w c:\programmi\File comuni\Symantec SharedComboFix 09-03-25.02 - GIONNNY 2009-03-26 9:24:53.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1040.18.1215.818 [GMT 1:00]
Eseguito da: c:\documents and settings\GIONNNY\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090325-0] *On-access scanning enabled* (Updated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000006_.tmp.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-02-26 al 2009-03-26 )))))))))))))))))))))))))))))))))))
.

2009-03-26 09:09 . 2009-03-26 09:09 <DIR> d----c--- C:\VundoFix Backups
2009-03-26 09:07 . 2009-03-26 09:07 <DIR> d-------- c:\windows\LastGood
2009-03-26 08:38 . 2009-03-26 08:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-26 08:38 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-26 08:34 . 2009-03-26 08:47 <DIR> d-------- c:\programmi\Notebook Hardware Control
2009-03-26 08:03 . 2009-03-26 08:03 <DIR> d-------- c:\programmi\Trend Micro
2009-03-26 08:01 . 2009-03-26 08:08 <DIR> d-------- c:\programmi\HIJIACTS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-26 07:36 --------- d-----w c:\programmi\NEXT 3D ARREDAMENTO D'INTERNI
2009-02-09 14:04 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 14:04 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:30 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\MumboJumbo
2009-02-08 15:52 --------- d-----w c:\programmi\Metin2_Italiano
2009-01-30 14:05 20,747 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-01-30 14:05 --------- d--h--w c:\programmi\InstallShield Installation Information
2009-01-30 14:05 --------- d-----w c:\programmi\Compact Wireless-G USB Adapter Wireless Network Monitor
2009-01-29 11:07 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\TuneUp Software
2009-01-29 11:06 306,432 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-29 11:06 --------- d-----w c:\programmi\TuneUp Utilities 2008
2009-01-29 11:02 --------- d-----w c:\programmi\VS Revo Group
2009-01-29 10:31 --------- d-----w c:\programmi\File comuni\Symantec Shared
2009-01-29 10:05 --------- d-----w c:\programmi\Alwil Software
2009-01-28 12:32 --------- d-----w c:\programmi\CCleaner
2009-01-28 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-01-28 12:06 --------- d-----w c:\programmi\IObit
2009-01-28 12:06 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\IObit
2009-01-28 11:53 --------- d-----w c:\programmi\MSXML 4.0
2009-01-28 11:46 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Malwarebytes
2009-01-28 11:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-28 11:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-28 11:38 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:31 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Ahead
2009-01-28 11:29 --------- d-----w c:\programmi\Nero
2009-01-28 11:29 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-15 01:17 636,264 ------w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 01:17 392,040 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 01:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 01:06 236,544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 01:06 105,984 ------w c:\windows\system32\dllcache\url.dll
2009-01-15 01:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 01:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 01:05 193,536 ------w c:\windows\system32\dllcache\msrating.dll
2009-01-15 01:05 109,056 ------w c:\windows\system32\dllcache\occache.dll
2009-01-15 01:04 755,200 ------w c:\windows\system32\dllcache\VGX.dll
2009-01-15 01:04 25,600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 01:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-01-15 01:02 611,840 ------w c:\windows\system32\dllcache\mstime.dll
2009-01-15 01:01 66,560 ------w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 01:01 46,592 ------w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 01:01 348,160 ------w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:01 34,304 ------w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 01:01 216,064 ------w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 01:01 183,808 ------w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 01:00 45,568 ------w c:\windows\system32\dllcache\mshta.exe
2009-01-15 00:53 68,608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 00:50 156,160 ------w c:\windows\system32\dllcache\msls31.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2003-09-09 70800]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-27 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:14 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560]
S3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [2005-08-31 14080]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.8.18.0;c:\windows\system32\drivers\BDA_Loader_220.sys [2005-08-31 19328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827d7167-df98-11db-974b-0040d07f6bc2}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98ec440-ed2d-11dd-979b-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370994-edfc-11dd-97a8-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc5e6594-beed-11dd-9790-0040d07f6bc2}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2005-11-19 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 10:14]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 09:26:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\GTGina.dll
.
Ora fine scansione: 2009-03-26 9:28:25
ComboFix-quarantined-files.txt 2009-03-26 08:28:16

Pre-Run: 34,050,842,624 byte disponibili
Post-Run: 34,069,798,912 byte disponibili

174 --- E O F --- 2009-03-26 07:59:52

2009-01-29 10:05 --------- d-----w c:\programmi\Alwil Software
2009-01-28 12:32 --------- d-----w c:\programmi\CCleaner
2009-01-28 12:13 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TuneUp Software
2009-01-28 12:06 --------- d-----w c:\programmi\IObit
2009-01-28 12:06 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\IObit
2009-01-28 11:53 --------- d-----w c:\programmi\MSXML 4.0
2009-01-28 11:46 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Malwarebytes
2009-01-28 11:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-28 11:39 --------- d-----w c:\programmi\File comuni\Wise Installation Wizard
2009-01-28 11:38 --------- d-----w c:\programmi\File comuni\Adobe
2009-01-28 11:31 --------- d-----w c:\documents and settings\GIONNNY\Dati applicazioni\Ahead
2009-01-28 11:29 --------- d-----w c:\programmi\Nero
2009-01-28 11:29 --------- d-----w c:\programmi\File comuni\Ahead
2009-01-15 01:17 636,264 ------w c:\windows\system32\dllcache\iexplore.exe
2009-01-15 01:17 392,040 ------w c:\windows\system32\dllcache\iedkcs32.dll
2009-01-15 01:13 5,888,512 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-01-15 01:06 236,544 ------w c:\windows\system32\dllcache\webcheck.dll
2009-01-15 01:06 105,984 ------w c:\windows\system32\dllcache\url.dll
2009-01-15 01:06 1,182,720 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\wininet.dll
2009-01-15 01:05 911,872 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-01-15 01:05 43,008 -c--a-w c:\windows\system32\licmgr10.dll
2009-01-15 01:05 43,008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-01-15 01:05 193,536 ------w c:\windows\system32\dllcache\msrating.dll
2009-01-15 01:05 109,056 ------w c:\windows\system32\dllcache\occache.dll
2009-01-15 01:04 755,200 ------w c:\windows\system32\dllcache\VGX.dll
2009-01-15 01:04 25,600 ------w c:\windows\system32\dllcache\jsproxy.dll
2009-01-15 01:04 18,944 -c--a-w c:\windows\system32\corpol.dll
2009-01-15 01:04 18,944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-01-15 01:02 611,840 ------w c:\windows\system32\dllcache\mstime.dll
2009-01-15 01:01 66,560 ------w c:\windows\system32\dllcache\mshtmled.dll
2009-01-15 01:01 46,592 ------w c:\windows\system32\dllcache\pngfilt.dll
2009-01-15 01:01 348,160 ------w c:\windows\system32\dllcache\dxtmsft.dll
2009-01-15 01:01 34,304 ----a-w c:\windows\system32\imgutil.dll
2009-01-15 01:01 34,304 ------w c:\windows\system32\dllcache\imgutil.dll
2009-01-15 01:01 216,064 ------w c:\windows\system32\dllcache\dxtrans.dll
2009-01-15 01:01 183,808 ------w c:\windows\system32\dllcache\iepeers.dll
2009-01-15 01:00 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-15 01:00 48,128 ------w c:\windows\system32\dllcache\mshtmler.dll
2009-01-15 01:00 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-15 01:00 45,568 ------w c:\windows\system32\dllcache\mshta.exe
2009-01-15 00:53 68,608 ------w c:\windows\system32\dllcache\hmmapi.dll
2009-01-15 00:50 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-15 00:50 156,160 ------w c:\windows\system32\dllcache\msls31.dll
2009-01-11 05:00 79,360 ------w c:\windows\system32\dllcache\iecompat.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2004-08-12 102400]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2004-08-12 684032]
"ccApp"="c:\programmi\File comuni\Symantec Shared\ccApp.exe" [2003-09-09 70800]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2004-10-08 81920]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2005-09-27 180269]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"VTTimer"="VTTimer.exe" [2005-03-08 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-01-11 c:\windows\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 03:14 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:14 1695232 c:\programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SNDSrvc"=2 (0x2)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Metin2_Italiano\\metin2.bin"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-29 20560]
S3 BDA_Capture_220;Digital TV receiver Driver 1.0.0.42;c:\windows\system32\drivers\BDA_Capture_220.sys [2005-08-31 14080]
S3 BDA_Loader_220;Digital TV Receiver Firmware Loader 5.8.18.0;c:\windows\system32\drivers\BDA_Loader_220.sys [2005-08-31 19328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{827d7167-df98-11db-974b-0040d07f6bc2}]
\Shell\AutoRun\command - E:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a98ec440-ed2d-11dd-979b-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac370994-edfc-11dd-97a8-0040d07f6bc2}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc5e6594-beed-11dd-9790-0040d07f6bc2}]
\Shell\Auto\command - fun.xls.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fun.xls.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-01-29 c:\windows\Tasks\1-Click Maintenance.job
- c:\programmi\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2005-11-19 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2003-07-15 10:14]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-26 09:26:30
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\GTGina.dll
.
Ora fine scansione: 2009-03-26 9:28:25
ComboFix-quarantined-files.txt 2009-03-26 08:28:16

Pre-Run: 34,050,842,624 byte disponibili
Post-Run: 34,069,798,912 byte disponibili

174 --- E O F --- 2009-

[Amantide]

Sembra non esserci nient'altro di virale nel pc.

Prova a controllare l'integrità del disco fisso eseguendo lo scandisk, e controlla anche la memoria RAM facendo girare per un paio di volte Memtest86 http://www.MegaLab.it/2412/controlliamo-la-memoria-ram

[genchi]

Si avevo notato anche io che non vi erano infezioni,
scandisk tutto ok
ram dopo test ok,
la memoria ram l' ho portata da 512mb a 1gb + 256mb
e adesso world,excell etc 2007 e altri programmi e cartelle li apre bene,l' unico problema e' rimasto l'accensione lentissima e
qundo clicco sul comando spegni mi rimane la schermata nera con la freccia del mouse funzionante e pc acceso.
Non posso neanche provare unm h.d. nuovo e formattare/reinstallare xp perche' il m........ non mi ha detto che il dvd/rw e' guasto.

[Amantide]

Postami il log di Hijackthis così vediamo se si può togliere qualche processo inutile all'avvio di windows.

Per quanto riguarda il problema nello spegnimento, per caso hai il modem collegato tramite la porta USB?

[genchi]

Io no modem con cavo lan, lui si e anche wireless(sfrutta i vicini penso)

[Amantide]

Prova a staccare tutte le periferiche USB e di rete, il modem compreso, prima di avviare il pc e poi vedi se anche in questo modo si bloccherà durante lo spegnimento.

[genchi]

Idem come prima.
ti ringrazio per il tempo dedicatomi e per avertene fatto perdere anche troppo.
Provo a sostituire l' h.d., collego un lettore cd esterno e vedo se riesco a formattarlo,
ormai e' diventata una questione di principio.
Grazie per la tua disponibilita', comunque ti terro' aggiornata.

[genchi]

Ciao, come promesso ti aggiorno sulla soluzione del problema:
Sostituito H.D, e formattato tutto.
grazie per avermi consigliato di utilizzare le procedure indicatomi, mi e' servito sicuramente come esperienza.

[Amantide]

Almeno ora il portatile va bene?