www.MegaLab.it

[Jack_84]

Un saluto a tutti, torno a scrivervi perché il mio pc è lentissimo nello spegnersi: se clicco su start e poi su spegni computer devo aspettare almeno 3 minuti(d'orologio)prima che compaia la finestra con spegni,riavvia,standby; poi clicco su spegni e devo aspettare parecchio prima che il pc mi si spegna...
Sapete come posso risolvere il problema? Tengo a precisare che ho il S.O. Windows XP (SP3) e che il problema si presenta dopo aver tenuto il pc acceso per un po', mentre se è appena avviato tutto funziona regolarmente. Per l'avvio tutto fila liscio.

Spero che qualcuno possa aiutarmi, nel frattempo ringrazio tutti

[GERONIMO*]

ci sarà qualche servizio o programma che resta in background che rallenta lo spegnimento
la cpu vedi se possiede valori alti

[Jack_84]

Potresti spiegarmi passo passo cosa fare? Grazie

[The Doctor]

Posta un log di hijackthis così vediamo se hai programmi strani che possono rallentare il PC
Qui trovi le istruzioni per usare il software http://www.MegaLab.it/2286/pagina-inizi ... hijackthis

[Jack_84]

Ecco il log di HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.07.50, on 20/11/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\vsnpstd3.exe
C:\programmi\powerstrip\pstrip.exe
C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\windows\system32\ctfmon.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\windows\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
C:\Programmi\UPHClean\uphclean.exe
C:\Programmi\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nino\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PowerStrip] c:\programmi\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\RunOnce: [ Privacy Eraser Pro] C:\Programmi\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [ Privacy Eraser Pro] C:\Programmi\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O15 - Trusted IP range: http://192.168.1.1
O15 - ESC Trusted IP range: http://192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{86E1A749-1B77-4EDA-95DA-AEA24706750D}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD13BA9F-55D8-4726-A07D-C1CB574AC7B6}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\system32\guard32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programmi\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - C:\Programmi\UPHClean\uphclean.exe

--
End of file - 12717 bytes

Grazie per l'aiuto!!!

[Uomo_Senza_Sonno]

Utilizzando HJT, fixa le seguenti voci

Codice: Seleziona tutto

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.plusnetwork.com/?sp=addr&q={searchTerms}
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [PowerStrip] c:\programmi\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PlusService] C:\Programmi\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\RunOnce: [ Privacy Eraser Pro] C:\Programmi\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\RunOnce: [ Privacy Eraser Pro] C:\Programmi\PrivacyEraser Computing\Privacy Eraser Pro\PrivacyEraser.exe /ErIEIndex
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [KB976002-v5] rundll32.exe advpack.dll,LaunchINFSection OPMWXPUP.inf,BrowserChoiceGoo (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: I&nvia a OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Note collegate di OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programmi\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)

poi da esegui digita msconfig e vai alla voce servizi, per disabilitarne i seguenti:

Codice: Seleziona tutto

O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Programmi\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: User Profile Hive Cleanup (UPHClean) - Windows (R) Codename Longhorn DDK provider - C:\Programmi\UPHClean\uphclean.exe

successivamente scarica ed installa ccleaner ed esegui la pulizia standard ed una al registro (salva il backup di modo da poterlo ripristinare in caso di eventuali malfunzionamenti).
Dopo tutto questo fai un riavvio di sistema

[Jack_84]

Consigli seguiti alla lettera, ma il problema persiste.... In ogni caso grazie per i consigli

[Uomo_Senza_Sonno]

Proviamo ancora due cose prima di passare ad altro:
esegui una deframmentazione con Defraggler, e dopo averla effettuata, utilizza Ultrawipe: lo installi, lo apri, fai clic su "Advanced Functions", selezioni il disco, fai clic su "Wipe free space" e premi OK. Ci vorrà del tempo a completare il processo, ma in questo modo spero che ci siano alcune migliorie di prestazione.

[Jack_84]

Grazie....proverò i tuoi consigli. Appena ho fatto ti faccio sapere.

[Jack_84]

Purtroppo anche questo tentativo è fallito; peraltro la frammentazione del disco era minima (circa 5%) ma ciononostante ho lasciato fare. Avrei creduto che fosse un problema di surriscaldamento, ma il programma da te indicatomi mi riporta una temperatura ottimale del processore (39#C) Hai qualche altro suggerimento? Grazie ancora una volta per la tua disponibilità

[farbix89]

A questo punto devi procedere per tentativi : disattiva uno ad uno i programmi in auto avvio e prova a spegnere.

puoi farlo da MSCONFIG o da un programma esterno come cclenaer

[Jack_84]

Nella mia ignoranza, dubito che sia un problema di programmi all'avvio: 1) non ho programmi particolari; 2) l'avvio avviene in maniera celere. Il problema dello spegnimento si presenta dopo qualche minuto di utilizzo del pc, mentre se lo spengo nelle immediatezze tutto avviene regolarmente.

[farbix89]

Il problema dello spegnimento si presenta dopo qualche minuto di utilizzo del pc, mentre se lo spengo nelle immediatezze tutto avviene regolarmente.

Altro indizio importante: qualsiasi sia la causa,è impostata con autoavvio ritardato,con molta probabilità ha anche una voce nel menu dei servizi.

Controlla le voci nei servizi di Windows,quelle con avvio ritardato

[Jack_84]

Sei molto gentile...ma come faccio a capire quali sono i servizi a servizio ritardato? Qual è l'esatto procedimento? Thanks

[farbix89]

http://www.MegaLab.it/2578/ripulire-la- ... di-windows

[hashcat]

Se anche in quest'ultimo modo non riuscissi a risolvere puoi fare un tentativo utilizzando il mio script.

[Jack_84]

Ragazzi nulla da fare, ho provato anche l'eseguibile postatomi ma quei servizi erano già disattivati ma quale può essere la causa???

[GERONIMO*]

a questo punto se non è un problema di tipo hardware che software
proverei anche facendo qualche controllo al pc per vedere se c'è qualche servizio creato da virus che resta in esecuzione che lavorando molto sul pc ne rallenta poi lo spegnimento

fai uno scan COMPLETO con malwarebytes
http://www.malwarebytes.org/
http://www.MegaLab.it/6303/5/pc-infetto ... ntervenire

poi dopo con ComboFix
http://www.bleepingcomputer.com/download/combofix/
scaricalo preferibilmente con ( Internet Explorer)
o se lo scarichi con un'altro browser assicurati che venga salvato sul Desktop e non nella cartella Downloads

Adesso e Molto Importante che tu
disattivi l'Antivirus in uso
disattivi il Firewall
chiudi tutti i programmi aperti

lancia ComboFix con doppio clik
segui le istruzioni di combofix
verrà richiesta l'installazione della Console di ripristino :clicca su NO
senza eseguire nessuna altra operazione sul pc, lascia che  ComboFix completi la scansione non usare ne anche il mouse
altrimenti potrebbe Bloccarsi il Pc
se vengono rilasciati dei  messaggi durante la scansione Riguardo all' Antivirus ancora attivo
ignorali prosegui cliccando ok
Quando ComboFix avrà concluso la scansione:
il sistema verrà riavviato automaticamente:
vai in Disco Locale C:, cerca il file di testo dal nome ComboFix.txt ed allegalo
qui sul forum

[Jack_84]

Ho seguito i consigli riportati. Con Antimalware ho cancellato quattro file, mentre questo è il report di Combofix
ComboFix 12-11-27.01 - Nino 27/11/2012 22.06.27.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.420 [GMT 1:00]
Eseguito da: c:\documents and settings\Nino\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Creato nuovo punto di ripristino
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dati applicazioni\Propellerhead Software\ReCycle
c:\documents and settings\All Users\Dati applicazioni\TEMP
c:\documents and settings\All Users\Dati applicazioni\TEMP\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
c:\documents and settings\Nino\Dati applicazioni\Propellerhead Software\ReCycle
c:\documents and settings\Nino\Dati applicazioni\Propellerhead Software\ReCycle\ReCycle Preferences File.prf
c:\documents and settings\Nino\Dati applicazioni\Propellerhead Software\ReCycle\ReCycle220.dat
c:\documents and settings\Nino\WINDOWS
c:\windows\IsUn0415.exe
c:\windows\system32\default_user_class.dat.LOG
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-27 al 2012-11-27 )))))))))))))))))))))))))))))))))))
.
.
2012-11-27 16:46 . 2012-11-27 16:48 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-11-26 20:13 . 2012-03-23 18:58 11137024 ----a-w- c:\windows\system32\libmfxsw32.dll
2012-11-26 19:06 . 2012-11-26 19:06 -------- d-----w- C:\FFOutput
2012-11-26 14:14 . 2012-11-26 14:14 -------- d-----w- C:\Documents
2012-11-24 21:13 . 2012-11-24 21:15 -------- d-----w- c:\documents and settings\Nino\Dati applicazioni\Epson
2012-11-24 21:02 . 2007-04-10 01:06 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-11-24 21:02 . 2009-10-01 03:01 63488 ----a-w- c:\windows\system32\E_FD4BHAE.DLL
2012-11-24 21:02 . 2008-11-12 03:00 93696 ----a-w- c:\windows\system32\E_FLBHAE.DLL
2012-11-24 21:01 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-11-24 21:01 . 2008-04-22 12:09 32384 ----a-w- c:\windows\system32\dllcache\usbccgp.sys
2012-11-24 20:28 . 2012-11-24 20:28 -------- d-----w- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\ABBYY
2012-11-24 20:24 . 2012-11-24 20:28 -------- d-----w- c:\programmi\ABBYY FineReader 9.0 Sprint
2012-11-24 20:24 . 2012-11-24 20:24 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ABBYY
2012-11-24 20:24 . 2012-11-24 20:24 -------- d-----w- c:\programmi\File comuni\ABBYY
2012-11-24 20:23 . 2012-11-24 20:23 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\UDL
2012-11-24 20:18 . 2012-11-24 20:22 -------- d-----w- c:\programmi\Epson Software
2012-11-24 20:17 . 2011-08-30 12:39 457780 ----a-w- c:\windows\system32\ensppui.dll
2012-11-24 20:17 . 2011-08-30 12:39 457780 ----a-w- c:\windows\system32\enppui.dll
2012-11-24 20:17 . 2011-08-30 12:38 475496 ----a-w- c:\windows\system32\ensppmon.dll
2012-11-24 20:17 . 2011-08-30 12:38 475496 ----a-w- c:\windows\system32\enppmon.dll
2012-11-24 20:17 . 2011-08-01 17:24 249344 ----a-w- c:\windows\system32\enspres.dll
2012-11-24 20:17 . 2011-08-01 17:24 249344 ----a-w- c:\windows\system32\enpres.dll
2012-11-24 20:17 . 2012-11-24 20:17 -------- d-----w- c:\programmi\EpsonNet
2012-11-24 20:16 . 2012-11-24 20:16 -------- d-----w- c:\programmi\File comuni\EPSON
2012-11-24 20:15 . 2012-11-24 21:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\EPSON
2012-11-24 20:15 . 2009-10-15 23:00 132560 ----a-w- c:\windows\system32\esdevapp.exe
2012-11-24 20:15 . 2009-10-15 23:00 12800 ----a-w- c:\windows\system32\escdev.dll
2012-11-24 20:15 . 2009-09-16 23:00 342016 ----a-w- c:\windows\system32\eswiaud.dll
2012-11-24 08:53 . 2012-11-24 08:53 -------- d-----w- c:\programmi\RedStrike
2012-11-24 08:50 . 2012-11-24 08:50 -------- d-----w- c:\programmi\Defraggler
2012-11-22 16:36 . 2012-11-27 09:33 -------- d-----w- c:\documents and settings\Nino\Dati applicazioni\avidemux
2012-11-22 16:35 . 2012-11-22 16:36 -------- d-----w- c:\programmi\Avidemux 2.6
2012-11-16 15:54 . 2012-11-16 15:54 388096 ----a-r- c:\documents and settings\Nino\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-16 15:54 . 2012-11-16 15:54 -------- d-----w- c:\programmi\Trend Micro
2012-11-16 15:42 . 2012-11-16 15:42 -------- d-----w- c:\programmi\UPHClean
2012-11-16 15:37 . 2012-11-16 15:37 298 ----a-w- c:\documents and settings\Nino\nomeacaso.CMD
2012-11-16 11:55 . 2012-11-16 11:55 -------- d-----w- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Daring_Development_Inc
2012-11-16 11:30 . 2012-11-16 11:30 -------- d-----w- c:\programmi\Daring Development
2012-11-16 08:47 . 2012-11-16 08:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\ESET
2012-11-15 20:24 . 2012-09-24 22:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-07 23:38 . 2011-05-07 14:17 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2011-05-02 18:36 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:38 . 2011-05-02 18:36 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:38 . 2011-05-02 18:36 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2011-10-22 08:04 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2011-05-02 18:36 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-05 10:53 . 2012-10-05 10:56 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-05 10:53 . 2011-05-18 18:47 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-29 18:54 . 2012-01-27 21:48 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-19 10:10 . 2012-10-03 13:41 31584 ----a-w- c:\windows\system32\TURegOpt.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-07-14 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2010-07-16 22:12 . 115516DC54B5F2DC288AAEE24B38AC1D . 1550336 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2010-07-16 . C84590DFD964CA7A7F3BCD5DEC519373 . 486912 . . [5.1.2600.5577] . . c:\windows\system32\user32.dll
.
[-] 2010-07-16 . 9EFFFA6DE5F17CB4172BDEB447E41968 . 1530880 . . [6.00.2900.5634] . . c:\windows\explorer.exe
.
[-] 2008-04-13 . 4A1427E11B163422E00FB26E7497B1A2 . 281088 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-07-16 . 7F4C43F75EBF781352DB3B5EF6BF8230 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2010-07-16 40448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\programmi\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048]
"PowerStrip"="c:\programmi\powerstrip\pstrip.exe" [2008-09-17 737408]
"egui"="c:\programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-16 3117344]
"VirtualCloneDrive"="c:\programmi\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\documents and settings\Nino\Menu Avvio\Programmi\Esecuzione automatica\
My 190.lnk - c:\programmi\My 190\My 190.exe [2012-9-23 142336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2011-05-16 13:58 75048 ------w- c:\programmi\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlusService]
2012-09-24 17:59 802304 ----a-w- c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 11:18 835584 ----a-w- c:\windows\vsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-20 11:07 39408 ----a-w- c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 07:37 270336 ----a-w- c:\windows\tsnpstd3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"TuneUp.UtilitiesSvc"=2 (0x2)
"ServUpdater"=2 (0x2)
"ServiceLayer"=3 (0x3)
"PowerOffer Service"=2 (0x2)
"ose"=3 (0x3)
"McciCMService"=2 (0x2)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"ForcewareWebInterface"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"xmlprov"=3 (0x3)
"WZCSVC"=2 (0x2)
"CodeMeter.exe"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" /background
"BrowserChoice"="c:\windows\system32\browserchoice.exe" /run
"Google Update"="c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Skype"="c:\programmi\Skype\Phone\Skype.exe" /nosplash /minimized
"StartCCC"="c:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
"EPSON SX430 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIHAE.EXE /FU "c:\docume~1\Nino\IMPOST~1\Temp\E_S4D4.tmp" /EF "HKCU"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe"
"BCSSync"="c:\programmi\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"BDRegion"=c:\programmi\Cyberlink\Shared files\brs.exe
"RemoteControl10"=c:\programmi\CyberLink\PowerDVD10\PDVD10Serv.exe
"APSDaemon"="c:\programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe"
"H2O"=c:\programmi\SyncroSoft\Pos\H2O\cledx.exe
"PosService"=c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
"MessengerPlusForSkypeService"="c:\programmi\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe"
"PlusService"=c:\programmi\Yuna Software\Messenger Plus!\PlusService.exe
"RTHDCPL"=RTHDCPL.EXE
"UIS Start"=c:\windows\system32\PSGJME\UIS.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"EEventManager"="c:\programmi\Epson Software\Event Manager\EEventManager.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Programmi\\BitTorrent\\BitTorrent.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Emule\\emule.exe"=
"c:\\Programmi\\File comuni\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Programmi\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\Programmi\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\WINDOWS\\Microsoft.NET\\Framework\\v2.0.50727\\vbc.exe"=
"c:\\Programmi\\CodeMeter\\Runtime\\bin\\CodeMeter.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\java.exe"=
"c:\\Documents and Settings\\Nino\\Impostazioni locali\\Dati applicazioni\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Programmi\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Programmi\\Epson Software\\Event Manager\\EEventManager.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5605:TCP"= 5605:TCP:messenger
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [02/05/2011 19.36.52 497952]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [02/05/2011 19.36.54 32640]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/03/2012 8.40.02 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/03/2012 8.40.04 104160]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/05/24 11:29];c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl [20/12/2011 14.56.34 87536]
R2 ekrn;ESET Service;c:\programmi\ESET\ESET NOD32 Antivirus\ekrn.exe [07/03/2012 15.40.34 913144]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\Malwarebytes' Anti-Malware\mbamscheduler.exe [14/09/2012 16.54.00 399432]
R2 PSTRIP;PSTRIP;c:\windows\system32\drivers\pstrip.sys [15/07/2007 2.37.04 27992]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programmi\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [19/09/2012 11.10.58 1699168]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [10/01/2012 18.12.01 33792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27/01/2012 22.48.44 22856]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programmi\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [18/09/2012 15.02.02 10088]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [14/07/2010 23.28.58 9472]
S2 cintime32;Microsoft New IME 98b;c:\windows\system32\rundll32.exe cintime32.dll,uqef c:\windows\system32\rundll32.exe cintime32.dll,uqef
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [27/01/2012 22.48.53 676936]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [06/09/2011 21.50.01 45312]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [27/11/2012 17.46.56 40776]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [06/03/2012 21.31.23 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [06/03/2012 21.31.23 8576]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [06/09/2011 21.50.01 55936]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\programmi\File comuni\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14/05/2009 17.07.14 759048]
S4 CodeMeter.exe;CodeMeter Runtime Server;c:\programmi\CodeMeter\Runtime\bin\CodeMeter.exe [06/07/2011 3.30.00 2304912]
S4 MsgPlusService;Messenger Plus! Service;c:\programmi\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [15/03/2012 10.24.37 124832]
S4 PowerOffer Service;Pos Service;c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [21/01/2012 16.16.07 34304]
S4 ServUpdater;Service Updater;c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [21/01/2012 16.16.07 25600]
S4 SkypeUpdate;Skype Updater;c:\programmi\Skype\Updater\Updater.exe [29/02/2012 7.50.48 158856]
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-11-27 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-09-18 08:46]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-11-04 18:08]
.
2012-11-23 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Facebook\Update\FacebookUpdate.exe [2012-11-04 18:08]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-20 11:07]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2011-05-20 11:07]
.
2012-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004Core.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-05-21 11:07]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2000478354-73586283-682003330-1004UA.job
- c:\documents and settings\Nino\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2011-05-21 11:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms}
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3C0805F5-40F2-4AFA-B2EF-46F71555A15D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{86E1A749-1B77-4EDA-95DA-AEA24706750D}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{CD13BA9F-55D8-4726-A07D-C1CB574AC7B6}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-27 22:16
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\guard32.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(1168)
c:\windows\system32\guard32.dll
c:\windows\system32\setupapi.dll
.
- - - - - - - > 'csrss.exe'(960)
c:\windows\system32\cmdcsr.dll
.
Ora fine scansione: 2012-11-27 22:19:27
ComboFix-quarantined-files.txt 2012-11-27 21:19
ComboFix2.txt 2012-01-22 14:47
.
Pre-Run: 84.975.599.616 byte disponibili
Post-Run: 85.127.884.800 byte disponibili
.
- - End Of File - - 7C5AA5E2B7D37D3A575A15F7C90F1FE8

[GERONIMO*]

salva sul Desktop questo file
che vedi nel link sotto CFScript.txt
e trascinalo sull'icona di ComboFix.
partirà la scansione attendi la fine senza toccare niente
se chiede il riavvio del pc riavvia
Posta il log aggiornato di combofix


CFScript.txt