Windows mi si blocca

[Berior]

Salve a tutti, ho un problema con il mio notebook. In pratica ci deve essere un processo che manda in palla il computer all'avvio. Mi spiego meglio: io accendo il pc, arrivo alla schermata di windows, metto la password, lascio caricare il pc e lui si blocca con il desktop inutilizzabile. Il cursore si muove ma il pc non da più segni di vita. Neanche la ram carica più. Allora sono costretto a spegnere il pc dal "pulsantone" e riavviare. Al secondo riavvio è come se non fosse successo niente. Il pc si avvia tranquillamente e lo posso utilizzare. Questo mi capita un po spesso. Forse una volta ogni due giorni. Non ogni giorno e ogni volta che accendo il pc... Non riesco proprio a capire.
Sembra che ci sia un processo che sovraccarichi la CPU e mandi in blocco tutto.
Avete una risposta?
Se volete maggiori informazioni sarò felice di rispondervi

PS: ho fatto delle scansioni antivirus e non ne ha trovato neanche mezzo. Pulitissimo... Ho fatto anche una scansione con hijack this e vi allego il log. Lo potete scaricare da qui:
http://wikisend.com/download/589432/hijackthis.log

[antoo69]

riavvia in modalità provvisoria e fixa questa voce
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
Poi svuota il cestino e riavvia in modalità normale.
Se non migliora segui tutti i passaggi indicati in questo topic. viewtopic.php?f=25&t=86903

[Riverside]

... Non riesco proprio a capire ............. Avete una risposta?
Se volete maggiori informazioni sarò felice di rispondervi

Dal log che hai pubblicato si evidenzia un problema:

O1 - Hosts: Activation.guitar-pro.com 127.0.0.1

Intanto due domande:
1) DAEMON Tools lo hai installato tu?
2) Il sistema è 32bit o 64bit?

Per ora segui questa procedura:

Disinstalla la versione installata di Hijackthis
● lancia Hijackthis
● clicca su Config
● clicca su Misc tools
● clicca su Uninstall HijackThis & exit
● scarica ed installa la versione aggiornata: clicca qui per il download

Poi, da Installazione Programmi, disinstalla:
● Adobe Flash Player, Adobe Reader, Javasun e tutte le toolbar che trovi eventualmente installate.

Fatto questo, allega un nuovo log di Hijackthis e ti spiegherò come proseguire.

[Berior]

Grazie innanzitutto per esser stati così celeri, poi in due!!!

Per Anto: proverò ad iniziare a fare quello che mi hai detto anche se le cose sono molte. La parte relativa pero alla pulizia del pc e dei file temporanei... la faccio con CCleaner va bene lo stesso? Uso da sempre quello e anche molto di frequente

Per Riverside: Daemon tools si l'ho installato io. Poi mi hai evidenziato quel problema nell'host Activation.G... (anche quello non è un problema. Lo dico perchè il mio problema al pc ce l'ho da diverso tempo mentre quell'host l'ho fatto comparire da "pochissimo". Escludo quindi sia quello il problema del blocco a Windows

Un'altra domanda per entrambi: ma perchè dovrei disinstallare java, adobe reader e flash?

Attendo vostre notizie e nel mentre inizio a fare quel che mi avete richiesto

[Berior]

Ah scusa: il Sistema Operativo è Windows Vista home edition a 32bit

[-> EleKtrA <-]

Ciao Berior, per ora puoi tralasciare la parte che riguarda Java e Adobe.
Ccleaner va benissimo per la pulizia del sistema.

Se hai intenzione di usare Combofix, visto che usi Vista dovrai avviarlo come amministratore.
Tasto destro su Combofix.exe > esegui come amministratore.

NOTA: Allega i log nel Topic inserendoli nel tag "code". (CLICCA)

[Berior]

Scusate ancora (non trovo il pulsante modifica per modificare uno stesso messaggio):
Ma per javasun si intende java(TM) 6 Update....?
Fra i programmi installati trovo solo quello. E poi per Flash si intende Adobe Fash Player 10 plugin o Active X o entrambi?

[Berior]

Vi allego il secondo file log di Hijackthis dopo aver fixato quella voce:

Codice: Seleziona tutto

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11.57.03, on 20/06/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: Activation.guitar-pro.com 127.0.0.1
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - Startup: Widget vodafone.lnk = C:\Program Files\Widget vodafone.it\Widget vodafone.it.exe
O4 - Startup: XWindows Dock.lnk = Ivan\Desktop\xwdock2.01beta\XWD.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {5CFB2034-5FD8-46B9-975F-CE2B6E308107} (XPBLite.PanoramaBuilderLite7) - http://image.magtoo.com/commons/XPBLite/v73019/PanoramaBuilderLite.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
O16 - DPF: {CB0EEA65-ACBA-477A-A169-10540F204AD7} (PriMusX Control) - http://download.acca.it/Download/Files/PriMus-DCFWebSetup.EXE
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/CheckersZPA.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\System32\acaptuser32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio di Google Update (gupdate1c9915f9bfd2a24) (gupdate1c9915f9bfd2a24) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

--
End of file - 8837 bytes


[Berior]

Questo invece è il log di ComboFix

Codice: Seleziona tutto

ComboFix 10-06-19.03 - Ivan 20/06/2010  12.16.19.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.39.1040.18.3066.2217 [GMT 2:00]
Eseguito da: c:\users\Ivan\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Recent\o[SUMOTorrent.com]o_Adobe_CS4_Master_Collection_Multilang_(EN_ESP_FRA_DEU_ITA_N.pif
D:\install.exe

.
(((((((((((((((((((((((((   Files Creati Da 2010-05-20 al 2010-06-20  )))))))))))))))))))))))))))))))))))
.

2010-06-20 10:26 . 2010-06-20 10:26   --------   d-----w-   c:\users\Ivan\AppData\Local\temp
2010-06-20 10:26 . 2010-06-20 10:26   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-06-20 10:26 . 2010-06-20 10:26   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-06-20 09:42 . 2010-06-20 09:42   388096   ----a-r-   c:\users\Ivan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-19 22:31 . 2010-05-01 14:13   2037248   ----a-w-   c:\windows\system32\win32k.sys
2010-06-19 22:31 . 2010-05-26 17:06   34304   ----a-w-   c:\windows\system32\atmlib.dll
2010-06-19 22:31 . 2010-05-26 14:47   289792   ----a-w-   c:\windows\system32\atmfd.dll
2010-06-19 22:31 . 2010-04-05 17:01   67072   ----a-w-   c:\windows\system32\asycfilt.dll
2010-06-17 09:41 . 2010-06-17 10:35   --------   d-----w-   c:\users\Ivan\AppData\Roaming\Guitar Pro 6
2010-06-17 09:41 . 2010-06-17 09:41   --------   d-----w-   c:\programdata\Guitar Pro 6
2010-06-17 09:31 . 2010-06-17 09:58   --------   d-----w-   c:\program files\Guitar Pro 6
2010-06-16 08:47 . 2010-06-16 08:44   53632   ----a-w-   c:\users\Ivan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-06-04 21:43 . 2010-06-04 21:43   --------   d-----w-   c:\program files\d-lusion
2010-05-29 09:57 . 2010-05-29 09:57   --------   d-----w-   c:\users\Ivan\AppData\Roaming\it.vodafone.desktopwidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-05-29 09:53 . 2010-05-29 09:53   --------   d-----w-   c:\program files\Widget vodafone.it
2010-05-29 09:53 . 2010-06-16 08:44   53632   ----a-w-   c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-29 09:53 . 2010-06-16 08:45   --------   d-----w-   c:\program files\Common Files\Adobe AIR
2010-05-28 19:16 . 2010-04-23 14:13   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-05-23 09:14 . 2010-01-29 15:40   738816   ----a-w-   c:\windows\system32\inetcomm.dll

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 10:11 . 2010-02-04 15:49   147128   ----a-w-   c:\programdata\nvModes.dat
2010-06-20 10:10 . 2009-02-12 17:35   12   ----a-w-   c:\windows\bthservsdp.dat
2010-06-20 09:38 . 2008-04-30 07:25   --------   d-----w-   c:\program files\Common Files\Adobe
2010-06-19 22:55 . 2009-10-17 15:16   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-06-18 21:34 . 2008-05-08 06:57   662846   ----a-w-   c:\windows\system32\perfh010.dat
2010-06-18 21:34 . 2008-05-08 06:57   120326   ----a-w-   c:\windows\system32\perfc010.dat
2010-06-18 08:05 . 2009-12-23 14:38   --------   d-----w-   c:\program files\JDownloader
2010-06-17 10:34 . 2009-02-12 17:35   73864   ----a-w-   c:\users\Ivan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-15 08:59 . 2010-01-24 11:55   --------   d-----w-   c:\users\Ivan\AppData\Roaming\uTorrent
2010-06-12 16:59 . 2009-03-11 22:07   139128   ----a-w-   c:\windows\system32\drivers\PnkBstrK.sys
2010-06-12 16:59 . 2009-03-11 22:06   215128   ----a-w-   c:\windows\system32\PnkBstrB.exe
2010-06-06 21:06 . 2009-02-15 17:44   --------   d-----w-   c:\program files\Guitar Pro 5
2010-06-06 15:58 . 2009-02-13 08:08   --------   d-----w-   c:\programdata\FLEXnet
2010-06-06 13:49 . 2009-03-11 22:07   138056   ----a-w-   c:\users\Ivan\AppData\Roaming\PnkBstrK.sys
2010-06-06 13:49 . 2009-03-11 22:07   138056   ----a-w-   c:\users\Ivan\AppData\Roaming\PnkBstrK.sys
2010-06-06 13:49 . 2010-02-28 13:15   2434856   ----a-w-   c:\windows\system32\pbsvc_bc2.exe
2010-06-02 22:58 . 2009-02-12 19:08   --------   d-----w-   c:\program files\Windows Live
2010-06-02 21:42 . 2009-03-11 22:06   75064   ----a-w-   c:\windows\system32\PnkBstrA.exe
2010-05-23 15:49 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-05-23 13:28 . 2009-02-18 00:26   --------   d-----w-   c:\program files\Google
2010-05-21 12:14 . 2009-10-17 15:16   221568   ------w-   c:\windows\system32\MpSigStub.exe
2010-05-11 14:47 . 2009-02-12 17:37   --------   d-----w-   c:\program files\Realtek
2010-05-11 14:47 . 2008-05-07 21:02   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-05-11 10:30 . 2009-02-13 21:26   --------   d-----w-   c:\users\Ivan\AppData\Roaming\Orbit
2010-05-08 23:10 . 2009-10-30 23:13   --------   d-----w-   c:\program files\Opera
2010-05-08 21:31 . 2010-01-24 11:56   --------   d-----w-   c:\program files\uTorrent
2010-05-05 20:10 . 2009-02-12 18:42   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-05-05 20:08 . 2009-02-12 18:43   --------   d-----w-   c:\program files\JRE
2010-05-05 20:05 . 2009-11-22 22:17   --------   d-----w-   c:\program files\Rhinoceros 4.0
2010-05-05 19:52 . 2010-05-05 19:52   --------   d-----w-   c:\program files\RocketDock
2010-05-05 19:47 . 2010-05-05 19:41   --------   d-----w-   c:\users\Ivan\AppData\Roaming\XWindows Dock
2010-05-04 05:59 . 2010-06-19 22:33   916480   ----a-w-   c:\windows\system32\wininet.dll
2010-05-04 05:55 . 2010-06-19 22:33   71680   ----a-w-   c:\windows\system32\iesetup.dll
2010-05-04 05:55 . 2010-06-19 22:33   109056   ----a-w-   c:\windows\system32\iesysprep.dll
2010-05-04 04:31 . 2010-06-19 22:33   133632   ----a-w-   c:\windows\system32\ieUnatt.exe
2010-05-01 22:49 . 2010-05-01 22:49   --------   d-----w-   c:\users\Ivan\AppData\Roaming\ColorSchemer
2010-05-01 22:49 . 2010-05-01 22:49   --------   d-----w-   c:\program files\ColorSchemer Studio 2
2010-04-30 19:45 . 2010-04-30 19:44   --------   d-----w-   c:\programdata\ASGvis
2010-04-28 08:30 . 2010-04-28 08:30   --------   d-----w-   c:\program files\PDF Password Remover v2.5
2010-04-16 20:12 . 2010-04-16 20:12   48464   ----a-w-   c:\windows\system32\sirenacm.dll
2010-04-10 14:57 . 2010-04-10 14:57   10134   ----a-r-   c:\users\Ivan\AppData\Roaming\Microsoft\Installer\{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}\ARPPRODUCTICON.exe
2010-04-10 14:55 . 2010-04-10 14:55   10134   ----a-r-   c:\users\Ivan\AppData\Roaming\Microsoft\Installer\{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}\ARPPRODUCTICON.exe
2010-03-23 15:43 . 2010-03-23 15:43   2407792   ----a-w-   c:\windows\system32\pbsvc_heroes.exe
2009-02-13 03:17 . 2009-02-13 03:17   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2010-01-01 . 690D53BD10A804BB6D0A772D1C0E6907 . 247296 . . [6.0.6000.16386] . . c:\windows\System32\shsvcs.dll
.
(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38   121392   ----a-w-   c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-25 6111232]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-04-01 793096]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Widget vodafone.lnk - c:\program files\Widget vodafone.it\Widget vodafone.it.exe [2010-5-29 95232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BTTray.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
backup=c:\windows\pss\BTTray.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^DRSpawner.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\DRSpawner.lnk
backup=c:\windows\pss\DRSpawner.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Live.lnk]
path=c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Live.lnk
backup=c:\windows\pss\Adobe Live.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Ivan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Widget vodafone.lnk]
path=c:\users\Ivan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Widget vodafone.lnk
backup=c:\windows\pss\Widget vodafone.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberLat Ram Cleaner]
c:\program files\CyberLat\CyberLat RAM Cleaner 2 [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43   640376   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25   37232   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58   611712   ----a-w-   c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-05-19 13:24   91432   ----a-w-   c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-08 00:49   323392   ----a-w-   c:\users\Ivan\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2007-09-06 13:08   136136   ----a-w-   c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 02:36   544768   ------w-   c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38   526896   ----a-w-   c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25   125952   ----a-w-   c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-30 18:02   397312   ----a-w-   c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-03-18 14:50   136176   ----atw-   c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2010-04-16 20:11   3872080   ----a-w-   c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-04-03 20:56   13535776   ----a-w-   c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-04-03 20:56   92704   ----a-w-   c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45   75304   ----a-w-   c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36   50472   ------w-   c:\program files\Cyberlink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetI]
2007-10-23 09:56   200704   ----a-w-   c:\windows\PLFSetI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 14:18   413696   ----a-w-   c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23   83240   ------w-   c:\program files\Cyberlink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-07 13:31   21633320   ----a-r-   c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15   1826816   ----a-w-   c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16   185896   ----a-w-   c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17   149280   ----a-w-   c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-02-22 19:50   1037608   ----a-w-   c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 08:03   303104   ----a-w-   c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]
2009-03-07 18:32   679936   ----a-w-   c:\users\Public\Public Documents\Windows Movie Player\player.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23   1008184   ----a-w-   c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25   202240   ----a-w-   c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):7c,5e,e1,b5,f3,20,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-03-03 685816]
R2 cpwnt;cpwnt; [x]
R2 gupdate1c9915f9bfd2a24;Servizio di Google Update (gupdate1c9915f9bfd2a24);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 133104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-12 84240]
R3 PEEK5;PEEK5 Protocol Driver;c:\users\Ivan\Desktop\AIRCRA~1.3-W\bin\PEEK5.SYS [x]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
S1 aswSP;avast! Self Protection; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [2008-05-15 61424]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2009-06-26 66080]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 00:26]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-18 00:26]

2010-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286347464-673849096-2671570586-1000Core.job
- c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-14 14:50]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4286347464-673849096-2671570586-1000UA.job
- c:\users\Ivan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-14 14:50]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
DPF: {5CFB2034-5FD8-46B9-975F-CE2B6E308107} - hxxp://image.magtoo.com/commons/XPBLite/v73019/PanoramaBuilderLite.CAB
DPF: {CB0EEA65-ACBA-477A-A169-10540F204AD7} - hxxp://download.acca.it/Download/Files/PriMus-DCFWebSetup.EXE
FF - ProfilePath - c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\bjfh5sy7.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Ivan\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Ivan\AppData\Roaming\Mozilla\Firefox\Profiles\bjfh5sy7.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\users\Ivan\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
.
------- Associazioni dei file -------
.
.scr=AutoCADScriptFile
.txt=
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-BkupTray - c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 12:26
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-4286347464-673849096-2671570586-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:3a,f3,b8,2f,fe,7b,3d,f6,0d,27,a3,ee,63,8a,d4,87,c2,1d,95,a4,45,00,1f,
   22,33,f7,01,e4,dd,72,cd,c4,3e,1c,12,9f,45,70,4f,a5,95,ea,db,ee,1b,02,af,b2,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50

[HKEY_USERS\S-1-5-21-4286347464-673849096-2671570586-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,ae,47,d2,f7,f6,c1,e9,9d,5f,ed,ec,69,a0,d9,b3,72,37,82,8d,0e,
   77,91,14,f5,c3,b1,09,fe,2f,8e,52,1b,cf,09,38,b4,1f,1d,ed,92,26,db,c9,0d,fa,\
"rkeysecu"=hex:89,f1,4d,af,95,71,24,66,fc,d4,74,4f,f9,fb,e6,7e

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Ora fine scansione: 2010-06-20  12:30:28
ComboFix-quarantined-files.txt  2010-06-20 10:30
ComboFix2.txt  2010-01-09 19:20

Pre-Run: 24.273.145.856 byte disponibili
Post-Run: 24.254.836.736 byte disponibili

- - End Of File - - 4D897FDCEE18D83952FE206BE51782E1


[-> EleKtrA <-]

Ok, Combofix non ha rilevato infezioni, possiamo disinstallarlo e passare alla manutenzione.

Step 1: Pulizia dei file temporanei
Scarica TFC by OldTimer sul desktop
chiudi tutti i programmi
avvia TFC, tasto destro > esegui come amministratore
clicca su "star"
al termine della scansione ti chiederà il riavvio, dai ok.

Step 2: Pulizia e disinstallazione dei tool usati
Scarica OTC by OldTimer sul desktop
tasto destro > esegui come amministratore
clicca su "CleanUP" > "Yes" > "Yes"
riavvia.

Step 3: Pulizia e deframmentazione del registro
Installa Wise Registry Cleaner, seleziona la lingua italiana dal menu opzioni > generale (language)
Crea un nuovo backup del registro o un punto di ripristino
Clicca su "avvia nuova scansione" poi su "Ripara problemi" riparando solo le voci in verde.
Infine clicca sulla penultima icona per deframmentare il registro.

Step 4: Correzione piccoli errori e velocizzazione del Sistema

- Esegui una deframmentazione degli hardisk, puoi usare IObit SmartDefrag.
Oppure con l' utility interna di windows:
Start / Programmi / Accessori / Utilità di sistema / Utilità di deframmentazione dischi.

- Esegui uno Scandisk:
Apri Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Seleziona entrambe le opzioni:
correggi automaticamente gli errori del File system,
cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento:
Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Clicca su "SI" per pianificare l'operazione al prossimo avvio.

Usa Driver Easy per controllare di avere aggiornato tutti i driver (controlla specialmente la scheda video)
e FileHippo Update Checker per aggiornare tutti i software, primo tra tutti Avast.

Leggi questo articolo: Vista si blocca all'avvio del Desktop. Explorer bloccato

Alla fine delle operazioni, allega un nuovo log di hijackthis per controllo e fix di chiavi inutili in avvio.