Blue Screen ed altri problemi

[adry84]

Ciao a tutti.
Scrivo per un problema che non riesco a risolvere.
Allora, da un pò di tempo che il pc mi da problemi.
Si tratta di un Asus N53SN-i7 2630-6Gb di ram - Geforce GT 550M.
Il problema si presente quando non sono al pc. Quando il pc è sotto stress non ci sono assolutamente problemi di schemate anomale ma nel momento in cui mi assento magari per cena, indipendentemente dai programmi aperti, il pc va in crash.
All'inizio ho pensato dipendesse da qualche impostazione perchè il crash avveniva esattamente dopo 15 min di inattività (ma non c'erano impostazioni relative alla disattivazione dei dischi, e così via).
Attraverso Blue Screen View sono riuscito a salvare la schermata di errore (non salvava neppure i file dump), ma non riesco ad individuare il problema.
I problemi dovrebbero dipendere da ntoskrnl.exe, pshed.dll, atmfd.dll.



Inoltre il problema ulteriore è che ,da quando sono cominciati i crash, il firewall non si attiva per nessun motivo, neppure intervenendo con il prompt dei comandi cercando di riavviare il tutto.
Fatti numerosi scandisk, sfc/scannow e così via, seguite mille guide trovate in rete. Niente di fatto, dopo un mese sono con lo stesso errore e con degli avvisi all'avvio.



Ora però mi sembra proprio il caso di chiedere aiuto agli esperti.
Spero qualcuno mi possa aiutare.
Vorrei evitare di formattare, se possibile.
Grazie
AN

P.S. Scansione con Combofix

ComboFix 13-01-28.02 - adriano 30/01/2013 13:35:52.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.6055.3547 [GMT 1:00]
Eseguito da: c:\users\adriano\Desktop\Nuova cartella\ComboFix_13-01-28.01.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\adriano\AppData\Roaming\37CA.BB8
c:\windows\_detmp.2
c:\windows\IsUn0410.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\bit4opki.dll.conf
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-12-28 al 2013-01-30 )))))))))))))))))))))))))))))))))))
.
.
2013-01-27 11:27 . 2013-01-27 11:27 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-23 06:29 . 2013-01-23 06:29 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-01-19 16:06 . 2013-01-19 16:06 -------- d-----w- c:\users\adriano\AppData\Roaming\Vision Objects
2013-01-16 15:10 . 2013-01-16 15:10 -------- d-----w- c:\program files (x86)\BinarySense
2013-01-16 15:09 . 2013-01-16 15:09 -------- d-----w- c:\programdata\Binarysense
2013-01-16 11:53 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-11 09:31 . 2013-01-11 09:31 6635320 ----a-w- c:\windows\system32\msores.dll
2013-01-11 09:29 . 2013-01-11 09:31 6635320 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE12\msores.dll
2013-01-11 09:12 . 2013-01-11 09:16 -------- d-----w- c:\program files (x86)\Advanced Fix 2012
2013-01-11 00:29 . 2013-01-11 00:29 -------- d-----w- c:\users\adriano\AppData\Roaming\Uniblue
2013-01-11 00:29 . 2013-01-11 00:29 -------- d-----w- c:\program files (x86)\Uniblue
2013-01-09 20:34 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:33 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 20:05 . 2013-01-09 20:05 -------- d-----w- c:\users\adriano\AppData\Roaming\Avira
2013-01-09 20:00 . 2012-12-07 07:40 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-09 20:00 . 2012-12-07 07:40 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-01-09 20:00 . 2012-12-07 07:40 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-01-09 20:00 . 2013-01-09 20:00 -------- d-----w- c:\programdata\Avira
2013-01-09 20:00 . 2013-01-09 20:00 -------- d-----w- c:\program files (x86)\Avira
2013-01-09 19:39 . 2013-01-09 19:39 -------- d-----w- c:\users\adriano\AppData\Roaming\Malwarebytes
2013-01-09 19:39 . 2013-01-09 19:39 -------- d-----w- c:\programdata\Malwarebytes
2013-01-09 19:39 . 2013-01-09 19:39 -------- d-----w- c:\users\adriano\AppData\Local\Programs
2013-01-09 19:09 . 2013-01-09 19:09 -------- d-----w- c:\program files (x86)\NirSoft
2013-01-09 18:57 . 2013-01-09 18:57 -------- d-----w- c:\program files\CCleaner
2013-01-09 12:57 . 2013-01-09 12:57 -------- d-----w- C:\found.002
2013-01-08 08:24 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2013-01-08 08:24 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2013-01-08 08:24 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2013-01-08 08:24 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2013-01-08 08:24 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2013-01-08 08:24 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2013-01-08 08:24 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2013-01-08 08:24 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-01-08 08:24 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-01-08 08:19 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7224C995-B2A7-4FAD-9FF3-76AB62030C64}\mpengine.dll
2013-01-08 04:08 . 2013-01-08 04:08 -------- d-----w- C:\found.001
2013-01-07 21:39 . 2013-01-07 21:39 -------- d-----w- c:\users\adriano\AppData\Roaming\Wise Registry Cleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:08 . 2011-06-09 19:22 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 13:36 . 2012-04-05 12:15 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 13:36 . 2011-06-30 21:59 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-29 10:34 . 2012-10-11 18:23 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2012-10-11 18:23 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2012-10-11 18:23 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2012-10-11 18:23 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2012-10-11 18:23 1504696 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-12-29 08:40 . 2012-10-11 18:35 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2012-10-11 18:35 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2012-10-11 18:35 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2012-10-11 18:35 997816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-12-29 08:40 . 2012-10-11 18:35 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2012-10-11 18:35 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2012-10-11 18:35 55736 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-12-29 08:40 . 2012-10-11 18:35 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-29 08:40 . 2012-10-11 18:35 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-16 17:11 . 2012-12-21 13:16 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 13:16 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:16 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:16 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 20:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 22:01 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 22:01 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 22:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 22:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 22:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 22:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 22:01 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 22:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 22:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 22:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 22:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 22:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 22:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 22:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 22:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 22:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 22:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 22:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 22:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 22:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 22:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 22:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 07:52 . 2012-07-25 21:55 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-09 05:45 . 2012-12-12 09:01 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 09:01 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-12 09:00 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 09:00 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayid entifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MyScript InkRetriever"="c:\program files (x86)\Vision Objects\MyScript Studio\MyScript_GenericInkRetriever.exe" [2012-02-10 475136]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"bit4id csp store register (M)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 151552]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-07 384800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
imagePROGRAF Status Monitor.lnk - c:\program files\Canon\imagePROGRAFStatusMonitor\cnwism.exe [2012-9-18 608080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
2011-05-13 08:06 3058304 ----a-w- c:\windows\AsScrPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
2010-10-07 21:05 170624 ----a-w- c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/05/13 01:17;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 275616]
R3 dgderdrv;dgderdrv; [x]
R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-09 1255736]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-09 30568]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-12-07 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-03-31 283200]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 AK910SwitchService;AK910SwitchService;c:\program files (x86)\ArubaKey\AKSwitcher\ak910switchservice.exe [2009-07-09 81920]
S2 AntiVirSchedulerService;Avira Pianificatore;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-07 85280]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]
S2 Canon imagePROGRAF Status Monitor;Canon imagePROGRAF Status Monitor;c:\program files\Canon\imagePROGRAFStatusMonitor\cnwisam.exe [2009-10-09 713488]
S2 iPFDeviceAgentService;iPF Device Agent Service;c:\windows\system32\cnwiols6.exe [2008-12-08 210944]
S2 LPESPSVC;Canon Large Format Printer Extended Survey Program;c:\program files\Canon\LPESP\CNWILSV6.EXE [2010-12-20 100176]
S2 mi-raysat_3dsmax2010_64;mental ray 3.7 Satellite for Autodesk 3ds Max 2010 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_64server.exe [2009-03-12 86016]
S2 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max Design 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-02-22 86016]
S2 PPPoEService;PPPoE Service;c:\progra~2\Alice\ALICEE~1\app\pppoeservice.exe [2000-07-11 49152]
S2 Samsung Network Fax Server;Samsung Network Fax Server;c:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [2012-04-25 237056]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2012-02-15 11576]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-06-28 1431888]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 13:36]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 07:09]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 07:09]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353336376-522890844-1794076457-1001Core.job
- c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 10:45]
.
2013-01-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353336376-522890844-1794076457-1001UA.job
- c:\users\adriano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-11 10:45]
.
2013-01-30 c:\windows\Tasks\powersuite_monitor.job
- c:\program files (x86)\Uniblue\Powersuite\powersuite_monitor.exe [2013-01-11 10:29]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Dr opboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\adriano\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2010-01-21 909824]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"CnwiDeviceAgent"="c:\program files\Canon\imagePROGRAFStatusMonitor\cnwida.exe" [2010-06-24 71504]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704]
"bit4id csp store register (M x64)"="c:\windows\system32\bit4upki-store.dll" [2010-08-10 176128]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-Alice EnterNet - c:\windows\IsUn0410.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-Docfa 3.0.5 - c:\windows\IsUn0410.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe ,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Vision Objects\MyScript Studio\PegRoute.exe
c:\program files (x86)\Vision Objects\MyScript Studio\PMNRoute.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Ora fine scansione: 2013-01-30 13:49:38 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-01-30 12:49
.
Pre-Run: 86.748.762.112 byte disponibili
Post-Run: 86.984.536.064 byte disponibili
.
- - End Of File - - 187355380C23BEE026D0205DC3EA23CC

[Totocellux]

hai anche già provato la disinstallazione di Avira?

[adry84]

si...fatti diversi tentativi.
Sono arrivati prima i blue screen e poi avira purtroppo.
Cosa potrebbe essere?
Grazie
AN

[Totocellux]

il BCCode f4 (quello dei tuoi BSOD) è non solo una vera rogna (in quanto decisamente consistente) ma è anche difficoltoso da sviscerare e risolvere.

Ho dato un'occhiata al risultato della scansione, ma non mi sembra di aver intravisto tracce inconfutabili di malware.
Pertanto, da quanto riferisci (non volendo per ora pensare ad un problema direttamente derivato dall'hardware) credo che il tutto possa esser legato al comportamento di un driver di periferica non completamente aggiornato/funzionante che possa esser andato in palla col s.o. al momento di gestire la propria fase di risparmio energetico.

Prima dell'inizio dei BSOD, avevi già proceduto all'aggiornamento di questi driver del notebook: chipset, sk audio, sk di rete o altre periferiche particolari che utilizzi tramite USB/Firewire o quant'altro?

Inizialmente potresti anche provare a impostare "Prestazioni elevate" nelle opzioni di risparmio energetico di Windows 7.
Potremmo verificare quantomeno se si produce un qualche seppur minimo cambiamento.

[adry84]

il BCCode f4 (quello dei tuoi BSOD) è non solo una vera rogna (in quanto decisamente consistente) ma è anche difficoltoso da sviscerare e risolvere.

Ho dato un'occhiata al risultato della scansione, ma non mi sembra di aver intravisto tracce inconfutabili di malware.
Pertanto, da quanto riferisci (non volendo per ora pensare ad un problema direttamente derivato dall'hardware) credo che il tutto possa esser legato al comportamento di un driver di periferica non completamente aggiornato/funzionante che possa esser andato in palla col s.o. al momento di gestire la propria fase di risparmio energetico.

Prima dell'inizio dei BSOD, avevi già proceduto all'aggiornamento di questi driver del notebook: chipset, sk audio, sk di rete o altre periferiche particolari che utilizzi tramite USB/Firewire o quant'altro?


Inizialmente potresti anche provare a impostare "Prestazioni elevate" nelle opzioni di risparmio energetico di Windows 7.
Potremmo verificare quantomeno se si produce un qualche seppur minimo cambiamento.

Per quanto riguarda gli aggiornamenti ho più volte utilizzato windows update per il controllo degli aggiornamenti.
Ho reinstallati i driver della vga.
Ho sostituito facendo diverse prove i banchi di ram.
Per ora sembra sparito...sarà stata l'ultimo scandisk, i driver vga....booh!!!
Provo con prestazioni elevate e verifico.
Se avete altre prove da farmi fare sarò ben contento di metterci mano.
Grazie
AN