É da tempo che mi esce la schermata blu, opera e chrome vanno in crash e firefox neanche si avvia.
Inoltre erano bloccati gli antivirus, non si sentiva l'audio e la connessione con la penna usb non si avviava in automatico.
Ho portato il pc dal tecnico, si è fregato 25 euro e con una pulizia del sistema ora la schermata blu esce ogni tot minuti, in compenso si sono sbloccati gli antivirus (l'audio l'avevo sbloccato con malwarebytes).
Vi posto i log di avira (scansione completa) + HijackThis, spero mi aiuterete

<<<<<<<<<<
Avira:


Avira AntiVir Personal
Report file date: domenica 18 luglio 2010 11:09

Scanning for 2354648 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : user
Computer name : USER-F24820B2FE

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 11:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 17:56:16
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 17:56:19
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 17:56:19
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 17:56:19
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 17:56:19
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 17:56:19
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 17:56:19
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 17:56:19
VBASE013.VDF : 7.10.8.37 270336 Bytes 10/06/2010 17:56:20
VBASE014.VDF : 7.10.8.69 138752 Bytes 14/06/2010 17:56:20
VBASE015.VDF : 7.10.8.102 130560 Bytes 16/06/2010 17:56:20
VBASE016.VDF : 7.10.8.135 152064 Bytes 21/06/2010 17:56:21
VBASE017.VDF : 7.10.8.163 432128 Bytes 23/06/2010 17:56:21
VBASE018.VDF : 7.10.8.194 133632 Bytes 27/06/2010 17:56:21
VBASE019.VDF : 7.10.8.220 134656 Bytes 29/06/2010 17:56:22
VBASE020.VDF : 7.10.8.252 171520 Bytes 04/07/2010 21:06:35
VBASE021.VDF : 7.10.9.19 131072 Bytes 06/07/2010 15:22:40
VBASE022.VDF : 7.10.9.36 297472 Bytes 07/07/2010 15:22:41
VBASE023.VDF : 7.10.9.60 150016 Bytes 11/07/2010 19:08:32
VBASE024.VDF : 7.10.9.79 113152 Bytes 13/07/2010 11:15:04
VBASE025.VDF : 7.10.9.99 158720 Bytes 16/07/2010 10:46:39
VBASE026.VDF : 7.10.9.100 2048 Bytes 16/07/2010 10:46:39
VBASE027.VDF : 7.10.9.101 2048 Bytes 16/07/2010 10:46:42
VBASE028.VDF : 7.10.9.102 2048 Bytes 16/07/2010 10:46:42
VBASE029.VDF : 7.10.9.103 2048 Bytes 16/07/2010 10:46:42
VBASE030.VDF : 7.10.9.104 2048 Bytes 16/07/2010 10:46:42
VBASE031.VDF : 7.10.9.108 67584 Bytes 16/07/2010 10:46:43
Engineversion : 8.2.4.12
AEVDF.DLL : 8.1.2.0 106868 Bytes 30/06/2010 17:56:28
AESCRIPT.DLL : 8.1.3.40 1360250 Bytes 17/07/2010 10:46:46
AESCN.DLL : 8.1.6.1 127347 Bytes 30/06/2010 17:56:27
AESBX.DLL : 8.1.3.1 254324 Bytes 30/06/2010 17:56:28
AERDL.DLL : 8.1.4.6 541043 Bytes 30/06/2010 17:56:27
AEPACK.DLL : 8.2.2.6 430452 Bytes 17/07/2010 10:46:45
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 07/07/2010 06:19:59
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 30/06/2010 17:56:26
AEHELP.DLL : 8.1.11.6 242038 Bytes 30/06/2010 17:56:24
AEGEN.DLL : 8.1.3.14 381299 Bytes 17/07/2010 10:46:44
AEEMU.DLL : 8.1.2.0 393588 Bytes 30/06/2010 17:56:24
AECORE.DLL : 8.1.15.4 192886 Bytes 17/07/2010 10:46:43
AEBB.DLL : 8.1.1.0 53618 Bytes 30/06/2010 17:56:23
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 11:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 11:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 13:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programmi\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: domenica 18 luglio 2010 11:09

Starting search for hidden objects.
An ARK library instance is already running.

The scan of running processes will be started
Scan process 'dllhost.exe' - '63' Module(s) have been scanned
Scan process 'avscan.exe' - '71' Module(s) have been scanned
Scan process 'dllhost.exe' - '53' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '58' Module(s) have been scanned
Scan process 'wuauclt.exe' - '43' Module(s) have been scanned
Scan process 'avcenter.exe' - '103' Module(s) have been scanned
Scan process 'alg.exe' - '48' Module(s) have been scanned
Scan process 'opera.exe' - '69' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '57' Module(s) have been scanned
Scan process 'hpqgalry.exe' - '101' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '55' Module(s) have been scanned
Scan process 'wuauclt.exe' - '53' Module(s) have been scanned
Scan process 'raid_tool.exe' - '35' Module(s) have been scanned
Scan process 'RaUI.exe' - '57' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '77' Module(s) have been scanned
Scan process 'ctfmon.exe' - '36' Module(s) have been scanned
Scan process 'avgnt.exe' - '57' Module(s) have been scanned
Scan process 'UAService7.exe' - '21' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'SMAgent.exe' - '25' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '29' Module(s) have been scanned
Scan process 'SeaPort.exe' - '55' Module(s) have been scanned
Scan process 'PSIService.exe' - '36' Module(s) have been scanned
Scan process 'ccSvcHst.exe' - '69' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '92' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'sched.exe' - '58' Module(s) have been scanned
Scan process 'spoolsv.exe' - '65' Module(s) have been scanned
Scan process 'Explorer.EXE' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '50' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '59' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'services.exe' - '77' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1831' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Avenger\m-ren-226\shared\Goliath .NET Obfuscator 2.0 Serial.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Vaklik.FHV Trojan
--> gdbmdll.dll
[DETECTION] Is the TR/Vaklik.FHV Trojan
C:\Avenger\m-ren-241\shared\xero : filter set 2 2.0.zip
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
--> serial.exe
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
Catched Exception in function <FSSLIB_OpenFile> - Object <C:\Documents and Settings\user\Impostazioni locali\Dati applicazioni\Opera\Opera\cache\g_0054\opr008AS.tmp>
ACCESS_VIOLATION
EAX = 00000000 EBX = 00000080
ECX = 04622F68 EDX = 00000001
ESI = 047CF818 EDI = 34c4e980
EIP = 004491E6 EBP = 34000050
ESP = 0374FE64 Flg = 00010206
CS = 00000023 SS = 0000001B
C:\Qoobox\Quarantine\C\Muestras\FLEC006.EXE.Muestra EliBagle v12.79.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\Muestras\WINTEMS.EXE.Muestra EliBagle v12.79.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir
[DETECTION] Is the TR/Agent.188416 Trojan

Beginning disinfection:
C:\Qoobox\Quarantine\C\WINDOWS\system32\sshnas21.dll.vir
[DETECTION] Is the TR/Agent.188416 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4fe6afdc.qua'.
C:\Qoobox\Quarantine\C\Muestras\WINTEMS.EXE.Muestra EliBagle v12.79.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '574b8013.qua'.
C:\Qoobox\Quarantine\C\Muestras\FLEC006.EXE.Muestra EliBagle v12.79.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '050ddaff.qua'.
C:\Avenger\m-ren-241\shared\xero : filter set 2 2.0.zip
[DETECTION] Contains recognition pattern of the WORM/Bagle.Gen worm
[NOTE] The file was moved to the quarantine directory under the name '6307955a.qua'.
C:\Avenger\m-ren-226\shared\Goliath .NET Obfuscator 2.0 Serial.zip
[DETECTION] Is the TR/Vaklik.FHV Trojan
[NOTE] The file was moved to the quarantine directory under the name '2699b868.qua'.


End of the scan: domenica 18 luglio 2010 16:08
Used time: 4:55:33 Hour(s)

The scan has been done completely.

15132 Scanned directories
994540 Files were scanned
5 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
994535 Files not concerned
54737 Archives were scanned
1 Warnings
5 Notes

===================================================================================

Hijackthis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.40.53, on 18/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir Desktop\sched.exe
C:\Programmi\Avira\AntiVir Desktop\avguard.exe
C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\RALINK\Common\RaUI.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Opera\opera.exe
C:\Programmi\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\user\Documenti\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmi\ZoneAlarm\tbZone.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Programmi\iMesh Applications\MediaBar\DataMngr\IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmi\ZoneAlarm\tbZone.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: (no name) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ZoneAlarm Toolbar - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Programmi\ZoneAlarm\tbZone.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programmi\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Programmi\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Programmi\RALINK\Common\RaUI.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\user\Dati applicazioni\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1226516378375
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5BB18C0C-17CB-4CC4-94E8-DE04342A3C6D}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A1693B0E-9C35-48F0-B6E9-B21375797170}: NameServer = 151.99.125.1,151.99.0.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{CF9905FD-FBFC-400D-BDEB-D1D09BE45F31}: NameServer = 151.99.125.1,151.99.0.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Programmi\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Moon Secure Antivirus Core (msav) - Unknown owner - C:\Programmi\Moon Secure Antivirus\msavcore.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Programmi\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12347 bytes

Ciao.

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Segui questo percorso e svuota la cartella Prefetch : (non eliminare la cartella)
C:\Windows\Prefetch

Hai (o avevi) tracce del Worm Beagle.
Scarica Findykill:
http://findykill.changelog.fr/Setup.exe
installa FindyKill .
chiudi tutte le eventuali applicazioni aperte (antivirus, firewall e programmi "residenti")
disconnettiti da Internet
sconnetti, fisicamente, il modem dal computer.
avvia il tool e digita F per impostare la lingua;
clicca su 2 - Suppression des fichiers infectieux (Eliminazione dei file infetti)
al termine dell'operazione verrà rilasciato un log: salvalo sul Desktop, e postalo qui.(se non lo trovi sul desktop, lo trovi in C:\FindyKill.txt)
P.S:
Potranno esserci dei riavvii, non preoccuparti, è il programma che stà lavorando.

Poi mi risulta anche scansioni con Combofix.
Disistalla anche Zone Allarm.
Questo è un tool per la disistallazione:
http://download.zonealarm.com/bin/free/support/cpes_clean.exe

Dimenticavo:
Durante la bonifica, NON inserire nessuna periferica. (chiavette USB, HD esterni etcc..)

Non è possibile.
Per esempio, dal log di HJT, risultano file e cartelle:
C:\WINDOWS\system32
C:\WINDOWS\system32\svchost.exe

Comunque, prosegui con le altre indicazioni.

Ok.
Segui le indicazioni che ho postato.
In seguito vedremo se dipende da qualche infezione, oppure da qualche impostazione errata.

Sei messo male.
Zone Allarm, disistallalo manualmente.

Prova a fare uno ScanDisk:
Aprite Risorse del computer / Tasto destro sul disco fisso / proprietà / Strumenti / Esegui Scandisk
Selezionate entrambe le opzioni: correggi automaticamente gli errori del File system, cerca i settori danneggiati e tenta il ripristino.
Si aprirà una finestra di avvertimento: Impossibile ottenere accesso esclusivo ad alcuni file di Windows...
Cliccate su "SI" per pianificare l'operazione al prossimo avvio.

Se la scansione non ha successo, il Disco Rigido, è danneggiato.

Ciao.
1) Il file o la directory C:/$Mft è danneggiato e non leggibile. Esegui l'utilità Chkdsl.
2) Il file o la directory C:/Avenger/M-2CCC~1/shared è danneggiato e non leggibile. Esegui l'utilità Chkdsl.
Secondo me, hai dei settori del HD danneggiati.
Prova a eseguire lo Scandisk.
Se riesce a ripararli, bene, altrimenti consiglio il format.
Non vedo altre soluzioni sensate.

Ciao.
Invece di riavviarlo,(come dice l'avviso) spegni direttamente il pc.
E poi accendilo.
Torno a ripetere, che se l'HD è danneggiato, il format è la via più sensata.
Ma anche se dipendesse da virus, il pc è talmente compromesso,che non vale neanche la pena tentare la bonifica.
Oltre al tempo che ci si impiegherebbe,(che sarebbe per me il problema minore) ci sono serie probabilità che ti ritrovi con un pc instabile, e malfunzionante.
Per cui, il mio consiglio è quello di salvare quello che puoi, e "piallare" l'HD.
Mi dispiace essere così "crudo", ma non è mia abitudine, prendere in giro la gente, promettendogli quello che non posso fare .
Mi dispiace.

Scusa.
Intendevo formattare.

avete per caso una guida su come formattare, non vorrei fare danni