Problema avvio schermata password [windows 7 ultimate 64 bit]

**arkas90** · 04-12-2012, 17:22

salve a tutti il pc della mia ragazza è esploso per scheda madre fusa e l abbiamo cambiata, installato tutto e andava da dio fino ad oggi: proviamo ad accendere e appena arriva alla schermata con "utente" dove si deve inserire la password, la schermata scompare subito e spunta "Windows" con la rotella del caricamento. Rimane in questo stato e per un attimo riappare la schermata dell inserimento password e via cosi.
abbiamo provato ad avviare in modalita provvisoria con rete e fatto la scansione con spybot e avira ed aveva trovato un malware "sweetIM" e un virus tr/wmaloader.b li abbiamo cancellati e riavviato ma il problema persiste e ora accade anche sse si tenta la modalità provvisoria... che fare? grazie in anticipo

**darkkik** · 04-12-2012, 17:39

Vista la problematica ritengo sia un problema da postare nel forum Sicurezza...sposto.

**menatwork** · 04-12-2012, 19:33

ciao arkas90 se riesci ad accedere ancora in provvisoria con rete scarica rkill da uno di questi siti e avvialo

link 1

link 2

link 3

se durante la scansione si apre una finestra ignorala (non chiuderla)
fai ripartire rkill e lascia che continui la scansione.
Se ricompare ancora la finestra, tu continui a far ripartire rkill (senza MAI chiudere la finestra) la scansione deve andare fino in fondo

finita la scansione scarica combofix sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix

**arkas90** · 04-12-2012, 20:19

ciao, ora seguirò le tue istruzioni, cmq adesso sono in modalità win 7 normale
perchè mentre la schermata "lampeggiava" premendo tasti a caso sono riuscito a fermarlo
e mettere la password corretta. Ora seguo le tue istruzioni, meglio faretutto in provvisoria no?

**menatwork** · 04-12-2012, 20:22

se riesci a tenerlo ''fermo'' in modalita' normale altrimenti eseguilo da provvisoria

**arkas90** · 04-12-2012, 20:41

Allora ecco il responso di Rkill:

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/04/2012 07:30:24 PM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual

* Centro sicurezza PC (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 12/04/2012 07:30:29 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

HO ESEGUITO TUTTO IN MODALITA' PROVVISORIA CON RETE

**arkas90** · 04-12-2012, 20:42

E QUI IL REPORT DI COMBOFIX

ComboFix 12-12-02.01 - utente 04/12/2012 19:31:46.2.2 - x64 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.39.1040.18.3071.2574 [GMT 1:00]
Eseguito da: c:\users\utente\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((( Files Creati Da 2012-11-04 al 2012-12-04 )))))))))))))))))))))))))))))))))))
.
.
2012-12-04 18:35 . 2012-12-04 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-26 15:52 . 2012-11-26 15:52 -------- dc----w- c:\windows\system32\DRVSTORE
2012-11-26 15:52 . 2012-08-21 12:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-11-26 15:51 . 2012-11-26 15:52 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-26 15:51 . 2012-11-26 15:52 -------- d-----w- c:\program files (x86)\iTunes
2012-11-26 15:51 . 2012-11-26 15:51 -------- d-----w- c:\program files\iPod
2012-11-26 15:51 . 2012-11-26 15:52 -------- d-----w- c:\program files\iTunes
2012-11-26 15:51 . 2012-11-26 15:51 -------- d-----w- c:\programdata\Apple Computer
2012-11-26 15:51 . 2012-11-26 15:51 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-11-26 15:50 . 2012-11-26 15:50 -------- d-----w- c:\program files\Common Files\Apple
2012-11-26 15:50 . 2012-11-26 15:50 -------- d-----w- c:\program files\Bonjour
2012-11-26 15:50 . 2012-11-26 15:50 -------- d-----w- c:\program files (x86)\Bonjour
2012-11-26 15:50 . 2012-11-26 15:51 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-11-26 15:50 . 2012-11-26 15:51 -------- d-----w- c:\programdata\Apple
2012-11-26 00:09 . 2012-11-26 00:09 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-11-25 15:49 . 2012-11-25 15:49 -------- d-----w- c:\program files (x86)\Seagate
2012-11-25 15:47 . 2012-11-25 15:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-11-25 15:41 . 2012-11-25 15:41 -------- d-----w- c:\program files (x86)\Packard Bell
2012-11-25 12:26 . 2012-11-25 12:26 -------- d-----w- c:\program files\WinRAR
2012-11-25 12:23 . 2012-12-04 15:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-11-25 12:23 . 2012-11-25 12:23 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-11-25 12:22 . 2012-11-25 16:00 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-25 12:22 . 2012-11-25 16:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-25 12:22 . 2012-11-25 12:22 -------- d-----w- c:\windows\SysWow64\Macromed
2012-11-25 12:22 . 2012-11-25 12:22 -------- d-----w- c:\windows\system32\Macromed
2012-11-25 12:20 . 2012-11-25 12:20 -------- d-----w- c:\program files\Defraggler
2012-11-25 12:17 . 2012-11-25 12:18 -------- d-----w- c:\program files\CCleaner
2012-11-25 12:17 . 2012-11-25 12:17 -------- d-----w- c:\programdata\Avira
2012-11-25 12:17 . 2012-11-25 12:17 -------- d-----w- c:\program files (x86)\Avira
2012-11-25 12:17 . 2012-11-07 15:03 98888 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-11-25 12:17 . 2012-11-07 15:03 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-25 12:17 . 2012-09-24 07:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-25 12:14 . 2012-11-25 12:14 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-24 21:58 . 2012-11-24 21:58 -------- d-----w- c:\windows\system32\appmgmt
2012-11-24 21:26 . 2012-11-24 21:58 -------- d-----w- c:\programdata\DeviceVM
2012-11-24 21:24 . 2012-11-24 21:32 -------- d-----w- c:\programdata\Norton
2012-11-24 21:23 . 2012-11-24 21:23 -------- d-----w- c:\programdata\CyberLink
2012-11-24 21:21 . 2012-11-24 21:21 -------- d--h--w- c:\programdata\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
2012-11-24 21:19 . 2009-05-21 10:14 260608 ------w- c:\windows\system32\AMBSpiE.exe
2012-11-24 21:19 . 2009-02-26 11:08 17920 ------w- c:\windows\system32\AmbRunE.dll
2012-11-24 21:19 . 2009-02-03 12:52 102400 ----a-w- c:\windows\SysWow64\cttele32.dll
2012-11-24 21:19 . 2009-02-03 12:52 110080 ----a-w- c:\windows\system32\cttele64.dll
2012-11-24 21:19 . 2008-03-10 10:20 8704 ------w- c:\windows\SysWow64\ResDefE.exe
2012-11-24 21:19 . 2007-11-23 14:02 135680 ------w- c:\windows\system32\cfgChain.exe
2012-11-24 21:19 . 2000-05-11 00:00 90112 ------w- c:\windows\Updreg.EXE
2012-11-24 21:17 . 2009-07-08 14:32 1233195 ------w- c:\windows\SysWow64\AMBSPISyncService.exe
2012-11-24 21:17 . 2012-11-24 21:17 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2012-11-24 21:17 . 2012-11-24 21:19 -------- d-----w- c:\programdata\Creative
2012-11-24 21:17 . 2012-11-24 21:18 -------- d-----w- c:\program files (x86)\Creative
2012-11-24 21:16 . 2012-11-24 21:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-11-24 21:16 . 2012-11-24 21:16 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\program files\ASRock
2012-11-24 21:15 . 2011-07-04 14:19 1632128 ----a-w- c:\windows\system32\drivers\cfosspeed6.sys
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\programdata\cFos
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\programdata\FNET
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\program files (x86)\ASRock Utility
2012-11-24 21:15 . 2012-11-24 21:15 -------- d-----w- c:\program files\ASRock Utility
2012-11-24 21:15 . 2010-06-11 13:37 15368 ----a-w- c:\windows\system32\drivers\AsrAppCharger.sys
2012-11-24 21:12 . 2012-11-24 21:12 -------- d-----w- c:\windows\SysWow64\x64
2012-11-24 21:12 . 2012-11-24 21:12 -------- d-----w- c:\windows\SysWow64\Lang
2012-11-24 21:10 . 2012-11-26 17:35 -------- d-sh--w- c:\windows\Installer
2012-11-24 21:10 . 2012-11-24 17:02 -------- d-----w- c:\program files (x86)\Intel
2012-11-24 21:10 . 2009-08-26 07:04 53248 ----a-r- c:\windows\SysWow64\CSVer.dll
2012-11-24 21:10 . 2012-11-24 21:10 -------- d-----w- C:\Intel
2012-11-24 18:31 . 2012-11-24 18:31 -------- d-----w- c:\users\UpdatusUser
2012-11-24 18:31 . 2012-11-24 18:31 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-11-24 18:31 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-24 18:31 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-24 18:31 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-24 18:31 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-24 18:31 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-24 18:31 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-24 18:29 . 2012-11-24 18:31 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-24 18:28 . 2012-11-24 18:28 -------- d-----w- C:\NVIDIA
2012-11-24 18:22 . 2012-12-04 18:24 -------- d-----w- c:\programdata\NVIDIA
2012-11-24 18:20 . 2012-11-24 18:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-24 18:19 . 2012-11-24 18:18 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-24 18:19 . 2012-11-24 18:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-24 18:19 . 2012-11-24 18:18 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-24 18:18 . 2012-11-24 18:18 -------- d-----w- c:\program files (x86)\Java
2012-11-24 17:18 . 2012-11-24 17:18 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-11-24 17:18 . 2012-11-24 17:18 -------- d-----w- c:\windows\system32\wbem\en-US
2012-11-24 17:18 . 2012-11-24 17:18 -------- d-----w- c:\windows\SysWow64\Wat
2012-11-24 17:18 . 2012-11-24 17:18 -------- d-----w- c:\windows\system32\Wat
2012-11-24 16:55 . 2012-07-26 08:00 2560 ----a-w- c:\windows\system32\drivers\it-IT\wdf01000.sys.mui
2012-11-24 16:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-24 16:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-24 16:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-24 16:44 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-11-24 16:37 . 2012-10-29 20:04 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-24 16:36 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-24 16:36 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-24 16:36 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-24 16:36 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-24 16:36 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-24 16:36 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-24 16:36 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-24 16:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-11-24 16:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-11-24 16:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-11-24 16:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-11-24 16:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-11-24 16:33 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-11-24 16:33 . 2011-11-17 05:35 314880 ----a-w- c:\windows\SysWow64\webio.dll
2012-11-24 16:33 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-11-24 16:33 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-11-24 16:33 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-11-24 16:33 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-24 16:33 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-24 16:33 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-11-24 16:33 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-11-24 16:31 . 2011-02-05 17:10 642944 ----a-w- c:\windows\system32\winload.efi
2012-11-24 16:30 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-11-24 16:30 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-11-24 16:29 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-11-24 16:29 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-11-24 16:29 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-11-24 16:29 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-11-24 16:22 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36A56A39-64FA-482F-936E-125A755BA000}\mpengine.dll
2012-11-24 16:21 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-11-24 16:21 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-11-24 16:21 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-11-24 16:13 . 2012-11-24 16:13 -------- d-----w- c:\program files (x86)\Microsoft Works
2012-11-24 16:13 . 2012-11-24 17:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-11-24 16:13 . 2012-11-24 16:13 -------- d-----w- c:\windows\PCHEALTH
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2012-10-16 08:38 . 2012-11-28 11:22 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:22 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:22 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.

**arkas90** · 04-12-2012, 20:43

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Packard Bell Software Suite"="c:\program files (x86)\Packard Bell\Packard Bell Software Suite\Launcher.exe" [2008-09-04 1938240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-12-04 2792448]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-11-26 384800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DR IVERS\AsrAppCharger.sys [2010-06-11 15368]
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.s ys [2012-09-24 27800]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-11-26 85280]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-11-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-24 79360]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominipor t.sys [2012-08-23 19456]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2012-11-24 79360]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\ synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsus bflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsus bhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-25 1276928]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.e xe [2012-11-24 1255736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
.
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-12-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-11-25 16:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll " [2009-02-26 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2011-02-11 417304]
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 85.37.17.39 85.38.28.71 192.168.1.1
FF - ProfilePath - c:\users\utente\AppData\Roaming\Mozilla\Firefox\Pr ofiles\s1892vtv.default\
FF - prefs.js: browser.search.selectedEngine -
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-12-04 19:37:06
ComboFix-quarantined-files.txt 2012-12-04 18:37
ComboFix2.txt 2012-12-04 15:49
.
Pre-Run: 104.361.463.808 byte disponibili
Post-Run: 104.220.966.912 byte disponibili
.
- - End Of File - - 472382561A0E3B3604DE55ED6BCACD00

ANCH'ESSO IN MODALITA' PROVVISORIA

**menatwork** · 04-12-2012, 21:12

visto cosi' sembrerebbe a posto....che problemi riscontri oltre a quello descritto

Scarica OTL e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend,

**arkas90** · 04-12-2012, 22:22

guarda nessun problema, per dirti fino a ieri sera (e il pc gli è tornato circa 2 settimane fa)
non dava alcun problema
adesso invece sta fastidiosissimo lampeggio della schermata dove inserire la password.
ma non lampeggia lo schermo, lampeggia solo la parte centrale.
parlando povero: è come se tenessi schiacciato "invio" sulla tastiera!
se premo in continuazione una lettera, mi si ferma dicendo "password errata"

Discussione: Problema avvio schermata password [windows 7 ultimate 64 bit]

Strumenti discussione

Ricerca discussione

Visualizza

Problema avvio schermata password [windows 7 ultimate 64 bit]

Permessi di invio