r16- Ti ringrazio per il sollecito aiuto,per quanto concerne i trè programmi utilizzati per il controllo e la cancellazione delle chiavi di registro non necessarie,ho riutilizzato i rispettivi Beckap, ma non hanno risolto nulla,non erano loro le cause,ho installato e utilizzato il programma che mi hai suggerito, ma non ha trolvato niente relativo a Money 2000,evidentemente nel sistema non ci sono più file relativi al programma Money, devo dire per correttezza che lo stesso difetto me lo faceva anche sul Notebook, con lo stesso S.O. poi un giorno ho riprovato ed è andato tutto liscio, ora provvisoriamente uso il notebook,(per fortuna che avevo salvato una copia dei Beckap di mMoney su un HD esterno.
Spero in un altro suggerimento

r16;Ti ringrazio per il suggerimento,ho installato il programma consigliato, ma fra tutte le voci,Microsoft Money 2000 non si trova, una domanda:Che tù sappia, si possono installare dei programmi in modalità provvisoria. Grazi,continuo ad aspettare fiducioso qualche altro suggerimento.

r16: Eccoti il mio LOG:Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.55.13, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\PC Tools Firewall Plus\FWService.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\Programmi\CyberLink\Shared files\RichVideo.exe
D:\Programmi\Spyware Doctor\pctsAuxs.exe
D:\Programmi\Spyware Doctor\pctsSvc.exe
D:\Programmi\SPAMfighter\sfus.exe
D:\WINDOWS\System32\PAStiSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
D:\Programmi\Spyware Doctor\pctsTray.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Programmi\Mozilla Firefox\firefox.exe
I:\Programmi\Applicativi Programmi\HiJackThis_v2.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.kodak.com/go/CX4200support
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Programmi\Real\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [00PCTFW] "D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [ISTray] "D:\Programmi\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] D:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://D:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - D:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - D:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - D:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - D:\Programmi\SPAMfighter\sfus.exe
O23 - Service: STI Simulator - Unknown owner - D:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 9712 bytes

r16: Eccoti il log che mi hai chiesto, fammi sapere le tuededuzioni e come disistallare Combofix. Intanto ti ringrazio.ComboFix 08-08-21.02 - Papa' 2008-08-22 22.24.58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.627 [GMT 2:00]
Eseguito da: D:\Documents and Settings\Papa'\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer
D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer\Condizioni generali.url
D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer\Disinstalla.lnk
D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer\Riservatezza.url
D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
D:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\WebMediaPlayer\Website.url
D:\Documents and Settings\Papa'\Impostazioni locali\Dati applicazioni\pradnw.dat
D:\Documents and Settings\Papa'\Impostazioni locali\Dati applicazioni\pradnw.exe
D:\Documents and Settings\Papa'\Impostazioni locali\Dati applicazioni\pradnw_nav.dat
D:\Documents and Settings\Papa'\Impostazioni locali\Dati applicazioni\pradnw_navps.dat
D:\Programmi\webmediaplayer
D:\Programmi\webmediaplayer\resources\wmp_translation_file.xml
D:\Programmi\webmediaplayer\skins\classic.skn
D:\Programmi\webmediaplayer\sqlite3.dll
D:\Programmi\webmediaplayer\uninst.exe
D:\Programmi\webmediaplayer\WebMediaPlayer.exe
D:\WINDOWS\msvrc20.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-07-22 al 2008-08-22 )))))))))))))))))))))))))))))))))))
.

2008-12-22 06:59 . 2008-12-22 06:59 447,200 --a------ D:\WINDOWS\system32\OpenQuicktimeLib.dll
2008-12-22 06:59 . 2008-12-22 06:59 332,512 --a------ D:\WINDOWS\system32\3ivxVfWCodec.dll
2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ D:\WINDOWS\system32\SamsungVfWCodec.dll
2008-12-22 06:59 . 2008-12-22 06:59 25,312 --a------ D:\WINDOWS\system32\DivXVfWCodec.dll
2008-12-22 06:58 . 2008-12-22 06:58 1,155,808 --a------ D:\WINDOWS\system32\3ivx.dll
2008-12-22 06:52 . 2008-12-22 06:52 66,272 --a------ D:\WINDOWS\system32\libfaac.dll
2008-08-22 15:57 . 2008-08-22 15:57 <DIR> d-------- D:\Programmi\Alcohol Soft
2008-08-22 15:57 . 2004-04-30 09:37 160,640 --a------ D:\WINDOWS\system32\drivers\a347bus.sys
2008-08-22 15:57 . 2004-04-30 09:33 5,248 --a------ D:\WINDOWS\system32\drivers\a347scsi.sys
2008-08-21 11:53 . 2008-08-21 11:53 812,344 --a------ D:\Programmi\HJTInstall.exe
2008-08-20 23:16 . 2008-08-20 23:16 <DIR> d-------- D:\Programmi\Windows Installer Clean Up
2008-08-20 23:15 . 2008-08-20 23:15 <DIR> d-------- D:\Programmi\MSECACHE
2008-08-19 23:54 . 2008-08-19 23:55 <DIR> d-------- D:\Programmi\Spyware Doctor
2008-08-19 23:54 . 2008-08-19 23:54 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\PC Tools
2008-08-19 23:54 . 2008-06-10 21:22 81,288 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-19 23:54 . 2008-06-02 15:19 66,952 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-19 23:54 . 2008-06-02 15:19 42,376 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-19 23:54 . 2008-06-02 15:19 29,576 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2008-08-19 20:03 . 2008-08-19 20:03 <DIR> d-------- D:\Programmi\AVI MPEG RM WMV Joiner
2008-08-19 18:25 . 2008-08-19 18:25 <DIR> d-------- D:\Documents and Settings\Angelo\Dati applicazioni\PCToolsFirewallPlus
2008-08-19 17:58 . 2008-08-19 17:58 <DIR> d-------- D:\Programmi\VS Revo Group
2008-08-19 16:57 . 2008-08-21 11:21 <DIR> d-------- D:\Programmi\PC Tools Firewall Plus
2008-08-19 16:57 . 2008-08-19 16:57 <DIR> d-------- D:\Programmi\File comuni\PC Tools
2008-08-19 16:57 . 2008-07-28 11:29 160,792 --a------ D:\WINDOWS\system32\drivers\pctfw2.sys
2008-08-19 16:57 . 2008-07-17 16:53 93,952 --a------ D:\WINDOWS\system32\drivers\pctfw.sys
2008-08-19 16:57 . 2008-08-05 15:58 58,136 --a------ D:\WINDOWS\system32\drivers\FWAuthdriver.sys
2008-08-18 23:32 . 2008-08-18 23:32 <DIR> d-------- D:\Documents and Settings\Papa'\segnalibro
2008-08-18 23:32 . 2008-08-18 23:31 185,856 --a------ D:\WINDOWS\system32\framedyn.dll
2008-08-18 23:31 . 2008-08-18 23:31 <DIR> d-------- D:\Documents and Settings\Papa'\backup
2008-08-18 23:31 . 2008-08-18 23:31 5,415 --a------ D:\WINDOWS\system32\Choice.com
2008-08-18 19:13 . 2007-09-23 18:00 37,456 -ra------ D:\WINDOWS\system32\drivers\USBSER34.SYS
2008-08-18 15:19 . 2008-08-18 15:19 2,344 --a------ D:\WINDOWS\system32\SHORTCUT.INI
2008-08-18 15:19 . 2008-08-18 15:22 114 --a------ D:\WINDOWS\system32\REMOTEDEVICE.INI
2008-08-18 15:16 . 2008-08-18 15:23 4,334 --a------ D:\WINDOWS\system32\LOCALSERVICE.INI
2008-08-18 15:16 . 2008-08-18 15:18 107 --a------ D:\WINDOWS\system32\LOCALDEVICE.INI
2008-08-18 15:14 . 2008-08-18 15:14 0 --a------ D:\WINDOWS\system32\BSPRINT.INI
2008-08-18 14:37 . 2007-04-10 11:08 60,032 --a------ D:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-08-16 15:27 . 2008-08-20 15:56 69 --a------ D:\WINDOWS\NeroDigital.ini
2008-08-15 22:26 . 2008-08-15 22:26 <DIR> dr-h----- D:\Documents and Settings\Angelo\Dati applicazioni\SecuROM
2008-08-15 22:26 . 2008-08-15 22:26 107,888 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2008-08-14 17:12 . 2008-08-14 17:12 <DIR> d-------- D:\Programmi\File comuni\Ahead
2008-08-14 17:12 . 2008-08-14 17:12 <DIR> d-------- D:\Programmi\Ahead
2008-08-14 17:12 . 2004-07-26 17:16 1,568,768 --------- D:\WINDOWS\system32\ImagX7.dll
2008-08-14 17:12 . 2004-07-26 17:16 476,320 --------- D:\WINDOWS\system32\ImagXpr7.dll
2008-08-14 17:12 . 2004-07-26 17:16 471,040 --------- D:\WINDOWS\system32\ImagXRA7.dll
2008-08-14 17:12 . 2004-07-26 17:16 262,144 --------- D:\WINDOWS\system32\ImagXR7.dll
2008-08-14 17:12 . 2001-07-09 11:50 155,648 --a------ D:\WINDOWS\system32\NeroCheck.exe
2008-08-14 17:12 . 2004-03-02 17:37 125,184 --------- D:\WINDOWS\system32\drivers\imagesrv.sys
2008-08-14 17:12 . 2000-06-26 11:45 106,496 --a------ D:\WINDOWS\system32\TwnLib20.dll
2008-08-14 17:12 . 2004-03-02 17:37 5,504 --------- D:\WINDOWS\system32\drivers\imagedrv.sys
2008-08-13 23:33 . 2008-08-13 23:33 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\wmp
2008-08-13 23:24 . 2008-08-13 23:24 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\vlc
2008-08-13 23:14 . 2008-08-13 23:14 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\Skinux
2008-08-13 22:51 . 2007-06-06 09:57 2,363,392 --a------ D:\WINDOWS\system32\xerces-c_2_7.dll
2008-08-13 22:51 . 2007-06-06 09:18 45,056 --a------ D:\WINDOWS\system32\KPDDynCC.DLL
2008-08-13 22:51 . 2007-06-06 09:25 40,960 --a------ D:\WINDOWS\system32\KPDLM.dll
2008-08-13 22:26 . 2008-08-13 22:35 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Kodak
2008-08-13 22:08 . 2008-08-14 00:22 <DIR> d-------- D:\Programmi\RegSeeker
2008-08-13 21:54 . 2008-08-13 21:54 <DIR> d-------- D:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP
2008-08-13 21:49 . 2008-08-13 21:49 <DIR> d-------- D:\Programmi\Spybot - Search & Destroy
2008-08-13 21:49 . 2008-08-19 00:33 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-08-13 21:41 . 2008-08-13 21:46 <DIR> d-------- D:\Programmi\IObit
2008-08-13 21:37 . 2008-08-13 21:37 <DIR> d-------- D:\Programmi\Lavasoft
2008-08-13 21:36 . 2008-08-13 21:36 <DIR> d-------- D:\Programmi\File comuni\Wise Installation Wizard
2008-08-13 21:33 . 2008-08-13 21:38 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Lavasoft
2008-08-13 21:32 . 2008-08-13 21:32 <DIR> d-------- D:\Programmi\Disk Cleaner
2008-08-13 21:03 . 2008-08-13 21:03 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\DivX
2008-08-13 20:53 . 2008-08-13 20:53 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\MAGIX
2008-08-13 16:42 . 2008-08-13 16:42 <DIR> d-------- D:\Documents and Settings\Angelo\Dati applicazioni\ScanSoft
2008-08-13 16:42 . 2008-08-13 16:42 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\ScanSoft
2008-08-13 16:24 . 2008-08-13 16:24 <DIR> d-------- D:\Programmi\IVT Corporation
2008-08-13 16:23 . 2008-08-13 16:23 <DIR> d-------- D:\Documents and Settings\Angelo\Dati applicazioni\CyberLink
2008-08-13 16:22 . 2008-08-13 16:23 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\CyberLink
2008-08-13 16:19 . 2008-08-13 16:20 <DIR> d-------- D:\Programmi\CyberLink
2008-08-13 16:04 . 2008-08-18 15:14 32 --a------ D:\WINDOWS\0
2008-08-13 16:04 . 2008-08-13 16:04 0 --a------ D:\WINDOWS\system32\0
2008-08-13 14:18 . 2008-08-13 14:18 <DIR> d-------- D:\Programmi\Total Video Converter
2008-08-13 12:56 . 2008-08-13 12:56 <DIR> d-------- D:\Programmi\File comuni\xing shared
2008-08-13 12:55 . 2008-08-13 12:56 <DIR> d-------- D:\Programmi\Real
2008-08-13 12:51 . 2008-08-13 12:56 <DIR> d-------- D:\Programmi\File comuni\Real
2008-08-13 12:31 . 2008-08-13 13:06 <DIR> d-------- D:\Documents and Settings\Angelo\dwhelper
2008-08-13 10:55 . 2008-08-13 10:55 <DIR> d-------- D:\Documents and Settings\Angelo\Dati applicazioni\SPAMfighter
2008-08-13 00:10 . 2008-08-13 00:10 268 --ah----- D:\sqmdata00.sqm
2008-08-13 00:10 . 2008-08-13 00:10 244 --ah----- D:\sqmnoopt00.sqm
2008-08-13 00:09 . 2008-04-11 20:40 683,520 --------- D:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-13 00:09 . 2008-05-01 16:31 331,776 --------- D:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 00:09 . 2008-07-07 22:17 253,952 --------- D:\WINDOWS\system32\dllcache\es.dll
2008-08-13 00:09 . 2008-06-24 18:30 74,240 --------- D:\WINDOWS\system32\dllcache\mscms.dll
2008-08-13 00:04 . 2008-08-13 00:04 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\PCToolsFirewallPlus
2008-08-12 23:54 . 2008-08-12 23:54 <DIR> d-------- D:\Programmi\Microsoft SQL Server Compact Edition
2008-08-12 23:54 . 2008-08-19 17:55 <DIR> d-------- D:\Documents and Settings\Papa'\Contacts
2008-08-12 23:53 . 2008-08-13 22:51 <DIR> d----c--- D:\WINDOWS\system32\DRVSTORE
2008-08-12 23:51 . 2008-08-12 23:54 <DIR> d-------- D:\Programmi\Windows Live
2008-08-12 23:51 . 2008-08-12 23:53 <DIR> d--hsc--- D:\Programmi\File comuni\WindowsLiveInstaller
2008-08-12 23:51 . 2008-08-12 23:51 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2008-08-12 23:49 . 2008-08-22 22:18 <DIR> d-a------ D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TEMP
2008-08-12 23:48 . 2008-08-12 23:48 <DIR> d-------- D:\Programmi\Google
2008-08-12 23:42 . 2008-08-12 23:42 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Yahoo! Companion
2008-08-12 23:32 . 2008-08-12 23:32 <DIR> d-------- D:\Programmi\Yahoo!
2008-08-12 23:31 . 2008-08-12 23:31 <DIR> d-------- D:\Programmi\Auslogics
2008-08-12 23:31 . 2008-08-12 23:31 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\Auslogics
2008-08-12 23:29 . 2008-08-12 23:29 <DIR> d-------- D:\Programmi\Foxit Software
2008-08-12 23:27 . 2008-08-13 00:08 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\skypePM
2008-08-12 23:27 . 2008-08-12 23:27 56 --ah----- D:\WINDOWS\system32\ezsidmv.dat
2008-08-12 23:25 . 2008-08-13 00:10 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\Skype
2008-08-12 23:24 . 2008-08-12 23:24 <DIR> d-------- D:\Programmi\Skype
2008-08-12 23:24 . 2008-08-12 23:24 <DIR> d-------- D:\Programmi\File comuni\Skype
2008-08-12 23:24 . 2008-08-12 23:24 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Skype
2008-08-12 21:23 . 2008-08-22 22:11 <DIR> d-------- D:\Programmi\SPAMfighter
2008-08-12 21:23 . 2008-08-12 21:23 <DIR> d-------- D:\Programmi\File comuni\Application
2008-08-12 21:23 . 2008-08-12 21:23 <DIR> d-------- D:\Programmi\File comuni\Ankiro
2008-08-12 21:18 . 2008-08-12 21:23 <DIR> d-------- D:\Documents and Settings\Papa'\Dati applicazioni\SPAMfighter
2008-08-12 21:09 . 2008-08-12 21:09 <DIR> d-------- D:\Programmi\File comuni\ArcSoft
2008-08-12 21:09 . 2003-09-19 15:45 21,248 --a------ D:\WINDOWS\system32\drivers\pfc.sys
2008-08-12 21:07 . 2008-08-12 21:07 0 --a------ D:\WINDOWS\AudioCleanic.INI
2008-08-12 21:05 . 2008-08-12 21:05 <DIR> d-------- D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\MAGIX
2008-08-12 21:02 . 2008-08-12 21:02 <DIR> d-------- D:\Programmi\File comuni\MAGIX Shared
2008-08-12 21:01 . 2008-08-12 21:06 <DIR> d-------- D:\WINDOWS\system32\MAGIX
2008-08-12 21:01 . 2008-08-12 21:05 <DIR> d-------- D:\MAGIX
2008-08-12 21:01 . 2002-09-20 23:33 1,089,536 --a------ D:\WINDOWS\system32\ROBOEX32.DLL
2008-08-12 21:01 . 2006-02-06 11:38 475,136 --a------ D:\WINDOWS\system32\mgxoschk.dll
2008-08-12 21:01 . 1998-10-15 16:28 85,504 --a------ D:\WINDOWS\system32\HtmlWH.dll
2008-08-12 21:01 . 1999-01-28 13:44 49,152 --a------ D:\WINDOWS\system32\INETWH32.dll
2008-08-12 21:01 . 2006-02-06 12:09 2,936 --a------ D:\WINDOWS\mgxoschk.ini
2008-08-12 21:00 . 2004-08-19 15:39 16,384 --a------ D:\WINDOWS\system32\ipsink.ax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-22 14:03 --------- d--h--w D:\Programmi\InstallShield Installation Information
2008-08-18 13:17 34,312 ----a-w D:\WINDOWS\system32\drivers\blueletaudio.sys
2008-08-12 18:00 --------- d-----w D:\Programmi\File comuni\InstallShield
2008-08-11 16:50 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Office Genuine Advantage
2008-08-11 16:47 --------- d-----w D:\Programmi\AMD
2008-08-11 16:41 --------- d-----w D:\Programmi\NVIDIA Corporation
2008-08-11 16:35 --------- d-----w D:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\nView_Profiles
2008-08-11 16:26 --------- d-----w D:\Programmi\MSBuild
2008-08-11 16:23 --------- d-----w D:\Programmi\Reference Assemblies
2008-08-11 16:21 --------- d-----w D:\Programmi\MSXML 6.0
2008-08-11 16:15 --------- d-----w D:\Programmi\Windows Media Connect 2
2008-08-11 15:04 --------- d-----w D:\Programmi\microsoft frontpage
2008-08-11 15:02 --------- d-----w D:\Programmi\Servizi in linea
2008-07-07 20:17 253,952 ----a-w D:\WINDOWS\system32\es.dll
2008-07-02 12:58 26,248 ----a-w D:\WINDOWS\system32\drivers\IvtBtBus.sys
2008-06-24 16:30 74,240 ----a-w D:\WINDOWS\system32\mscms.dll
2008-06-23 08:23 70,656 ------w D:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 08:23 625,664 ------w D:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 08:23 13,824 ------w D:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w D:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:36 247,296 ----a-w D:\WINDOWS\system32\mswsock.dll
2008-06-20 17:36 247,296 ------w D:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:36 147,968 ------w D:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:44 360,960 ------w D:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ------w D:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:32 225,920 ------w D:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w D:\WINDOWS\system32\dllcache\bthport.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:39 15360]
"swg"="D:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-08-12 23:48 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"00PCTFW"="D:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2008-08-05 15:58 2611096]
"ISTray"="D:\Programmi\Spyware Doctor\pctsTray.exe" [2008-07-16 09:16 1166216]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 17:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll
"VIDC.MJPG"= Pvmjpg30.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Programmi\\eMule AdunanzA\\eMule_AdnzA.exe"=
"D:\\Programmi\\Pinnacle\\Studio 11\\programs\\RM.exe"=
"D:\\Programmi\\Pinnacle\\Studio 11\\programs\\Studio.exe"=
"D:\\Programmi\\Pinnacle\\Studio 11\\programs\\PMSRegisterFile.exe"=
"D:\\Programmi\\Pinnacle\\Studio 11\\programs\\umi.exe"=
"D:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"D:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Programmi\\Skype\\Phone\\Skype.exe"=
"D:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\Programmi\\Real\\realplay.exe"=
"D:\\Programmi\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"D:\\Programmi\\KODAK\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"D:\\Programmi\\Outlook Express\\msimn.exe"=
"D:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"D:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"D:\\Programmi\\3ivx\\3ivx MPEG-4 5.0.2\\3ivxConfig.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1289:TCP"= 1289:TCP:eMuleTCP
"1478:UDP"= 1478:UDP:eMuleUDP

R0 BtHidBus;Bluetooth HID Bus Service;D:\WINDOWS\system32\Drivers\BtHidBus.sys [2008-07-31 20:45]
R1 aswSP;avast! Self Protection;D:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 pctfw2;pctfw2;D:\WINDOWS\system32\drivers\pctfw2.sys [2008-07-28 11:29]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};D:\Programmi\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 aswFsBlk;aswFsBlk;D:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 BlueSoleilCS;BlueSoleilCS;D:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-08-18 15:17]
R2 SPAMfighter Update Service;SPAMfighter Update Service;D:\Programmi\SPAMfighter\sfus.exe [2008-07-14 18:39]
R3 BsHelpCS;BsHelpCS;D:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 15:58]
R3 FWAuth;FWAuth Driver;D:\WINDOWS\system32\drivers\FWAuthDriver.sys [2008-08-05 15:58]
R3 PAC207;Trust WB-1400T Webcam;D:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 usbscan;Driver scanner USB;D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 usbstor;Driver archiviazione di massa USB;D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 01:08]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;D:\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 IvtBtBUs;IVT Bluetooth Bus Service;D:\WINDOWS\system32\Drivers\IvtBtBus.sys [2008-07-02 14:58]
S3 USBSER34;USBSER34;D:\WINDOWS\system32\Drivers\USBSER34.SYS [2007-09-23 18:00]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-12 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- D:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\Papa'\Dati applicazioni\Mozilla\Firefox\Profiles\295tcjn3.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virgilio.it
FF -: plugin - D:\Programmi\Real\Netscape6\nppl3260.dll
FF -: plugin - D:\Programmi\Real\Netscape6\nprjplug.dll
FF -: plugin - D:\Programmi\Real\Netscape6\nprpjplug.dll
FF -: plugin - D:\Programmi\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-22 22:27:57
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\D:\Programmi\CyberLink\PowerDVD\000.fcl"
.
Ora fine scansione: 2008-08-22 22:28:58
ComboFix-quarantined-files.txt 2008-08-22 20:28:55

Pre-Run: 32,592,281,600 byte disponibili
Post-Run: 32,645,042,176 byte disponibili

281 --- E O F --- 2008-08-16 13:48:45

r16:Ho disistallato come indicato Combofix, ho provato ad installare Money 2000 ma non e cambiato nulla,nel percorso di installavione esce l'avviso di Errore 168 come prima,ti ringrazio comunque per l'impegno.
PS: Su questo forum, qualche giorno fà "monsee" ha avuto un problema del genere nell'installazione di un programma, qualcuno,non ricordo chì, gli ha suggerito di provare ad installarlo in modalità provvisoria e la cosa a funzionato,tu mi parlavi dell'impossibilità in quanto non connesso,ma io utilizzo il CD di installazione di Money 2000, non ho bisogno di essere connesso, fino ad ora non ho provato per paura di ulteriori casini,cosa mi consigli?-Se volesse intervenire anche "monsee" forse risolviamo la cosa,magari anche "alfonso" che da un pò di tempo non si legge,forse è in ferie?
Saluti

r16:Come mi hai suggerito,ho provato ad installare il tool di Microsoft, ma idem come prima.
Appena ho un attimo di tempo proverò ad installare Money in modalità provvisoria e ti farò sapere.
Intanto ti saluto e ringrazio ancora per la collaborazione.

Prova a vedere se trovi la cartella nel Registro.
Start-Esegui- digita: regedit clicca ok.
Clicca sul + di HKEY_LOCAL_MACHINE
Clicca sul + di SOFTWARE.
Nell'elenco che si apre sotto, cerca una cartella Money, vediamo se c'è.

Visto che ci sono i "rimasugli"?
Se vuoi provare ad eliminarla fai cosi':

ti posizioni sulla chiave interessata.(la cartella Money)
tasto destro del mouse e clicca su Autorizzazioni
clicca su Aggiungi
clicca su Avanzate
clicca su Trova e, in basso seleziona, dall'elenco, Everyone
conferma con OK e alla successiva richiesta, conferma, nuovamente con OK

a questo punto, verrai rimandato alla scheda Autorizzazioni
quindi prosegui in questo modo:
spunta la voce Controllo completo (automaticamente verrà messa anche la spunta alla voce In lettura)
conferma con OK
verrai rimandato alla chiave interessata (Money)
rimuovila. ( tasto destro e scegli Elimina)

Affinché le modifiche apportate abbiano effetto, è necessario riavviare il Computer.

Si ho un'altra "cartuccia",ma se non ha funzionato questa........
Scarica :
http://malwarebytes.org/RegASSASSIN.exe
Salvalo sul Desktop.
Basterà aprire l'editor di registro tramite start>esegui>regedit>ok portarsi nella chiave interessata,(la cartella Money)cliccare col tasto destro su di essa,quindi su "copia chiave con nome" e incolla sul riquadro di reg assassin quindi clicca su "delete" e conferma le successive finestre di avviso con ok.
troleo : il problema è quella cartella. (money)
Sei sicuro di essere l'Amministratore del pc ?
P.S:
Prova a fare le stesse operazioni,in quest'altra chiave:
Clicca sul + di Hkey_Current_User
Clicca sul + di SOFTWARE
Nell'elenco che si apre sotto, cerca la cartella Money.