Mi è comparsa un altra novità, non riesco più ad entrare sul sito delle poste Italiane, mi compare sempre una videata con scritto advance card verification che chiede se chiudere la finestra perchè la pagina Web sta tentando di aprirne una, qualsiasi cosa clicco si blocca tutto e si ritorna alla pagina iniziale si blocca tutto, mi sembra di aver letto che potrebbe essere un finto antivirus, ma come fare èper eliminarlo, ho provato di tutto ma non riesco ancora a risolvere il problema.

Ciao.
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.malwarebytes.org/
Prima di fare la scansione AGGIORNALO.
Esegui una scansione completa del sistema
Posta il log.
Poi posta un log di HJT.
*********************************************************************************************************
Poi esegui questa operazione:
Scarica MBR:EXE direttamente nella Directory C:\ (è di fondamentale importanza che lo scarichi in C: dove risiede il Sistema operativo, altrimenti non funziona.)
http://www2.gmer.net/mbr/mbr.exe
Riavvia il Pc in modalità provvisoria
Da Start - Esegui - digita C:\mbr.exe e clicca su OK
Posta il log che troverai dove hai scaricato il Tooll MBR.exe, ovvero in C:
N.B: la scansione dura pochi secondi.

Scusa la cavolata, capito, lo devo salvare in C.

Ciao.
Lo puoi anche "trascinare".
Importante: lo devi mettere dove si trova il Sistema Operativo. (Windows)
Se il S.O si trova con la lettera diversa da C: (magari F,H,D, ecc...) devi metterlo dove si trova quella lettera.
Mi spiego (come al solito) da far schifo, ma spero lo stesso che tu abbia capito.

Posto lo stezzo il logo di mbr.exe

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
MBR rootkit code detected !
malicious code @ sector 0x98a412b size 0x1b0 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Ecco il log, se come dici è infetto strano che nessun programma per malware, compreso quello indicato non abbia trovato niente.


Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
MBR rootkit code detected !
malicious code @ sector 0x98a412b size 0x1b0 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Ti allego il log di hijack this e di seguito l'altro log, ho visto che facendo la scansione con spybot ha trovato 5 malware, ma il problema sul sito delle poste con ADVACED card rimane e non riesco ad entrare con la mia pass



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.45.46, on 17/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{59727D33-2F7A-495C-AFF4-4B3B01B5E712}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 6866 bytes





Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae.exe
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae_nav.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae_navps.dat

----- BITS: Possibili siti infetti -----

hxxp://blog.roodo.com
.
((((((((((((((((((((((((( Files Creati Da 2008-12-17 al 2009-01-17 )))))))))))))))))))))))))))))))))))
.

2009-01-16 22:03 . 2009-01-16 22:25 4,700,372,992 --a------ C:\Foto ultimi album.mdf
2009-01-16 22:03 . 2009-01-16 22:25 4,314 --a------ C:\Foto ultimi album.mds
2009-01-16 14:15 . 2009-01-16 14:15 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-16 14:15 . 2009-01-16 14:15 1,409 --a------ c:\windows\QTFont.for
2009-01-16 02:33 . 2009-01-16 02:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-16 02:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 02:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-16 02:23 . 2009-01-16 02:23 66,048 --a------ C:\mbr.exe
2009-01-15 02:34 . 2009-01-15 02:34 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\Malwarebytes
2009-01-15 02:34 . 2009-01-15 02:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-15 02:21 . 2009-01-17 11:26 <DIR> d-------- c:\programmi\Enigma Software Group
2009-01-14 19:26 . 2009-01-14 19:45 <DIR> d-------- c:\programmi\Anti Trojan Elite
2009-01-14 16:03 . 2009-01-14 19:17 <DIR> d-------- c:\programmi\Fighters
2009-01-14 16:03 . 2009-01-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-01-06 13:49 . 2009-01-06 13:49 <DIR> d-------- c:\documents and settings\Attilio\Contacts
2008-12-29 20:03 . 2008-12-29 20:03 <DIR> d-------- c:\programmi\IrfanView
2008-12-27 01:35 . 2008-12-27 01:35 <DIR> d-------- c:\programmi\Blaze Audio
2008-12-26 22:28 . 2008-12-29 12:54 73 --ahs---- c:\windows\system32\SYSDRV004.SYS
2008-12-26 22:28 . 2008-12-26 22:28 61 --a------ c:\windows\system32\SYSTMBXNDRV.SYS
2008-12-26 16:10 . 2008-12-26 16:10 0 --a------ c:\windows\RealOrch.INI
2008-12-26 16:06 . 2008-12-26 16:06 <DIR> d-------- c:\documents and settings\Paolo\WINDOWS
2008-12-26 16:06 . 1995-11-28 02:42 283,648 --a------ c:\windows\uninst.exe
2008-12-26 15:53 . 2008-12-26 15:55 <DIR> d-------- c:\programmi\REAPER
2008-12-26 15:53 . 2008-12-26 15:53 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\REAPER
2008-12-26 15:42 . 2008-12-26 15:44 265 --a------ c:\windows\ar.INI
2008-12-26 15:18 . 2008-12-26 15:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2008-12-26 14:18 . 2008-10-16 21:04 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-26 14:18 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-26 14:18 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-26 14:18 . 2008-10-16 21:04 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-26 14:18 . 2008-10-16 21:04 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-26 14:18 . 2008-10-16 21:04 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-26 14:18 . 2008-10-16 21:04 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-26 14:18 . 2008-10-16 21:04 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-26 14:18 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-26 02:46 . 2008-12-26 15:29 <DIR> d-------- c:\programmi\Karaoke Star
2008-12-26 02:46 . 2008-12-26 02:46 253,952 --------- c:\windows\Setup1.exe
2008-12-26 02:46 . 2008-12-26 02:46 74,752 --a------ c:\windows\ST6UNST.EXE
2008-12-25 20:42 . 2008-12-25 20:42 <DIR> d-------- c:\documents and settings\Attilio\Dati applicazioni\Yahoo!
2008-12-24 01:15 . 2009-01-16 14:09 <DIR> d-------- c:\programmi\PhotoScape
2008-12-23 23:30 . 2008-12-23 23:54 <DIR> d-------- c:\programmi\Collage Maker
2008-12-23 15:16 . 2008-12-23 15:16 <DIR> d-------- c:\programmi\FirmTools
2008-12-23 15:05 . 2008-12-24 01:01 <DIR> d-------- c:\programmi\webGobbler
2008-12-23 14:28 . 2008-12-23 14:42 1,553 --a------ C:\Lotto avorio A.dbr
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\programmi\Trend Micro
2008-12-18 14:47 . 2008-12-02 11:20 102,479 --------- c:\windows\hpoins05.dat.temp
2008-12-18 14:47 . 2005-06-22 08:47 17,505 --------- c:\windows\hpomdl07.dat
2008-12-17 14:04 . 2008-12-17 14:04 <DIR> d-------- c:\programmi\XnView
2008-12-17 14:04 . 2009-01-11 23:46 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\XnView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 13:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-01-16 20:56 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\dvdcss
2009-01-08 21:40 --------- d-----w c:\programmi\eMule
2009-01-05 09:11 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Arcsoft
2008-12-30 03:11 --------- d-----w c:\programmi\Google
2008-12-15 11:53 --------- d-----w c:\programmi\Picasa2
2008-12-15 11:04 --------- d-----w c:\programmi\Slideshow pro
2008-12-15 10:54 --------- d-----w c:\programmi\mresreg
2008-12-15 10:50 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-15 10:50 --------- d-----w c:\programmi\CyberLink
2008-12-15 10:49 --------- d-----w c:\programmi\DivX
2008-12-15 10:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-12-15 10:01 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\CyberLink
2008-12-15 09:48 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-15 09:15 --------- d-----w c:\programmi\File comuni\ACD Systems
2008-12-15 03:07 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\ACD Systems
2008-12-15 00:56 --------- d-----w c:\programmi\Extra Photo SlideShow Free
2008-12-15 00:32 --------- d-----w c:\programmi\Photo Story 3 for Windows
2008-12-14 11:08 --------- d-----w c:\programmi\Microsoft Calculator Plus
2008-12-12 00:06 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Pegasys Inc
2008-12-12 00:00 --------- d-----w c:\programmi\Pegasys Inc
2008-12-11 14:28 --------- d-----w c:\programmi\Acoolsoft
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 20:13 223,128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2008-12-09 20:07 --------- d-----w c:\programmi\Alcohol Soft
2008-12-09 20:05 96,384 ----a-w c:\windows\system32\drivers\sptd1133.sys
2008-12-09 20:05 642,560 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-06 09:48 164,352 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-12-06 09:48 --------- d-----w c:\programmi\Illustrate
2008-12-06 09:32 --------- d-----w c:\programmi\MP3Gain
2008-12-06 09:28 --------- d-----w c:\programmi\Java
2008-12-04 22:30 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Ahead
2008-12-04 22:28 --------- d-----w c:\programmi\File comuni\Ahead
2008-12-04 22:28 --------- d-----w c:\programmi\Ahead
2008-12-04 22:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-12-04 22:22 --------- d-----w c:\programmi\ArcSoft
2008-12-04 22:10 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-12-04 22:10 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-12-04 09:40 --------- d-----w c:\programmi\Windows Live
2008-12-04 00:08 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Ulead Systems
2008-12-04 00:07 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-04 00:06 --------- d-----w c:\programmi\File comuni\SONY Digital Images
2008-12-04 00:05 --------- d-----w c:\programmi\Windows Media Components
2008-12-04 00:05 --------- d-----w c:\programmi\Ulead Systems
2008-12-04 00:05 --------- d-----w c:\programmi\File comuni\Ulead Systems
2008-12-03 22:19 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Windows Live Writer
2008-12-03 22:12 --------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2008-12-03 22:05 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-12-03 22:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-03 08:38 --------- d-----w c:\programmi\Unlocker
2008-12-02 22:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2008-12-02 22:39 --------- d-----w c:\programmi\Yahoo!
2008-12-02 20:23 --------- d-----w c:\programmi\MailNavigator
2008-12-02 10:42 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-02 10:41 --------- d-----w c:\programmi\CyberLink DVD Solution
2008-12-02 10:22 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-02 10:16 --------- d-----w c:\programmi\File comuni\Hewlett-Packard
2008-12-02 10:15 --------- d-----w c:\programmi\HP
2008-12-02 09:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-02 02:35 82,464 ----a-w c:\windows\system32\drivers\snapman.sys
2008-12-02 02:35 37,888 ----a-w c:\windows\system32\setupnt.dll
2008-12-02 02:35 28,896 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-02 02:35 211,520 ----a-w c:\windows\system32\drivers\timntr.sys
2008-12-02 02:35 126,976 ----a-w c:\windows\system32\snapapi.dll
2008-12-02 02:35 --------- d-----w c:\programmi\File comuni\Acronis
2008-12-02 02:35 --------- d-----w c:\programmi\Acronis
2008-12-02 02:25 --------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\SDHelper (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2008-12-02 01:51 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Yahoo!
2008-12-02 01:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-12-02 01:10 --------- d-----w c:\programmi\ATI Technologies
2008-12-02 00:58 --------- d-----w c:\programmi\Analog Devices
2008-12-02 00:05 --------- d-----w c:\programmi\RegSeeker
2008-12-02 00:00 --------- d-----w c:\programmi\Lavasoft
2008-12-01 23:56 --------- d-----w c:\programmi\Riva
2008-12-01 23:56 --------- d-----w c:\programmi\File comuni\SWF Studio
2008-12-01 23:53 --------- d-----w c:\programmi\VideoLAN
2008-12-01 23:53 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\vlc
2008-12-01 23:52 --------- d-----w c:\programmi\Lavalys
2008-12-01 23:51 --------- d-----w c:\programmi\ToniArts
2008-12-01 23:51 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\DeepBurner
2008-12-01 23:50 --------- d-----w c:\programmi\Astonsoft
2008-12-01 23:50 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Media Player Classic
2008-12-01 23:49 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-12-01 23:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-01 23:48 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Lavasoft
2008-12-01 23:29 --------- d-----w c:\programmi\Alwil Software
2008-12-01 23:16 --------- d-----w c:\programmi\Thomson
2008-12-01 23:16 --------- d-----w c:\programmi\Telecom Italia
2008-12-01 22:55 --------- d-----w c:\programmi\microsoft frontpage
2008-12-01 22:53 --------- d-----w c:\programmi\Servizi in linea
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2006-10-19 15:30 533,574 ----a-w c:\programmi\pllangs.exe
2006-10-19 15:28 2,855,080 ----a-w c:\programmi\aawsepersonal.exe
2006-10-16 16:04 2,958 ----a-w c:\programmi\LEGGIMI.htm
2004-03-18 16:00 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-02 111184]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2008-12-11 16384]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-02 20560]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
.
.
------- Scansione supplementare -------

ComboFix 09-01-16.03 - Paolo 2009-01-17 15.51.50.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.1022.680 [GMT 1:00]
Eseguito da: c:\documents and settings\Paolo\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090116-1] *On-access scanning disabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae.exe
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae_nav.dat
c:\documents and settings\Paolo\Impostazioni locali\Dati applicazioni\wmemsae_navps.dat

----- BITS: Possibili siti infetti -----

hxxp://blog.roodo.com
.
((((((((((((((((((((((((( Files Creati Da 2008-12-17 al 2009-01-17 )))))))))))))))))))))))))))))))))))
.

2009-01-16 22:03 . 2009-01-16 22:25 4,700,372,992 --a------ C:\Foto ultimi album.mdf
2009-01-16 22:03 . 2009-01-16 22:25 4,314 --a------ C:\Foto ultimi album.mds
2009-01-16 14:15 . 2009-01-16 14:15 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-16 14:15 . 2009-01-16 14:15 1,409 --a------ c:\windows\QTFont.for
2009-01-16 02:33 . 2009-01-16 02:33 <DIR> d-------- c:\programmi\Malwarebytes' Anti-Malware
2009-01-16 02:33 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-16 02:33 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-16 02:23 . 2009-01-16 02:23 66,048 --a------ C:\mbr.exe
2009-01-15 02:34 . 2009-01-15 02:34 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\Malwarebytes
2009-01-15 02:34 . 2009-01-15 02:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-01-15 02:21 . 2009-01-17 11:26 <DIR> d-------- c:\programmi\Enigma Software Group
2009-01-14 19:26 . 2009-01-14 19:45 <DIR> d-------- c:\programmi\Anti Trojan Elite
2009-01-14 16:03 . 2009-01-14 19:17 <DIR> d-------- c:\programmi\Fighters
2009-01-14 16:03 . 2009-01-14 16:03 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Fighters
2009-01-06 13:49 . 2009-01-06 13:49 <DIR> d-------- c:\documents and settings\Attilio\Contacts
2008-12-29 20:03 . 2008-12-29 20:03 <DIR> d-------- c:\programmi\IrfanView
2008-12-27 01:35 . 2008-12-27 01:35 <DIR> d-------- c:\programmi\Blaze Audio
2008-12-26 22:28 . 2008-12-29 12:54 73 --ahs---- c:\windows\system32\SYSDRV004.SYS
2008-12-26 22:28 . 2008-12-26 22:28 61 --a------ c:\windows\system32\SYSTMBXNDRV.SYS
2008-12-26 16:10 . 2008-12-26 16:10 0 --a------ c:\windows\RealOrch.INI
2008-12-26 16:06 . 2008-12-26 16:06 <DIR> d-------- c:\documents and settings\Paolo\WINDOWS
2008-12-26 16:06 . 1995-11-28 02:42 283,648 --a------ c:\windows\uninst.exe
2008-12-26 15:53 . 2008-12-26 15:55 <DIR> d-------- c:\programmi\REAPER
2008-12-26 15:53 . 2008-12-26 15:53 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\REAPER
2008-12-26 15:42 . 2008-12-26 15:44 265 --a------ c:\windows\ar.INI
2008-12-26 15:18 . 2008-12-26 15:18 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2008-12-26 14:18 . 2008-10-16 21:04 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-12-26 14:18 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-12-26 14:18 . 2007-03-08 06:11 1,032,192 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-26 14:18 . 2008-10-16 21:04 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2008-12-26 14:18 . 2008-10-16 21:04 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2008-12-26 14:18 . 2008-10-16 21:04 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2008-12-26 14:18 . 2008-10-16 21:04 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2008-12-26 14:18 . 2008-10-16 21:04 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-26 14:18 . 2008-10-16 14:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2008-12-26 02:46 . 2008-12-26 15:29 <DIR> d-------- c:\programmi\Karaoke Star
2008-12-26 02:46 . 2008-12-26 02:46 253,952 --------- c:\windows\Setup1.exe
2008-12-26 02:46 . 2008-12-26 02:46 74,752 --a------ c:\windows\ST6UNST.EXE
2008-12-25 20:42 . 2008-12-25 20:42 <DIR> d-------- c:\documents and settings\Attilio\Dati applicazioni\Yahoo!
2008-12-24 01:15 . 2009-01-16 14:09 <DIR> d-------- c:\programmi\PhotoScape
2008-12-23 23:30 . 2008-12-23 23:54 <DIR> d-------- c:\programmi\Collage Maker
2008-12-23 15:16 . 2008-12-23 15:16 <DIR> d-------- c:\programmi\FirmTools
2008-12-23 15:05 . 2008-12-24 01:01 <DIR> d-------- c:\programmi\webGobbler
2008-12-23 14:28 . 2008-12-23 14:42 1,553 --a------ C:\Lotto avorio A.dbr
2008-12-18 19:58 . 2008-12-18 19:58 <DIR> d-------- c:\programmi\Trend Micro
2008-12-18 14:47 . 2008-12-02 11:20 102,479 --------- c:\windows\hpoins05.dat.temp
2008-12-18 14:47 . 2005-06-22 08:47 17,505 --------- c:\windows\hpomdl07.dat
2008-12-17 14:04 . 2008-12-17 14:04 <DIR> d-------- c:\programmi\XnView
2008-12-17 14:04 . 2009-01-11 23:46 <DIR> d-------- c:\documents and settings\Paolo\Dati applicazioni\XnView

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-17 13:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ulead Systems
2009-01-16 20:56 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\dvdcss
2009-01-08 21:40 --------- d-----w c:\programmi\eMule
2009-01-05 09:11 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Arcsoft
2008-12-30 03:11 --------- d-----w c:\programmi\Google
2008-12-15 11:53 --------- d-----w c:\programmi\Picasa2
2008-12-15 11:04 --------- d-----w c:\programmi\Slideshow pro
2008-12-15 10:54 --------- d-----w c:\programmi\mresreg
2008-12-15 10:50 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-12-15 10:50 --------- d-----w c:\programmi\CyberLink
2008-12-15 10:49 --------- d-----w c:\programmi\DivX
2008-12-15 10:05 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SmartSound Software Inc
2008-12-15 10:01 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\CyberLink
2008-12-15 09:48 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-15 09:15 --------- d-----w c:\programmi\File comuni\ACD Systems
2008-12-15 03:07 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\ACD Systems
2008-12-15 00:56 --------- d-----w c:\programmi\Extra Photo SlideShow Free
2008-12-15 00:32 --------- d-----w c:\programmi\Photo Story 3 for Windows
2008-12-14 11:08 --------- d-----w c:\programmi\Microsoft Calculator Plus
2008-12-12 00:06 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Pegasys Inc
2008-12-12 00:00 --------- d-----w c:\programmi\Pegasys Inc
2008-12-11 14:28 --------- d-----w c:\programmi\Acoolsoft
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-09 20:13 223,128 ----a-w c:\windows\system32\drivers\vaxscsi.sys
2008-12-09 20:07 --------- d-----w c:\programmi\Alcohol Soft
2008-12-09 20:05 96,384 ----a-w c:\windows\system32\drivers\sptd1133.sys
2008-12-09 20:05 642,560 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-06 09:48 164,352 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-12-06 09:48 --------- d-----w c:\programmi\Illustrate
2008-12-06 09:32 --------- d-----w c:\programmi\MP3Gain
2008-12-06 09:28 --------- d-----w c:\programmi\Java
2008-12-04 22:30 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Ahead
2008-12-04 22:28 --------- d-----w c:\programmi\File comuni\Ahead
2008-12-04 22:28 --------- d-----w c:\programmi\Ahead
2008-12-04 22:28 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Ahead
2008-12-04 22:22 --------- d-----w c:\programmi\ArcSoft
2008-12-04 22:10 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-12-04 22:10 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-12-04 09:40 --------- d-----w c:\programmi\Windows Live
2008-12-04 00:08 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Ulead Systems
2008-12-04 00:07 --------- d-----w c:\programmi\File comuni\InstallShield
2008-12-04 00:06 --------- d-----w c:\programmi\File comuni\SONY Digital Images
2008-12-04 00:05 --------- d-----w c:\programmi\Windows Media Components
2008-12-04 00:05 --------- d-----w c:\programmi\Ulead Systems
2008-12-04 00:05 --------- d-----w c:\programmi\File comuni\Ulead Systems
2008-12-03 22:19 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Windows Live Writer
2008-12-03 22:12 --------- d-----w c:\programmi\Microsoft SQL Server Compact Edition
2008-12-03 22:05 --------- dcsh--w c:\programmi\File comuni\WindowsLiveInstaller
2008-12-03 22:03 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\WLInstaller
2008-12-03 08:38 --------- d-----w c:\programmi\Unlocker
2008-12-02 22:46 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo!
2008-12-02 22:39 --------- d-----w c:\programmi\Yahoo!
2008-12-02 20:23 --------- d-----w c:\programmi\MailNavigator
2008-12-02 10:42 --------- d-----w c:\programmi\Spybot - Search & Destroy
2008-12-02 10:41 --------- d-----w c:\programmi\CyberLink DVD Solution
2008-12-02 10:22 --------- d-----w c:\programmi\File comuni\Adobe
2008-12-02 10:16 --------- d-----w c:\programmi\File comuni\Hewlett-Packard
2008-12-02 10:15 --------- d-----w c:\programmi\HP
2008-12-02 09:43 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-02 02:35 82,464 ----a-w c:\windows\system32\drivers\snapman.sys
2008-12-02 02:35 37,888 ----a-w c:\windows\system32\setupnt.dll
2008-12-02 02:35 28,896 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-12-02 02:35 211,520 ----a-w c:\windows\system32\drivers\timntr.sys
2008-12-02 02:35 126,976 ----a-w c:\windows\system32\snapapi.dll
2008-12-02 02:35 --------- d-----w c:\programmi\File comuni\Acronis
2008-12-02 02:35 --------- d-----w c:\programmi\Acronis
2008-12-02 02:25 --------- d-----w c:\programmi\TeaTimer (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\SDHelper (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2008-12-02 02:25 --------- d-----w c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2008-12-02 01:51 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Yahoo!
2008-12-02 01:51 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion
2008-12-02 01:10 --------- d-----w c:\programmi\ATI Technologies
2008-12-02 00:58 --------- d-----w c:\programmi\Analog Devices
2008-12-02 00:05 --------- d-----w c:\programmi\RegSeeker
2008-12-02 00:00 --------- d-----w c:\programmi\Lavasoft
2008-12-01 23:56 --------- d-----w c:\programmi\Riva
2008-12-01 23:56 --------- d-----w c:\programmi\File comuni\SWF Studio
2008-12-01 23:53 --------- d-----w c:\programmi\VideoLAN
2008-12-01 23:53 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\vlc
2008-12-01 23:52 --------- d-----w c:\programmi\Lavalys
2008-12-01 23:51 --------- d-----w c:\programmi\ToniArts
2008-12-01 23:51 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\DeepBurner
2008-12-01 23:50 --------- d-----w c:\programmi\Astonsoft
2008-12-01 23:50 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Media Player Classic
2008-12-01 23:49 --------- d-----w c:\programmi\K-Lite Codec Pack
2008-12-01 23:49 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Apple Computer
2008-12-01 23:48 --------- d-----w c:\documents and settings\Paolo\Dati applicazioni\Lavasoft
2008-12-01 23:29 --------- d-----w c:\programmi\Alwil Software
2008-12-01 23:16 --------- d-----w c:\programmi\Thomson
2008-12-01 23:16 --------- d-----w c:\programmi\Telecom Italia
2008-12-01 22:55 --------- d-----w c:\programmi\microsoft frontpage
2008-12-01 22:53 --------- d-----w c:\programmi\Servizi in linea
2008-11-10 04:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2006-10-19 15:30 533,574 ----a-w c:\programmi\pllangs.exe
2006-10-19 15:28 2,855,080 ----a-w c:\programmi\aawsepersonal.exe
2006-10-16 16:04 2,958 ----a-w c:\programmi\LEGGIMI.htm
2004-03-18 16:00 40,960 ----a-w c:\programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="c:\programmi\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 878080]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.dvacm"= c:\progra~1\FILECO~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-02 111184]
R3 VAD_DEV;Virtual Audio Service;c:\windows\system32\drivers\vad.sys [2008-12-11 16384]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-02 20560]
S3 ATE_PROCMON;ATE_PROCMON;\??\c:\programmi\Anti Trojan Elite\ATEPMon.sys --> c:\programmi\Anti Trojan Elite\ATEPMon.sys [?]
.
.
------- Scansione supplementare -------
.
uStart Page = www.libero.it/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Paolo\Dati applicazioni\Mozilla\Firefox\Profiles\zo9mrluv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2120366&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Nova-IT Customized Web Search
FF - prefs.js: browser.startup.homepage - www.libero.it
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2120366&SearchSource=2&q=
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-17 15:53:34
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2009-01-17 15.54.51
ComboFix-quarantined-files.txt 2009-01-17 14:54:49

Pre-Run: 7.071.154.176 byte disponibili
Post-Run: 9,394,180,096 byte disponibili

240 --- E O F --- 2009-01-14 02:00:16

Alla fine di tutte queste prove ho notato che certamente il PC funziona meglio, più veloce ma il problema del sito poste resta, cioè riesco ad entrare nella mia utenza, quando clicco per avere la situazione saldo ecc del conto postale o postepay compare quella maledetta richiesta di advanced card certificazione che segnala che si sta per chiudere la finestra e cliccare si o no, qualsiasi cliccata mi blocca il PC e devo riaccenderlo senza altra soluzione con il tasto Reset. Ho provato alla fine a fare anche un ripristino di Windows risalente a parecchio tempo fa che chiaramente mi ha cancellato alcuni programmi installati, sembrava tutto ok, ma il problema poste rimane. Vedo ora se le poste ne sanno qualcosa o c'è qualche altra soluzione. Una sicuramente ci sarebbe , io quando ho grossi problemi al PC non mi preoccupo più di tanto, quando installo il sistema operativo faccio sempre una immagine del tutto con Acronis, male che vada ritorno a quella configurazione pulita di quel giorno, per me è il sistema unico e migliore, l'unico problema è che se questo succede dopo parecchio devo di nuovo se non ho rifatto una immagine recente reinstallare parecchie cose, Lo avrei fatto lo stesso ora, solo che me lo impedisce spesso un programma che ho acquistato on line e che ha bisogno di richiedere ogni qualvolta che resetto o uso Acronis della richiesta della chiave di attivazione, quindi sono stufo di richiederla perchè è successo già parecchie volte e sembra che uno rompa le scatole.
grazie di tutti gli utili i consigli comunque.