ComboFix 08-07-02.5 - Teresa 2008-07-04 1:08:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.203 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Teresa\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Teresa\Dati applicazioni\inst.exe
C:\Programmi\File comuni\{34A59~1
C:\Programmi\File comuni\{E4A59~1
C:\WINDOWS\file.bat
C:\WINDOWS\system32\UpMedia

.
((((((((((((((((((((((((( Files Creati Da 2008-06-03 al 2008-07-03 )))))))))))))))))))))))))))))))))))
.

2008-07-03 23:36 . 2008-07-04 01:01 <DIR> d-------- C:\VEXPLITE
2008-07-03 23:36 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-28 18:52 . 2008-06-28 18:52 <DIR> d-------- C:\Documents and Settings\Teresa\Shared
2008-06-28 18:51 . 2008-06-28 18:56 <DIR> d-------- C:\Programmi\FrostWire
2008-06-28 18:51 . 2008-06-28 18:51 <DIR> d-------- C:\Programmi\AskSBar
2008-06-28 18:51 . 2008-06-28 18:56 <DIR> d-------- C:\Documents and Settings\Teresa\Dati applicazioni\FrostWire
2008-06-28 18:13 . 2008-06-28 18:28 <DIR> d-------- C:\Downloads
2008-06-26 23:04 . 2008-06-26 23:05 24 --ahs---- C:\WINDOWS\S6E54C6E9.tmp
2008-06-26 23:02 . 2008-06-26 23:06 <DIR> d-------- C:\Programmi\SlySoft
2008-06-26 22:24 . 2008-06-26 22:42 <DIR> d-------- C:\Programmi\Astonsoft
2008-06-26 22:24 . 2008-06-26 22:24 <DIR> d-------- C:\Documents and Settings\Teresa\Dati applicazioni\DeepBurner
2008-06-11 10:05 . 2008-06-11 14:18 <DIR> d-------- C:\Programmi\Bollettini Postali Pro ICI 2.0 Demo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-03 21:46 2,934,272 ----a-w C:\WINDOWS\Internet Logs\xDB168.tmp
2008-07-03 21:46 2,915,840 ----a-w C:\WINDOWS\Internet Logs\xDB166.tmp
2008-07-03 21:46 --------- d-----w C:\Documents and Settings\Teresa\Dati applicazioni\POP Peeper
2008-07-03 20:39 --------- d-----w C:\Programmi\L8+61
2008-07-02 23:11 2,895,360 ----a-w C:\WINDOWS\Internet Logs\xDB167.tmp
2008-07-02 23:11 2,871,296 ----a-w C:\WINDOWS\Internet Logs\xDB165.tmp
2008-07-02 12:24 --------- d-----w C:\Programmi\POP Peeper
2008-06-28 21:36 2,963,456 ----a-w C:\WINDOWS\Internet Logs\xDB164.tmp
2008-06-28 16:49 --------- d-----w C:\Programmi\Java
2008-06-28 15:24 1,432,576 ----a-w C:\WINDOWS\Internet Logs\xDB163.tmp
2008-06-26 21:03 338,432 ----a-w C:\WINDOWS\Internet Logs\xDB161.tmp
2008-06-26 21:03 2,744,832 ----a-w C:\WINDOWS\Internet Logs\xDB162.tmp
2008-06-26 19:55 --------- d-----w C:\Programmi\LimeWire
2008-06-25 23:12 2,844,672 ----a-w C:\WINDOWS\Internet Logs\xDB160.tmp
2008-06-19 14:31 399,872 ----a-w C:\WINDOWS\Internet Logs\xDB15E.tmp
2008-06-19 14:31 2,619,392 ----a-w C:\WINDOWS\Internet Logs\xDB15F.tmp
2008-06-18 23:25 2,616,832 ----a-w C:\WINDOWS\Internet Logs\xDB15D.tmp
2008-06-18 23:25 1,118,720 ----a-w C:\WINDOWS\Internet Logs\xDB15C.tmp
2008-06-18 11:19 2,843,648 ----a-w C:\WINDOWS\Internet Logs\xDB15A.tmp
2008-06-18 11:19 2,612,224 ----a-w C:\WINDOWS\Internet Logs\xDB15B.tmp
2008-06-14 18:48 --------- d-----w C:\Programmi\Superenalotto 3000
2008-06-13 14:33 2,763,264 ----a-w C:\WINDOWS\Internet Logs\xDB158.tmp
2008-06-09 22:38 2,914,816 ----a-w C:\WINDOWS\Internet Logs\xDB157.tmp
2008-06-07 20:32 --------- d-----w C:\Programmi\Visual Lotto 5
2008-06-05 21:48 2,511,360 ----a-w C:\WINDOWS\Internet Logs\xDB159.tmp
2008-06-05 21:48 1,056,768 ----a-w C:\WINDOWS\Internet Logs\xDB156.tmp
2008-06-04 21:32 2,924,544 ----a-w C:\WINDOWS\Internet Logs\xDB154.tmp
2008-06-04 21:32 2,508,800 ----a-w C:\WINDOWS\Internet Logs\xDB155.tmp
2008-05-26 22:01 2,924,544 ----a-w C:\WINDOWS\Internet Logs\xDB152.tmp
2008-05-26 22:01 2,470,912 ----a-w C:\WINDOWS\Internet Logs\xDB153.tmp
2008-05-26 16:08 --------- d-----w C:\Programmi\MP3 Player Utilities 1.47
2008-05-26 13:16 --------- d-----w C:\Programmi\ESET
2008-05-26 12:01 --------- d-----w C:\Programmi\MSECache
2008-05-25 17:58 30,680,118 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-22 16:41 --------- d-----w C:\Programmi\MP3 Player Utilities 4.00
2008-05-13 22:25 602,112 ----a-w C:\WINDOWS\Internet Logs\xDB150.tmp
2008-05-13 22:25 2,410,496 ----a-w C:\WINDOWS\Internet Logs\xDB151.tmp
2008-05-13 17:49 --------- d-----w C:\Programmi\Moleskinsoft Clone Remover 1.9
2008-05-13 17:40 --------- d-----w C:\Programmi\CH-Soft
2008-05-12 22:58 2,913,280 ----a-w C:\WINDOWS\Internet Logs\xDB14F.tmp
2008-05-10 21:22 817,664 ----a-w C:\WINDOWS\Internet Logs\xDB14E.tmp
2008-05-08 21:33 3,006,976 ----a-w C:\WINDOWS\Internet Logs\xDB14D.tmp
2008-04-25 16:03 2,831,872 ----a-w C:\WINDOWS\Internet Logs\xDB14A.tmp
2008-04-25 16:03 2,327,040 ----a-w C:\WINDOWS\Internet Logs\xDB14C.tmp
2008-04-21 16:04 798,208 ----a-w C:\WINDOWS\Internet Logs\xDB148.tmp
2008-04-21 16:04 2,306,560 ----a-w C:\WINDOWS\Internet Logs\xDB149.tmp
2008-04-20 16:07 290,816 ----a-w C:\WINDOWS\Internet Logs\xDB146.tmp
2008-04-20 16:07 2,303,488 ----a-w C:\WINDOWS\Internet Logs\xDB147.tmp
2008-04-19 21:37 318,464 ----a-w C:\WINDOWS\Internet Logs\xDB144.tmp
2008-04-19 21:37 2,302,976 ----a-w C:\WINDOWS\Internet Logs\xDB145.tmp
2008-04-18 21:24 2,849,792 ----a-w C:\WINDOWS\Internet Logs\xDB143.tmp
2008-04-18 21:24 2,300,928 ----a-w C:\WINDOWS\Internet Logs\xDB14B.tmp
2008-04-17 21:15 2,985,472 ----a-w C:\WINDOWS\Internet Logs\xDB141.tmp
2008-04-17 21:15 2,297,856 ----a-w C:\WINDOWS\Internet Logs\xDB142.tmp
2008-04-16 20:55 499,200 ----a-w C:\WINDOWS\Internet Logs\xDB13E.tmp
2008-04-16 20:55 2,296,832 ----a-w C:\WINDOWS\Internet Logs\xDB13F.tmp
2008-04-15 20:06 2,903,040 ----a-w C:\WINDOWS\Internet Logs\xDB13D.tmp
2008-04-15 20:06 2,294,272 ----a-w C:\WINDOWS\Internet Logs\xDB140.tmp
2008-04-12 17:00 2,920,960 ----a-w C:\WINDOWS\Internet Logs\xDB13B.tmp
2008-04-12 17:00 2,243,072 ----a-w C:\WINDOWS\Internet Logs\xDB13C.tmp
2008-04-08 19:30 647,680 ----a-w C:\WINDOWS\Internet Logs\xDB139.tmp
2008-04-08 19:30 2,236,928 ----a-w C:\WINDOWS\Internet Logs\xDB13A.tmp
2008-04-06 21:01 792,576 ----a-w C:\WINDOWS\Internet Logs\xDB137.tmp
2008-04-06 21:01 2,230,272 ----a-w C:\WINDOWS\Internet Logs\xDB138.tmp
2008-04-05 18:39 128,512 ----a-w C:\WINDOWS\Internet Logs\xDB136.tmp
2008-04-05 14:46 2,780,160 ----a-w C:\WINDOWS\Internet Logs\xDB133.tmp
2008-04-05 14:46 2,206,208 ----a-w C:\WINDOWS\Internet Logs\xDB135.tmp
2007-08-31 15:54 47,360 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\pcouffin.sys
2007-02-15 22:52 384 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\internaldb6334.dat
2007-02-15 22:23 194 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\internaldb8467.dat
2007-02-15 22:23 18,432 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\internaldb41.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"Gadwin PrintScreen 3.5"="C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe" [2006-07-08 10:57 1101824]
"POP Peeper"="C:\Programmi\POP Peeper\POPPeeper.exe" [2008-03-12 01:09 1429504]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 13:36 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 12:35 335872]
"Omnipage"="C:\Programmi\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2006-09-01 02:35 917504]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"ZoneAlarm Client"="C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Programmi\QuickTime Alternative\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-06-19 19:41 245760]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 15:39 110592 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - C:\Programmi\Bluetooth Software\BTTray.exe [2004-10-01 16:12:18 565309]
NkvMon.exe.lnk - C:\Programmi\Nikon\NkView6\NkvMon.exe [2006-10-07 20:44:13 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9830:TCP"= 9830:TCP:BitComet 9830 TCP
"9830:UDP"= 9830:UDP:BitComet 9830 UDP

R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-06-12 12:31]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 SAVRKBootTasks;Boot Tasks Driver;C:\WINDOWS\system32\SAVRKBootTasks.sys [2007-02-22 11:43]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2007-10-10 12:12]
S2 LogEry;LogEry;"C:\Programmi\File comuni\Microsoft Shared\JSd.exe" []
S3 SER120;OTI Serial port driver;C:\WINDOWS\system32\DRIVERS\SER120.sys [2004-12-08 19:24]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-26 17:09:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
Notify-WgaLogon - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-04 01:11:19
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-07-04 1:15:14
ComboFix-quarantined-files.txt 2008-07-03 23:14:17

13 Directory 51,739,439,104 byte disponibili
19 Directory 51,726,041,088 byte disponibili

187







Logfile of HijackThis v1.99.1
Scan saved at 1.20.23, on 04/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\POP Peeper\POPPeeper.exe
C:\Programmi\Bluetooth Software\BTTray.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Teresa\Desktop\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen 3.5] C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
O4 - HKCU\..\Run: [POP Peeper] "C:\Programmi\POP Peeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Programmi\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Scarica con Download &Express - C:\Programmi\Download Express\Add_Url.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A00657C-F542-429F-BD62-C51CC28206F5}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A00657C-F542-429F-BD62-C51CC28206F5}: NameServer = 85.37.17.50 85.38.28.76
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Susy per non perdere il filo posta sempre nel solito topic,non è un rimprovero ma un consiglio,chi ti aiuta segue meglio l'evolversi del problema..

Tranquillo, ieri sera abbiamo risposto in simultanea.
Il file a cui alludi non è pericoloso, in quanto non è in esecuzione (infatti compare nel log di ComboFix, ma non in quello di HijackThis). L'analizzatore on-line di HijackThis lo dà come sicuro.
Ciao.

---

Ciao P2.
Forse all'interno di quella cartella si trovano quella sfilza di file che segnala Combofix:
C:\WINDOWS\Internet Logs\xDB167.tmp
2008-07-02 23:11 2,871,296 ----a-w C:\WINDOWS\Internet Logs\xDB165.tmp

2008-06-28 21:36 2,963,456 ----a-w C:\WINDOWS\Internet Logs\xDB164.tmp
2008-06-28 16:49 --------- d-----w 2008-06-28 15:24 1,432,576 ----a-w C:\WINDOWS\Internet Logs\xDB163.tmp
2008-06-26 21:03 338,432 ----a-w C:\WINDOWS\Internet Logs\xDB161.tmp
2008-06-26 21:03 2,744,832 ----a-w C:\WINDOWS\Internet Logs\xDB162.tmp

2008-06-25 23:12 2,844,672 ----a-w C:\WINDOWS\Internet Logs\xDB160.tmp
2008-06-19 14:31 399,872 ----a-w C:\WINDOWS\Internet Logs\xDB15E.tmp
2008-06-19 14:31 2,619,392 ----a-w C:\WINDOWS\Internet Logs\xDB15F.tmp
2008-06-18 23:25 2,616,832 ----a-w C:\WINDOWS\Internet Logs\xDB15D.tmp
2008-06-18 23:25 1,118,720 ----a-w C:\WINDOWS\Internet Logs\xDB15C.tmp
2008-06-18 11:19 2,843,648 ----a-w C:\WINDOWS\Internet Logs\xDB15A.tmp
2008-06-18 11:19 2,612,224 ----a-w C:\WINDOWS\Internet Logs\xDB15B.tmp

2008-06-13 14:33 2,763,264 ----a-w C:\WINDOWS\Internet Logs\xDB158.tmp
2008-06-09 22:38 2,914,816 ----a-w C:\WINDOWS\Internet Logs\xDB157.tmp

2008-06-05 21:48 2,511,360 ----a-w C:\WINDOWS\Internet Logs\xDB159.tmp
2008-06-05 21:48 1,056,768 ----a-w C:\WINDOWS\Internet Logs\xDB156.tmp
2008-06-04 21:32 2,924,544 ----a-w C:\WINDOWS\Internet Logs\xDB154.tmp
2008-06-04 21:32 2,508,800 ----a-w C:\WINDOWS\Internet Logs\xDB155.tmp
2008-05-26 22:01 2,924,544 ----a-w C:\WINDOWS\Internet Logs\xDB152.tmp
2008-05-26 22:01 2,470,912 ----a-w C:\WINDOWS\Internet Logs\xDB153.tmp
Poi ci sarebbero anche questi :
:\Documents and Settings\Teresa\Dati applicazioni\internaldb6334.dat
2007-02-15 22:23 194 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\internaldb8467.dat
2007-02-15 22:23 18,432 ----a-w C:\Documents and Settings\Teresa\Dati applicazioni\internaldb41.dat
Non dico che sono pericolosi,però possono essere dei "rimasugli" dei file infetti che combofix ha cancellato in "altre Eliminazioni"
C:\Documents and Settings\Teresa\Dati applicazioni\inst.exe
Dai un'occhiata qui:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t122760.html
Io li farei fuori.......mi puzzano da matti.....

Mi ero dimenticato.
Il file in rosso è un trojan ma ComboFix vedo che lo ha rimosso.
C:\Documents and Settings\Teresa\Dati applicazioni\inst.exe

Pure gli altri vanno eliminati.
http://www.geekstogo.com/forum/Virus-BUGS-t201119.html&pid=1258172
Ciao.

---

Infatti erano i file scritti in rosso che mi davano fastidio.
Era quello che volevo sapere.
Grazie.

scusatemi per il ritardo con cui vi rispondo
non so cosa sia successo, ma il pc non caricava più windows e quindi ho dovuto formattare.
adesso è come nuovo.
Sto installando alcuni programmi per la protezione
grazie a tutti