hai disinstallato skype?

questo maledetto è veramente una carogna!!!!!!

va fatto cosi oppure in modalità provvisoria?

ComboFix 09-03-15.01 - responsabile 2009-03-16 16:54:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2030.1626 [GMT 1:00]
Eseguito da: c:\documents and settings\responsabile\Desktop\Dow\ComboFix.exe
.

((((((((((((((((((((((((( Files Creati Da 2009-02-16 al 2009-03-16 )))))))))))))))))))))))))))))))))))
.

2009-03-16 16:55 . 2009-03-16 16:55 53,248 --a------ c:\temp\catchme.dll
2009-03-16 16:54 . 2009-03-16 16:54 <DIR> d-------- c:\temp\WPDNSE
2009-03-16 16:29 . 2009-03-16 16:29 16,384 --a----t- c:\temp\Perflib_Perfdata_744.dat
2009-03-13 16:25 . 2009-03-16 11:48 12,951,584 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-03-13 16:25 . 2009-03-16 11:27 109,724 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-03-13 12:34 . 2009-03-16 16:31 <DIR> d-------- c:\programmi\FindyKill
2009-03-13 11:22 . 2009-03-13 11:22 <DIR> d--h-c--- c:\documents and settings\All Users\Dati applicazioni\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-13 09:21 . 2009-03-13 09:21 <DIR> d-------- c:\programmi\Panda Security
2009-03-11 12:31 . 2009-03-11 12:31 <DIR> d-------- c:\programmi\Ashampoo
2009-03-11 12:19 . 2009-03-13 08:28 <DIR> d-------- c:\programmi\Nufsoft
2009-03-06 09:56 . 2009-03-06 09:56 <DIR> d-------- c:\programmi\1618-Roulette
2009-03-03 15:40 . 2009-03-03 15:40 45 ---h----- c:\windows\dsez8417.dat
2009-02-26 17:21 . 2009-02-26 17:21 23 --ahs---- c:\windows\system32\edacded0_x.dat
2009-02-26 17:21 . 2009-02-26 17:21 23 --a------ c:\windows\system32\bcdadac7_x.xml
2009-02-19 23:16 . 2009-02-19 23:16 12,124,374 --a------ c:\windows\PhotoFiltre-Wallpaper.bmp
2009-02-17 11:48 . 2009-02-17 11:48 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-17 11:47 . 2003-06-25 16:05 266,360 --a------ c:\windows\system32\TweakUI.exe
2009-02-17 11:47 . 2002-06-21 15:09 160,217 --a------ c:\windows\system32\PowerToysLicense.rtf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 15:25 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Skype
2009-03-16 10:30 --------- d-----w c:\programmi\Spybot - Search & Destroy
2009-03-16 10:27 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-03-13 14:43 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-13 14:43 --------- d-----w c:\programmi\Java
2009-03-13 09:26 --------- d-----w c:\programmi\Windows Live Safety Center
2009-03-11 11:20 --------- d---a-w c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-03-06 16:13 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\skypePM
2009-02-27 17:42 --------- d-----w c:\programmi\Microsoft Silverlight
2009-02-27 14:02 --------- d-----w c:\programmi\Free Video Converter
2009-02-26 08:54 --------- d-----w c:\programmi\PhotoFiltre
2009-02-24 15:17 --------- d-----w c:\programmi\eMule
2009-02-09 14:56 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 07:20 --------- d-----w c:\programmi\IncrediMail
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 14:53 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\NSeries
2009-02-06 14:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-06 14:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-06 14:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Installations
2009-02-06 14:46 --------- d-----w c:\programmi\Nokia
2009-02-06 14:46 --------- d-----w c:\programmi\File comuni\Nokia
2009-02-06 14:42 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\Nokia Multimedia Player
2009-02-05 17:00 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\Nokia
2009-02-05 16:54 --------- d-----w c:\programmi\File comuni\PCSuite
2009-02-02 16:41 --------- d-----w c:\programmi\SweetIM
2009-02-02 16:41 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\SweetIM
2009-02-02 10:41 --------- d-----w c:\programmi\Microsoft
2009-02-02 10:40 --------- d-----w c:\programmi\Windows Live SkyDrive
2009-02-02 10:40 --------- d-----w c:\programmi\Windows Live
2009-02-02 10:37 --------- d-----w c:\programmi\File comuni\Windows Live
2009-01-27 16:27 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\Search Settings
2009-01-27 16:26 --------- d-----w c:\programmi\GiocoDigitale
2009-01-27 10:30 --------- d-----w c:\programmi\Search Settings
2009-01-27 10:25 --------- d-----w c:\programmi\eRightSoft
2009-01-27 10:18 --------- d-----w c:\programmi\Total Video Converter
2009-01-27 10:11 --------- d-----w c:\documents and settings\responsabile\Dati applicazioni\Video DVD Maker FREE
2009-01-27 10:07 --------- d-----w c:\programmi\Konvertor
2009-01-27 09:58 --------- d-----w c:\programmi\Wondershare
2009-01-22 13:28 290,816 ----a-w c:\windows\system32\decdll.dll
2009-01-16 07:23 --------- d-----w c:\programmi\File comuni\Apple
2009-01-16 07:20 --------- d-----w c:\programmi\PokerStars.IT
2008-12-20 22:31 826,368 ----a-w c:\windows\system32\wininet.dll
2008-11-28 13:58 2,516 --sha-w c:\documents and settings\All Users\Dati applicazioni\KGyGaAvL.sys
2008-11-28 13:56 88 --sh--r c:\documents and settings\All Users\Dati applicazioni\5F9242AA4D.sys
2007-04-23 10:48 7,168 ----a-w c:\programmi\mozilla firefox\plugins\libcomm.dll
2007-05-17 10:01 35,008 ----a-w c:\programmi\mozilla firefox\plugins\NanoInst.dll
2007-05-03 10:33 53,248 ----a-w c:\programmi\mozilla firefox\plugins\PSComm.dll
2007-05-17 10:01 130,152 ----a-w c:\programmi\mozilla firefox\plugins\PSNAdBrk.dll
2008-12-05 16:45 88 --sh--r c:\windows\system32\5F9242AA4D.sys
2008-12-05 16:45 848 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 12:22 1172792 --a------ c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\programmi\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\programmi\IncrediMail\bin\IncMail.exe" [2009-01-27 251264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"MplSetUp"="c:\programmi\RMClient\MplSetUp.exe" [2000-11-04 40960]
"JobHisInit"="c:\programmi\RMClient\JobHisInit.exe" [2001-11-16 135168]
"IntelAudioStudio"="c:\programmi\Intel Audio Studio\IntelAudioStudio.exe" [2006-08-02 9134080]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"SigmatelSysTrayApp"="sttray.exe" [BU]
"nwiz"="nwiz.exe" [2006-10-22 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2008-11-05 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytoosl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnkijj]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Programmi\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Programmi\\Graphisoft1\\ArchiCAD 10\\ArchiCAD.exe"=
"c:\\Programmi\\B2BPOKER\\GoldWin\\jre\\bin\\javaw.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\drivers\eusk2par.sys [2007-05-18 24786]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys --> c:\windows\system32\drivers\pavboot.sys [?]
S2 cpwnt;cpwnt; [x]
S3 eusk3usb;SmartKey 3 USB;c:\windows\system32\drivers\eusk3usb.sys [2008-01-21 45534]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1BD.tmp --> c:\windows\system32\1BD.tmp [?]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbser.sys [2008-07-31 64640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1261199f-8935-11dd-b5ff-0019d11cc5ba}]
\Shell\AutoRun\command - .\run\autorun.exe
\Shell\open\Command - .\run\autorun.exe
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-16 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]

2009-03-16 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-04-23 16:17]
.
.
------- Scansione supplementare -------
.
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Ricerca - c:\programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1}
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\responsabile\Dati applicazioni\Mozilla\Firefox\Profiles\btqsx0uh.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Cerca
FF - prefs.js: browser.startup.homepage - hxxp://adsl.alice.it/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPBREAKOUT.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPPOKER.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-16 16:55:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1BD.tmp"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(764)
c:\programmi\Bonjour\mdnsNSP.dll
.
Ora fine scansione: 2009-03-16 16:56:43
ComboFix-quarantined-files.txt 2009-03-16 15:56:41
ComboFix2.txt 2009-03-16 10:39:37
ComboFix3.txt 2008-11-27 08:53:05
ComboFix4.txt 2008-04-01 15:18:30
ComboFix5.txt 2009-03-16 15:54:26

Pre-Run: 206,528,913,408 byte disponibili
Post-Run: 206,515,539,968 byte disponibili

206 --- E O F --- 2009-03-15 02:01:20

bella battuta

ti invio un P.M. rispondimi in privato

aspettiamo ancora prima di fare quello che ti ho detto

dimmi se riesci a far partire hjt

non preoccuparti, l'importante e' uscirne fuori


apri il registro in questo modo

start\esegui\digita regedit

segui il percorso di questa chiave

HKEY_LOCAL_MACHINE\software\microsoft\widows\currentversion\run nel frame di destra hai 3 colonne:

nome del valore,il tipo e i dati.

Tenuto conto che il bagle sostituisce uno di quei file con una sua copia dobbiamo controllarli uno ad uno

dimmi se vedi delle x rosse

sembra tutto a posto

senti riesci a fare una scansione online con bitdefender?

http://www.bitdefender.com/scan8/ie.html

devi usare il browser internet explorer

bene- aspetta e vedi se trova qualcosa

intanto controlla col ''cerca'' di windows se hai winupgro.exe

venerdi sera..

forse impiega meno...

il tempo sta calando di continuo!