Sono riuscita a disinstallare Norton, adesso posso installare nod32? Ah, ecco cosa mi è uscito
ComboFix 10-04-10.02 - LUIGI IL MITO 11/04/2010 15.40.23.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.511.41 [GMT 2:00]
Eseguito da: c:\documents and settings\LUIGI IL MITO\Desktop\ComboFix.exe
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Dati applicazioni\1ppt2pdf.dll
c:\programmi\GooglePlusVideos
c:\programmi\GooglePlusVideos\8.GooglePlusVideos.dll
c:\programmi\GooglePlusVideos\DeploymentHelper.exe
c:\programmi\GooglePlusVideos\FFExt\chrome.manifest
c:\programmi\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\programmi\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\programmi\GooglePlusVideos\FFExt\install.rdf
c:\programmi\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\programmi\GooglePlusVideos\GVConfig.ini
c:\programmi\GooglePlusVideos\MFC42U.DLL
c:\programmi\GooglePlusVideos\Uninstall.bat
c:\windows\system32\VB6KO.DLL
c:\windows\TEMP\mpengine.dll
.
((((((((((((((((((((((((( Files Creati Da 2010-03-11 al 2010-04-11 )))))))))))))))))))))))))))))))))))
.
2010-04-11 09:50 . 2010-04-11 09:50 -------- d-----w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\Mozilla
2010-04-11 09:50 . 2010-04-11 09:50 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-19 19:08 . 2010-03-19 19:08 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-19 19:02 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-03-19 19:01 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-11 14:00 . 2009-02-22 15:01 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2010-04-11 14:00 . 2009-10-21 16:03 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Norton
2010-04-11 13:56 . 2009-03-15 15:44 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Microsoft Help
2010-04-11 13:38 . 2004-08-19 17:27 649988 ----a-w- c:\windows\system32\perfh010.dat
2010-04-11 13:38 . 2004-08-19 17:27 141018 ----a-w- c:\windows\system32\perfc010.dat
2010-04-11 13:19 . 2010-04-11 13:19 443912 ----a-w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Real\Update\setup3.10\setup.exe
2010-03-05 18:16 . 2010-03-05 18:16 -------- d-----w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Tific
2010-03-05 17:55 . 2009-10-21 16:02 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NortonInstaller
2010-03-05 17:49 . 2009-02-22 14:01 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2010-03-05 17:42 . 2009-10-21 16:02 -------- d-----w- c:\programmi\NortonInstaller
2010-03-05 17:41 . 2009-05-15 14:09 -------- d-----w- c:\programmi\Norton Security Scan
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\documents and settings\LUIGI IL MITO\Dati applicazioni\InstallShield
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\programmi\Windows Sidebar
2010-03-05 17:09 . 2010-03-05 17:09 -------- d-----w- c:\programmi\Norton Internet Security
2010-03-05 17:08 . 2010-03-05 17:08 -------- d-----w- c:\programmi\Ubisoft
2010-03-05 17:08 . 2010-03-05 17:08 -------- d-----w- c:\programmi\Lineage II
2010-03-05 17:07 . 2010-02-27 18:01 -------- d-----w- c:\programmi\ESET(2)
2009-03-05 16:08 . 2009-09-01 13:36 49664 ----a-w- c:\programmi\mozilla firefox\components\FFComm.dll
2009-04-07 18:52 . 2009-04-07 18:52 28672 ----a-w- c:\programmi\mozilla firefox\components\GooglePlusVideosXPCOM.dll
2008-10-19 09:58 . 2008-10-19 09:58 49152 ----a-w- c:\programmi\mozilla firefox\components\SiteVacuumXPCOM.dll
2009-11-17 16:41 . 2009-04-17 16:50 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "c:\progra~1\DAP\SBSearch.dll" [2009-02-22 38384]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\programmi\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" [2009-02-22 2807296]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"CheckBO"="c:\documents and settings\LUIGI IL MITO\Documenti\My Completed Downloads\checkbo\CheckBO.exe" [1999-12-22 692224]
"USB Storage Toolbox"="c:\programmi\USB Disk Win98 Driver\Res.EXE" [2005-09-14 65536]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-05-30 198160]
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DownloadAccelerator"="c:\programmi\DAP\DAP.EXE" /STARTUP
"DAEMON Tools Pro Agent"="c:\programmi\DAEMON Tools Pro\DTProAgent.exe" -autorun
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" /background
"EPSON Stylus DX4400 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "c:\windows\TEMP\E_S503.tmp" /EF "HKCU"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"GrooveMonitor"="c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe"
"Ad-Watch"=c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe
"PDVD9LanguageShortcut"=c:\programmi\CyberLink\PowerDVD9\Language\Language.exe
"BDRegion"=c:\programmi\Cyberlink\Shared Files\brs.exe
"ISUSPM Startup"="c:\programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
"ISUSScheduler"="c:\programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
"NeroCheck"=c:\windows\system32\\NeroCheck.exe
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
"RemoteControl9"=c:\programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
"SiteVacuum"=c:\programmi\EasySearch\SiteVacuumClient.exe
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Programmi\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Programmi\\Activision\\Prototype\\prototypef.exe"=
"c:\\Documents and Settings\\LUIGI IL MITO\\Documenti\\My Completed Downloads\\checkbo\\CheckBO.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Programmi\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/02/2009 16.47.09 64160]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/03/2009 0.24.05 717296]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [12/12/2003 17.49.07 77312]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/06/14 23:56];c:\programmi\CyberLink\PowerDVD9\000.fcl [28/02/2009 19.40.18 87536]
S2 Norton Internet Security;Norton Internet Security;c:\programmi\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [18/12/2009 17.02.48 117640]
S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\programmi\File comuni\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
S3 npkycryp;npkycryp;\??\c:\programmi\Lineage II\system\npkycryp.sys --> c:\programmi\Lineage II\system\npkycryp.sys [?]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenuto della cartella 'Scheduled Tasks'
2010-04-11 c:\windows\Tasks\Manutenzione in 1 clic.job
- c:\programmi\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 10:28]
2009-09-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
2010-04-11 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
.
------- Scansione supplementare -------
.
uStart Page =
hxxp://www.europowersearch.com/Search.h ... rchLang=ITmStart Page =
hxxp://www.europowersearch.com/Search.h ... rchLang=ITIE: &Clean Traces - c:\programmi\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\programmi\DAP\dapextie.htm
IE: Download &all with DAP - c:\programmi\DAP\dapextie2.htm
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\LUIGI IL MITO\Dati applicazioni\Mozilla\Firefox\Profiles\msunh9ns.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.europowersearch.com/Search.h ... rchLang=ITFF - prefs.js: keyword.URL -
hxxp://search.speedbit.com/searchresult ... default&q=FF - component: c:\programmi\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\programmi\Mozilla Firefox\components\FFComm.dll
FF - component: c:\programmi\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\programmi\Mozilla Firefox\components\SiteVacuumXPCOM.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\nppopcaploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.
- - - - CHIAVI ORFANE RIMOSSE - - - -
URLSearchHooks-{15c93148-34fe-47e6-88e5-37607a3002f3} - (no file)
BHO-{C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - (no file)
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
Toolbar-{15c93148-34fe-47e6-88e5-37607a3002f3} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-11 16:00
Windows 5.1.2600 Service Pack 3 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D701F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf868af28
\Driver\ACPI -> ACPI.sys @ 0xf83e5cb8
\Driver\atapi -> atapi.sys @ 0xf837ab40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: 3Com Gigabit LOM (3C940) -> SendCompleteHandler -> NDIS.sys @ 0xf8236bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8225a0d
SendHandler -> NDIS.sys @ 0xf8239b40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\programmi\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\programmi\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD9\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
- - - - - - - > 'winlogon.exe'(996)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2272)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2010-04-11 16:07:08 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2010-04-11 14:07
Pre-Run: 353.942.786.048 byte disponibili
Post-Run: 354.214.027.264 byte disponibili
- - End Of File - - 65B69F49BC2B0F32AC4DB475DC73966F