Passepartout.exe, come lo elimino?

[Jacob89]

Come da titolo, mi sono ritrovato questo virus nel pc e facendo una ricerca ho trovato, sul sito della symantec, che è un pericoloso dialer e che solo norton può riconoscerlo ed eliminarlo (grandissima cazzata dato che antivir me lo ha subito rilevato ).

Il problema è: come lo elimino definitivamente? (dato che ho letto che si moltiplica o comunque crea altri file a sua volta).
Basta una scansione in modalità provvisoria con antivirus e affini?

Grazie.

[Half-Life-Revolution83]

Intanto fai una bella scasione sia con antivirus che con antispyware, se il problema persiste cerca un tool di rimorzione!

[Jacob89]

Per ora dovrei averlo cancellato con Antivir e ho ripulito con Ewido.
Ma ripeto, avendo letto che crea altri file non sono sicuro di aver cancellato proprio tutto.

[Opp32]

Allora fai una scansione con ewido (e l'hai fatta) poi con spybot e poi con ad aware, infine scaricati hijackthis fai la scansione e posta il log qui cosi te lo analizzo e ti dico se è ancora caricato in memoria

[Jacob89]

Allora fai una scansione con ewido (e l'hai fatta) poi con spybot e poi con ad aware, infine scaricati hijackthis fai la scansione e posta il log qui cosi te lo analizzo e ti dico se è ancora caricato in memoria

Grazie mille.

Spoiler:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\zHotkey.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\MessengerPlus! 3\MsgPlus.exe
D:\Programmi\PeerGuardian2\pg2.exe
D:\Programmi\Free Download Manager\fdm.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Documenti\File di installazione\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-D3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Free Download Manager] D:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

[LordMagus]

Il log è pulito, però hai una moltitudine di processi e servizi... non ti pesano troppo? Riesci ad utilizzare bene il PC?

[Jacob89]

Il log è pulito, però hai una moltitudine di processi e servizi... non ti pesano troppo? Riesci ad utilizzare bene il PC?

Non sempre, cosa mi consigli di eliminare?

Grazie mille per l'aiuto.

[Opp32]

Grazie mille.

Spoiler:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\hphmon06.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\WINDOWS\system32\HPZipm12.exe
D:\Programmi\D-Tools\daemon.exe
C:\WINDOWS\zHotkey.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\MessengerPlus! 3\MsgPlus.exe
D:\Programmi\PeerGuardian2\pg2.exe
D:\Programmi\Free Download Manager\fdm.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Documenti\File di installazione\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-D3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Free Download Manager] D:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe

Questi sono tutti i processi inutili che ti appesantiscono, di malware non ne ho trovato

[Jacob89]

Ti ho selezionato in grassetto le voci da fixare

ah O17 - HKLM\System\CCS\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70 fixali solo se l'ip 85.37.17.4 85.38.28.70 non è tuo

Come capisco se non è mio?

[Jacob89]

Questi sono tutti i processi inutili che ti appesantiscono, di malware non ne ho trovato

E quindi li devo fixare?...che poi, quando fixo un processo che succede?

[Opp32]

Edit: ho capito male.

Che praticamente quelle voci potrebbero essere dannose se quell'ip non corrisponda al tuo, solo che non credo ci sia alcun problema, al amssimo controlla il tuo ip e vedi se corrisponde a quello

[LordMagus]

Fai quelle di Opp32, ma non toccare queste due che non sono da fixare:

O17 - HKLM\System\CCS\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{2478887B-24B9-41F3-9BE6-A1EF52190A2A}: NameServer = 85.37.17.4 85.38.28.70

In più fixa questa:

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

Se non vuoi la Google Toolbar anche queste:

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll

Se non vuoi all'avvio PowerDVD:

O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

Se non vuoi DaemonTools all'avvio:

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033

Se non vuoi Peerguardian all'avvio:

O4 - HKCU\..\Run: [PeerGuardian] D:\Programmi\PeerGuardian2\pg2.exe

Se utilizzi poco i file PDF:

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[Jacob89]

Ma quando fixo una voce, cosa succede?

(alla voce)

[LordMagus]

Si elimina.

[Jacob89]

Si elimina.

Ah ok capito tutto. (non avevo letto bene cosa dovevo fixare, e leggendo ho visto che erano cose inutili).

Grazie mille a tutti e due.