credo di avere un virus

[Malabestia]

credo di avere un virus ma non ne sono sicuro al 100%

nel mio pc ho installati:
-win xp sp2
-sygate personal firewall
-avast
-spybot s&d
-Firefox
-Thunderbird

dico "credo" di avere un virus perchè ho notato che da un pò di tempo vedo che mi parte avast! e-mail Scanner Service senza che Thunderbird sia attivo,
inoltre quando provo a fare click dx -> proprietà su qualsiasi file nessun problema, su un qualsiasi eseguibile invece mi ritorna al desktop,
infine ho notato che alcuni giochi non mi riconoscono più il cd come originale (war3 RoC e TFT) oppure proprio non mi parte più il gioco (AvP2),

ho provato a fare la scansione per sicurezza con il kit Trend Micro che mi ha rilevato e tolto i seguenti virus
Java_Bytever.aq
Java_Bytever.s
Troj_Bomka.j

ma nonstante ciò il problema continua a persistere

allego lo screen di avast e dei processi in esecuzione

avast
[img=http://img152.imageshack.us/img152/6909/avast3wn.th.jpg]

task manager

[wgator]

Ciao,

probabilmente hai qualche spyware che sfugge all'antivirus e a Spybot. Hai provato con Ewido?

[Malabestia]

provato anche quello, ma oltre che a rimuovermi qualche cookie/spyware altro non fa

[Malabestia]

posto anche il log di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 15.17.09, on 06/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Office keyboard utility\1.1\nhksrv.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
D:\Program Files\Browser MOUSE\mouse32a.exe
D:\Program Files\Office keyboard utility\1.1\OFFICEKB.exe
D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
D:\Program Files\Office keyboard utility\1.1\MMKEYB.EXE
D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Office keyboard utility\1.1\TrayMon.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Program Files\Office keyboard utility\1.1\osd.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\ewido anti-malware\ewidoguard.exe
D:\Program Files\ewido anti-malware\ewidoctrl.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Giampaolo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {25E1A054-1262-459F-9F14-BF06148F4253} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - (no file)
O2 - BHO: (no name) - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - (no file)
O4 - HKLM\..\Run: [Smapp] D:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe
O4 - HKLM\..\Run: [FLMOFFICEKEYBOARD] D:\Program Files\Office keyboard utility\1.1\OFFICEKB.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] D:\Program Files\Common\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] D:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Download with GetRight - D:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1133714626421
O17 - HKLM\System\CCS\Services\Tcpip\..\{76153911-40C8-4F83-BF78-DCA0C203BABD}: NameServer = 85.37.17.6 85.38.28.89
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2BABA61-1019-4C48-85C4-8787C9C60056}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - D:\Program Files\Office keyboard utility\1.1\nhksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - D:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

[killers]

Quote:

Originariamente inviato da Malabestia

credo di avere un virus ma non ne sono sicuro al 100%
[/url]

hai installato dei codec video ultimamente?

[andorra24]

Fixa queste:
O2 - BHO: (no name) - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - (no file)
O2 - BHO: (no name) - {25E1A054-1262-459F-9F14-BF06148F4253} - (no file)
O2 - BHO: (no name) - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - (no file)
O2 - BHO: (no name) - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - (no file)
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe

[Malabestia]

Quote:

Originariamente inviato da killers

hai installato dei codec video ultimamente?

XviD un pò di tempo fà, può interferire in qualche modo?

[killers]

Quote:

Originariamente inviato da Malabestia

XviD un pò di tempo fà, può interferire in qualche modo?

si hai beccato un trojan conosciuto come KABOOM.DLLcome rimuoverlo

[andorra24]

Elimina le voci che ti ho indicato sopra specialmente questa che e' di un trojan:
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe

[Malabestia]

il kaboom.dll me lo aveva già tolto la scansione con Trend Micro... meglio se disinstallo anche il codec?

[Malabestia]

grandi!!!

ho seguito entrambi i consigli e il problema sembra essere sparito ora!!!

fra una settimana circa aggiorno cosi vi dico se il problema è sparito definitivamente o meno

[Malabestia]

dopo due settimane e passa posso dire che il problema è stato definitivamente risolto, ancora grazie!

[eraser]

In caso il procedimento è qui
http://www.hwupgrade.it/forum/showthread.php?t=1142673



Ciao

Eraser