dannati spyware.....

[pippicalzelunghe]

dunque, sul mio sistema appena formattato, ho installato il sygate come firewall, adaware 6, ma niente......


in pratica, se faccio una ricerca con google mi porta ad una pagina di un motore di ricerca strano, e poi.... cosa allucinante...
se provo a lanciare il windows update...zac.. non mi ci porta, bensì mi porta ancora alla pagina di ricerche porno....

come posso fare????
che programma mi consigliate di utilizzare?
come faccio ora l'update del sistema?

[pippicalzelunghe]

questo è il log di Logfile of HijackThis v1.99.0



Scan saved at 9.32.57, on 17/01/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Sygate\SPF\Smc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\d@vid\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1105009816705
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\Smc.exe

[SkunkWorks 68]

....Prova a dare un giro con Spysweeper Trial,mi sembra un buon programma...per l'analisi del log attendiamo qualcuno più esperto di me....

[Dëck†]

Quote:

Originariamente inviato da pippicalzelunghe
questo è il log di Logfile of HijackThis v1.99.0

.....................

A parte questa stringa sconosciuta

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

non vedo niente di anormale...a parte la versione vecchia di IE che andrebbe aggiornata....Non vorrei che i tuoi problemi fossero dovuti alla Toolbar di Google...hai provato a disinstallarla?

[juninho85]

"C:\WINDOWS\System32\wuauclt.exe "non mi convince

[Dëck†]

Quote:

Originariamente inviato da juninho85
"C:\WINDOWS\System32\wuauclt.exe "non mi convince

Windows Update AutoUpdate Client

[juninho85]

Quote:

Originariamente inviato da Dëck†
Windows Update AutoUpdate Client

mi pare che sia leggermente diverso,ce una u in piu

[bluepix]

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1105009816705
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab


"msmsgs.exe - Here is the scoop on Agobot-Nl Worm. The big question: what is msmsgs.exe and is it spyware, a trojan and if so, how do I get rid of Agobot-Nl Worm?

msmsgs.exe (Agobot-Nl Worm) - Details
If a process named msmsgs.exe is running on your computer, you have been infected with a strain of the Agobot-Nl worm.


msmsgs.exe is considered to be a security risk, not only because antivirus programs flag Agobot-Nl Worm as a virus, but also because a number of users have complained about its performance.

Agobot-Nl Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of msmsgs.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites."

[bones]

Hai provato a fare una scansione con Spybot - Search & Destroy? Magari con quello riesci a fare l'update del programma...

[Dëck†]

Quote:

Originariamente inviato da juninho85
mi pare che sia leggermente diverso,ce una u in piu

No...va bene così...ripeto, a parte la versione da aggiornare di IE il log è abbastanza "pulito"...secondo me il problema è nella Google Toolbar...

[Dëck†]

Quote:

Originariamente inviato da bluepix
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...b?1105009816705
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab


"msmsgs.exe - Here is the scoop on Agobot-Nl Worm. The big question: what is msmsgs.exe and is it spyware, a trojan and if so, how do I get rid of Agobot-Nl Worm?

msmsgs.exe (Agobot-Nl Worm) - Details
If a process named msmsgs.exe is running on your computer, you have been infected with a strain of the Agobot-Nl worm.


msmsgs.exe is considered to be a security risk, not only because antivirus programs flag Agobot-Nl Worm as a virus, but also because a number of users have complained about its performance.

Agobot-Nl Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of msmsgs.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites."

Questo è Windows Messenger. Ho le stesse righe e nessun problema...