Vai al contenuto

  • Connettiti con Facebook Log In with Google      Connettiti   
  • Registrati

Foto
- - - - -

Cpx Interactive Pubblicita Incancellabile


  • Per cortesia connettiti per rispondere
Nessuna risposta a questa discussione

#1 boboman

boboman

    Newbie

  • Members
  • Stelletta
  • 4 messaggi

Inviato 10 giugno 2006 - 10:44

Vi prego datemi una mano.
Oramai son mesi che sto lottando con un problema alquanto fastidioso.
Qualche tempo fa stavo usando Kazaa lite quando ho ricevuto un msg (su Kazaa) di un altro utente,non so se è correlato,ma da allora quando clikko su kazaa il programma si accende lentamente per poi far partire in background un collegamento I.E. a CPX Interactive.
In principio erano pubblicita (italiane) di casinò on line e suonerie cellulari.
Ogni tanto compariva anche il "famoso" msg di errori di sistema e partiva l'invito ad installare ERROR SAFE(che non ho accettato),ora almeno l'invito ad installare ERROR SAFE è un pezzo che non lo ho più ma le pubblicità continuano ad assillarmi,inoltre ora sono anche Americane e anche se ce ne sono di riccorenti variano periodicamente.
Le ho provate tutte con tutti i sistemi anti malaware e antivirus possibili ed immaginabili ma niente la "cosa" è sempre lì ma nessuno trova nulla.
Oggi ho provato a fare una ricerca sul sistema con -file .CPX- e ho trovato i seguenti:mscpx32r.dll,mscpxl32r.dll,12520850.cpx,12520437.cpx, tutti in C:\WINDOWS\System32.
Ho fatto una prova mettendoli nel cestino e facendo partire kazaa,bene...tutto come prima...solita pubblicità.I file rimangono nel cestino ma in System32 sono già stati sostituiti da cloni.
Vi allego un log di Hijackthis ed uno pulito da SSI Technologies scanner(Conoscete?che ne pensate?).


Grazie,in anticipo per l'aiuto

Logfile of HijackThis v1.99.1
Scan saved at 22.37.13, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\ASUSKBService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\12012SC Wireless Combo Set\MouseDrv.exe
C:\Programmi\12012SC Wireless Combo Set\PS2USBKbdDrv.exe
C:\Programmi\inKline Global\Modem Booster\ModemBtr.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Santa Cruz Networks\Festoon\Festoon.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Copernic Desktop Search\CopernicDesktopSearch.exe
C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Hamachi\hamachi.exe
C:\Programmi\Webshots\webshots.scr
C:\WINDOWS\system32\lsass.exe
C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pc\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {83B79436-C1A7-427B-B40D-689E9CC71FAE} - C:\PROGRA~1\COPERN~1\CO5F28~1.DLL
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\Programmi\FreshDevices\FreshDownload\fdcatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Programmi\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programmi\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WireLessMouse ] C:\Programmi\12012SC Wireless Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Programmi\12012SC Wireless Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Modem Booster] C:\Programmi\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [ScanSoft PDF Converter 3.0-reminder] "C:\Programmi\ScanSoft\PDF Converter 3.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PDF Converter\3\Ereg\ereg.ini"
O4 - HKLM\..\Run: [ScanSoft PDF Create 3.0-reminder] "C:\Programmi\ScanSoft\PDF Create! 3\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PDF Create\3\Ereg\ereg.ini"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [Opware15] "C:\Programmi\ScanSoft\OmniPage15.0\Opware15.exe"
O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\\RegistryController.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Festoon] C:\Programmi\Santa Cruz Networks\Festoon\Festoon.exe /BOOT
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB001" /M "Stylus C86"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Programmi\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Copernic Desktop Search] "C:\Programmi\Copernic Desktop Search\CopernicDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [OpAgent] "C:\Programmi\ScanSoft\OmniPage15.0\OpAgent.exe" /agent
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe
O4 - Global Startup: hamachi.lnk = C:\Programmi\Hamachi\hamachi.exe
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Programmi\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Programmi\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: FreshDownload - {52AED364-7D9B-4F1F-B077-66EC67C2DD38} - C:\Programmi\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoft...n_principal.htm (file missing)
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://www.powerleap...gradefinder.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.../InSPECS3_0.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1145310002672
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...744/mcfscan.cab
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: ASUS Keyboard Service (ASUSKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ASUSKBService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe




his HijackThis Log file has been scrubbed with System Spyware Interrogator (SSI) to remove known safe items.
This Items below were identified on http://www.spywaredata.com and should be reviewed.
Logfile of HijackThis v1.99.1
Scan saved at 22.37.13
on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:



O4 - HKLM\..\Run: [ScanSoft PDF Converter 3.0-reminder] "C:\Programmi\ScanSoft\PDF Converter 3.0\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PDF Converter\3\Ereg\ereg.ini" - -
O4 - HKLM\..\Run: [ScanSoft PDF Create 3.0-reminder] "C:\Programmi\ScanSoft\PDF Create! 3\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft\PDF Create\3\Ereg\ereg.ini" - -
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - -
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background - -
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe - -
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe - -
O4 - Global Startup: hamachi.lnk = C:\Programmi\Hamachi\hamachi.exe - -
O16 - DPF: {1552B1CD-8CB7-4776-B6CB-16EA461928E5} (Cpuid Control) - http://www.powerleap...gradefinder.cab - http://www.powerleap...gradefinder.cab
O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} (InSPECS3_0 Control) - http://www.powerleap.../InSPECS3_0.cab - http://www.powerleap.../InSPECS3_0.cab
O18 - Protocol: Festoon - (no CLSID) - (no file)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs -


:nbie: :hmm: :muro: :swear:




0 utente(i) stanno leggendo questa discussione

0 utenti, 0 ospiti, 0 utenti anonimi