www.MegaLab.it

[MooKid]

Come da Topic....

questo é lo schifo che mi sono ritrovato dal nulla ovviamente, si apre ogni volta che apro una finestra di Internet Explorer, non compare nei processi del Task Manager...e non riesco a levarla....

ecco lo schifo... :




grazie a tutti anticipatamente ;)

P.S.

Mi sono ri-registrato perché con Kesson non riuscivo piu' ad entrare...

[Mr.TFM]

Se non riuscivi più ad entrare dovevi recuperare la password.....

Comunque segnalano a EntropheaR.

Per quanto riguarda il problema fai una scansione con HijackThis e posta il log.
Da lì dovremmo riuscire a vedere dove sta il problema (crazy.cat permettendo!)

[Rancid]

Per caso hai installato Msn Plus?

[MooKid]

Per caso hai installato Msn Plus?

me*da ecco cos'é ....si non l'ho istallato io...lo dicevo io che mi dovevo tenere la vecchia versione d msn..

provo a vedere un secondo...

[Rancid]

Mi sa che allora sei fregato...
dovevi stare attento durante l'installazione e dire di installare il programma senza i banner pubblicitari...
E' successo anche a me e ad altri miei amici, o ti armi di tanta pazienza e vedi se con tutti i programmi anti-spy e anti adware riesci a toglierla...ma sinceramente alla fine io mi sono arreso e ho formattato (era tempo di format)

[Celtik]

, confermo!! Purtroppo la procedura d' install é bazzztarda dentro, ti dice ACCETTA (ma in realtà accetti gli sponsor) e RIFIUTA (ma in realtà rifiuti gli sponsors e fai un install NORMALE). Purtroppo é una procedura senza ritorno........almeno é quello che sappiamo io, Rancid & gli altri cattivoni

[EntropheaR]

Per i probelmi riguardanti il recupero password [f]

[MooKid]

alura....non sono riuscito a levare 'sta schifezza, comunque vi posto la lista dei processi ottenuta con HijackThis..magari mi sapete aiutare....di schifezze ce ne sono parecchie, ma finché non mi rompono ...io voglio levare quella barra maledetta che mi apre pop up in barba alla google tool bar...!!

grassie... ecco il log:

-------------------------------------------------------------------------------------

Logfile of HijackThis v1.97.7
Scan saved at 15.33.10, on 21/09/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\lexbces.exe
C:\WINDOWS\System32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\CPUCold\CooLSrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\usrbridg.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\RunDLL32.exe
D:\Programmi\Adobe\Acrobat\Distillr\AcroTray.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\eMule\emule.exe
D:\Programmi\Winamp\winamp.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
D:\Frx\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tgmjdsgqnfxruergupuo.us/sYYI ... 7SsLCi.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: (no name) - {0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} - D:\PROGRAMMI\DAP\DAPIEBAR.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - d:\programmi\adobe\acrobat\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {D0FCF1AB-E020-42C3-21F1-4449CBD1631D} - C:\PROGRA~1\JUNKPI~1\WEB LESS.exe
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CONFLICT.6\CnsHook.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [RunWindowsUpdate] C:\WINDOWS\uptodate.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Connector] C:\WINDOWS\System32\CIWIN32.EXE -n
O4 - HKLM\..\Run: [Omnipage] C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [refrnnqg] C:\WINDOWS\xmlcfv.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [TV Media] C:\Programmi\TV Media\Tvm.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MEDIATHIS] C:\PROGRA~1\PLUS OOZE\live bin camp.exe
O4 - HKLM\..\Run: [rect2bibidol] C:\Documents and Settings\All Users\Dati applicazioni\rule tool rect 2\AMOK DASH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\FILECO~1\System\MOSearch\Bin\mosearch.exe
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe
O4 - HKCU\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [TV Media] C:\Programmi\TV Media\Tvm.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Reality Fusion GameCam SE.lnk = C:\Programmi\Reality Fusion\Reality Fusion GameCam SE\Program\RFTRay.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Norton AntiVirus AutoProtect.lnk = C:\Programmi\Norton AntiVirus\navapw32.exe
O4 - Global Startup: Acrobat Assistant.lnk = D:\Programmi\Adobe\Acrobat\Distillr\AcroTray.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Short Message (HKLM)
O9 - Extra button: Instant Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Run DAP (HKLM)
O9 - Extra button: AllInOne (HKLM)
O9 - Extra 'Tools' menuitem: AllInOne (HKLM)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: ChatSpace Java Client 2.1.0.90L - http://64.85.10.126:8139/Java/cs4msl090.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/games/c ... /at0_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {02607DF4-D40B-4FFB-B054-1CAC03468E28} (DNLCertificate Control) - http://www.fmn-media.com/campaigns/winp ... ficate.ocx
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/A ... ngctrl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0309.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... Client.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 1849884259
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.c ... pi_416.dll
O16 - DPF: {AEFD32B6-4815-11D2-98E4-00C04FCEFE77} (SnCAX Class) - http://freetel.picus.it/Picus/SnC/AutoSetup/SnC.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b30149.cab
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/dguser/IESe ... homedg.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b30149.cab
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://www.sessogratis.net/ProWeb604.CAB
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://211.239.161.56/nprotect/npx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604485.exe
O16 - DPF: {E87A6788-1D0F-4444-8898-1D25829B6755} - http://fdl.msn.com/public/chat/msnchat4.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by13fd.bay13.hotmail.msn.com/act ... Atchmt.ocx
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/dlexe.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b28578.cab
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab
O16 - DPF: {FFFF0018-0001-101A-A3C9-08002B2F49FB} - http://www.mega-party.net/chat.exe

[MooKid]

bé intanto un po' di me*da l'ho levata...tipo le ultime schifezze "ultramegachatdelca**o" e "sessogratisdituasorella" ...

...é pieno di schifezze lo so...

....ma quando nel pc ci mettono mano gli altri componenti di casa.....




grazie a tutti in anticipo... ;)

[crazy.cat]

In effetti hai un po di problemi. Visto che hai parecchi file exe sconosciuti, ti consiglio di usare questo http://www.zanezane.net/articoli.asp?id=187
e di fare una scansione dei virus più sicura.

Queste voci le elimini con hijackthis,rifai la scansione metti il flag e premi fix.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tgmjdsgqnfxruergupuo.us/sYYI ... 7SsLCi.jpg
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O16 - DPF: {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} - http://bar.baidu.com/update/dguser/IESe ... homedg.cab
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://www.sessogratis.net/ProWeb604.CAB
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://211.239.161.56/nprotect/npx.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/604485.exe

Queste sono sconosciute e sospette
O2 - BHO: (no name) - {D0FCF1AB-E020-42C3-21F1-4449CBD1631D} - C:\PROGRA~1\JUNKPI~1\WEB LESS.exe
O4 - HKLM\..\Run: [refrnnqg] C:\WINDOWS\xmlcfv.exe
O4 - HKLM\..\Run: [MEDIATHIS] C:\PROGRA~1\PLUS OOZE\live bin camp.exe
O4 - HKLM\..\Run: [rect2bibidol] C:\Documents and Settings\All Users\Dati applicazioni\rule tool rect 2\AMOK DASH.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32

Qui segui le istruzioni che trovi è tutto da eliminare

http://www.zanezane.net/forum/topic.asp ... ms=rbase01
O4 - HKLM\..\Run: [Connector] C:\WINDOWS\System32\CIWIN32.EXE -n (dovrebbe essere un dialer o un trojan virus)

http://forums.devshed.com/archive/t-164067
O4 - HKLM\..\Run: [TV Media] C:\Programmi\TV Media\Tvm.exe
O4 - HKCU\..\Run: [TV Media] C:\Programmi\TV Media\Tvm.exe

http://www.pestpatrol.com/PestInfo/s/se ... istant.asp
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

http://www.2-spyware.com/file-aupdate-exe.html
http://www.liutilities.com/products/win ... y/aupdate/
O4 - HKCU\..\Run: [AutoUpdater] C:\WINDOWS\System32\aupdate.exe Dubbio su quale dei due sia

Queste voci sono inutili in avvio automatico e le puoi eliminare
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE

Fatto tutte le pulizie stiamo a vedere come va.