Solite finestre che si aprono....

[padawan]

Da questa settimana mi si aprono delle finestre di IE da sole e mi caricano delle pagine, cpvfeed.com e c5.zedo.com ho provato a cercare su google qualche soluzione e in giro sono conosciute queste pagine ma non ho compreso bene come eliminarle, oltretutto dicono che hijack this gli trova determinati file, ma io non li ho, almeno credo qualcuno mi può dare una mano?
(Ho fatto tutte le scansioni possibili inimmaginabili ma nessuno trova niente(Spyware doctor-ADAWARE-AGV Spyware))

Di seguito metto i logs di hijack this! versione 1.9.1 (Ma ho anche la 2.0
se a qualcuno serve)

Grazie :help:

Logfile of HijackThis v1.99.1
Scan saved at 19.59.31, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
F:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Programmi\Norton AntiVirus\navapsvc.exe
F:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
F:\Programmi\File comuni\Symantec Shared\ccApp.exe
F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\Programmi\Internet Explorer\iexplore.exe
F:\Programmi\Azureus\Azureus.exe
F:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\eMule\emule.exe
F:\Downloads\hijackthis 1.9.1\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - F:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - F:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - F:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] --F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB002" /M "Stylus Photo R240"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] --SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] --"F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] --RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] --RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] --F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] --"F:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] --HDAudPropShortcut.exe
O4 - HKLM\..\Run: [ccApp] "F:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - F:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - --"F:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe (file missing)
O23 - Service: iPodService - Unknown owner - --F:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Unknown owner - F:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "F:\Programmi\File comuni\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - F:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - F:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - F:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - F:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - F:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - --F:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - F:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

[Ramòn]

Copia quì il file di log di hijackthis e vedi cosa ti dice
http://www.hijackthis.de/

 

[padawan]

trovato soluzione ma.....

Ho trovato la soluzione in un altro sito ma non riesco a metterla in pratica, perchè non mi permette di cancellare ne la stringa nel registro ne i files in system32\drivers\

qualcuno può darmi una dritta? grazie

sotto metto la soluzione trovata da quest'altro disgraziato solo che lui dice che ha usato questo gipo@utility che ho scaricato dal sito ma neanche lui riesce a cancellarlo!non so dove sbaglio:help:

Fixed it. Nothing found it bar Kasperskly Online Scanner, it was the
| ONLY ONE!!! It only identified two of the files though, and didn't
| pick up the service in registry. Also, it treated the files as locked
| and didn't implement a boottime delete. I did that myself using
| GiPo@Utilities. It is now gone.The malware came from a torrent
| screensaver I DL'd, it is a particularly nasty infection - the exe
| installstwo files core.sys and core.cache.dsk in \system32\drivers\
| and registers itself as a service
| HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core
| deleted the lot on boot and presto, free of this fucking infection

 

[padawan]

Ragazzi risolto!

Se qualcuno ha il mio stesso problema cercate un programmino che si chiama Unlocker (Praticamente forza i files in uso a morire)e usatelo su core.sys e core.cache.dsk in windows\system32\drivers\ dopo di che io ho riavviato in selfboot (esegui: msconfig)andate con regedit nella stringa HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core
e cancellatela e ci siamo tolti dale palle sti cavolo dim pop up.

spero di essere stato utile a qualcuno oltre che a me stesso!!

ciao e grazie a tutti:asd:

 

[Toby]

ottimo... :)