Ciao Alfonso, come ti dicevo, quando entro in internet le pagine si visualizzano solo per alcuni secondi e poi scompaiono. Ti invio il LOG. Lo controlli? Grazie Mille, ciao!

Logfile of HijackThis v1.99.0
Scan saved at 23.31.14, on 14/02/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
C:\WINDOWS\ntrvs.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Network Associates\VirusScan\VsStat.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Network Associates\VirusScan\Avconsol.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\TouchPadNF\TPTray.exe
C:\WINDOWS\System32\CePMTray.exe
C:\PROGRA~1\EzButton\CPATR10.EXE
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\host.exe
C:\WINDOWS\System32\ntcmd.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\System32\winnt.exe
C:\temp\salm.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Program Files\DeskAd Service\DeskAdServ.exe
C:\WINDOWS\System32\SahAgent.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\WINDOWS\snrhtelo.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Internet Optimizer\optimize.exe
C:\Programmi\BullsEye Network\bin\bargains.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\DeskAd Service\DeskAdKeep.exe
C:\Program Files\Cklcse\Ardia.exe
C:\Program Files\AdTools Service\AdTools.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AdTools Service\AdToolsKeep.exe
C:\Programmi\Messenger\msmsgs.exe
C:\sp.exe
C:\Documents and Settings\gabellone\Dati applicazioni\lrit.exe
C:\WINDOWS\System32\host.exe
C:\Microsoft Office\Office\1040\OLFSNT40.EXE
c:\so.exe
C:\PROGRA~1\Nokia\NOKIAP~1\COMPON~1\PHONEB~1\NOKIAV~1.EXE
C:\Program Files\Internet Optimizer\actalert.exe
C:\Program Files\Internet Optimizer\actalert.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\??rss.exe
C:\DOCUME~1\GABELL~1\IMPOST~1\Temp\Rar$EX00.747\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=157515
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=157515
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastweb.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fastweb.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=157515
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: (no name) - {0339BE40-76AF-5A5D-8E7C-5A27B8ECB9B0} - C:\WINDOWS\System32\entzscbs.dll
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programmi\SideFind\sfbho.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll (file missing)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwaprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPadNF\TPTray.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [CPATR10] C:\PROGRA~1\EzButton\CPATR10.EXE
O4 - HKLM\..\Run: [CeEKey.exe] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Local Service] rundll.exe
O4 - HKLM\..\Run: [USB Device] win32usb.exe
O4 - HKLM\..\Run: [OEM32 Tools] sres32.exe
O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe
O4 - HKLM\..\Run: [starter] scvhosting.exe
O4 - HKLM\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\Run: [Sysino] lsess.exe
O4 - HKLM\..\Run: [Windows Network Service] winvc32.exe
O4 - HKLM\..\Run: [Windows Timer Update] phqghume.exe
O4 - HKLM\..\Run: [window2] host.exe
O4 - HKLM\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\Run: [Microsoft Windows Updates] updates.exe
O4 - HKLM\..\Run: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\Run: [system service] csrsss.exe
O4 - HKLM\..\Run: [system] system32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\Run: [PK Services] pksvc.exe
O4 - HKLM\..\Run: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\Run: [Starting up] wvsvc.exe
O4 - HKLM\..\Run: [NDIS Adapter] ndis.exe
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [MP Services] mpsvc.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ormt] C:\WINDOWS\ormt.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DeskAd Service] C:\Program Files\DeskAd Service\DeskAdServ.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [gyHg8Rc] C:\WINDOWS\snrhtelo.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [*wuauclt.exe] wmsct.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [gyHg80+¿ÔÇè]Iú" ‹üžC:\Programmi\ISTsvc\istsvc.exe] C:\WINDOWS\snrhtelo.exe
O4 - HKLM\..\Run: [Pycmerfn] C:\Program Files\Sqyjsmm\Dvqwtr.exe
O4 - HKLM\..\Run: [Xhtpmzx] C:\Program Files\Cklcse\Ardia.exe
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\RunServices: [Local Service] rundll.exe
O4 - HKLM\..\RunServices: [USB Device] win32usb.exe
O4 - HKLM\..\RunServices: [OEM32 Tools] sres32.exe
O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe
O4 - HKLM\..\RunServices: [starter] scvhosting.exe
O4 - HKLM\..\RunServices: [Win32 Configuration] videosd32.exe
O4 - HKLM\..\RunServices: [Sysino] lsess.exe
O4 - HKLM\..\RunServices: [Windows Network Service] winvc32.exe
O4 - HKLM\..\RunServices: [Windows Timer Update] phqghume.exe
O4 - HKLM\..\RunServices: [window2] host.exe
O4 - HKLM\..\RunServices: [Windows Network Controller] mqguard.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Updates] updates.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenets Explorer] ntcmd.exe
O4 - HKLM\..\RunServices: [system service] csrsss.exe
O4 - HKLM\..\RunServices: [system] system32.exe
O4 - HKLM\..\RunServices: [Microsoftvirus] sysoverload.exe
O4 - HKLM\..\RunServices: [PK Services] pksvc.exe
O4 - HKLM\..\RunServices: [Microsoft Security Management] winnt.exe
O4 - HKLM\..\RunServices: [Starting up] wvsvc.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] ndis.exe
O4 - HKLM\..\RunServices: [MP Services] mpsvc.exe
O4 - HKLM\..\RunServices: [*wuauclt.exe] wmsct.exe
O4 - HKLM\..\RunOnce: [window2] host.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Local Service] rundll.exe
O4 - HKCU\..\Run: [USB Device] win32usb.exe
O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe
O4 - HKCU\..\Run: [OEM32 Tools] sres32.exe
O4 - HKCU\..\Run: [starter] scvhosting.exe
O4 - HKCU\..\Run: [Win32 Configuration] videosd32.exe
O4 - HKCU\..\Run: [Sysino] lsess.exe
O4 - HKCU\..\Run: [Windows Timer Update] phqghume.exe
O4 - HKCU\..\Run: [window2] host.exe
O4 - HKCU\..\Run: [Windows Network Controller] mqguard.exe
O4 - HKCU\..\Run: [sp] C:\sp.exe
O4 - HKCU\..\Run: [Microsoftvirus] sysoverload.exe
O4 - HKCU\..\Run: [PK Services] pksvc.exe
O4 - HKCU\..\Run: [Starting up] wvsvc.exe
O4 - HKCU\..\Run: [NDIS Adapter] ndis.exe
O4 - HKCU\..\Run: [MP Services] mpsvc.exe
O4 - HKCU\..\Run: [Raer] C:\Documents and Settings\gabellone\Dati applicazioni\lrit.exe
O4 - HKCU\..\Run: [*wuauclt.exe] wmsct.exe
O4 - HKCU\..\Run: [Harferxv] C:\WINDOWS\System32\??rss.exe
O4 - HKCU\..\RunOnce: [window2] host.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Microsoft Office\Office\1040\OLFSNT40.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.fastweb.it
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1107645784187
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-it/it/games3.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {BB1B5064-1496-4E40-A80D-EFF7C5A953A6} (VacPro.italy_vdem) - http://207.234.185.217/italy_vdem.CAB
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} (HDPluginCtrl Class) - http://dist.belnk.com/4/download/hdplugin_1101_bundle43v5d43.cab
O18 - Filter: text/html - {ACDA6560-5459-41B9-8612-7118B0BBC69D} - C:\Documents and Settings\gabellone\Impostazioni locali\Dati applicazioni\microsoft\internet explorer\V0.26.dat
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVSync Manager - Unknown - C:\Programmi\Network Associates\VirusScan\Avsynmgr.exe
O23 - Service: USB Device - Unknown - C:\WINDOWS\System32\win32usb.exe (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Microsoft Security Subsystem Provider - Unknown - C:\WINDOWS\ntrvs.exe
O23 - Service: McShield - Unknown - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
O23 - Service: Microsoft Support Service - Unknown - C:\WINDOWS\System32\svcmgt.exe (file missing)
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: ZESOFT - Unknown - C:\WINDOWS\zeta.exe

Ciao Jei

il tuo sistema e troppo infetto, procedi come segue

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

3) in modalità provvisoria lancia i programmi AD-AWARE e SPYBOT li puoi scaricare da questo indirizzo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N
se questi trovano pericoli, eliminali e ripeti la scansione fino a che non ti dicono che non ci sono più spyware da eliminare, fra una scansione e l'altra riavvia il computer sempre in modalità provvisoria

4) fai una scansione antivirus

5) dopo aver ripulito il sistema come indicato fai un nuovo log di Hijack e rimandamelo per eliminare eventuali file rimanenti.

---

Collaboratore Aiutamici