Ciao, Alfonso, innanzitutto grazie mille per tutti i tuoi consigli, senza di te non sapremo cosa fare. Ora ho un problema da sottoporti.
Il computer appena collego il cavo di internet apre da solo tantissime pagine internet e si impalla tutto. Ho scaricato Ad-Aware e Spybot, poi ho anche Norton Antivirus 2005, ho fatto la scansione di tutto ma mi segnala che alcune minacce non riesce ad eliminarle. Ora ti invio il LOG e spero che tu mi possa aiutare. In attesa di una tua risposta...Grazie Mille...CIAO!!!



Logfile of HijackThis v1.99.1
Scan saved at 4.26.09, on 01/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\wystcl.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\System32\WebSyncSvc.exe
C:\WINDOWS\System32\cmrs32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\System32\MSNSRV32.exe
C:\Programmi\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Programmi\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Preview AdService\PrevAdKeep.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\qvfauve.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\WINDOWS\explorer.exe
C:\Programmi\ISTsvc\istsvc.exe
C:\Program Files\Internet Optimizer\optimize.exe
c:\programmi\180solutions\sais.exe
C:\Programmi\Web_Rebates\WebRebates1.exe
C:\Programmi\Web_Rebates\WebRebates0.exe
C:\Program Files\Preview AdService\PrevAdServ.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\temp\NCASEP~1.EXE
C:\temp\NCASEP~1.EXE
C:\temp\NCASEP~1.EXE
C:\Documents and Settings\Marco\Impostazioni locali\Temp\Directory temporanea 3 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=158290
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=158290
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.fastweb.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=158290
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programmi\SideFind\sfbho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [HPWebSync] WebSyncSvc.exe
O4 - HKLM\..\Run: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [*Microsoft Update] wystcl.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKLM\..\Run: [If4ECLse] C:\WINDOWS\qvfauve.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programmi\180solutions\sais.exe
O4 - HKLM\..\Run: [otahmlmz] C:\WINDOWS\otahmlmz.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmi\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunServices: [HPWebSync] WebSyncSvc.exe
O4 - HKLM\..\RunServices: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wystcl.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Marco\IMPOST~1\Temp\djtopr1150.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [HPWebSync] WebSyncSvc.exe
O4 - HKCU\..\Run: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKCU\..\Run: [*Microsoft Update] wystcl.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKCU\..\RunServices: [HPWebSync] WebSyncSvc.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Programmi\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates - file://C:\Programmi\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wystcl.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: ptssvc - KODAK - C:\Programmi\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.couldnotfind.com/search_page.html?&account_id=158290
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.couldnotfind.com/search_page.html?&account_id=158290
-
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=158290
-
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll
-
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Programmi\SideFind\sfbho.dll
-
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRA~1\ISTbar\istbar.dll
-
O4 - HKLM\..\Run: [HPWebSync] WebSyncSvc.exe
O4 - HKLM\..\Run: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKLM\..\Run: [Preview AdService] C:\Program Files\Preview AdService\PrevAdServ.exe
O4 - HKLM\..\Run: [*Microsoft Update] wystcl.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKLM\..\Run: [If4ECLse] C:\WINDOWS\qvfauve.exe
-
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [sais] c:\programmi\180solutions\sais.exe
O4 - HKLM\..\Run: [otahmlmz] C:\WINDOWS\otahmlmz.exe
O4 - HKLM\..\Run: [Power Scan] C:\Programmi\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Programmi\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\RunServices: [HPWebSync] WebSyncSvc.exe
O4 - HKLM\..\RunServices: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKLM\..\RunServices: [*Microsoft Update] wystcl.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKLM\..\RunOnce: [djtopr1150.exe] "C:\DOCUME~1\Marco\IMPOST~1\Temp\djtopr1150.exe"
-
O4 - HKCU\..\Run: [HPWebSync] WebSyncSvc.exe
O4 - HKCU\..\Run: [MS CMRS32 Protocol] cmrs32.exe
O4 - HKCU\..\Run: [*Microsoft Update] wystcl.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] MSNSRV32.exe
O4 - HKCU\..\RunServices: [HPWebSync] WebSyncSvc.exe
-
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Programmi\SideFind\sidefind.dll
-
O23 - Service: *Microsoft Update - Unknown owner - C:\WINDOWS\System32\wystcl.exe
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
nem220.dll
WebSyncSvc.exe
PrevAdServ.exe
wystcl.exe
MSNSRV32.exe
qvfauve.exe
istsvc.exe
optimize.exe
sais.exe
otahmlmz.exe
powerscan.exe
WebRebates0.exe
WebSyncSvc.exe
cmrs32.exe
==================================

Svuota la cartella C:\DOCUME~1\Marco\IMPOST~1\Temp

Elimina le cartelle in rosso elencate qui sotto con tutto il suo contenuto:
C:\Programmi\<b><font color=red>SideFind</b></font id=red>
C:\PROGRA~1\<b><font color=red>ISTbar</b></font id=red>
C:\Program Files\<b><font color=red>Preview AdService</b></font id=red>
C:\Program Files\<b><font color=red>Internet Optimizer</b></font id=red>
c:\programmi\<b><font color=red>180solutions</b></font id=red>
C:\Programmi\<b><font color=red>Power Scan</b></font id=red>
C:\Programmi\<b><font color=red>Web_Rebates</b></font id=red>

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

---

Collaboratore Aiutamici