Grazie del suggerimento, ho risolto il problema.
Logfile of HijackThis v1.97.7
Scan saved at 21.58.17, on 22/07/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDO33\System32\smss.exe
C:\WINDO33\system32\winlogon.exe
C:\WINDO33\system32\services.exe
C:\WINDO33\system32\lsass.exe
C:\WINDO33\system32\svchost.exe
C:\WINDO33\System32\svchost.exe
C:\WINDO33\system32\spoolsv.exe
C:\WINDO33\Explorer.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
C:\Programmi\Microsoft Office\Office\WINWORD.EXE
D:\HijackThis\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O1 - Hosts: 213.212.82.185
www.globet.comO1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 213.212.82.180
www.globetgames.comO1 - Hosts: 213.212.72.119 livehelp.globet.com
O1 - Hosts: 213.212.72.116
www.fulltimescore.comO1 - Hosts: 195.244.199.72
www.globetcasino.comO1 - Hosts: 195.244.199.73 auth.globetcasino.com
O1 - Hosts: 195.244.199.75
www.globetvip.comO1 - Hosts: 213.212.82.184
www.globet.tvO2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {1DE38CF5-DC2A-B997-A62B-9F525ABD7E6A} - C:\WINDO33\nhlbx1.dll (file missing)
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{061D529D-F727-4BE4-B977-95774526B41D}: NameServer = 213.205.36.70 213.205.32.70
mitFraudFix v2.74
Scan done at 21.47.35,79, 22/07/2006
Run from D:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"coursings"="{f8d02387-789a-4c0f-a1d8-8a93f33ee4df}"
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
C:\WINDO33\System32\yephk.dll ->
C:\WINDO33\System32\yephk.dll -> Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDO33\system32\ishost.exe Deleted
C:\WINDO33\system32\ismon.exe Deleted
C:\WINDO33\system32\isnotify.exe Deleted
C:\WINDO33\system32\components\flx?.dll Deleted
C:\Programmi\SpyQuake2.com\ Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End