Logfile of HijackThis v1.99.1
Scan saved at 17.31.36, on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\Programmi\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Programmi\SpeedFan\speedfan.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\alicetuttoincluso\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 195.244.207.20 www.betway.com
O1 - Hosts: 84.20.193.56 www5.betfair.com
O1 - Hosts: 213.212.72.122 enigma.globet.co.uk
O1 - Hosts: 195.244.216.2 WWW.GAMEBOOKERS.CO.UK
O1 - Hosts: 213.212.82.184 www.globet.tv
O1 - Hosts: 195.72.134.100 www.bwin.com
O1 - Hosts: 213.238.39.35 www.pg24.it
O1 - Hosts: 83.138.175.137 www.betshop.com
O1 - Hosts: 209.200.162.63 www.sportingbet.com
O1 - Hosts: 213.52.217.49 it.sportingbet.com
O1 - Hosts: 62.99.138.61 www.expekt.com
O1 - Hosts: 193.203.227.71 www.betandwin.com
O1 - Hosts: 216.152.164.80 www.pinnaclesports.com
O1 - Hosts: www.swapbets.com www.swapbets.com
O1 - Hosts: 89.187.70.53 www.jokerbets.com
O1 - Hosts: 64.69.65.80 www.casinopokerlasvegas.com
O1 - Hosts: 62.7.228.141 www.eurobet.com
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 203.115.210.212 www.007bets.com
O1 - Hosts: 207.210.235.29 www.007sportsbetting.com
O1 - Hosts: 207.210.235.29 www.07sports.com
O1 - Hosts: 65.36.221.8 www.1001casino.com
O1 - Hosts: 66.199.173.138 www.100kcasino.com
O1 - Hosts: www.101-casino.com www.101-casino.com
O1 - Hosts: 217.205.137.15 www.10bet.com
O1 - Hosts: 216.73.126.55 www.10handpokercasino.com
O1 - Hosts: 69.57.144.67 www.1luckygambler.com
O1 - Hosts: 64.202.189.170 www.1on1footballsportsbetting.com
O1 - Hosts: 64.158.29.134 www.1sportbook.com
O1 - Hosts: 205.234.139.66 www.1st-free-casino-online.com
O1 - Hosts: 64.70.249.150 www.1stlines.com
O1 - Hosts: 213.171.193.23 www.1stonlineinternetcasino.com
O1 - Hosts: 209.5.113.67 www.24caratcasino.com
O1 - Hosts: 213.48.117.163 www.24dogs.com
O1 - Hosts: 217.168.174.80 www.24hbet.com
O1 - Hosts: 217.168.174.32 www.24hpoker.com
O1 - Hosts: 209.200.137.124 www.2betdsi.com
O1 - Hosts: 64.40.109.33 www.4platinumsportsbook.com
O1 - Hosts: 83.138.185.248 www.4sportsbetting.com
O1 - Hosts: 196.40.65.68 www.4sportspicks.com
O1 - Hosts: 205.134.188.244 www.52bet.com
O1 - Hosts: 196.40.24.114 www.5dimes.com
O1 - Hosts: 203.27.227.92 www.7-11-casino.com
O1 - Hosts: 205.234.137.214 www.7onlinecasino.com
O1 - Hosts: 209.200.137.91 www.7palms.com
O1 - Hosts: 213.52.230.222 www.888.com
O1 - Hosts: 217.72.240.204 www.888casino.com
O1 - Hosts: 69.57.144.67 www.888casinoonnet.com
O1 - Hosts: 217.160.150.102 www.888-free-casino-games.com
O1 - Hosts: 217.160.150.102 www.888-online-casino.com
O1 - Hosts: 82.165.163.231 www.88sportsbetting.com
O1 - Hosts: 67.131.69.149 www.abcislands.com
O1 - Hosts: 205.134.188.246 www.acescasino.net
O1 - Hosts: 65.39.234.19 www.acropoliscasinos.com
O1 - Hosts: 80.120.174.220 www.admiralbet.com
O1 - Hosts: 207.139.91.25 www.advantagesportsbetting.com
O1 - Hosts: 217.15.106.34 www.aldocoppolacasino.com
O1 - Hosts: 207.210.235.29 www.allbetsrus.com
O1 - Hosts: 69.90.108.200 www.allprosportsbook.com
O1 - Hosts: 209.51.142.30 www.allsportscasino.com
O1 - Hosts: 64.69.65.202 www.AllSportsMarket.com
O1 - Hosts: 205.134.188.249 www.allstarsportsbook.com
O1 - Hosts: 195.151.143.10 www.allytab.com
O1 - Hosts: 216.40.33.31 www.americancasinoonline.com
O1 - Hosts: 64.37.97.67 www.americas-onlinecasino.com
O1 - Hosts: 203.27.227.92 www.anguilla-casino.com
O1 - Hosts: 69.90.47.118 www.anytimewager.com
O1 - Hosts: 66.235.220.191 www.apexsportsbook.com
O1 - Hosts: 212.56.159.148 www.astrabet.com
O1 - Hosts: 204.174.223.205 www.athomesportsbook.com
O1 - Hosts: 213.146.146.67 www.attheraces.co.uk
O1 - Hosts: 87.86.92.90 www.attheraces.com
O1 - Hosts: 209.51.142.16 www.aztecgaming.com
O1 - Hosts: 66.199.173.138 www.baccaratcasino.com
O1 - Hosts: 217.160.95.49 www.backandlay.com
O1 - Hosts: 204.13.160.129 www.bcbets.com
O1 - Hosts: 205.134.188.246 www.belmontcasino.com
O1 - Hosts: 205.134.188.244 www.bestecasino.com
O1 - Hosts: 201.224.248.54 www.bestlinesports.com
O1 - Hosts: 65.36.221.8 www.best-online-casinos.1001casino.com
O1 - Hosts: 217.168.164.75 www.bestpoker.com
O1 - Hosts: 68.142.79.138 www.bet19.com
O1 - Hosts: 217.168.162.99 www.bet24.com
O1 - Hosts: 62.44.67.152 www.bet247.co.uk
O1 - Hosts: 83.245.54.203 www.Bet365.com
O1 - Hosts: 216.40.33.31 www.betabet.com
O1 - Hosts: 89.151.99.34 www.betandgame.com
O1 - Hosts: 80.243.162.175 www.bet-at-home.com
O1 - Hosts: 64.15.78.40 www.betaustralia.com
O1 - Hosts: 66.48.40.230 www.betbet.com
O1 - Hosts: 216.194.173.58 www.betbuckeyesports.com
O1 - Hosts: 212.100.245.26 www.betbug.com
O1 - Hosts: 212.100.224.208 www.betbutler.com
O1 - Hosts: 217.168.161.19 www.betchance.com
O1 - Hosts: 212.56.134.11 www.betclass.co.uk
O1 - Hosts: 212.56.134.11 www.betclass.net
O1 - Hosts: 212.56.134.11 www.betclassltd.com
O1 - Hosts: 208.112.19.87 www.betcom.com
O1 - Hosts: 209.200.137.124 www.betcris.com
O1 - Hosts: www.betcris.gameaccount.com www.betcris.gameaccount.com
O1 - Hosts: 196.40.69.106 www.Betcsl.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - (no file)
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programmi\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: (no name) - {E2AA098E-7EDC-4BC0-AB6D-1EA5AD974CE5} - (no file)
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O4 - HKLM\..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Programmi\LingoCom\Translator.lnk
O9 - Extra 'Tools' menuitem: LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} - C:\Programmi\LingoCom\Translator.lnk
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: InterCasino Italia - {3543D964-CE64-47E6-B730-152732DAF0E6} - C:\Documents and Settings\alicetuttoincluso\Desktop\InterCasino Italia.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino Italia - {3543D964-CE64-47E6-B730-152732DAF0E6} - C:\Documents and Settings\alicetuttoincluso\Desktop\InterCasino Italia.lnk (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/Chat.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169481685484
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://crazyvegas.microgaming.com/crazyvegas/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F4FE53F-0F59-4A03-8D2E-8B5F92F388C0}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OneCard - C:\Programmi\HPQ\IAM\Bin\AsWlnPkg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwpa32 - winwpa32.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe

Ciao,
chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

<b>disattiva il ripristino configurazione del sistema</b>:
tasto destro sull’icona Risorse del computer >> Proprietà >> Ripristino configurazione di sistema: togli la spunta dal quadratino dove c’è scritto :
<i>disattiva ripristino configurazione di sistema su tutte le unità</i>;

<b>avvia il computer in modalità provvisoria</b>:
riavvia il computer prima che si carichi Windows , premi ripetutamente il tasto F8;

<b>rendi visibili le cartelle nascoste in questo modo</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> le seguente righe:

---

<font color=red>
<b>TUTTE</b> le righe 01
</font id=red>

e inoltre:
<font color=red>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll (file missing)
O2 - BHO: (no name) - {7C24493F-3D23-4258-9426-42C5FC3B8211} - (no file)
O2 - BHO: (no name) - {E2AA098E-7EDC-4BC0-AB6D-1EA5AD974CE5} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll (file missing)
O9 - Extra button: InterCasino Italia - {3543D964-CE64-47E6-B730-152732DAF0E6} - C:\Documents and Settings\alicetuttoincluso\Desktop\InterCasino Italia.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: InterCasino Italia - {3543D964-CE64-47E6-B730-152732DAF0E6} - C:\Documents and Settings\alicetuttoincluso\Desktop\InterCasino Italia.lnk (file missing) (HKCU)
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://crazyvegas.microgaming.com/crazyvegas/FlashAX.cab
O20 - Winlogon Notify: winwpa32 - winwpa32.dll (file missing)
</font id=red>

---

Da Start >> Esegui, incolla la stringa <b>%temp%</b>, dai l'Ok, svuota la cartella <b>temp</b>;

segui il punto <b>1</b> al seguente link:
http://www.microsoft.com/italy/technet/community/mvp/editoriali/spyware.mspx

svuota il cestino;

fai un controllo antivirus a questo indirizzo:
http://security.symantec.com/sscv6/default.asp?productid=globalsitesandlangid=itandvenid=sym
<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
riposta un log aggiornato.

---