Il virus si trova in C:\WINDOWS\service.dll
IL suo nome è BACKDOOR:TROJAN
e questo è il log aggiornato come da richiesta :
Logfile of HijackThis v1.99.1
Scan saved at 0.47.33, on 21/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\VIAudioi\SBADeck\ADeck.exe
C:\Programmi\Cloanto\Calculator\calculator.exe
C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Dati applicazioni\citofarera\sysstvmr.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\Documents and Settings\Administrator\Desktop\CountDown\CountDown.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Documents and Settings\Administrator\Documenti\Non cancellare programmi utili in caso di problemi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://gw.aliceadsl.it/homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://gw.aliceadsl.it/homeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,,C:\WINDOWS\SERVICES.EXE
O1 - Hosts: 127.0.0.3
www.onedayoffer.bizO1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3
www.callmachine.netO1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3
www.reportbucks.comO1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3
www.isuckall.comO1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3
www.wbdialer.bizO1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3
www.alphadialer.comO1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3
www.it.online-more.comO1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3
www.statscash.netO1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3
www.takeyourbucks.comO1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3
www.iframebiz.bizO1 - Hosts: 127.0.0.3
www.iframeurl.bizO1 - Hosts: 127.0.0.3
www.iframesite.bizO1 - Hosts: 127.0.0.3
www.toolbarbiz.bizO1 - Hosts: 127.0.0.3
www.toolbarsite.bizO1 - Hosts: 127.0.0.3
www.toolbarurl.bizO1 - Hosts: 127.0.0.3
www.toolbartraff.bizO1 - Hosts: 127.0.0.3
www.buytoolbar.bizO1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3
www.sexfiles.nuO1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3
www.allforadult.comO1 - Hosts: 127.0.0.3
www.iframe.bizO1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3
www.procounter.bizO1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3
www.advadmin.bizO1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3
www.trafficbest.netO1 - Hosts: 127.0.0.3
www.newiframe.bizO1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3
www.vesbiz.bizO1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3
www.pizdato.bizO1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3
www.aaasexypics.comO1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3
www.virgin-tgp.netO1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3
www.vparivalka.comO1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3
www.iframeprofit.comO1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3
www.awmcash.bizO1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3
www.buldog-stats.comO1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3
www.slutmania.bizO1 - Hosts: 127.0.0.3 toolbarpartner.com
O1 - Hosts: 127.0.0.3
www.toolbarpartner.comO1 - Hosts: 127.0.0.3
www.megapornix.comO1 - Hosts: 127.0.0.3 megapornix.com
O1 - Hosts: 127.0.0.3
www.sp2fucked.bizO1 - Hosts: 127.0.0.3 sp2fucked.biz
O1 - Hosts: 127.0.0.3 greg-tut.com
O1 - Hosts: 127.0.0.3
www.greg-tut.comO1 - Hosts: 127.0.0.3 nylonsexy.com
O1 - Hosts: 127.0.0.3
www.nylonsexy.comO1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3
www.topsearch10.comO1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3
www.statscash.bizO1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3
www.vxiframe.bizO1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3
www.crazy-toolbar.comO1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3
www.topcash.bizO1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3
www.loadcash.bizO1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3
www.txiframe.bizO1 - Hosts: 127.0.0.3 besthvac.com
O1 - Hosts: 127.0.0.3
www.besthvac.comO1 - Hosts: 127.0.0.3 traff4.com
O1 - Hosts: 127.0.0.3
www.traff4.comO1 - Hosts: 127.0.0.3 porn-host.org
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AudioDeck] C:\Programmi\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [CloantoCalculator] "C:\Programmi\Cloanto\Calculator\calculator.exe" /s
O4 - HKLM\..\Run: [CloantoSoftwareManager] "C:\Programmi\File comuni\Cloanto\Software Manager\softmngr.exe" /s
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioeua] C:\Documents and Settings\Administrator\Dati applicazioni\citofarera\sysstvmr.exe
O4 - Startup: CountDown.lnk = C:\Documents and Settings\Administrator\Desktop\CountDown\CountDown.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Programmi\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone:
www.1987324.comO15 - Trusted Zone:
www.otherchance.comO15 - Trusted Zone:
www.sgrunt.bizO15 - Trusted Zone:
www.softlab.nameO15 - Trusted Zone:
www.xxx-content.nameO16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cabO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe