dialer.8.U e c:\spad

**bibita** · 03-06-2004, 14:35

salve a tutti ho un problema o forse due:

mi si creano nella cartella c:\windows\temp dei file .dat (a volte poji.dat, a volte ibcp.dat o llng.dat) che tentano di connettersi alla rete (sygate li blocca) e sul desktop l'icona "default".
Come antivirus ho AVG che mi ha trovato Trojan horse dialer.8.U e lo elimina ma il problema si ripresenta.
Inoltre a volte mi si crea la cartella C:\spad che contiene un file .htm che mi viene impostato come pagina iniziale di explorer oppure improvvisamente mentre navigo questa pagina viene caricata ma non sempre è la stessa (myexexex.com).
Ad Aware e spybot non trovano nulla.
Ho provato con Hijackthis e ho eliminato le righe riguardanti questo spad e myexexex e ho poi eliminato tutte le chiavi di registro modificate (almeno credo), svuotato la cartella temp e i file emporanei ma dopo un po ricominciava tutto da capo.
In questo momento il problema spad non c'è mentre è presente il problema dialer probabilmente sono due cose diverse

:
Qualcuno mi può aiutare

:
Questo è il log di Hijack

Logfile of HijackThis v1.97.7
Scan saved at 14.18.44, on 03/06/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARMON32A.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\VIEWPORT.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAMMI\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\MSSQL7\BINN\SQLMANGR.EXE
C:\PROGRAMMI\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOCUMENTI\ANDREA\PROGRAMMI\SICUREZZA\HJT\HIJACK THIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tiscali.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.tiscali.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMMI\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARMon32a.exe"
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\webcheck.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRAMMI\FLASHGET\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRAMMI\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O13 - FTP Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...053.5655092593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07d8d192...dxIE601_it.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab

**amvinfe** · 03-06-2004, 18:08

Apri HJT fai lo scan e metti la spunta al fianco delle seguenti voci, chiudi tutte le applicazioni, broswer compreso e clicca su Fix checked:

O4 - HKCU\..\Run: [System Update] C:\WINDOWS\System\webcheck.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/07d8d19...RdxIE601_it.cab

Riavvia in modalità provvisoria ed elimina

C:\WINDOWS\System\webcheck.exe <=== il file

Posta un nuovo Log

**bibita** · 03-06-2004, 20:01

Grazie amvinfe,
in effetti avevo notato anch'io quel webcheck e dopo una piccola ricerchina l'avevo subito eliminato però il webcheck.exe non c'è,
c'è un webcheck.dll in windows\system e un webcheck.lgc nella cartella windows\applog.Li devo eliminare?
Per ora non ho più avuto problemi.
Comunque questo è il nuovo log (ho tolto anche l'altra voce che mi hai segnalato):

Logfile of HijackThis v1.97.7
Scan saved at 19.52.12, on 03/06/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARMON32A.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DESK98.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\VIEWPORT.EXE
C:\PROGRAMMI\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\PROGRAMMI\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\MSSQL7\BINN\SQLMANGR.EXE
C:\PROGRAMMI\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE
C:\PROGRAMMI\REAL\REALPLAYER\REALPLAY.EXE
C:\DOCUMENTI\ANDREA\PROGRAMMI\SICUREZZA\HJT\HIJACK THIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.tiscali.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.tiscali.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.tiscali.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMMI\FLASHGET\JCCATCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\FGIEBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [HydarVisionDesktopManager] desk98.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HydraVisionViewport] viewport.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAMMI\VISUAL IP INSIGHT\ITALY\ARMon32a.exe"
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRAMMI\SYGATE\SPF\SMC.EXE
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Service Manager.lnk = C:\MSSQL7\Binn\sqlmangr.exe
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: DSLMON.lnk = C:\Programmi\SAGEM\SAGEM F@st 800-840\dslmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRAMMI\FLASHGET\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRAMMI\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: MSN Messenger Service (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKLM)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKLM)
O9 - Extra button: Microsoft® JavaScript® Console (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console (HKCU)
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O13 - FTP Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...053.5655092593
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab

**amvinfe** · 03-06-2004, 22:08

webcheck.dll in windows\system è legittimo
elimina webcheck.lgc in windows\applog

**bibita** · 04-06-2004, 11:43

niente da fare, c'è ancora
ho fatto controllare uno di questi file dat da alcuni antivirus online e l'unico che mi trova qualcosa è il kaspersky che però è solo di rilevazione e mi dice Trojan.Win32.Dialer.bh mentre avg diceva Trojan dialer.8.U

**bibita** · 04-06-2004, 11:55

Pestpatrol online mi rileva anche CWS.GoogleMS.3 in HKCU\software\microsoft\windows\currentversion\int ernetsetting\zonemap\domains\xxxtoolbars.com
ma cos'è la toolbar di google è uno spyware? o è qualcos'altro?

**amvinfe** · 04-06-2004, 23:52

vai in Rilievo -links utili- scarica CWShredder chiudi tutte le applicazioni, browser compreso aprilo e clicca su Fix. Riavvia.
Posta un nuovo Log di HJT

**bibita** · 05-06-2004, 14:09

Allora Amvinfe, innanzitutto grazie per l'aiuto,
dunque sembra che il problema della pagina iniziale di explorer sia stato eliminato con il webcheck mentre l'altro c'è ancora.
cwshredder l'avevo gà provato ma non mi trova niente
ho notato che i file dat che tentano di uscire dal computer cerchino di farlo sempre sulla porta 8090 mentre il collegamento "default" sul desktop è un collegamento alla pagina internet [url]http://www.casinopalazzo.com/index.php?sourceid=101969
che posso fare? non è un problema grave però un po noioso

ciao

**bibita** · 05-06-2004, 17:50

Ah, il collegamento sul desktop ha come destinazione il file IEXPLORE.EXE della cartella C:\Programmi\Internet Explorer\iexplore.exe che però credo sia legittimo o no?

**amvinfe** · 06-06-2004, 10:04

fai una scansione con AdAware (aggiornato) a fine scansione clicca su "Mostra logfile" e posta il risultato.

Discussione: dialer.8.U e c:\spad

Strumenti discussione

Ricerca discussione

Visualizza

dialer.8.U e c:\spad

Permessi di invio