comparsa "Internet Connection" (dialer?)

[Deifobe]

Scarica Avenger e SystemScan

Disconnetti il pc da internet
Esegui avenger e nel box bianco copia/incolla:

files to delete:
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\RegClean\RegClean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0S2. EXE
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\McciTrayApp.exe

files to move:
C:\Programmi\D-Tools\bak\daemon.exe | C:\Programmi\D-Tools\daemon.exe
C:\Programmi\MSN Messenger\bak\msnmsgr.exe | C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\RegClean\bak\RegClean.exe | C:\Programmi\RegClean\RegClean.exe
c:\Programmi\Unlocker\bak\UnlockerAssistant.exe | C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\ehome\bak\ehtray.exe | C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\oodtray.exe | C:\WINDOWS\system32\oodtray.exe
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe | C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe | C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Babylon\Babylon-Pro\bak\Babylon.exe | C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
C:\Programmi\Corel\Corel Photo Album 6\bak\MediaDetect.exe | C:\Programmi\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe | C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe | C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe | C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\bak\CTSysVol.exe | C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe | C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe | C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe | C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S 4I0S2.EXE | C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0S2. EXE
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\bak\McciTrayApp.exe | C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\McciTrayApp.exe

Spunta "Automatically disable any rootkits found" e clicca su "execute".
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu. Posta il report rilasciato

Esegui systemscan => clicca su "unselect all" => spunta le opzioni:

- Recent files
- Duplicates in BAK folders
- Registry Run Keys
- Scheduled jobs
- Hidden objects
- Include HOSTS file

clicca su "Scan Now". Finita la scansione, carica il rapporto che trovi sul desktop su Freefilehosting e posta il link ottenuto.
Dovessi aver problemi ad eseguirlo, disattiva l'antivirus ma ricordati di riattivarlo non appena finisce.

[petrovici1995]

dove si trova il box bianco di avenger?

[Deifobe]

eseguilo e incolla tutta la citazione nella spazio bianco

[petrovici1995]

dove si trova
Automatically disable any rootkits found

[Deifobe]

Originariamente inviato da petrovici1995
dove si trova
Automatically disable any rootkits found

nella finestra di avenger.
ti consiglio di eseguire lo script per eliminare il dialer...

[petrovici1995]

ecco il rapporto di avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\ftdxymfo

*******************

Script file located at: \??\C:\WINDOWS\qxaihvdy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\D-Tools\daemon.exe deleted successfully.
File C:\Programmi\RegClean\RegClean.exe deleted successfully.
File C:\WINDOWS\system32\ctfmon.exe deleted successfully.
File C:\Programmi\Alice ti aiuta\SmartBridge\MotiveSB.exe deleted successfully.
File C:\WINDOWS\ehome\ehtray.exe deleted successfully.
File C:\Programmi\Alwil Software\Avast4\ashDisp.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\Corel\Corel Photo Album 6\MediaDetect.exe deleted successfully.
File C:\Programmi\ScanSoft\OmniPageSE\opware32.exe deleted successfully.
File C:\WINDOWS\system32\spool\drivers\w32x86\E_S4I0S2. EXE deleted successfully.
File C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\McciTrayApp.exe deleted successfully.


File C:\Programmi\D-Tools\bak\daemon.exe not found!
File move operation C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe failed!

Could not process line:
C:\Programmi\D-Tools\bak\daemon.exe|C:\Programmi\D-Tools\daemon.exe
Status: 0xc0000034



File C:\Programmi\MSN Messenger\bak\msnmsgr.exe not found!
File move operation C:\Programmi\MSN Messenger\bak\msnmsgr.exe|C:\Programmi\MSN Messenger\msnmsgr.exe failed!

Could not process line:
C:\Programmi\MSN Messenger\bak\msnmsgr.exe|C:\Programmi\MSN Messenger\msnmsgr.exe
Status: 0xc0000034



File C:\Programmi\RegClean\bak\RegClean.exe not found!
File move operation C:\Programmi\RegClean\bak\RegClean.exe|C:\Programm i\RegClean\RegClean.exe failed!

Could not process line:
C:\Programmi\RegClean\bak\RegClean.exe|C:\Programm i\RegClean\RegClean.exe
Status: 0xc0000034



File c:\Programmi\Unlocker\bak\UnlockerAssistant.exe not found!
File move operation c:\Programmi\Unlocker\bak\UnlockerAssistant.exe|C: \Programmi\Unlocker\UnlockerAssistant.exe failed!

Could not process line:
c:\Programmi\Unlocker\bak\UnlockerAssistant.exe|C: \Programmi\Unlocker\UnlockerAssistant.exe
Status: 0xc0000034



File C:\WINDOWS\ehome\bak\ehtray.exe not found!
File move operation C:\WINDOWS\ehome\bak\ehtray.exe|C:\WINDOWS\ehome\e htray.exe failed!

Could not process line:
C:\WINDOWS\ehome\bak\ehtray.exe|C:\WINDOWS\ehome\e htray.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\ctfmon.exe not found!
File move operation C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\syst em32\ctfmon.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\syst em32\ctfmon.exe
Status: 0xc0000034



File C:\WINDOWS\system32\bak\oodtray.exe not found!
File move operation C:\WINDOWS\system32\bak\oodtray.exe|C:\WINDOWS\sys tem32\oodtray.exe failed!

Could not process line:
C:\WINDOWS\system32\bak\oodtray.exe|C:\WINDOWS\sys tem32\oodtray.exe
Status: 0xc0000034



File C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe not found!
File move operation C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Al ice ti aiuta\SmartBridge\MotiveSB.exe failed!

Could not process line:
C:\Programmi\Alice ti aiuta\SmartBridge\bak\MotiveSB.exe|C:\Programmi\Al ice ti aiuta\SmartBridge\MotiveSB.exe
Status: 0xc0000034



File C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe not found!
File move operation C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe failed!

Could not process line:
C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe|C:\Programmi\Alwil Software\Avast4\ashDisp.exe
Status: 0xc0000034



File C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe not found!
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe failed!

Could not process line:
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
Status: 0xc0000034



File C:\Programmi\Babylon\Babylon-Pro\bak\Babylon.exe not found!
File move operation C:\Programmi\Babylon\Babylon-Pro\bak\Babylon.exe|C:\Programmi\Babylon\Babylon-Pro\Babylon.exe failed!

Could not process line:
C:\Programmi\Babylon\Babylon-Pro\bak\Babylon.exe|C:\Programmi\Babylon\Babylon-Pro\Babylon.exe
Status: 0xc0000034



File C:\Programmi\Corel\Corel Photo Album 6\bak\MediaDetect.exe not found!
File move operation C:\Programmi\Corel\Corel Photo Album 6\bak\MediaDetect.exe|C:\Programmi\Corel\Corel Photo Album 6\MediaDetect.exe failed!

Could not process line:
C:\Programmi\Corel\Corel Photo Album 6\bak\MediaDetect.exe|C:\Programmi\Corel\Corel Photo Album 6\MediaDetect.exe
Status: 0xc0000034



File C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe not found!
File move operation C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe|C :\Programmi\Macrogaming\SweetIM\SweetIM.exe failed!

Could not process line:
C:\Programmi\Macrogaming\SweetIM\bak\SweetIM.exe|C :\Programmi\Macrogaming\SweetIM\SweetIM.exe
Status: 0xc0000034



File C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe not found!
File move operation C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe|C:\Programmi \Microsoft Office\Office12\GrooveMonitor.exe failed!

Could not process line:
C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe|C:\Programmi \Microsoft Office\Office12\GrooveMonitor.exe
Status: 0xc0000034



File C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe not found!
File move operation C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe failed!

Could not process line:
C:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe|C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
Status: 0xc0000034



File C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe not found!
File move operation C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe| C:\Programmi\ScanSoft\OmniPageSE\opware32.exe failed!

Could not process line:
C:\Programmi\ScanSoft\OmniPageSE\bak\opware32.exe| C:\Programmi\ScanSoft\OmniPageSE\opware32.exe
Status: 0xc0000034



File C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe not found!
File move operation C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Re ader 8.0\Reader\Reader_sl.exe failed!

Could not process line:
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Re ader 8.0\Reader\Reader_sl.exe
Status: 0xc0000034



File C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\bak\CTSysVol.exe not found!
File move operation C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\bak\CTSysVol.exe|C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe failed!

Could not process line:
C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\bak\CTSysVol.exe|C:\Programmi\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe not found!
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\Fi le comuni\Ahead\Lib\NeroCheck.exe failed!

Could not process line:
C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\Fi le comuni\Ahead\Lib\NeroCheck.exe
Status: 0xc0000034



File C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe not found!
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C :\Programmi\File comuni\InstallShield\UpdateService\issch.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\bak\issch.exe|C :\Programmi\File comuni\InstallShield\UpdateService\issch.exe
Status: 0xc0000034



File C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe not found!
File move operation C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe| C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe failed!

Could not process line:
C:\Programmi\File comuni\InstallShield\UpdateService\bak\isuspm.exe| C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S 4I0S2.EXE not found!
File move operation C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S 4I0S2.EXE|C:\WINDOWS\system32\spool\drivers\w32x86 \E_S4I0S2.EXE failed!

Could not process line:
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S 4I0S2.EXE|C:\WINDOWS\system32\spool\drivers\w32x86 \E_S4I0S2.EXE
Status: 0xc0000034



File C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\bak\McciTrayApp.exe not found!
File move operation C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\bak\McciTrayApp.exe|C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\McciTrayApp.exe failed!

Could not process line:
C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\bak\McciTrayApp.exe|C:\Programmi\Alice ti aiuta\vendors\AliceRE\content\template\driven_dev\ syncer\McciTrayApp.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.

[Deifobe]

non sono stati trovati i files nelle cartelle bak. Ora le cose sono due:
1) hai per caso eseguito, non so, qualche altra scansione per fatti tuoi?
2) avevi per caso già eseguito (o lo hai eseguito due volte) lo script? Mi auguro di no, altrimenti prima hai rimesso a posto i files e dopo hai eliminato gli originali.

[petrovici1995]

quindi ora cosa dovrei fare ?