Grazie BilloKenobi, sei grande!
Ho fatto tutto il procedimento che mi hai indicato perfettamente, ecco il log file di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\ubqywuds
*******************
Script file located at: \??\C:\nehodybt.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Registry key HKLM\system\controlset003\services\SrvYgo deleted successfully.
File C:\WINDOWS\system32\nul.orr deleted successfully.
Registry value HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|R00tkit_File deleted successfully.
Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t\BQLVPbByTjIcMFhwP not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserLis t\BQLVPbByTjIcMFhwP failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Rispondi quotando