Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\huxvjxwm
*******************
Script file located at: \??\C:\WINDOWS\system32\hvyknbhr.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\WINDOWS\stsystra.exe deleted successfully.
Could not open file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe failed!
Could not process line:
C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe
Status: 0xc0000033
Could not open file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\rosa.sys for deletion
Deletion of file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\rosa.sys failed!
Could not process line:
C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\rosa.sys
Status: 0xc0000033
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
Could not open file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys failed!
Could not process line:
C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\m_hook.sys
Status: 0xc0000033
Could not open file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe for deletion
Deletion of file C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe failed!
Could not process line:
C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires\hidr.exe
Status: 0xc0000033
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Could not open folder C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires for deletion
Deletion of folder C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires failed!
Could not process line:
C:\Documents and Settings\C:\Documents and Settings\stefano\Dati applicazioni\hidires
Status: 0xc0000033
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRO SA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI 32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\rosa failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\rosa
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ros a not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ros a failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ros a
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_H OOK not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_H OOK failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_H OOK
Status: 0xc0000034
Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |hldrr
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run |hldrr failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Rispondi quotando