Mi rivolgo a vuoi perché non riesco a risolvere i problemi creati dai virus bagle.fz e bagle.fm che mi hanno bloccato l’antivirus, l’antispy, gli aggiornamenti di Windows e il riavvio in modalità provvisoria.
Per primo ho usato i tools dedicati della Symantec e di Mcafee che non si sono rivelati soddisfacenti. Puoi ho usato Avenger con lo script del virus bagle comparso il 14/08/2007. Dopo l'uso di quest'ultimo mi è stato possibile reinstallare l’antivirus e l’antispy e riattivare gli aggiornamenti di windows pero riscontro ancora i due seguenti problemi:
- il processo mcshield.exe dell'antivirus sta usando 90% del CPU rendendo inutilizzabile il PC
- non si riesco ancora ad entrare in modalità provvisoria
Spero qualcuno mi possa aiutare oppure dovrò optare per la riformattazione
Allego i vari log che possono essere utili:
- della scansione on line di Kaspersky
- di Highjackthis
- di Gmer
- di Avenger
Sunday, December 02, 2007 7:47:42 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/12/2007
Kaspersky Anti-Virus database records: 470293
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
N:\
O:\
V:\
W:\
X:\
Y:\
Z:\
Scan Statistics
Total number of scanned objects 232006
Number of viruses found 6
Number of infected objects 73
Number of suspicious objects 0
Duration of the scan process 03:45:32
Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet\adobe_00080000_tsf.data Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Adobe\Bridge CS3\BridgeLog.txt Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Adobe\Bridge CS3\Cache\data\Victor.err Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\call256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\call512.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chat512.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\index2.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\profile16384.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\sms256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user1024.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user16384.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\user4096.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\Skype\j.b.gantier\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v1.1b.[k]eymaker.Only-ACME.[c]rack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.Keymaker-ACME.crack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip/KeyGeN.exe Infected: Trojan.Win32.Agent.acw skipped
C:\Documents and Settings\Claudia Cubi\Documenti\7 - JB\UTILITA\Palm\A.Plus.Calc.v2.0.Incl.[k]eymaker-ACME.[c]rack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\webmediaplayer_setup.exe Infected: Trojan-Dropper.Win32.Agent.cjm skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\alm.log Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\amt.log Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\hsperfdata_ClaudiaCubi\2900 Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\Perflib_Perfdata_16c0.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temp\~DFA60B.tmp Object is locked skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab/website.dll Infected: Trojan-Downloader.Win32.Agent.bls skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\GTSUWMI1\website[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\HENEC7UH\inde[1].htm Infected: Trojan-Downloader.JS.Psyme.jf skipped
C:\Documents and Settings\Claudia Cubi\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Claudia Cubi\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Claudia Cubi\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Programmi\File comuni\Adobe\Adobe PCD\cache\cache.db Object is locked skipped
C:\Programmi\File comuni\Adobe\Adobe PCD\pcd.db Object is locked skipped
C:\Programmi\File comuni\Adobe\caps\caps.db Object is locked skipped
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe Object is locked skipped
C:\Programmi\iPass\iPassConnect Tin.it\log\Agent.log Object is locked skipped
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP23\A0003420.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP23\A0003422.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP24\A0003458.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP24\A0003463.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003593.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003595.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003599.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003605.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP26\A0003610.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP27\A0003618.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP27\A0003619.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP29\A0003765.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP29\A0003766.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003776.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003777.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003787.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003788.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP30\A0003792.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP31\A0003865.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP31\A0003869.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003920.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003924.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003931.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP35\A0003934.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004017.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004021.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004024.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004029.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004030.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004035.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004075.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004077.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP36\A0004082.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004153.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004158.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004164.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004168.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004235.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004236.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004244.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004245.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP37\A0004250.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004326.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004327.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004328.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004329.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004330.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004331.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004332.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004333.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004334.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004335.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004345.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004399.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004405.exe Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP38\A0004412.sys Infected: Trojan-Downloader.Win32.Bagle.fm skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP39\A0004471.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\System Volume Information\_restore{0DC1D68C-5176-4E54-8CE3-DB125548CFA2}\RP40\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\CSC\00000002 Object is locked skipped
C:\WINDOWS\CSC\00000003 Object is locked skipped
C:\WINDOWS\CSC\d1\00002978 Object is locked skipped
C:\WINDOWS\CSC\d2\00000011 Object is locked skipped
C:\WINDOWS\CSC\d3\00000012 Object is locked skipped
C:\WINDOWS\CSC\d3\000005CA Object is locked skipped
C:\WINDOWS\CSC\d3\00001A22 Object is locked skipped
C:\WINDOWS\CSC\d4\00000073 Object is locked skipped
C:\WINDOWS\CSC\d5\0000001C Object is locked skipped
C:\WINDOWS\CSC\d6\00003D15 Object is locked skipped
C:\WINDOWS\CSC\d7\00000D7E Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\exefld\32243203.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\WINDOWS\exefld\55229175.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\WINDOWS\exefld\69656991.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\WINDOWS\exefld\73270707.exe Infected: Trojan-Downloader.Win32.Bagle.fz skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_930.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.
Logfile of HijackThis v1.99.1
Scan saved at 8.49.28, on 26/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Widcomm\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\iPass\iPassConnect Tin.it\iPCAgent.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
C:\Programmi\Widcomm\Bluetooth Software\BTTray.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\PerSono\perstray.exe
C:\Programmi\USB Sharing\usbshare.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Claudia Cubi\Documenti\Utilità\Hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LManager] C:\Programmi\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Programmi\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Programmi\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hidr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Claudia Cubi\Dati applicazioni\m\flec006.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Perstray.lnk = ?
O4 - Global Startup: USB Sharing.lnk = ?
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Widcomm\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9086843680
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9119768256
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = smallbusiness.local
O17 - HKLM\Software\..\Telephony: DomainName = smallbusiness.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = smallbusiness.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\Widcomm\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPassConnectEngine - iPass - C:\Programmi\iPass\iPassConnect Tin.it\iPassConnectEngine.exe
O23 - Service: iPCAgent - iPass, Inc. - C:\Programmi\iPass\iPassConnect Tin.it\iPCAgent.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Unknown owner - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe (file missing)
GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-26 09:42:54
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.13 ----
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
---- Devices - GMER 1.0.13 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8675F1E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8675F1E8
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F76303D4] SymSnap.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [AA0E7500] naiavf5x.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [AA0E7500] naiavf5x.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F7252860] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F7B41B7E] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F7B41D8C] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F7B4299A] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F7B41AF6] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F7B432C8] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7B43086] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F7B41AB2] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F7B43CD4] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F7B43790] mouclass.sys
---- Modules - GMER 1.0.13 ----
Module _________ F765E000-F7676000 (98304 bytes)
---- EOF - GMER 1.0.13 ----
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fuypppky
*******************
Script file located at: \??\C:\WINDOWS\system32\qcycjfep.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\hidr.exe deleted successfully.
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe not found!
Deletion of file C:\WINDOWS\system32\wintems.exe failed!
Could not process line:
C:\WINDOWS\system32\wintems.exe
Status: 0xc0000034
File C:\WINDOWS\system32\hldrrr.exe not found!
Deletion of file C:\WINDOWS\system32\hldrrr.exe failed!
Could not process line:
C:\WINDOWS\system32\hldrrr.exe
Status: 0xc0000034
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
Folder C:\WINDOWS\exefnd not found!
Deletion of folder C:\WINDOWS\exefnd failed!
Could not process line:
C:\WINDOWS\exefnd
Status: 0xc0000034
Folder C:\WINDOWS\exefld deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\pci32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\pci32
Status: 0xc0000034
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32 failed!
Could not process line:
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.