Hello.
I will write only about the system which the first log (avptool_syscheck.zip) was made from.
First of all : there are two active antiviruses at your system. You'd better use only one and uninstall the second, or at least disable its monitoring functions ( file monitor, monitor of HTTP traffic, mail checker etc.)
In the second: While executing script you should switch off both of yours antiviruses and, if it's possible, turn off all your network connection (LAN, WI-FI, modem, etc)
Execute script:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('F:\gphone.exe','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\gphone.exe','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\gphone.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\Documents and Settings\admin\cwin.exe','');
QuarantineFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe','');
QuarantineFile('C:\WINDOWS\system32\gphone.exe','');
QuarantineFile('C:\Documents and Settings\admin\Start Menu\Programs\Startup\Startup.exe','');
DeleteFile('C:\Documents and Settings\admin\Start Menu\Programs\Startup\Startup.exe');
BC_DeleteFile('C:\Documents and Settings\admin\Start Menu\Programs\Startup\Startup.exe');
DeleteFile('C:\WINDOWS\system32\gphone.exe');
BC_DeleteFile('C:\WINDOWS\system32\gphone.exe');
DeleteFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe');
BC_DeleteFile('C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Startup.exe');
DeleteFile('C:\Documents and Settings\admin\cwin.exe');
BC_DeleteFile('C:\Documents and Settings\admin\cwin.exe');
DeleteFile('C:\autorun.inf');
BC_DeleteFile('C:\autorun.inf');
DeleteFile('C:\gphone.exe');
BC_DeleteFile('C:\gphone.exe');
DeleteFile('D:\autorun.inf');
BC_DeleteFile('D:\autorun.inf');
DeleteFile('D:\gphone.exe');
BC_DeleteFile('D:\gphone.exe');
DeleteFile('E:\autorun.inf');
BC_DeleteFile('E:\autorun.inf');
DeleteFile('E:\gphone.exe');
BC_DeleteFile('E:\gphone.exe');
DeleteFile('F:\autorun.inf');
BC_DeleteFile('F:\autorun.inf');
DeleteFile('F:\gphone.exe');
BC_DeleteFile('F:\gphone.exe');
BC_Activate;
ExecuteSysClean;
executerepair(1);
executerepair(6);
executerepair(7);
executerepair(8);
executerepair(9);
executerepair(11);
executerepair(16);
executerepair(17);
rebootwindows(true);
end.
After reboot:
- Upload the quarantine over the link http://virusinfo.info/upload_virus_eng.php?tid=37294
- Make new logs (see the rules of "Help me!" section for details) and attach them to your new post in this thread. You shouldn't create a new thread for them - just attach them to your new post here.