Virus affected PC

[myth7784]

help!!!
its very slow

[Rene-gad]

Switch off/disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 TerminateProcessByName('c:\windows\system32\iexplorer.exe');
 TerminateProcessByName('c:\windows\system32\28463\svchost.exe');
 StopService('zbpreelh');
 StopService('yjslqem');
 StopService('ygfee');
 StopService('yenaolvwo');
 StopService('wsjabkl');
 StopService('woeqokn');
 StopService('vwhnmn');
 StopService('vmypyswoz');
 StopService('uwlegc');
 StopService('tapicMsaid');
 StopService('qhksqvzg');
 StopService('ppvqbua');
 StopService('ogfycwh');
 StopService('ocwwg');
 StopService('mwpptvg');
 StopService('mwmrq');
 StopService('mbgjw');
 StopService('lzfvvii');
 StopService('luaoidcp');
 StopService('lngayq');
 StopService('kodeg');
 StopService('jjtqv');
 StopService('ifohis');
 StopService('haimln');
 StopService('gqctc');
 StopService('gfwpicj');
 StopService('fvualvng');
 StopService('ftfpr');
 StopService('enqwovfd');
 StopService('ehjpbadq');
 StopService('cqlntuwy');
 StopService('bzoiuest');
 StopService('bnhxbk');
 StopService('bcugjf');
 StopService('augyl');
 StopService('afwzufe');
 StopService('32731');
 StopService('23287');
 QuarantineFile('C:\WINDOWS\system32\yaskrpc.exe','');
 QuarantineFile('c:\windows\system32\olsdzs.dll','');
 QuarantineFile('C:\WINDOWS\system32\mstask.dll','');
 QuarantineFile('c:\windows\system32\iexplorer.exe','');
 QuarantineFile('c:\windows\system32\28463\svchost.exe','');
 QuarantineFile('C:\WINDOWS\system32\03.tmp','');
 QuarantineFile('C:\WINDOWS\system32\02.tmp','');
 QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\89964834\32731.sys','');
 QuarantineFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\03704283\23287.sys','');
 DeleteService('zbpreelh');
 DeleteService('yjslqem');
 DeleteService('ygfee');
 DeleteService('yenaolvwo');
 DeleteService('wsjabkl');
 DeleteService('woeqokn');
 DeleteService('vwhnmn');
 DeleteService('vmypyswoz');
 DeleteService('uwlegc');
 DeleteService('tapicMsaid');
 DeleteService('qhksqvzg');
 DeleteService('ppvqbua');
 DeleteService('ogfycwh');
 DeleteService('ocwwg');
 DeleteService('mwpptvg');
 DeleteService('mwmrq');
 DeleteService('mbgjw');
 DeleteService('lzfvvii');
 DeleteService('luaoidcp');
 DeleteService('lngayq');
 DeleteService('kodeg');
 DeleteService('jjtqv');
 DeleteService('ifohis');
 DeleteService('haimln');
 DeleteService('gqctc');
 DeleteService('gfwpicj');
 DeleteService('fvualvng');
 DeleteService('ftfpr');
 DeleteService('enqwovfd');
 DeleteService('ehjpbadq');
 DeleteService('cqlntuwy');
 DeleteService('bzoiuest');
 DeleteService('bnhxbk');
 DeleteService('bcugjf');
 DeleteService('augyl');
 DeleteService('afwzufe');
 DeleteService('32731');
 DeleteService('23287');
 DeleteFile('C:\WINDOWS\system32\yaskrpc.exe');
 DeleteFile('c:\windows\system32\olsdzs.dll');
 DeleteFile('c:\windows\system32\iexplorer.exe');
 DeleteFile('c:\windows\system32\28463\svchost.exe');
 DeleteFile('C:\WINDOWS\system32\03.tmp');
 DeleteFile('C:\WINDOWS\system32\02.tmp');
 DeleteFile('C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\89964834\32731.sys');
 DeleteFile('C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\03704283\23287.sys');
 DelBHO('{FE063DB9-4EC0-403e-8DD8-394C54984B2C}');
 DelBHO('{FE063DB1-4EC0-403e-8DD8-394C54984B2C}');
BC_ImportAll;
ExecuteSysClean;
 BC_DeleteSvc('zbpreelh');
 BC_DeleteSvc('yjslqem');
 BC_DeleteSvc('ygfee');
 BC_DeleteSvc('yenaolvwo');
 BC_DeleteSvc('wsjabkl');
 BC_DeleteSvc('woeqokn');
 BC_DeleteSvc('vwhnmn');
 BC_DeleteSvc('vmypyswoz');
 BC_DeleteSvc('uwlegc');
 BC_DeleteSvc('tapicMsaid');
 BC_DeleteSvc('qhksqvzg');
 BC_DeleteSvc('ppvqbua');
 BC_DeleteSvc('ogfycwh');
 BC_DeleteSvc('ocwwg');
 BC_DeleteSvc('mwpptvg');
 BC_DeleteSvc('mwmrq');
 BC_DeleteSvc('mbgjw');
 BC_DeleteSvc('lzfvvii');
 BC_DeleteSvc('luaoidcp');
 BC_DeleteSvc('lngayq');
 BC_DeleteSvc('kodeg');
 BC_DeleteSvc('jjtqv');
 BC_DeleteSvc('ifohis');
 BC_DeleteSvc('haimln');
 BC_DeleteSvc('gqctc');
 BC_DeleteSvc('gfwpicj');
 BC_DeleteSvc('fvualvng');
 BC_DeleteSvc('ftfpr');
 BC_DeleteSvc('enqwovfd');
 BC_DeleteSvc('ehjpbadq');
 BC_DeleteSvc('cqlntuwy');
 BC_DeleteSvc('bzoiuest');
 BC_DeleteSvc('bnhxbk');
 BC_DeleteSvc('bcugjf');
 BC_DeleteSvc('augyl');
 BC_DeleteSvc('afwzufe');
 BC_DeleteSvc('32731');
 BC_DeleteSvc('23287');
BC_Activate;
RebootWindows(true);
end.

After reboot:

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat 3 log files in accordance with the rules.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine over the link Upload quarantined files on the top of this page.
- Attach 3 logs to your new post..