Hello,
your system is not really your's one - such collection of vulnerabilities I haven't seen since a couple of months...
Why the very important Service Packs and patches are not installed?
Why do you use an ancient antivirus?
Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
- Execute following script in Manual Cure
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
StopService('tcpsr');
StopService('daqdrv');
QuarantineFile('explorer.exe,c:\windows\system32\W1NL0g0.exe','');
QuarantineFile('C:\WINDOWS\TEMP\i9xo50.exe','');
QuarantineFile('C:\WINDOWS\TEMP\avp.exe','');
QuarantineFile('C:\WINDOWS\system32\userinit.exe','');
QuarantineFile('c:\windows\system32\rundll32.exe','');
QuarantineFile('C:\WINDOWS\system32\restorer32_a.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('C:\WINDOWS\System32\reader_s.exe','');
QuarantineFile('C:\WINDOWS\System32\p52s6x9.dll','');
QuarantineFile('C:\WINDOWS\System32\fgjk4wvb.dll','');
QuarantineFile('C:\WINDOWS\System32\drivers\tcpsr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\NDIS.sys','');
QuarantineFile('C:\WINDOWS\System32\daqdrv.sys','');
QuarantineFile('C:\WINDOWS\system32\calc.dll','');
QuarantineFile('C:\WINDOWS\system32\10.tmp','');
QuarantineFile('C:\WINDOWS\msagent\agentdpv.exe','');
QuarantineFile('C:\WINDOWS\fonts\services.exe','');
QuarantineFile('C:\Documents and Settings\tai\restorer32_a.exe','');
QuarantineFile('C:\Documents and Settings\LocalService\restorer32_a.exe','');
QuarantineFile('C:\DOCUME~1\tai\LOCALS~1\Temp\i.exe','');
QuarantineFile('C:\DOCUME~1\tai\LOCALS~1\Temp\h.exe','');
DeleteService('tcpsr');
DeleteService('daqdrv');
DeleteFile('explorer.exe,c:\windows\system32\W1NL0g0.exe');
DeleteFile('C:\WINDOWS\TEMP\i9xo50.exe');
DeleteFile('C:\WINDOWS\TEMP\avp.exe');
DeleteFile('C:\WINDOWS\system32\restorer32_a.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
DeleteFile('C:\WINDOWS\System32\reader_s.exe');
DeleteFile('C:\WINDOWS\System32\p52s6x9.dll');
DeleteFile('C:\WINDOWS\System32\fgjk4wvb.dll');
DeleteFile('C:\WINDOWS\System32\drivers\tcpsr.sys');
DeleteFile('C:\WINDOWS\System32\daqdrv.sys');
DeleteFile('C:\WINDOWS\system32\calc.dll');
DeleteFile('C:\WINDOWS\system32\10.tmp');
DeleteFile('C:\WINDOWS\msagent\agentdpv.exe');
DeleteFile('C:\WINDOWS\fonts\services.exe');
DeleteFile('C:\Documents and Settings\tai\restorer32_a.exe');
DeleteFile('C:\Documents and Settings\LocalService\restorer32_a.exe');
DeleteFile('C:\DOCUME~1\tai\LOCALS~1\Temp\i.exe');
DeleteFile('C:\DOCUME~1\tai\LOCALS~1\Temp\h.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script in Manual Cure
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make and attach a new log to your new post..