Welcome!
Cure script for You in box below -
Код:
begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
QuarantineFile('c:\windows\system32\wsldoekd.exe','');
QuarantineFile('c:\windows\system32\tdydowkc.exe','');
QuarantineFile('c:\windows\system32\tdxdowkc.exe','');
QuarantineFile('c:\windows\system32\soxpeca.exe','');
QuarantineFile('c:\windows\system32\sotpeca.exe','');
QuarantineFile('c:\windows\system32\sobicyt.exe','');
QuarantineFile('c:\windows\system32\roytctm.exe','');
QuarantineFile('c:\windows\system32\roxtctm.exe','');
QuarantineFile('c:\windows\system32\noytcyr.exe','');
QuarantineFile('c:\windows\system32\noxtcyr.exe','');
QuarantineFile('c:\windows\system32\macidwe.exe','');
QuarantineFile('c:\windows\system32\mabidwe.exe','');
QuarantineFile('c:\windows\system32\afisicx.exe','');
DeleteFile('c:\windows\system32\afisicx.exe');
DeleteFile('c:\windows\system32\mabidwe.exe');
DeleteFile('c:\windows\system32\macidwe.exe');
DeleteFile('c:\windows\system32\noxtcyr.exe');
DeleteFile('c:\windows\system32\noytcyr.exe');
DeleteFile('c:\windows\system32\roxtctm.exe');
DeleteFile('c:\windows\system32\roytctm.exe');
DeleteFile('c:\windows\system32\sobicyt.exe');
DeleteFile('c:\windows\system32\sotpeca.exe');
DeleteFile('c:\windows\system32\soxpeca.exe');
DeleteFile('c:\windows\system32\tdxdowkc.exe');
DeleteFile('c:\windows\system32\tdydowkc.exe');
DeleteFile('c:\windows\system32\wsldoekd.exe');
BC_ImportAll;
BC_DeleteSvc('perfs');
BC_DeleteSvc('nobicyt');
BC_DeleteSvc('wsldoekd');
BC_DeleteSvc('tdydowkc');
BC_DeleteSvc('tdxdowkc');
BC_DeleteSvc('soxpeca');
BC_DeleteSvc('sotpeca');
BC_DeleteSvc('sobicyt');
BC_DeleteSvc('roytctm');
BC_DeleteSvc('roxtctm');
BC_DeleteSvc('noytcyr');
BC_DeleteSvc('noxtcyr');
BC_DeleteSvc('macidwe');
BC_DeleteSvc('mabidwe');
BC_DeleteSvc('afisicx');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
After reboot repeat AVPTools log, look HelpMe! forum rules and make additional HijakThis Log, attach both logs to next message.