need assistance

[bilbo1941]

my computer is slowwwwwwwwwwwwwww

[drongo]

Disconnect from internet and disable your antivirus/firewall.
Execute the script: ( how-to: http://avptool.virusinfo.info/en/AVP...curescript.htm )

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('D:\autorun.inf','');
 QuarantineFile('C:\WINDOWS\bdoscandel.exe','');
 QuarantineFile('C:\Poker\Titan Poker\casino.exe','');
 DelBHO('{7E853D72-626A-48EC-A868-BA8D5E23E045}');
 DelBHO('{6C469FEA-2155-48A3-926B-8D576C6A6822}');
 QuarantineFile('C:\WINDOWS\system32\6to4svc6464.dll','');
 DelBHO('{02478D38-C3F9-4efb-9B51-7695ECA05670}');
 QuarantineFile('C:\WINDOWS\system32\wheels.scr','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\tenCapture.sys','');
 QuarantineFile('C:\WINDOWS\TEMP\mc21.tmp','');
 QuarantineFile('C:\WINDOWS\system32\drivers\ikhlayer.sys','');
 QuarantineFile('C:\WINDOWS\system32\drivers\ikhfile.sys','');
 QuarantineFile('C:\WINDOWS\System32\drivers\509b1879.sys','');
 QuarantineFile('C:\WINDOWS\system32\cpwmon2k.dll','');
 QuarantineFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\unobi.dll','');
 QuarantineFile('C:\Documents and Settings\All Users\proto.dll','');
 DeleteFile('C:\Documents and Settings\All Users\proto.dll');
 DeleteFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\unobi.dll');
 DeleteFile('C:\WINDOWS\system32\6to4svc6464.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
 CreateQurantineArchive('C:\quarantine.zip');
RebootWindows(true);
end.

The computer will reboot automatically.
Upload file C:\quarantine.zip by link http://virusinfo.info/upload_virus_eng.php?tid=43915
Collect system information again and attach a new file avptool_syscheck.zip to your thread.

[bilbo1941]

This is the two files

[Rene-gad]

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in ManualCure

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 ClearQuarantine;
 QuarantineFile('D:\autorun.inf','');
 QuarantineFile('c:\program files\google\googletoolbar1.dll','');
 QuarantineFile('C:\WINDOWS\system32\ntos.exe','');
 QuarantineFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\unobi.dll','');
 QuarantineFile('C:\Documents and Settings\All Users\proto.dll','');
 DeleteFile('C:\Documents and Settings\All Users\proto.dll');
 DeleteFile('C:\Documents and Settings\Compaq_Propriйtaire\Application Data\unobi.dll');
 DeleteFile('C:\WINDOWS\system32\ntos.exe');
 DeleteFile('c:\program files\google\googletoolbar1.dll');
 DeleteFile('D:\autorun.inf');
 DelBHO('{2318C2B1-4965-11d4-9B18-009027A5CD4F}');
 DelBHO('{aa58ed58-01dd-4d91-8333-cf10577473f7}');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot execute following script in Manual Cure

Код:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

After reboot:
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat log file
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach log file to your new post..

[bilbo1941]

i make all you want lol

[Rene-gad]

i make all you want

I wanted nothing! But you want to heal your system.

Check your system with CureIt started from CD or write-protected SD-Card.

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore


- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 ClearQuarantine;
 StopService('pxsec');
 StopService('pxscan');
 QuarantineFile('C:\WINDOWS\System32\drivers\pxscan.sys','');
 QuarantineFile('C:\WINDOWS\System32\drivers\pxsec.sys','');
 QuarantineFile('C:\WINDOWS\TEMP\1912085126.exe','');
 QuarantineFile('C:\WINDOWS\TEMP\tsrq1tmth.exe','');
 QuarantineFile('C:\WINDOWS\System32\drivers\509b1879.sys','');
 QuarantineFile('C:\Documents and Settings\All Users\proto.dll','');
 QuarantineFile('C:\WINDOWS\system32\jh9fgo4ksdgf.dll','');
 DeleteFile('C:\WINDOWS\system32\jh9fgo4ksdgf.dll');
 DeleteFile('C:\Documents and Settings\All Users\proto.dll');
 DeleteFile('C:\WINDOWS\System32\drivers\509b1879.sys');
 DeleteFile('C:\WINDOWS\TEMP\tsrq1tmth.exe');
 DeleteFile('C:\WINDOWS\TEMP\1912085126.exe');
 DeleteFile('C:\WINDOWS\System32\drivers\pxsec.sys');
 DeleteFile('C:\WINDOWS\System32\drivers\pxscan.sys');
 DeleteService('pxsec');
 DeleteService('pxscan');
BC_ImportAll;
ExecuteSysClean;
 BC_DeleteSvc('pxsec');
 BC_DeleteSvc('pxscan');
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=43845
- Attach a new log to your new post..

[bilbo1941]

the new code

[Rene-gad]

Check your system with CureIt started from CD or write-protected SD-Card

Done?

Close/unload all the programs excepted AVZ and Internet Explorer

Switch off:
- Antivirus and and, if you have - Firewall.
- System Restore

- Execute following script in Manual Healing

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 ClearQuarantine;
 RegKeyParamDel('HKEY_USERS','S-1-5-21-342507437-1588892488-4289718972-1008\Software\Microsoft\Windows\CurrentVersion\Run','Diagnostic Manager');
 RegKeyParamDel('HKEY_USERS','S-1-5-21-342507437-1588892488-4289718972-1008\Software\Microsoft\Windows\CurrentVersion\Run','DiskChk help');
 TerminateProcessByName('c:\docume~1\compaq~1\locals~1\temp\1663535040.exe');
 QuarantineFile('C:\Documents and Settings\All Users\proto.dll','');
 QuarantineFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1663535040.exe','');
 QuarantineFile('C:\WINDOWS\system32\jh9fgo4ksdgf.dll','');
 DeleteFile('C:\WINDOWS\system32\jh9fgo4ksdgf.dll');
 DeleteFile('C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\1663535040.exe');
 DeleteFile('C:\Documents and Settings\All Users\proto.dll');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After reboot:
- Execute following script in Manual Healing

Код:

begin
CreateQurantineArchive('C:\quarantine.zip');    
end.

- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Repeat a log file and additionally log file of Hijackthis (http://virusinfo.info/showthread.php?t=9184 Analysis chapter 3)
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip here: http://virusinfo.info/upload_virus_eng.php?tid=43845
- Attach a new log to your new post..