Hello,
could you tell us: what do you have on the disks D:\, E:\ and F:\? It looks to be the thousands of infected files?! Try to heal them with CureIt: http://www.freedrweb.com/cureit/?lng=en
Remove Download Accelerator Plus (DAP) - it contains spyware.
Close/disable all the applications excluded AVZ and Internet Explorer.
- Disconnect your PC from network (internet/intranet)
- Disable antivirus, firewall and other memory resident security tools
- Disable System Restore
-Fix with Hijackthis
Код:
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - Startup: ¡¡¡¡¡¡.lnk = C:\WINDOWS\system32\XP-70D84274.EXE
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
DeleteService('MyWebSearchService');
BC_DeleteSvc('MyWebSearchService');
DelBHO('{00A6FAF6-072E-44cf-8957-5838F569A31D}');
DelBHO('{07B18EA9-A523-4961-B6BB-170DE4475CCA}');
DelBHO('{07B18EA1-A523-4961-B6BB-170DE4475CCA}');
DelBHO('{00A6FAF1-072E-44cf-8957-5838F569A31D}');
QuarantineFile('C:\Program Files\Perfect Optimizer\License.dll','');
QuarantineFile('C:\zpharaoh.exe','');
QuarantineFile('G:\zPharaoh.exe','');
QuarantineFile('G:\autorun.inf','');
QuarantineFile('F:\zPharaoh.exe','');
QuarantineFile('F:\autorun.inf','');
QuarantineFile('E:\zPharaoh.exe','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\zPharaoh.exe','');
QuarantineFile('D:\autorun.inf','');
DeleteFile('C:\zpharaoh.exe');
DeleteFile('G:\zPharaoh.exe');
DeleteFile('G:\autorun.inf');
DeleteFile('F:\zPharaoh.exe');
DeleteFile('F:\autorun.inf');
DeleteFile('E:\zPharaoh.exe');
DeleteFile('E:\autorun.inf');
DeleteFile('D:\zPharaoh.exe');
DeleteFile('D:\autorun.inf');
DeleteFileMask('C:\Program Files\MyWebSearch\','*.*',true);
DeleteDirectory('C:\Program Files\MyWebSearch\');
end.
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
If the system after reboot would try to install any unknown hardware, abort the installtion and remove unknown hardware over hardware manager
After reboot:
execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Make new logs and attach them to the new posting.