Please download AVZ (the download link is in the rules).
AVZ - File - Custom scripts
Execute the following script (copy it, paste it in the script window of AVZ and execute):
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe','');
QuarantineFile('C:\Documents and Settings\ACER ASPIRE 5570\Application Data\Microsoft\cfgmgr.vbs','');
QuarantineFile('svuhost.exe','');
QuarantineFile('iifcBtSl.dll','');
QuarantineFile('C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe','');
QuarantineFile('C:\WINDOWS\system32\Drivers\psdvdisk.sys','');
QuarantineFile('C:\WINDOWS\system32\Drivers\psdfilter.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\npf.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\SysLib.sys','');
QuarantineFile('RichVideo.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\RichVideo.sys','');
QuarantineFile('C:\WINDOWS\system32\drivers\xinstall.sys','');
QuarantineFile('C:\WINDOWS\system32\TUKERNEL.EXE','');
QuarantineFile('C:\WINDOWS\system32\Drivers\BkavAuto.sys','');
QuarantineFile('C:\WINDOWS\system32\urqPhifC.dll','');
QuarantineFile('C:\WINDOWS\system32\nnnkLbcb.dll','');
QuarantineFile('C:\WINDOWS\system32\lfgjlgwn.dll','');
QuarantineFile('C:\WINDOWS\system32\cdynvwei.dll','');
QuarantineFile('C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll','');
QuarantineFile('C:\Program Files\Bkav2006\ContextMenu.dll','');
QuarantineFile('C:\Program Files\Bkav2006\BkavHook.dll','');
QuarantineFile('c:\windows\explorer.exe','');
QuarantineFile('c:\program files\bkav2006\bkav2006.exe','');
DeleteFile('C:\WINDOWS\system32\cdynvwei.dll');
DeleteFile('C:\WINDOWS\system32\lfgjlgwn.dll');
DeleteFile('C:\WINDOWS\system32\nnnkLbcb.dll');
DeleteFile('C:\WINDOWS\system32\urqPhifC.dll');
DeleteFile('C:\WINDOWS\system32\iifcBtSl.dll');
DeleteFile('%system32%\svuhost.exe');
DeleteFile('C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise.exe');
DelCLSID('08B0E5C0-4FCB-11CF-AAX5-90401C608512');
DelBHO('A7DB3B47-23B6-422F-9C9D-EB9C4CBA3EF6');
DelBHO('84EDB2C9-8CC2-43FB-B323-404504A6DB85');
DelWinlogonNotifyByKeyName('urqPhifC');
DelWinlogonNotifyByKeyName('iifcBtSl');
BC_ImportALL;
SysCleanAddFile('svuhost.exe');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
Your computer will reboot.
Upload the quarantined files according to the Appendix 3 of the rules. (upload here http://virusinfo.info/upload_virus_eng.php?tid=26380 ).
Clear your temp folders and the internet cache.
Make 3 logs according to the rules.