Please download in my signature special avz, put it in new folder on desktop.
Please execute this script in avz: ( http://virusinfo.info/showthread.php?t=9207)
(Do remember to disable antivirus and firewall, disconnect from internet & disable system restore before lunching an avz)
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('H:\system~1\_resto~1\RP09.exe','');
QuarantineFile('H:\autorun.inf','');
QuarantineFile('E:\system~1\_resto~1\RP09.exe','');
QuarantineFile('E:\autorun.inf','');
QuarantineFile('D:\system~1\_resto~1\RP09.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\system~1\_resto~1\RP09.exe','');
QuarantineFile('C:\autorun.inf','');
DelBHO('{381FFDE8-2394-4f90-B10D-FC6124A40F8C}');
QuarantineFile('C:\progra~1\micros~1\csrss.exe','');
QuarantineFile('C:\docume~1\csrss.exe','');
TerminateProcessByName('c:\progra~1\micros~1\csrss.exe');
QuarantineFile('c:\progra~1\micros~1\csrss.exe','');
DeleteFile('c:\progra~1\micros~1\csrss.exe');
DeleteFile('C:\docume~1\csrss.exe');
DeleteFile('C:\progra~1\micros~1\csrss.exe');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\system~1\_resto~1\RP09.exe');
DeleteFile('D:\autorun.inf');
DeleteFile('D:\system~1\_resto~1\RP09.exe');
DeleteFile('E:\autorun.inf');
DeleteFile('E:\system~1\_resto~1\RP09.exe');
DeleteFile('H:\autorun.inf');
DeleteFile('H:\system~1\_resto~1\RP09.exe');
BC_ImportAll;
ExecuteSysClean;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
RegKeyIntParamWrite( 'HKLM', 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum', '{BDEADF00-C265-11D0-BCED-00A0C90AB50F}', 1);
BC_Activate;
RebootWindows(true);
end.
Read appendix#3 of the rules http://virusinfo.info/showthread.php?t=9184
upload quarantine by http://virusinfo.info/upload_virus_eng.php?tid=39416
make a new logs according to rules http://virusinfo.info/showthread.php?t=9184 and attach them to your next post.