Please disable System Restore (see Appendix 1 of rules).
Close all programs.
Execute the script:
Код:
begin
SetAVZGuardStatus(True);
SetAVZPMStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
QuarantineFile('F:\autorun.inf','');
DeleteService('cpuz129');
QuarantineFile('D:\hbcd\wintools\autorun.exe','');
QuarantineFile('C:\WINDOWS\system32\892915\krnln.fnr','');
QuarantineFile('C:\WINDOWS\system32\892915\i-123.exe','');
QuarantineFile('C:\WINDOWS\system32\892915\dp1.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\spec.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\shell.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\krnln.fnr','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\internet.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\HtmlView.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\eAPI.fne','');
QuarantineFile('C:\DOCUME~1\FREDDI~1\LOCALS~1\Temp\E_N4\dp1.fne','');
QuarantineFile('c:\windows\system32\ba9c8f\ef290e.exe','');
QuarantineFile('c:\windows\system32\892915\i-123.exe','');
QuarantineFile('d:\hbcd\wintools\autorun.exe','');
CreateQurantineArchive('C:\quarantine.zip');
DeleteFile('c:\windows\system32\892915\i-123.exe');
DeleteFile('F:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The computer will reboot.
Upload file C:\quarantine.zip, by link Upload quarantined files in top of this thread.
Do "Collect system information" and attach new avptool_syscheck.zip to the thread.