Hi!
Sorry for waiting.
Switch off/Disable:
- All (!) Antivirus , antispyware and and, if you have - Firewall.
-internet connection
Execute the script:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Owner\Local Settings\Temp\db.exe','');
QuarantineFile('C:\Program Files\NotetoLookup\Unwise.exe','');
QuarantineFile('D:\autorun.inf','');
QuarantineFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\db.EXE','');
DelBHO('{D76AB2A1-00F3-42BD-F434-00BBC39C8953}');
QuarantineFile('karna.dat','');
QuarantineFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\8929625645mxx.dll','');
QuarantineFile('C:\WINDOWS\system32\Drivers\MASPINT.sys','');
QuarantineFile('C:\WINDOWS\system32\sdjee3inf.dll','');
QuarantineFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\services.eC:\WINDOWS\system32\xe','');
QuarantineFile('C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\oz6cb78e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll','');
QuarantineFile('C:\Documents and Settings\Owner\Application Data\Mozilla\C:\WINDOWS\system32\Firefox\Profiles\oz6cb78e.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll','');
QuarantineFile('C:\WINDOWS\system32\UACpxqeqvdlllckaat.dll','');
TerminateProcessByName('c:\docume~1\owner\locals~1\temp\services.exe');
QuarantineFile('c:\docume~1\owner\locals~1\temp\services.exe','');
DeleteFile('c:\docume~1\owner\locals~1\temp\services.exe');
DeleteFile('C:\WINDOWS\system32\UACpxqeqvdlllckaat.dll');
DeleteFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\services.exe');
DeleteFile('C:\WINDOWS\system32\sdjee3inf.dll');
DeleteFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\8929625645mxx.dll');
DeleteFile('karna.dat');
DeleteFile('C:\DOCUME~1\Owner\LOCALS~1\Temp\db.EXE');
DeleteFile('D:\autorun.inf');
DeleteFile('C:\Program Files\NotetoLookup\Unwise.exe');
DeleteFile('C:\Documents and Settings\Owner\Local Settings\Temp\db.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
CreateQurantineArchive('C:\quarantine.zip');
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(11);
ExecuteRepair(17);
SetAVZPMStatus(true);
RebootWindows(true);
end.
The computer will reboot.
Upload file C:\quarantine.zip, by link Upload quarantined files in the top of this thread.
Please
In AVZ it is necessary to update the bases using automatic updates (File/Database update).
Please make a set of new logs after doing this.