1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVPTool:
Код:
begin
SetAVZGuardStatus(True);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
DelBHO('{C5428486-50A0-4a02-9D20-520B59A9F9B3}');
DelBHO('{C5428486-50A0-4a02-9D20-520B59A9F9B2}');
DelBHO('{925DAB62-F9AC-4221-806A-057BFB1014AA}');
DelBHO('{53F6FCCD-9E22-4d71-86EA-6E43136192AB}');
DelBHO('{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0}');
DelBHO('{3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF}');
DelBHO('{D0523BB4-21E7-11DD-9AB7-415B56D89593}');
DelBHO('{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}');
DelBHO('{02478D38-C3F9-4efb-9B51-7695ECA05670}');
QuarantineFile('C:\windows\sysdiag64.exe','');
QuarantineFile('C:\WINDOWS\system32\blphcpn8j0etc3.scr','');
QuarantineFile('C:\WINDOWS\mse.exe','');
QuarantineFile('C:\Program Files\rhctn8j0etc3\rhctn8j0etc3.exe','');
DeleteFile('C:\Program Files\rhctn8j0etc3\rhctn8j0etc3.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','SMrhctn8j0etc3');
DeleteFile('C:\WINDOWS\system32\blphcpn8j0etc3.scr');
RegKeyParamDel('HKEY_USERS','S-1-5-21-299502267-1292428093-839522115-1003\Control Panel\Desktop','scrnsave.exe');
DeleteFile('C:\windows\sysdiag64.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','sysdiag64.exe');
RegKeyParamDel('HKEY_USERS','S-1-5-21-299502267-1292428093-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Run','sysdiag64.exe');
DeleteFileMask('%tmp% ','*.* ',true );
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.
3. After reboot execute this script in AVPTool:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=68261
4. Make a new log of AVPTool.