1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVZ:
Код:
begin
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
DelBHO('{054A3872-B4BE-4747-ABEF-DCF033DD66Cf}');
QuarantineFile('C:\WINDOWS\system32\deImg40432.dll','');
QuarantineFile('C:\DOCUME~1\Brian\LOCALS~1\Temp\F1.tmp','');
QuarantineFile('C:\WINDOWS\System32\d3dx10_3332.dll','');
DeleteFile('C:\WINDOWS\System32\d3dx10_3332.dll');
DeleteFile('C:\DOCUME~1\Brian\LOCALS~1\Temp\F1.tmp');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','RTHDBPL');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\a4742495879','DLLName');
DeleteFile('C:\WINDOWS\system32\deImg40432.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
3. After reboot execute this script in AVZ:
Код:
begin
CreateQurantineArchive(GetAVZDirectory+'quarantine.zip');
end.
Upload file quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=76947
4. Fix in HijackThis:
O20 - Winlogon Notify: a4742495879 - C:\WINDOWS\System32\d3dx10_3332.dll
5. Make new logs.