Proba 1

[Pocetnikkk]

Please, trying to resolve...

Pocetnikkk

[Bratez]

Disable System restore!
Execute the following script:

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('acpiz.dll','');
 QuarantineFile('C:\WINDOWS\System32\rs32net.exe','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati5lpxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati4xcxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati3txxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati2bfxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati1ubxx.sys','');
 QuarantineFile('C:\WINDOWS\System32\Drivers\ati1quxx.sys','');
 QuarantineFile('ati2quxx.sys','');
 QuarantineFile('C:\WINDOWS\system32\nehcxu.dll','');
 DeleteFile('C:\WINDOWS\system32\nehcxu.dll');
 DeleteFile('ati2quxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati1quxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati1ubxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati2bfxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati3txxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati4xcxx.sys');
 DeleteFile('C:\WINDOWS\System32\Drivers\ati5lpxx.sys');
 DeleteFile('C:\WINDOWS\System32\rs32net.exe');
 DeleteFile('acpiz.dll');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

After your system reboots, upload the quarantine according to App.3 of Rules (use red link above).

Make a new logfile.