Close all programs.
Disable antivirus.
Run AVZ and update its database ("File" => "Database Update").
Choose from the menu "File" => "Custom scripts", copy/paste code below and run it:
Код:
begin
SetAVZPMStatus(True);
SetAVZGuardStatus(True);
DelCLSID('44BBA840-CC51-11CF-AAFA-00AA00B6015C');
DelCLSID('5945c046-1e7d-11d1-bc44-00c04fd912be');
DelCLSID('89820200-ECBD-11cf-8B85-00AA005B4383');
RegKeyStrParamWrite('HKLM','SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows ','AppInit_DLLs ', '');
QuarantineFile('C:\autorun.inf','');
QuarantineFile('C:\db.exe','');
QuarantineFile('C:\RECYCLER\S-1-5-21-9564755765-4762963538-478487940-5507\winmap.exe','');
QuarantineFile('C:\WINDOWS\system32\AutoExNT.Exe','');
QuarantineFile('C:\WINDOWS\system32\B4A43457.EXE','');
DeleteService('871365D9');
QuarantineFile('\\?\globalroot\systemroot\system32\UACqhixviiayxvhafuxs.dll','');
DeleteFile('\\?\globalroot\systemroot\system32\UACqhixviiayxvhafuxs.dll');
DeleteFile('C:\WINDOWS\system32\B4A43457.EXE');
DeleteFile('C:\RECYCLER\S-1-5-21-9564755765-4762963538-478487940-5507\winmap.exe');
DeleteFile('C:\db.exe');
DeleteFile('C:\Documents and Settings\systemadmin\Local Settings\Temp\db2.exe');
DeleteFile('C:\Documents and Settings\systemadmin\Local Settings\Temporary Internet Files\Content.IE5\N971G2NO\db2[1].exe');
DeleteFile('C:\autorun.inf');
BC_ImportDeletedList;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.
The computer will reboot.
Upload quarantine (see Appendix 3 in the rules), by the link Upload quarantined files in top of this thread.
Create new logs and attach to the thread.