Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore
-Fix with Hijackthis
Код:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZRxdm805YYUS&ptb=IOsGzohD7Ln0qgeNHtvuLg
O20 - Winlogon Notify: __c0095910 - C:\WINDOWS\system32\__c0095910.dat
O20 - Winlogon Notify: __c00AF685 - C:\WINDOWS\
- Execute following script
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\Documents and Settings\Wayne Cordrey\Application Data\Ableton\Live Recordings\Decoding Cache\Squared_46.wav','');
QuarantineFile('C:\Documents and Settings\Wayne Cordrey\Local Settings\Temp\WinCnc.exe','');
QuarantineFile('C:\WINDOWS\System32\davclnt(2)32.dll','');
QuarantineFile('C:\Documents and Settings\All Users\DRM\Cache\Indiv01.key','');
QuarantineFile('C:\WINDOWS\system32\__c0095910.dat','');
QuarantineFile('C:\WINDOWS\System32\davclnt(2)32.dll','');
QuarantineFile('C:\Documents and Settings\Wayne Cordrey\Application Data\Systweak\ASO 2\smstartUp manager.exe','');
QuarantineFile('C:\DOCUME~1\WAYNEC~1\LOCALS~1\Temp\_A00F526648B.exe','');
QuarantineFile('C:\WINDOWS\System32\cryptui(3)(2)32.dll','');
DeleteFile('C:\DOCUME~1\WAYNEC~1\LOCALS~1\Temp\_A00F526648B.exe');
DeleteFile('C:\WINDOWS\system32\__c0095910.dat');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.
After reboot execute following script
Код:
begin
CreateQurantineArchive('C:\quarantine.zip');
end.
- Remove Bonjour
- Clean Temp-Maps, Cache of Browsers, Recycler. Use Windows service tool cleanmgr or CCleaner or ClearProg
- Close all the programs and start only Internet Explorer!!!
- Make 3 new log files.
- Switch Antivirus and, if you have - Firewall, on.
- Go On-Line
- Upload the C:\quarantine.zip over the link Upload quarantined files on the top of this page.
- Attach 3 log to your new post..