1. Please, disable System Restore and antivirus (if you have).
2. Execute this script in AVPTool:
Код:
begin
ClearHostsFile;
SetAVZGuardStatus(True);
DeleteFileMask(GetAVZDirectory+'Quarantine', '*.*', true);
RegKeyIntParamWrite('HKLM','SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer','NoDriveTypeAutoRun', 221);
DelBHO('{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}');
DelBHO('{92780B25-18CC-41C8-B9BE-3C9C571A8263}');
DelBHO('{2670000A-7350-4f3c-8081-5663EE0C6C49}');
DelBHO('{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}');
DelBHO('{5C255C8A-E604-49b4-9D64-90988571CECB}');
DelBHO('{142B3861-3016-4D82-8AA5-F1E054CD6C42}');
QuarantineFile('C:\WINDOWS\System32\csrsrv32.dll','');
DeleteFile('C:\WINDOWS\System32\csrsrv32.dll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\b85a6d36705','DLLName');
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs', StringReplace(RegKeyStrParamRead('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs'), 'C:\WINDOWS\System32\csrsrv32.dll', ''));
RegKeyStrParamWrite('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs', StringReplace(RegKeyStrParamRead('HKEY_LOCAL_MACHINE', 'Software\Microsoft\Windows NT\CurrentVersion\Windows', 'AppInit_DLLs'), ',,', ','));
DeleteFileMask('%tmp% ','*.* ',true );
BC_ImportDeletedList;
ExecuteSysClean;
ExecuteWizard('TSW', 3, 3, true);
ExecuteWizard('SCU', 3, 3, true);
BC_Activate;
RebootWindows(true);
end.
3. After reboot execute this script in AVPTool:
Код:
begin
ExecuteRepair(13);
CreateQurantineArchive('C:\quarantine.zip');
end.
Upload file C:\quarantine.zip, by link http://virusinfo.info/upload_virus.php?tid=66113
4. Make a new log of AVPTool.
Ваши права в разделе
Ответить с цитированием