, Запустите снова avz: Файл-Выполнить скрипт- в открывшееся окно внимательно вставьте текст:
Код:
begin
SearchRootkit(true, true);
SetAVZGuardStatus(true);
TerminateProcessByName('c:\documents and settings\admin\tiuopu.exe');
DeleteFile('c:\documents and settings\admin\tiuopu.exe');
DeleteFile('C:\Documents and Settings\Admin\tiuopu.exe');
DeleteFile('C:\WINDOWS\system32\msfplkqs.dll');
DeleteFile('C:\WINDOWS\system32\msgxkyxg.dll');
DeleteFile('C:\WINDOWS\system32\msjgjzcu.dll');
DeleteFile('C:\WINDOWS\system32\mskluuku.dll');
DeleteFile('C:\WINDOWS\system32\msptfpxi.dll');
DeleteFile('C:\WINDOWS\system32\msrtmzzk.dll');
DeleteFile('C:\WINDOWS\system32\msxm192z.dll');
DeleteFile('C:\WINDOWS\system32\msztucot.dll');
DeleteFile('c:\windows\system32\btwsrv.dll');
DeleteFile('C:\WINDOWS\fonts\services.exe');
DeleteFile('C:\WINDOWS\system32\BtwSrv.dll');
DeleteFile('C:\WINDOWS\system32\lsm32.sys');
DeleteFile('C:\Www\system32\inetsrv.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','tiuopu');
RegKeyParamDel('HKEY_USERS','.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ2_FirstLogonSetting');
RegKeyParamDel('HKEY_USERS','S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ1_FirstLogonSetting');
RegKeyParamDel('HKEY_USERS','S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ2_FirstLogonSetting');
RegKeyParamDel('HKEY_USERS','S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ1_FirstLogonSetting');
RegKeyParamDel('HKEY_USERS','S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ2_FirstLogonSetting');
RegKeyParamDel('HKEY_USERS','S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce','ZZZZ2_FirstLogonSetting');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run','exec');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\BtwSrv\Parameters','ServiceDll');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','odqlmj');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','tzzsmt');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','qquaqe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','fniron');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','cdrzli');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','dhnsog');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','ter8m');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','qblkho');
RegKeyParamDel(' HKEY_USERS, .DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows, Load ',' ',' ');
RegKeyParamDel('HKEY_USERS, .DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Windows, Load ',' ',' ');
RegKeyParamDel('HKEY_USERS, S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows, Run ',' ',' ');
RegKeyParamDel('HKEY_USERS, S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows, Load ',' ',' ');
RegKeyParamDel('HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Windows, Run ',' ',' ');
RegKeyParamDel(' HKEY_CURRENT_USER, Software\Microsoft\Windows NT\CurrentVersion\Windows, Load ',' ',' ');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
ExecuteRepair( 13);
ExecuteWizard('TSW', 2, 2, true);
ExecuteWizard('SCU', 2, 2, true);
RebootWindows(true);
end.
затем нажмите "Запустить" ПРОИЗОЙДЕТ ПЕРЕЗАГРУЗКА!!! После перезагрузки удалите папку с авз. заново распакуйте авз из архива. выполните в avz