Шалит нечисть...

..из проявлений:
Нет доступа к сетевым папкам, принтерам.
Прибивает запущеный [I][COLOR=#808080]HiJackThis[/COLOR][/I], удаляет ветки реестра на запуск в безопасном режиме.

Выполните скрипт в AVZ
[code]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
TerminateProcessByName('c:\windows\system32\igfxtsm32.exe');
QuarantineFile('C:\WINDOWS\System32\Drivers\xpticsda.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\yeubxmyp.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\yffrpvbu.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\yhgkuxxm.sys','');
DeleteService('yhgkuxxm');
DeleteService('yffrpvbu');
DeleteService('yeubxmyp');
DeleteService('xpticsda');
QuarantineFile('C:\WINDOWS\System32\Drivers\txnrzudi.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vkqdonoj.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\vrlsqyae.sys','');
DeleteService('vrlsqyae');
DeleteService('vkqdonoj');
DeleteService('txnrzudi');
DeleteService('qnoypmrc');
DeleteService('rdfdpubc');
DeleteService('rlovcqar');
QuarantineFile('C:\WINDOWS\System32\Drivers\rlovcqar.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\rdfdpubc.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\qnoypmrc.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\qitkmiot.sys','');
DeleteService('qitkmiot');
DeleteService('oanrbjhy');
DeleteService('ocjepdri');
DeleteService('oflbkqrc');
QuarantineFile('C:\WINDOWS\System32\Drivers\oflbkqrc.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ocjepdri.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\oanrbjhy.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\ioabufgw.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\irjzmpdz.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\jzhwkhcy.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\hykb15.sys','');
DeleteService('jzhwkhcy');
DeleteService('irjzmpdz');
DeleteService('ioabufgw');
DeleteService('iclcuijr');
QuarantineFile('C:\WINDOWS\System32\Drivers\iclcuijr.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\duioyocn.sys','');
DeleteService('duioyocn');
DeleteService('deoyoxby');
DeleteService('dozkoplq');
QuarantineFile('C:\WINDOWS\System32\Drivers\dozkoplq.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\deoyoxby.sys','');
DeleteService('akfhxueu');
DeleteService('bbttaepl');
QuarantineFile('C:\WINDOWS\System32\Drivers\bbttaepl.sys','');
QuarantineFile('C:\WINDOWS\System32\Drivers\akfhxueu.sys','');
QuarantineFile('C:\WINDOWS\system32\DRIVERS\vtmini.sys','');
QuarantineFile('C:\Documents and Settings\NetworkService\lvcnh.exe','');
QuarantineFile('C:\Documents and Settings\User\Application Data\Yzbiny\ceot.exe','');
QuarantineFile('C:\WINDOWS\system32\igfxtsm32.exe','');
QuarantineFile('C:\WINDOWS\system32\igfxtsk32.exe','');
QuarantineFile('C:\WINDOWS\system32\igfxdkp32.exe','');
QuarantineFile('C:\WINDOWS\system32\regedit.exe','');
QuarantineFile('c:\windows\system32\wuaucldt.exe','');
QuarantineFile('c:\documents and settings\user\wuaucldt.exe','');
QuarantineFile('C:\Program Files\NDS\Logs.dll','');
QuarantineFile('C:\Program Files\ISID\Logs.dll','');
QuarantineFile('C:\Program Files\EFNO\Logs.dll','');
DeleteFile('c:\documents and settings\user\wuaucldt.exe');
DeleteFile('c:\windows\system32\wuaucldt.exe');
DeleteFile('C:\WINDOWS\system32\regedit.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Regedit32');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','wuaucldt');
DeleteFile('C:\WINDOWS\system32\igfxdkp32.exe');
DeleteFile('C:\WINDOWS\system32\igfxtsk32.exe');
DeleteFile('C:\WINDOWS\system32\igfxtsm32.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Intel Task Manager');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Intel Task Scheduler');
RegKeyParamDel('HKEY_LOCAL_MACHINE','Software\Microsoft\Windows\CurrentVersion\Run','Intel System Bus');
DeleteFile('C:\Documents and Settings\User\Application Data\Yzbiny\ceot.exe');
RegKeyParamDel('HKEY_CURRENT_USER','Software\Microsoft\Windows\CurrentVersion\Run','{AACF0CA5-3568-D785-4432-21477B64CB8D}');
DeleteFile('C:\Documents and Settings\NetworkService\lvcnh.exe');
DeleteFile('C:\WINDOWS\System32\Drivers\akfhxueu.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\bbttaepl.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\deoyoxby.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\dozkoplq.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\duioyocn.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\iclcuijr.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\jzhwkhcy.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\irjzmpdz.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ioabufgw.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\oanrbjhy.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\ocjepdri.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\oflbkqrc.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qitkmiot.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\qnoypmrc.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rdfdpubc.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\rlovcqar.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vrlsqyae.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\vkqdonoj.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\txnrzudi.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\yhgkuxxm.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\yffrpvbu.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\yeubxmyp.sys');
DeleteFile('C:\WINDOWS\System32\Drivers\xpticsda.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end. [/code]Компьютер перезагрузится.

Пришлите карантин согласно [B]Приложения 3[/B] правил по красной ссылке [COLOR="Red"][U][B]Прислать запрошенный карантин[/B][/U][/COLOR] вверху темы

Сделайте новые логи

Сделал.
Карантин пуст.
Новые логи:

Карантин почему не прислали?

[QUOTE=thyrex;775878]Карантин почему не прислали?[/QUOTE]

Карантин пустой!

Сделайте лог [url="http://virusinfo.info/showpost.php?p=457118&postcount=1"]полного сканирования МВАМ[/url]