[решено] Проблемы после баннера

setwolk · Отправлено: **14:27, 18-06-2012** | #2

Осталась ли на ноуте какая нибудь зараза?

alex_sev · Конфигурация компьютера

Скачайте Malwarebytes' Anti-Malware или с зеркала, установите, обновите базы, выберите "Perform Full Scan" ("Полное сканирование"), нажмите "Scan" ("Сканирование"), после сканирования - Ok - Show Results ("Показать результаты") - Откройте лог, скопируйте в Блокнот и прикрепите его к следующему посту.
Если лог не открылся, то найти его можно в следующей папке:

Код:

%appdata%\Malwarebytes\Malwarebytes' Anti-Malware\Logs

Если базы MBAM в автоматическом режиме обновить не удалось, обновите их отдельно. Загрузить обновление MBAM.
Подробнее читайте в руководстве

setwolk · Отправлено: **15:51, 18-06-2012** | #4

Собственно лог!

alex_sev · Конфигурация компьютера

Код:

Внимание !!! База поcледний раз обновлялась 20.05.2012 необходимо обновить базы при помощи автоматического обновления (Файл/Обновление баз)

Обновите базы AVZ и повторите логи.

Пока зловредного не видно.

Сделайте лог OTL by OldTimer

setwolk · Отправлено: **07:30, 19-06-2012** | #6

Собственно логи

setwolk · Отправлено: **07:30, 19-06-2012** | #7

Еще один лог

alex_sev · Конфигурация компьютера

Запустите повторно OTL by OldTimer или OTL.com или OTL.scr.

Обратите внимание, что утилиты необходимо запускать от имени Администратора. По умолчанию в Windows XP так и есть. В Windows Vista и Windows 7 администратор понижен в правах по умолчанию, поэтому, не забудьте нажать правой кнопкой на программу, выбрать Запуск от имени Администратора, при необходимости укажите пароль администратора и нажмите "Да".

В окно Custom Scans/Fixes скопируйте следующую информацию:

Код:

:processes

:OTL
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{109322de-1338-11e1-ad56-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{109322de-1338-11e1-ad56-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{109322fc-1338-11e1-ad56-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{109322fc-1338-11e1-ad56-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2b92af56-701f-11e1-8ba3-78843ce6352e}\Shell - "" = AutoRun
O33 - MountPoints2\{2b92af56-701f-11e1-8ba3-78843ce6352e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{82917a83-5404-11e1-b3de-78843ce6352e}\Shell - "" = AutoRun
O33 - MountPoints2\{82917a83-5404-11e1-b3de-78843ce6352e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\Shell - "" = AutoRun
O33 - MountPoints2\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Services

:Files

autorun.inf /alldrives
autorun.exe /alldrives
recycler /alldrives
ipconfig /flushdns /c
:Reg

:Commands
[EMPTYJAVA]
[EMPTYFLASH]
[RESETHOSTS]
[purity]
[Reboot]

Проверьте, что весь текст скрипта был скопирован / вставлен верно и нажмите кнопку "Run Fix"
Компьютер перезагрузится.
После перезагрузки откройте папку "C:\_OTL\MovedFiles", найдите последний .log файл (лог в формате mmddyyyy_hhmmss.log), откройте и скопируйте текст из него в следующее сообщение.

setwolk · Отправлено: **09:39, 19-06-2012** | #9

alex_sev,
У меня 7 x64 и там только один пользователь, он итак администратор.
Сделал как вы написали, вот:

========== PROCESSES ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109322de-1338-11e1-ad56-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109322de-1338-11e1-ad56-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109322de-1338-11e1-ad56-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109322de-1338-11e1-ad56-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109322fc-1338-11e1-ad56-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109322fc-1338-11e1-ad56-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{109322fc-1338-11e1-ad56-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{109322fc-1338-11e1-ad56-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b92af56-701f-11e1-8ba3-78843ce6352e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b92af56-701f-11e1-8ba3-78843ce6352e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b92af56-701f-11e1-8ba3-78843ce6352e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b92af56-701f-11e1-8ba3-78843ce6352e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{544c61f0-13f6-11e1-974c-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82917a83-5404-11e1-b3de-78843ce6352e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82917a83-5404-11e1-b3de-78843ce6352e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82917a83-5404-11e1-b3de-78843ce6352e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82917a83-5404-11e1-b3de-78843ce6352e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8cd08048-11ef-11e1-a76c-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{911919dc-41ef-11e1-8d01-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce074dc9-4ff0-11e1-8b85-78843ce6352e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd9f5de0-133c-11e1-8ce5-ccaf78c408d6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e351aa1f-69e6-11e1-8a0e-001e101fb4df}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
autorun.inf not found in C:\
autorun.exe not found in C:\
recycler not found in C:\
< ipconfig /flushdns /c >
Ќ*бва®©Є* Їа®в®Є®«* IP ¤«п Windows
Љни б®Ї®бв*ўЁвҐ«п DNS гбЇҐи*® ®зЁйҐ*.
C:\Users\Marina\Desktop\cmd.bat deleted successfully.
C:\Users\Marina\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Marina
->Java cache emptied: 1022360 bytes

User: Public

User: Все пользователи

Total Java Files Cleaned = 1,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Marina
->Flash cache emptied: 71071 bytes

User: Public

User: Все пользователи

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.49.0 log created on 06192012_113709

alex_sev · Конфигурация компьютера

Как самочувствие системы?