Вирус :@

[Otka4eniq]

ох не издаржам вече неска компа ми постоянно ми показва някакв вирус и аз се уь го трия и пак и пак и сканирах и го откри 10 пути и пак го дава е какво да правя
Virus or unwanted program 'TR/Dropp.D [trojan]'
detected in file 'D:\System Volume Information\_restore{2BEF362C-C697-4BDD-80DA-13605701F071}\RP165\A0085955.exe.
Action performed: Delete file ей тфа дава. Антивиросната ми е AntiVir PersonalEdition Premium

[stalker66]

преинстал WINDOWS

[BLaCKBLooD]

Изтегли Microsoft Autoruns
http://download.sysinternals.com/Files/Autoruns.zip

1. Разархивирай Autoruns.zip в негова собствена папка.

2. Стартирай autoruns.exe

3. Избери Options -> Hide Microsoft Entries трябва да има отметка, ако няма кликни в/у него.

4. Избери File -> Refresh

5. Избери File -> Export As

6. Информацията от запазения файл я Copy/Paste в някой от следващите си постове.

Преинсталация на този етап не е нужна.

[Otka4eniq]

+ nSvcIp ActiveArmor Firewall IP Service NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
+ nSvcLog nSvcLog NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ RichVideo RichVideo Module c:\program files\cyberlink\shared files\richvideo.exe
+ StarWindServiceAE Enables network access to local burners via iSCSI protocol. Rocket Division Software c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
+ UxTuneUp Allows to use visual styles without Microsoft signature. TuneUp Software GmbH c:\windows\system32\uxtuneup.dll
HKLM\System\CurrentControlSet\Services
+ avgio Avira AntiVir Support for Minifilter Avira GmbH c:\program files\avira\antivir personaledition premium\avgio.sys
+ avgntflt Avira AntiVir PersonalEdition Premium mini-filter used for on-access scan to provide real-time antivirus security. Avira GmbH c:\program files\avira\antivir personaledition premium\avgntflt.sys
+ avipbb Avira's Driver for RootKit Detection Avira GmbH c:\windows\system32\drivers\avipbb.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ES-620 MA-620 Infrared Driver. Mobile Action Tech. Inc. c:\windows\system32\drivers\es-620.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.16 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ nvata NVIDIA® nForce(TM) IDE Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvata.sys
+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys
+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ se45bus Sony Ericsson Device 069 Driver MCCI c:\windows\system32\drivers\se45bus.sys
+ se45mdfl Sony Ericsson Device 069 USB WMC Modem Filter MCCI c:\windows\system32\drivers\se45mdfl.sys
+ se45mdm Sony Ericsson Device 069 USB WMC Modem Driver MCCI c:\windows\system32\drivers\se45mdm.sys
+ se45mgmt Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) MCCI c:\windows\system32\drivers\se45mgmt.sys
+ se45nd5 Sony Ericsson Device 069 USB Ethernet Emulation (NDIS 5 Miniport) MCCI c:\windows\system32\drivers\se45nd5.sys
+ se45obex Sony Ericsson Device 069 USB WMC OBEX Interface MCCI c:\windows\system32\drivers\se45obex.sys
+ se45unic Sony Ericsson Device 069 USB Ethernet Emulation MCCI c:\windows\system32\drivers\se45unic.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ ssmdrv Avira Snapshot Driver Avira GmbH c:\windows\system32\drivers\ssmdrv.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries
+ 000000000001 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
+ 000000000002 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
+ 000000000008 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider Apple Computer, Inc. c:\program files\bonjour\mdnsnsp.dll

[BLaCKBLooD]

Дай сега и от SysInspector

1. Стартирай SysInspector.exe

3. Когато зареди, избери File > Save Log .

4. Файлът го качи в http://4storing.com/ (линка ми го прати на ЛС)

LOG файла от Autoruns не се го пипал, нали? Защото липсват ключовете от регистъра...

[Otka4eniq]

Ети и още един LOG файл от Autoruns:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Alcmtr Realtek Azalia Audio - Event Monitor Realtek Semiconductor Corp. c:\windows\alcmtr.exe
+ avgnt Antivirus System Tray Tool Avira GmbH c:\program files\avira\antivir personaledition premium\avgnt.exe
+ iKeyWorks IKeymain.exe A4Tech Co.,Ltd. c:\program files\a4tech\keyboard\ikeymain.exe
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ NvMediaCenter NVIDIA Media Center Library NVIDIA Corporation c:\windows\system32\nvmctray.dll
+ nwiz NVIDIA nView Wizard, Version 111.73 NVIDIA Corporation c:\windows\system32\nwiz.exe
+ RTHDCPL Realtek HD Audio Control Panel Realtek Semiconductor Corp. c:\windows\rthdcpl.exe
+ Sony Ericsson PC Suite Application Launcher c:\program files\sony ericsson\mobile2\application launcher\application launcher.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ DAEMON Tools Virtual DAEMON Manager DT Soft Ltd. c:\program files\daemon tools\daemon.exe
+ SMS by Jeko Ianev http://www.programche.com Jeko Ianev www.ianev.org c:\program files\sms\sms.exe
HKLM\SOFTWARE\Classes\Protocols\Handler
+ skype4com Skype for COM API Skype Technologies c:\program files\common files\skype\skype4com.dll
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Classes\*\ShellEx\ContextMenuHandler s
+ axcrypt.File AxCrypt Shell Extension Axantum Software AB c:\program files\axon data\axcrypt\1.6.3\axcrypt.dll
+ MyPhoneExplorer Shellhandler for MyPhoneExplorer F.J. Wechselberger c:\program files\myphoneexplorer\dll\shellmgr.dll
+ Shell Extension for Malware scanning ShlExt.dll Avira GmbH c:\program files\avira\antivir personaledition premium\shlext.dll
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Shellex\DragDropHa ndlers
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers
+ axcrypt.File AxCrypt Shell Extension Axantum Software AB c:\program files\axon data\axcrypt\1.6.3\axcrypt.dll
+ ImageResizer ImageResizer Shell Extension VSO Software c:\program files\vso\image resizer\rszshell.dll
+ Shell Extension for Malware scanning ShlExt.dll Avira GmbH c:\program files\avira\antivir personaledition premium\shlext.dll
+ WinRAR c:\program files\winrar\rarext.dll
HKLM\Software\Classes\Directory\Background\ShellEx \ContextMenuHandlers
+ 00nView NVIDIA Desktop Explorer, Version 111.73 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ NvCplDesktopContext NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
+ AxCrypt Privacy Wrapper File AxCrypt Shell Extension Axantum Software AB c:\program files\axon data\axcrypt\1.6.3\axcrypt.dll
+ Desktop Explorer NVIDIA Desktop Explorer, Version 111.73 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Desktop Explorer Menu NVIDIA Desktop Explorer, Version 111.73 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Display Panning CPL Extension File not found: deskpan.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ nView Desktop Context Menu NVIDIA Desktop Explorer, Version 111.73 NVIDIA Corporation c:\windows\system32\nvshell.dll
+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ Shell Extension for Malware scanning ShlExt.dll Avira GmbH c:\program files\avira\antivir personaledition premium\shlext.dll
+ Sony Ericsson File Manager Explorer browser application for mobile devices. Popwire AB c:\program files\sony ericsson\mobile2\file manager\fm.dll
+ Sony Ericsson File Manager Explorer browser application for mobile devices. Popwire AB c:\program files\sony ericsson\mobile2\file manager\fm.dll
+ TuneUp Shredder Shell Extension TuneUp Shredder Shell Extension TuneUp Software GmbH c:\program files\tuneup utilities 2007\sdshelex-win32.dll
+ TuneUp Theme Extension TuneUp Theme Extension TuneUp Software GmbH c:\windows\system32\uxtuneup.dll
+ UnlockerShellExtension c:\program files\unlocker\unlockercom.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll
+ Google Toolbar Notifier BHO GoogleToolbarNotifier Google Inc. c:\program files\google\googletoolbarnotifier\3.0.1225.9868\s wg.dll
+ IDMIEHlprObj Class IDM BHO Module Tonec Inc. c:\program files\internet download manager\idmiecc.dll
+ Skype add-on (mastermind) Skype add-on for IE Skype Technologies S.A. c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
+ SSVHelper Class Java(TM) Platform SE binary Sun Microsystems, Inc. c:\program files\java\jre1.6.0_05\bin\ssv.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ &Google Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Internet Explorer\Extensions
+ ICQ6 ICQ Library ICQ, Inc. c:\program files\icq6\icq.exe
+ Uninstall BitDefender Online Scanner v8 c:\windows\bdoscandel.exe
Task Scheduler
+ 1-Click Maintenance.job TuneUp System Optimizer TuneUp Software GmbH c:\program files\tuneup utilities 2007\systemoptimizer.exe
HKLM\System\CurrentControlSet\Services
+ AntiVirMailService Offers permanent protection against viruses and malware for email clients with the AntiVir search engine. Avira GmbH c:\program files\avira\antivir personaledition premium\avmailc.exe
+ AntiVirScheduler Service to schedule AntiVir jobs and updates. Avira GmbH c:\program files\avira\antivir personaledition premium\sched.exe
+ AntiVirService Offers permanent protection against viruses and malware with the AntiVir search engine. Avira GmbH c:\program files\avira\antivir personaledition premium\avguard.exe
+ antivirwebservice Offers permanent protection against viruses and malware for webbrowsers with the AntiVir search engine. Avira GmbH c:\program files\avira\antivir personaledition premium\avwebgrd.exe
+ AVEService Helper service for the AntiVir MailGuard. Avira GmbH c:\program files\avira\antivir personaledition premium\avesvc.exe
+ Bonjour Service ##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762# # Apple Computer, Inc. c:\program files\bonjour\mdnsresponder.exe
+ ForcewareWebInterface Apache Apache Software Foundation c:\program files\nvidia corporation\networkaccessmanager\apache group\apache2\bin\apache.exe
+ nSvcIp ActiveArmor Firewall IP Service NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvcip.exe
+ nSvcLog nSvcLog NVIDIA Corporation c:\program files\nvidia corporation\networkaccessmanager\bin\nsvclog.exe
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ RichVideo RichVideo Module c:\program files\cyberlink\shared files\richvideo.exe
+ StarWindServiceAE Enables network access to local burners via iSCSI protocol. Rocket Division Software c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe
+ UxTuneUp Allows to use visual styles without Microsoft signature. TuneUp Software GmbH c:\windows\system32\uxtuneup.dll
HKLM\System\CurrentControlSet\Services
+ avgio Avira AntiVir Support for Minifilter Avira GmbH c:\program files\avira\antivir personaledition premium\avgio.sys
+ avgntflt Avira AntiVir PersonalEdition Premium mini-filter used for on-access scan to provide real-time antivirus security. Avira GmbH c:\program files\avira\antivir personaledition premium\avgntflt.sys
+ avipbb Avira's Driver for RootKit Detection Avira GmbH c:\windows\system32\drivers\avipbb.sys
+ Changer File not found: C:\WINDOWS\System32\Drivers\Changer.sys
+ ES-620 MA-620 Infrared Driver. Mobile Action Tech. Inc. c:\windows\system32\drivers\es-620.sys
+ i2omgmt File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys
+ InCDPass File not found: system32\drivers\InCDPass.sys
+ InCDRm File not found: system32\drivers\InCDRm.sys
+ IntcAzAudAddService Realtek(r) High Definition Audio Function Driver Realtek Semiconductor Corp. c:\windows\system32\drivers\rtkhdaud.sys
+ lbrtfdc File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 175.16 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ nvata NVIDIA® nForce(TM) IDE Performance Driver NVIDIA Corporation c:\windows\system32\drivers\nvata.sys
+ NVENETFD NVIDIA Networking Function Driver. NVIDIA Corporation c:\windows\system32\drivers\nvenetfd.sys
+ nvnetbus NVIDIA Networking Bus Driver. NVIDIA Corporation c:\windows\system32\drivers\nvnetbus.sys
+ PCIDump File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys
+ PDCOMP File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys
+ PDFRAME File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys
+ PDRELI File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys
+ PDRFRAME File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ se45bus Sony Ericsson Device 069 Driver MCCI c:\windows\system32\drivers\se45bus.sys
+ se45mdfl Sony Ericsson Device 069 USB WMC Modem Filter MCCI c:\windows\system32\drivers\se45mdfl.sys
+ se45mdm Sony Ericsson Device 069 USB WMC Modem Driver MCCI c:\windows\system32\drivers\se45mdm.sys
+ se45mgmt Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM) MCCI c:\windows\system32\drivers\se45mgmt.sys
+ se45nd5 Sony Ericsson Device 069 USB Ethernet Emulation (NDIS 5 Miniport) MCCI c:\windows\system32\drivers\se45nd5.sys
+ se45obex Sony Ericsson Device 069 USB WMC OBEX Interface MCCI c:\windows\system32\drivers\se45obex.sys
+ se45unic Sony Ericsson Device 069 USB Ethernet Emulation MCCI c:\windows\system32\drivers\se45unic.sys
+ Secdrv SafeDisc driver Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. c:\windows\system32\drivers\secdrv.sys
+ sptd c:\windows\system32\drivers\sptd.sys
+ ssmdrv Avira Snapshot Driver Avira GmbH c:\windows\system32\drivers\ssmdrv.sys
+ WDICA File not found: C:\WINDOWS\System32\Drivers\WDICA.sys
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\Protocol_Catalog9\Catalog_Entries
+ 000000000001 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
+ 000000000002 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
+ 000000000008 AntiVir layered service provider Avira GmbH c:\windows\system32\avsda.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries
+ mdnsNSP Bonjour Namespace Provider Apple Computer, Inc. c:\program files\bonjour\mdnsnsp.dll

[BLaCKBLooD]

Нямаш активни заплахи.
Влез в My Computer > Properties > System Restore > Turn off System Restore on all hard drives, натисни Apply изчакай малко, след което отново махни отметката и натисни OK. Вече не би трябвало да ти излизат съобщения от AntiVir.

[Otka4eniq]

Нямаш активни заплахи.
Влез в My Computer > Properties > System Restore > Turn off System Restore on all hard drives, натисни Apply изчакай малко, след което отново махни отметката и натисни OK. Вече не би трябвало да ти излизат съобщения от AntiVir.

Добре. Мерси за помоща.

[BLaCKBLooD]

Otka4eniq в случай на проблем, пиши на ЛС.

Поздрави!