Virus u Radnoj Memoriji kako obrisati?

1

Virus u Radnoj Memoriji kako obrisati?

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Imam problem u Radnoj memoriji mi nalazi virus ali ne mogu ga obrisati, probao sam iz safe moda da ga skeniram i obrisem ali nece, da li ima neka alatka ? plasim se da se ne prosiri ,ako vam treba izvestaj neki ,dacu vam

P.s ne pisem za moj komp, nego drugi komp je u pitanju

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.

Treba nam izvestaj, procitaj pazljivo Uputstvo i dostavi potrebne logove.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Napisano: 17 Jan 2013 21:10

detaljan opis problema; Imam virus na Radnoj Memoriji i ne mogu da izbrisem nikako sve sam pokusao al ne ide, koristim WIndows 7 SP 1 , 32bit-a

postavljanje osnovnog dijagnostičkog izveštaja (log-a, logfile-a); Kako da postavim?

postavljanje dodatnog dijagnostičkog izveštaja (samo za 32-bitni Windows).Kako i to da postavim ne vidim gore u upustva preko kog programa da vam postavim podatke?

Dopuna: 17 Jan 2013 21:17

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_38
Run by Bilja Radic(INDIRA) at 21:12:50 on 2013-01-17
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.381.1033.18.2047.1314 [GMT 1:00]
.
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\CyberLink\Shared Files\brs.exe
C:\Program Files\Samsung\Samsung PC Studio 7\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Windows\FixCamera.exe
C:\Windows\tsnp325.exe
C:\Windows\vsnp325.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Opera\opera.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={DEAB5642-5728-11E2-BA9F-0021853CE77C}
mURLSearchHooks: Desktop Animated Toolbar: {ba997733-32e8-407c-a157-6abef22ee411} - c:\program files\desktop_animated\prxtbDes0.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - c:\program files\babylontoolbar\babylontoolbar\1.8.7.2\bh\BabylonToolbar.dll
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live pomagaè za prijavljivanje: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Desktop Animated Toolbar: {ba997733-32e8-407c-a157-6abef22ee411} - c:\program files\desktop_animated\prxtbDes0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - c:\program files\babylontoolbar\babylontoolbar\1.8.7.2\BabylonToolbarTlbr.dll
TB: Desktop Animated Toolbar: {ba997733-32e8-407c-a157-6abef22ee411} - c:\program files\desktop_animated\prxtbDes0.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] c:\program files\cyberlink\shared files\brs.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [S60TrayApplication] c:\progra~1\samsung\samsun~1\LAUNCH~1.EXE -onlytray
mRun: [DataLayer] c:\progra~1\common~1\pcsuite\datala~1\DATALA~1.EXE
mRun: [FixCamera] c:\windows\FixCamera.exe
mRun: [tsnp325] c:\windows\tsnp325.exe
mRun: [snp325] c:\windows\vsnp325.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [PcSync] c:\program files\samsung\samsung pc studio 7\PcSync2.exe /NoDialog
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{46F54DBB-75A9-4C7A-91A2-A3C4306F7A96} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-11-16 169120]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/02/27 15:55:33];c:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-11-16 913184]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2013-1-10 188760]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\drivers\snp325.sys [2010-2-27 10343168]
S3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== Created Last 30 ================
.
2013-01-17 19:24:50 -------- d-----w- c:\users\bilja radic(indira)\appdata\roaming\Malwarebytes
2013-01-17 19:24:31 -------- d-----w- c:\programdata\Malwarebytes
2013-01-17 19:24:10 -------- d-----w- c:\users\bilja radic(indira)\appdata\local\Programs
2013-01-17 18:22:38 -------- d-----w- c:\users\bilja radic(indira)\appdata\local\ESET
2013-01-17 17:56:38 -------- d-----w- c:\program files\ESET
2013-01-10 14:35:51 -------- d-----w- c:\program files\HTC Home
2013-01-10 14:06:33 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2013-01-10 14:06:33 49472 ----a-w- c:\windows\system32\netfxperf.dll
2013-01-10 14:06:33 297808 ----a-w- c:\windows\system32\mscoree.dll
2013-01-10 14:06:33 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2013-01-10 14:06:33 1130824 ----a-w- c:\windows\system32\dfshim.dll
2013-01-10 13:46:09 -------- d-----w- c:\program files\Incredibar.com
2013-01-10 13:45:58 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-01-10 13:45:58 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-01-10 13:45:58 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-01-10 13:45:58 28160 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-01-10 13:45:58 -------- d-----w- c:\windows\system32\WNLT
2013-01-10 13:45:58 -------- d-----w- c:\windows\system32\ARFC
2013-01-10 13:45:56 -------- d-----w- c:\program files\IB Updater
2013-01-09 11:51:37 -------- d-----w- c:\users\bilja radic(indira)\appdata\local\Diagnostics
2013-01-05 11:11:57 -------- d-----w- c:\program files\Maxthon3
2013-01-05 10:03:39 -------- d-----w- c:\program files\Conduit
2013-01-05 10:03:36 -------- d-----w- c:\program files\Desktop_Animated
2013-01-05 10:02:50 -------- d-----w- c:\program files\DesktopAnimated
2013-01-05 09:30:59 -------- d-----w- c:\program files\BabylonToolbar
2013-01-05 06:59:05 -------- d-----w- c:\windows\system32\searchplugins
2013-01-05 06:59:05 -------- d-----w- c:\windows\system32\Extensions
2013-01-05 06:59:00 -------- d-----w- c:\programdata\BrowserProtect
2013-01-05 06:58:13 -------- d-----w- c:\program files\YourFileDownloader
2013-01-04 16:12:49 -------- d-----w- c:\users\bilja radic(indira)\appdata\local\Opera
2013-01-04 16:12:35 -------- d-----w- c:\users\bilja radic(indira)\appdata\roaming\Maxthon3
2013-01-04 15:46:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-04 14:57:23 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e418a294-37e6-4530-a88e-50a1c55e33e0}\mpengine.dll
2013-01-04 14:41:12 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-04 14:41:12 473072 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-04 14:31:25 801792 ----a-w- c:\windows\system32\FntCache.dll
2013-01-04 14:29:34 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2013-01-04 14:29:22 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 14:29:22 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 14:29:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2013-01-04 14:28:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2013-01-04 14:28:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2013-01-04 14:28:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
2013-01-04 14:28:36 -------- d-----w- c:\program files\MSXML 4.0
2013-01-04 14:28:18 276992 ----a-w- c:\windows\system32\wcncsvc.dll
2013-01-03 13:24:24 -------- d-----w- c:\programdata\Kaspersky Lab
2012-12-31 06:30:34 -------- d-----w- c:\program files\iPod
2012-12-31 06:30:30 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-31 06:30:30 -------- d-----w- c:\program files\iTunes
2012-12-31 06:29:01 -------- d-----w- c:\program files\Bonjour
2012-12-19 17:03:57 -------- d-----w- c:\windows\system32\appmgmt
.
==================== Find3M ====================
.
2013-01-04 14:31:25 739840 ----a-w- c:\windows\system32\d2d1.dll
2012-11-16 12:56:48 169120 ----a-w- c:\windows\system32\drivers\eamonm.sys
.
============= FINISH: 21:13:31,92 ===============


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png


https://www.mycity.rs/must-login.png

To je to?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Fale jos dva izvestaja Gmer alata. Procitaj ponovo za Gmer.

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

https://www.mycity.rs/must-login.png

nece ono na kartici Autostart nece da SKENIRA>... jel ima nekih informacija iz ovih opisa?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Potrebno je jos da dostavis Gmer1 log

Ako ne mozes da se snadjes, pogledaj ovo video uputstvo

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Resen problem,nasao sam nekako fajl koji je ugrozen izbrisao ga i sad radi lepo u pitanju je bio neki fajl "FixCamera" nalazio se u WIndows ...

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Moja ti je preporuka da zavrsimo do kraja, ti kako zelis...

Ima tu jos fajlova koji su malware...ne samo taj...sto ne znaci da taj nece ponovo biti preuzet...

Ako hoces da nastavimo dostavi mi Gmer1 log..

offline
  • Absolut Gut
  • Pridružio: 13 Avg 2012
  • Poruke: 561
  • Gde živiš: Atakama

Ajde ako moze sutra moram opet prikljuciti komp , posto nije moj u pitanju slazes se ?
P.s Hteo sam da kazem posle sam ga skenirao sa Nod 32 5 Antivirus i nije pokazao nijedan vise virus sve sam popravio i skinuo sam onaj Malwere program i njime ocistio sve, e sad kako mislite moze jos da se nadje, ali ako mi preporucujete uradicu to sutra , samo cu osveziti temu..i ako neko zna sta je to "FixCamera" cemu sluzi?

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

FixCamera.exe nije malware, povezana je sa kamerom

http://www.systemlookup.com/search.php?type=filename&search=fixcamera.exe&s=

Ako budes hteo da nastavimo postavi ponovo sve izvestaje...

Ko je trenutno na forumu
 

Ukupno su 743 korisnika na forumu :: 35 registrovanih, 6 sakrivenih i 702 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, black_arrow, dac, dankisha, dika69, dragoljub11987, dragon986, Drug pukovnik, goxin, GreenMan, h8propaganda, HrcAk47, hyla, ILGromovnik, Leonardo, MarKhan, Marko Marković, MB120mm, mercedesamg, Miha79, Milan A. Nikolic, Mixelotti, mnn2, Morocco, Pohovani_00, proka89, royst33, ruma, spektorsky, stegonosa, Toni, vlvl, voja64, xJeremijAx