Lsas.Blaster.Keyloger

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mom drugu je uleteo ovaj virus preko e-mail-a i ne dozvoljava mu da otvori internet pretrazivac, da instalira bilo kakav program, da otvori control panel, task manager.
Stalno mu izlazi obavestenje da je komp zarazen, ali avira ne moze da ga orise. Ikonica se stalno pojavljuje dole u toolbaru kod sata.

Posto mu internet zbog toga ne funkcionise, ne moze da posalje logfile. Molim vas pomozite.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne postoji nešto što bi ti neko mogao reći bez logova.

Neka isprati uputstvo i prenese logove na tvoj računar (preko CD-a, flash drive-a).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

DDS (Ver_09-10-26.01) - NTFSx86
Run by PC at 22:55:07,37 on pet 06.11.2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1411 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\Temp\_ex-08.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
svchost
svchost
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\PC\Desktop\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Connection Wizard,ShellNext = hxxp://www.bsplayer.com/en/user/?cmd=showloginform
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: ShoppingReport: {100eb1fd-d03e-47fd-81f3-ee91287f9465} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: ShopperReports: {a7cddcdc-beeb-4685-a062-978f5e07ceee} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PowerBar]
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WTClient] WTClient.exe
mRun: [RemoteControl] "c:\program files\cyberlink dvd solution\powerdvd\PDVDServ.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [06607726] c:\docume~1\alluse~1\applic~1\06607726\06607726.exe
mRun: [PromoReg] c:\windows\temp\_ex-08.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\documents and settings\pc\start menu\programs\startup\isqsys32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-system: EnableProfileQuota = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.6.58\ShoppingReport.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pc\applic~1\mozilla\firefox\profiles\kom4gflf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Winamp Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-6 206256]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-2 41456]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-11-6 348752]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2009-6-25 93696]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752]
S3 Guploosdrun;Guploosdrun;c:\windows\system32\drivers\classpnp.sys [2008-4-13 49536]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-11-06 21:04:00 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-11-06 21:03:55 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-11-06 21:03:55 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-11-06 21:03:55 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-11-06 21:03:52 0 d-----w- c:\program files\common files\PC Tools
2009-11-06 21:03:51 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-11-06 21:03:48 0 d-----w- c:\program files\Spyware Doctor
2009-11-06 21:03:48 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2009-11-05 23:46:27 0 d-----w- c:\program files\ESET
2009-11-05 19:59:22 0 d-----w- c:\program files\WinPcap
2009-10-23 11:34:56 0 d-----w- c:\program files\DAEMON Tools Lite
2009-10-23 11:32:02 715248 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-20 11:20:54 225280 ----a-w- c:\windows\system32\rewire.dll
2009-10-20 11:20:44 1554944 ----a-w- c:\windows\system32\vorbis.acm
2009-10-20 11:20:33 0 d-----w- c:\program files\Outsim
2009-10-20 11:16:52 0 d-----w- c:\program files\Image-Line
2009-10-20 00:48:42 0 d-----w- c:\docume~1\pc\applic~1\AVS4YOU
2009-10-20 00:48:42 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-10-20 00:47:27 0 d-----w- c:\program files\common files\AVSMedia
2009-10-20 00:47:14 22752 ----a-w- c:\windows\system32\spupdsvc.exe
2009-10-20 00:46:32 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-10-20 00:46:32 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-10-20 00:46:32 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-10-20 00:46:32 24576 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-20 00:46:32 0 d-----w- c:\program files\AVS4YOU
2009-10-18 16:59:26 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-10-18 16:59:25 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-10-18 16:59:24 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-10-18 16:59:24 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-10-18 16:49:42 0 d-----w- c:\program files\ShoppingReport
2009-10-18 16:49:42 0 d-----w- c:\docume~1\pc\applic~1\ShoppingReport
2009-10-17 12:11:29 2205046 ----a-w- C:\soundeffect.wav
2009-10-13 18:45:39 0 d-----w- c:\docume~1\alluse~1\applic~1\MSScanAppDataDir
2009-10-13 18:44:31 26872148 ----a-w- C:\scan002.tif
2009-10-13 18:43:41 1038775 ----a-w- C:\scan002.pdf
2009-10-13 18:35:52 349926 ------w- C:\D--scan002.mdi
2009-10-13 18:22:03 1456114 ----a-w- C:\111.jpg
2009-10-11 18:09:36 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-10-11 18:05:23 0 d-----w- c:\program files\GameSpy Arcade
2009-10-11 14:04:08 0 d-----w- c:\program files\Colony
2009-10-11 14:03:58 0 d-----w- c:\program files\ReflexiveArcade
2009-10-09 13:47:31 10 ----a-w- c:\windows\popcinfo.dat
2009-10-09 12:13:14 0 d-----w- c:\program files\GameHouse

==================== Find3M ====================

2009-08-11 13:43:39 46484 ----a-w- c:\windows\fonts\Alpha Romanie G98.ttf
2004-03-11 11:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-06-20 09:51:46 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-06-20 09:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-06-20 09:51:44 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009062020090621\index.dat
2009-06-20 09:51:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat

============= FINISH: 22:55:43,26 ===============

mycity.rs/must-login.png




Spyware doctor mu je izbrisao dva zarazena file i sada mu komp funkcionise normalno i nestala je ikonica iz toolbara. Ja sam poslala log posle brisanja tih fajlova, pa vidite da li je definitivno uklonjenja zaraza ili ne. Hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da postaviš i Gmer logove.