Posted by: Samker
« on: 18. February 2009., 10:57:40 »Da krenemo redom, prva stvar koja mi je veliki upitnik je ovaj prvi Scan Log (nije Kaspersky 100%):
Pogledaj samo koliko pokazuje trojanaca, crva... Prosto nemogu da vjerujem da je ovaj Downloader to sve uspio navući na tvoj PC (ova vrsta trojanca inače funkcioniše na taj način tj. prvo se on "ubaci" a nakon toga po nalogu "gazde" instalira razna sranja na zaraženi računar)... To sada više nije ni bitno, valja nama ovo pokušati očistiti...
1. Dakle prvo provjeri jesi li 100% isključio System Restore na svim Diskovima/Particijama (bilo bi dobro da nam uradiš ovaj screenshot) u svakom slučaju sve mora biti isključeno !
2. Skini i pokreni Full Scan sa ovim Microsoft Removal Tool: http://scforum.info/index.php/topic,4510.0.html
3. Zatim pokreni Windows Update i pokušaj instalirati što više Updatea.
4. Napravi Update ovog Kasperskog 2009, restartuj računar u Safe Mod i pokreni Full Scan sa njim. Uglavnom šta god da te pita briši sve redom...
5. Kad završiš (sve što uspiješ) napravi nam samo nove log-ove (Hijack This i Kaspersky On-Line Scan: http://scforum.info/index.php/topic,734.0.html
To je sve za sada, nakon ove procedure mislim da ce situacija biti dosta jasnija.
Pozdrav,
Samker
Quote
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/12/2009 10:58:50 Untreated: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe/BAT Postponed
2/12/2009 10:50:02 Untreated: Trojan.BAT.Agent.mo C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\34LLOR1A\x[1]/system.exe/BAT Postponed
2/12/2009 11:01:51 Task completed
2/12/2009 10:58:50 Detected: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe/BAT
2/12/2009 10:50:02 Detected: Trojan.BAT.Agent.mo C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\34LLOR1A\x[1]/system.exe/BAT
2/12/2009 10:45:55 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 16:25:11 Task completed
2/11/2009 16:22:24 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 16:18:29 Task completed
2/11/2009 16:18:16 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:18:13 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:18:13 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 16:18:09 Task completed
2/11/2009 16:18:09 Will be deleted on system restart: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:18:09 Cannot be quarantined: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:18:09 Will be quarantined on system restart: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:18:09 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet002\Services\WMISYNC\WMISYNC
2/11/2009 16:18:09 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet001\Services\WMISYNC\WMISYNC
2/11/2009 16:18:08 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:16:26 Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe Postponed
2/11/2009 16:16:26 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:13:08 Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe Postponed
2/11/2009 16:13:08 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:12:58 Untreated: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe Postponed
2/11/2009 16:12:58 Detected: HEUR:Trojan.Win32.Generic C:\WINDOWS\system\wmisync.exe
2/11/2009 16:11:13 Untreated: HEUR:Trojan.Win32.Generic C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C55RGKNB\a[1] Postponed
2/11/2009 16:11:13 Detected: HEUR:Trojan.Win32.Generic C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\C55RGKNB\a[1]
2/11/2009 16:09:28 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 16:08:50 Task stopped
2/11/2009 16:08:45 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 11:36:39 Task completed
2/11/2009 11:36:39 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/11/2009 11:36:33 Task completed
2/11/2009 11:36:32 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 23:59:59 Task completed
2/10/2009 22:20:24 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:20:14 Task completed
2/10/2009 22:14:06 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:13:50 Task completed
2/10/2009 22:13:48 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:18 Task stopped
2/10/2009 22:09:05 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:18 Task stopped
2/10/2009 22:08:44 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:08:41 Task completed
2/10/2009 22:08:41 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:17 Task stopped
2/10/2009 22:08:28 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:17 Task stopped
2/10/2009 22:08:12 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:17 Task stopped
2/10/2009 22:07:54 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:07:47 Task completed
2/10/2009 22:07:44 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:07:46 Task completed
2/10/2009 22:07:37 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:17 Task stopped
2/10/2009 22:02:08 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:02:25 Task completed
2/10/2009 22:01:56 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 21:55:31 Task completed
2/10/2009 21:55:30 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 22:09:24 Task completed
2/10/2009 21:53:18 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Jutri gremo v napad.mp3 Postponed
2/10/2009 21:53:18 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Jutri gremo v napad.mp3
2/10/2009 21:53:17 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Tito poslije Tita.wma Postponed
2/10/2009 21:53:17 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Tito poslije Tita.wma
2/10/2009 21:53:17 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Druze Tito, ljubicice bela.mp3 Postponed
2/10/2009 21:53:17 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\Pesme o Titu - Druze Tito, ljubicice bela.mp3
2/10/2009 21:53:16 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\05-padaj silo i nepravdo.mp3 Postponed
2/10/2009 21:53:16 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\05-padaj silo i nepravdo.mp3
2/10/2009 21:53:16 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\06-internacionala.mp3 Postponed
2/10/2009 21:53:16 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\06-internacionala.mp3
2/10/2009 21:53:13 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\01-koracnica proletera (instrumental).mp3 Postponed
2/10/2009 21:53:13 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\01-koracnica proletera (instrumental).mp3
2/10/2009 21:53:12 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\04-da nam zivi, zivi rad.mp3 Postponed
2/10/2009 21:53:12 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\04-da nam zivi, zivi rad.mp3
2/10/2009 21:53:12 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\03-konjuh planinom.mp3 Postponed
2/10/2009 21:53:12 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\03-konjuh planinom.mp3
2/10/2009 21:53:10 Untreated: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\02-budi se istok i zapad.mp3 Postponed
2/10/2009 21:53:10 Detected: Trojan-Downloader.WMA.GetCodec.b F:\Files\WAV\Partizanske Pesme\02-budi se istok i zapad.mp3
2/10/2009 21:40:26 Untreated: Suspicious.Packer F:\Files\Install_0\_Tools\ImTOO DVD to DivX Converter v4.0.43.0317\Lmi-imtooDVDtoDivX.exe/PE_Patch.Upolyx Postponed
2/10/2009 21:40:26 Detected: Suspicious.Packer F:\Files\Install_0\_Tools\ImTOO DVD to DivX Converter v4.0.43.0317\Lmi-imtooDVDtoDivX.exe/PE_Patch.Upolyx
2/10/2009 21:39:34 Untreated: Suspicious.Packer F:\Files\Install_0\_Tools\ImTOO DVD to DivX Converter v4.0.43.0317\keygen.rar/Lmi-imtooDVDtoDivX.exe/PE_Patch.Upolyx Postponed
2/10/2009 21:39:33 Detected: Suspicious.Packer F:\Files\Install_0\_Tools\ImTOO DVD to DivX Converter v4.0.43.0317\keygen.rar/Lmi-imtooDVDtoDivX.exe/PE_Patch.Upolyx
2/10/2009 21:32:33 Detected: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\Crack TocaII.zip/SFNightmare/SFNightmare.exe/PE_Patch.Morphine
2/10/2009 21:32:33 Untreated: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\Crack TocaII.zip/SFNightmare/SFNightmare.exe/PE_Patch.Morphine/Morphine Postponed
2/10/2009 21:32:33 Detected: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\Crack TocaII.zip/SFNightmare/SFNightmare.exe/PE_Patch.Morphine/Morphine
2/10/2009 21:32:32 Untreated: Multi.Packed F:\Files\eBooks_1\Games\_Heroin\Test Drive Unlimited NO-DVD [HATRED]\Test Drive Unlimited-Crack-Hatred.rar/HATRED\hatred.exe/PE_Patch Postponed
2/10/2009 21:32:32 Detected: Multi.Packed F:\Files\eBooks_1\Games\_Heroin\Test Drive Unlimited NO-DVD [HATRED]\Test Drive Unlimited-Crack-Hatred.rar/HATRED\hatred.exe/PE_Patch
2/10/2009 21:32:29 Detected: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\SFNightmare\SFNightmare.exe/PE_Patch.Morphine
2/10/2009 21:32:29 Untreated: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\SFNightmare\SFNightmare.exe/PE_Patch.Morphine/Morphine Postponed
2/10/2009 21:32:29 Detected: Suspicious.Packer F:\Files\eBooks_1\Games\_Heroin\trd2\SFNightmare\SFNightmare.exe/PE_Patch.Morphine/Morphine
2/10/2009 21:09:45 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 21:09:04 Task completed
2/10/2009 21:05:28 Untreated: Trojan-Downloader.Win32.Small.abuk D:\Temp\- b U R N -\_clips\_1\Zezalice\Snow.exe Postponed
2/10/2009 21:05:28 Detected: Trojan-Downloader.Win32.Small.abuk D:\Temp\- b U R N -\_clips\_1\Zezalice\Snow.exe
2/10/2009 20:50:30 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 20:11:42 Task completed
2/10/2009 20:11:31 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 20:36:11 Task completed
2/10/2009 20:36:11 Deleted: Trojan.BAT.Agent.mo C:\WINDOWS\Temp\bt7530.bat
2/10/2009 20:36:11 Detected: Trojan.BAT.Agent.mo C:\WINDOWS\Temp\bt7530.bat
2/10/2009 20:36:11 Deleted: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\9549
2/10/2009 20:36:11 Detected: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\9549
2/10/2009 20:36:11 Deleted: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\83.exe
2/10/2009 20:36:11 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\83.exe
2/10/2009 20:36:11 Deleted: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\7796
2/10/2009 20:36:11 Detected: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\7796
2/10/2009 20:36:11 Deleted: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\18.exe
2/10/2009 20:36:11 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\18.exe
2/10/2009 20:36:11 Deleted: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\13602
2/10/2009 20:36:11 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\13602
2/10/2009 20:36:11 Deleted: Net-Worm.Win32.Kolabc.ftz C:\WINDOWS\system32\ux.exe
2/10/2009 20:36:11 Detected: Net-Worm.Win32.Kolabc.ftz C:\WINDOWS\system32\ux.exe
2/10/2009 20:36:10 Deleted: Trojan-Downloader.Win32.Small.adjy C:\WINDOWS\kysvr.exe
2/10/2009 20:36:10 Detected: Trojan-Downloader.Win32.Small.adjy C:\WINDOWS\kysvr.exe
2/10/2009 20:36:10 Deleted: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe
2/10/2009 20:36:09 Detected: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe/BAT
2/10/2009 20:34:59 Untreated: Trojan.BAT.Agent.mo C:\WINDOWS\Temp\bt7530.bat Postponed
2/10/2009 20:34:59 Detected: Trojan.BAT.Agent.mo C:\WINDOWS\Temp\bt7530.bat
2/10/2009 20:34:59 Untreated: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\83.exe Postponed
2/10/2009 20:34:59 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\83.exe
2/10/2009 20:34:59 Untreated: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\9549 Postponed
2/10/2009 20:34:59 Detected: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\9549
2/10/2009 20:34:59 Untreated: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\7796 Postponed
2/10/2009 20:34:59 Detected: Trojan.Win32.Agent.bpfz C:\WINDOWS\Temp\7796
2/10/2009 20:34:59 Untreated: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\18.exe Postponed
2/10/2009 20:34:59 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\18.exe
2/10/2009 20:34:59 Untreated: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\13602 Postponed
2/10/2009 20:34:59 Detected: Trojan.Win32.Buzus.akrx C:\WINDOWS\Temp\13602
2/10/2009 20:33:37 Untreated: Net-Worm.Win32.Kolabc.ftz C:\WINDOWS\system32\ux.exe Postponed
2/10/2009 20:33:37 Detected: Net-Worm.Win32.Kolabc.ftz C:\WINDOWS\system32\ux.exe
2/10/2009 20:31:36 Untreated: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe/BAT Postponed
2/10/2009 20:31:36 Detected: Trojan.BAT.Agent.mo C:\WINDOWS\fix\system.exe/BAT
2/10/2009 20:31:08 Untreated: Trojan-Downloader.Win32.Small.adjy C:\WINDOWS\kysvr.exe Postponed
2/10/2009 20:31:08 Detected: Trojan-Downloader.Win32.Small.adjy C:\WINDOWS\kysvr.exe
2/10/2009 20:05:39 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 18:53:33 Task completed
2/10/2009 18:50:36 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 11:16:07 Task completed
2/10/2009 11:16:07 Deleted: Trojan-Clicker.Win32.AutoIt.d c:\Documents and Settings\sHIFTEE\Local Settings\Temp\DXREDIST\dxsetup.exe
2/10/2009 11:16:06 Detected: Trojan-Clicker.Win32.AutoIt.d c:\Documents and Settings\sHIFTEE\Local Settings\Temp\DXREDIST\DXSETUP.exe/ati2sgav.exe/PE_Patch.UPX/UPX/script.au3
2/10/2009 11:10:35 Untreated: Trojan-Clicker.Win32.AutoIt.d c:\Documents and Settings\sHIFTEE\Local Settings\Temp\DXREDIST\DXSETUP.exe/ati2sgav.exe/PE_Patch.UPX/UPX/script.au3 Postponed
2/10/2009 11:10:35 Detected: Trojan-Clicker.Win32.AutoIt.d c:\Documents and Settings\sHIFTEE\Local Settings\Temp\DXREDIST\DXSETUP.exe/ati2sgav.exe/PE_Patch.UPX/UPX/script.au3
2/10/2009 11:05:27 Untreated: HEUR:Trojan.Win32.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\34LLOR1A\nh[1].exe Postponed
2/10/2009 11:05:27 Detected: HEUR:Trojan.Win32.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\34LLOR1A\nh[1].exe
2/10/2009 11:05:26 Untreated: Net-Worm.Win32.Kolabc.ftz c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8VB8LXKE\hx[1].exe Postponed
2/10/2009 11:05:26 Detected: Net-Worm.Win32.Kolabc.ftz c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8VB8LXKE\hx[1].exe
2/10/2009 11:05:25 Untreated: Trojan.BAT.Agent.mo c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8VB8LXKE\2[1].exe/system.exe/BAT Postponed
2/10/2009 11:05:25 Detected: Trojan.BAT.Agent.mo c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8VB8LXKE\2[1].exe/system.exe/BAT
2/10/2009 11:01:06 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 10:26:48 Task completed
2/10/2009 10:25:43 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 01:10:37 Task completed
2/10/2009 01:09:07 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 01:05:34 Task completed
2/10/2009 01:05:19 Deleted: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe
2/10/2009 01:05:18 Disinfected: Trojan-Clicker.Win32.AutoIt.d HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ati2sgav
2/10/2009 01:05:17 Detected: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe/PE_Patch.UPX/UPX/script.au3
2/10/2009 00:48:32 Detected: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe
2/10/2009 00:47:53 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet002\Services\WMIMGIN\WMIMGIN
2/10/2009 00:47:53 Deleted: HEUR:Trojan.Win32.Generic HKLM\System\ControlSet001\Services\WMIMGIN\WMIMGIN
2/10/2009 00:47:52 Will be deleted on system restart: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe
2/10/2009 00:47:52 Detected: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe
2/10/2009 00:47:36 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/10/2009 01:05:30 Task completed
2/10/2009 01:05:30 Deleted: Trojan-Downloader.Win32.Small.abuk H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP62\A0010426.exe
2/10/2009 01:05:30 Detected: Trojan-Downloader.Win32.Small.abuk H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP62\A0010426.exe
2/10/2009 01:05:30 Deleted: Trojan.Win32.Agent.ye H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP63\a0018487.exe
2/10/2009 01:05:21 Detected: Trojan.Win32.Agent.ye H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP63\A0018487.exe/#
2/10/2009 01:05:21 Cannot be deleted: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe
2/10/2009 01:05:18 Detected: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe/PE_Patch.UPX/UPX/script.au3
2/10/2009 01:04:18 Untreated: Trojan.Win32.Agent.ye H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP63\A0018487.exe/# Postponed
2/10/2009 01:04:18 Untreated: Trojan-Downloader.Win32.Small.abuk H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP62\A0010426.exe Postponed
2/10/2009 01:01:02 Detected: Trojan-Downloader.Win32.Small.abuk H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP62\A0010426.exe
2/10/2009 00:52:17 Detected: Trojan.Win32.Agent.ye H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP63\A0018487.exe/#
2/10/2009 00:48:11 Untreated: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe/PE_Patch.UPX/UPX/script.au3 Postponed
2/10/2009 00:48:11 Detected: Trojan-Clicker.Win32.AutoIt.d c:\windows\system32\ati2sgav.exe/PE_Patch.UPX/UPX/script.au3
2/10/2009 00:48:07 Detected: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe
2/10/2009 00:46:51 Untreated: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe Postponed
2/10/2009 00:46:51 Detected: HEUR:Trojan.Win32.Generic c:\windows\system\wmiprvse.exe
2/10/2009 00:45:09 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/9/2009 23:20:09 Untreated: not-a-virus:AdWare.Win32.FireOptimizer.a H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP36\A0003821.exe/PE_Patch.UPX/UPX Skipped by user
2/9/2009 23:20:09 Untreated: Suspicious.Packer H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP78\A0011803.exe/PE_Patch.Upolyx Skipped by user
2/9/2009 23:00:44 Untreated: Worm.Win32.VB.fi D:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015919.inf Postponed
2/9/2009 23:00:45 Untreated: Worm.Win32.VB.fi E:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015920.inf Postponed
2/9/2009 23:00:49 Untreated: Worm.Win32.VB.fi F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015921.inf Postponed
2/9/2009 23:00:49 Untreated: not-a-virus:AdWare.Win32.FireOptimizer.a F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP59\A0017168.exe/PE_Patch.UPX/UPX Postponed
2/9/2009 23:03:31 Untreated: Trojan-Downloader.Win32.VB.azx F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP59\A0017165.exe/data0000.cab/sndmon32.exe Postponed
2/9/2009 23:04:12 Untreated: Worm.Win32.VB.fi G:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015922.inf Postponed
2/9/2009 23:05:22 Untreated: Worm.Win32.VB.fi H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015923.inf Postponed
2/9/2009 23:07:36 Untreated: not-a-virus:AdWare.Win32.FireOptimizer.a H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP36\A0003821.exe/PE_Patch.UPX/UPX Postponed
2/9/2009 23:11:23 Untreated: Suspicious.Packer H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP78\A0011803.exe/PE_Patch.Upolyx Postponed
2/9/2009 23:11:34 Untreated: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe Postponed
2/9/2009 23:11:39 Untreated: Trojan.Win32.Agent.cro H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/keygen.exe Postponed
2/9/2009 22:59:19 Task started
2/9/2009 23:00:44 Detected: Worm.Win32.VB.fi D:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015919.inf
2/9/2009 23:00:45 Detected: Worm.Win32.VB.fi E:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015920.inf
2/9/2009 23:00:49 Detected: Worm.Win32.VB.fi F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015921.inf
2/9/2009 23:00:49 Detected: not-a-virus:AdWare.Win32.FireOptimizer.a F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP59\A0017168.exe/PE_Patch.UPX/UPX
2/9/2009 23:03:31 Detected: Trojan-Downloader.Win32.VB.azx F:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP59\A0017165.exe/data0000.cab/sndmon32.exe
2/9/2009 23:04:12 Detected: Worm.Win32.VB.fi G:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015922.inf
2/9/2009 23:05:22 Detected: Worm.Win32.VB.fi H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015923.inf
2/9/2009 23:07:36 Detected: not-a-virus:AdWare.Win32.FireOptimizer.a H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP36\A0003821.exe/PE_Patch.UPX/UPX
2/9/2009 23:11:23 Detected: Suspicious.Packer H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP78\A0011803.exe/PE_Patch.Upolyx
2/9/2009 23:11:34 Detected: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe
2/9/2009 23:11:39 Detected: Trojan.Win32.Agent.cro H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/keygen.exe
2/9/2009 23:11:39 Detected: not-a-virus:AdWare.Win32.Virtumonde.bhy H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/crack.exe
2/9/2009 23:11:44 Detected: Trojan.Win32.Dialer.qn H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/serial.exe/PE_Patch.PECompact/PecBundle/PECompact
2/9/2009 23:11:44 Detected: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/install.exe
2/9/2009 23:20:03 Detected: Worm.Win32.VB.fi H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015923.inf
2/9/2009 23:20:09 Deleted: Worm.Win32.VB.fi H:\System Volume Information\_restore{32C8A4A7-018A-44E7-8B7F-E5476371AD31}\RP58\A0015923.inf
2/9/2009 23:20:09 Detected: not-a-virus:AdWare.Win32.FireOptimizer.a H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP36\A0003821.exe/PE_Patch.UPX/UPX
2/9/2009 23:20:09 Detected: Suspicious.Packer H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP78\A0011803.exe/PE_Patch.Upolyx
2/9/2009 23:20:09 Detected: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe
2/9/2009 23:20:09 Disinfected: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe
2/9/2009 23:20:09 Detected: Trojan-Downloader.Win32.Tiny.ach H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe
2/9/2009 23:20:09 Deleted: Trojan-Downloader.Win32.Tiny.ach H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012072.exe
2/9/2009 23:20:09 Detected: Trojan.Win32.Agent.cro H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/keygen.exe
2/9/2009 23:20:09 Detected: not-a-virus:AdWare.Win32.Virtumonde.bhy H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/crack.exe
2/9/2009 23:20:09 Detected: Trojan.Win32.Dialer.qn H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/serial.exe/PE_Patch.PECompact/PecBundle/PECompact
2/9/2009 23:20:09 Detected: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\A0012074.exe/data.rar/install.exe
2/9/2009 23:20:09 Deleted: Virus.Win32.Virut.av H:\System Volume Information\_restore{492587B1-0697-45EE-9B85-1636C7FCAE10}\RP80\a0012074.exe
2/9/2009 23:20:09 Task completed
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/9/2009 22:52:42 Task completed
2/9/2009 22:50:38 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/9/2009 21:04:35 Task completed
2/9/2009 21:03:24 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/9/2009 19:49:14 Task completed
2/9/2009 19:49:14 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:49:14 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:49:14 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:49:14 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:49:14 Detected: Heur.Trojan.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:49:12 Detected: Heur.Trojan.Generic c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\bat[1].exe
2/9/2009 19:43:05 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:43:05 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:43:05 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:43:05 Detected: Heur.Worm.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:43:05 Untreated: Heur.Trojan.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt Postponed
2/9/2009 19:43:05 Untreated: Heur.Trojan.Generic c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\bat[1].exe Postponed
2/9/2009 19:43:01 Detected: Heur.Trojan.Generic c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\p[1].txt
2/9/2009 19:42:59 Detected: Heur.Trojan.Generic c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IE0Q52BQ\bat[1].exe
2/9/2009 19:41:42 Task started
Scan: completed 2/12/2009 11:01:51 (events: 6, objects: 67836, time: 00:15:56)
2/9/2009 19:39:08 Task completed
2/9/2009 19:38:41 Detected: Heur.Worm.Generic c:\windows\system\svhost.exe
2/9/2009 19:38:41 Detected: Heur.Worm.Generic c:\windows\system\svhost.exe
2/9/2009 19:38:41 Detected: Heur.Worm.Generic c:\windows\system\svhost.exe
2/9/2009 19:38:41 Detected: Heur.Worm.Generic c:\windows\system\svhost.exe
2/9/2009 19:38:40 Untreated: Heur.Trojan.Generic c:\windows\system\svhost.exe Postponed
2/9/2009 19:38:40 Detected: Heur.Trojan.Generic c:\windows\system\svhost.exe
2/9/2009 19:37:30 Task started
Pogledaj samo koliko pokazuje trojanaca, crva... Prosto nemogu da vjerujem da je ovaj Downloader to sve uspio navući na tvoj PC (ova vrsta trojanca inače funkcioniše na taj način tj. prvo se on "ubaci" a nakon toga po nalogu "gazde" instalira razna sranja na zaraženi računar)... To sada više nije ni bitno, valja nama ovo pokušati očistiti...
1. Dakle prvo provjeri jesi li 100% isključio System Restore na svim Diskovima/Particijama (bilo bi dobro da nam uradiš ovaj screenshot) u svakom slučaju sve mora biti isključeno !
2. Skini i pokreni Full Scan sa ovim Microsoft Removal Tool: http://scforum.info/index.php/topic,4510.0.html
3. Zatim pokreni Windows Update i pokušaj instalirati što više Updatea.
4. Napravi Update ovog Kasperskog 2009, restartuj računar u Safe Mod i pokreni Full Scan sa njim. Uglavnom šta god da te pita briši sve redom...
5. Kad završiš (sve što uspiješ) napravi nam samo nove log-ove (Hijack This i Kaspersky On-Line Scan: http://scforum.info/index.php/topic,734.0.html
To je sve za sada, nakon ove procedure mislim da ce situacija biti dosta jasnija.
Pozdrav,
Samker