VIRY.CZ

To jsem presně udělal. Zkusím to teda ještě jednou

nie pockaj, nakolko tuto hlasku dava pravdepodobne infikovany subor.

skontroluj ci su na C:\systemove subory. ak ano pokracuj, takto,
spust OTL
do okna vloz zeleny text a klik RunFix
log po restarte vloz sem

All processes killed
========== OTL ==========
========== FILES ==========
File\Folder C:\WINDOWS\system32\dllcache\winlogon.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: ACDC
->Temp folder emptied: 507904 bytes
->Temporary Internet Files folder emptied: 111826 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10272010_191432

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\ACDC\Local Settings\Temp\winlogon.dat not found!

Registry entries deleted on Reboot...

soory.
zabudol som prikaz

All processes killed
========== OTL ==========
========== FILES ==========
File C:\WINDOWS\explorer.exe successfully replaced with c:\explorer.exe
Unable to replace file: C:\WINDOWS\system32\winlogon.exe with c:\winlogon.exe without a reboot.
File\Folder C:\WINDOWS\system32\dllcache\winlogon.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: ACDC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1034240 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10272010_193303

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

explorer vymenil ale winlogon nechcel vymenit, takze skus to takto,
skus premenovat C:\WINDOWS\system32\winlogon.exe>.na winlogon.exe.vir
a skopiruj winlogon.exe z zlozky co som ti poslal do C:\WINDOWS\system32, restart,
a napis ci sa podarilo.

aha tam pisalo ze treba restartovat pocitac a vymeni,

restartoval jsem ho jeste jednou, v C:\ uz winlogon.exe neni

ok teraz otestuj znova na www.virustotal.com
winlogon a explorer.

http://www.virustotal.com/file-scan/rep ... 1288202992

http://www.virustotal.com/file-scan/rep ... 1288203210

a sssakra, uz su infikovane aj nove subory,
http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

no uz sprav G-mer, ale daco nam nesedi, ty si mi poslal ake tesTY:
ja som ti napisal:
o Napsal: stř říj 27, 2010 8:05 pm=20.05

a testy su z:
File name:
explorer.exe
Submission date:
2010-10-27 18:09:52 (UTC)
Current status:
finished
Result:
23 /43 (53.5%)


winlogon.exe
Submission date:
2010-10-27 18:13:30 (UTC)
Current status:
finished
Result:
19 /40 (47.5%)

poslal jsem testy tech souboru, co byly ve windows, explorer a winlogon
s tim GMERerm zrovna skenuju

trebalo dat reanalyse, nakolko tento test bolo robene predtym, ked prvykrat si testoval, vidis ze nesedi cas,
takze kludne doskenuj G-Merom, log vloz sem, a daj znova otestovat subory, ale daj REANALYSE, nakolko ono ti ponukne uz testovane subory, plus otestuj aj tento systemovy subor, a linky potom vloz sem
c:\Windows\System32\wininit.exe