Bardzo prosze o pomoc uruchamia mi się połączenie które blokuje żeby nie ściągał mi smieci C:/windows/System32/winlogon.exe Avast i Adware nic nie pomogło.Usunołem rock.exe mam nadzieję że dobrze zrobiłem, zamieszczam logi z Avasta:
[quote]2006-05-06 17:05:00 SYSTEM 1648 Sign of "Win32:Istbar-AV [Trj]" has been found in "http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab\ysbactivex.dll" file.
2006-05-06 18:24:00 SYSTEM 1648 Sign of "VBS:Malware [Encrypted]" has been found in "http://zllin.info/e/us36//main.chm\main.htm" file.
2006-05-06 19:10:00 SYSTEM 1648 Sign of "Win32:Trojano-027 [Trj]" has been found in "http://217.73.66.1/del/loader.cab\loader.exe" file.
2006-05-06 19:18:56 SYSTEM 1648 Sign of "Win32:Trojano-027 [Trj]" has been found in "http://217.73.66.1/del/loader.cab\loader.exe" file.
2006-05-06 19:19:08 SYSTEM 1648 Sign of "Win32:Trojano-027 [Trj]" has been found in "http://217.73.66.1/del/loader.cab\loader.exe" file.
2006-05-06 19:19:13 SYSTEM 1648 Sign of "Win32:Trojano-027 [Trj]" has been found in "http://217.73.66.1/del/loader.cab\loader.exe" file.
2006-05-06 19:25:13 SYSTEM 1648 Sign of "VBS:Malware [Script]" has been found in "http://traffnew.biz/dl/adv661/x.chm\x.htm" file.
2006-05-06 19:26:04 SYSTEM 1648 Sign of "JS:Classloader-6" has been found in "http://traffnew.biz/dl/loaderadv661.jar\Counter.class" file.
2006-05-06 19:26:04 SYSTEM 1648 Sign of "JS:OpenConnection-I" has been found in "http://traffnew.biz/dl/java.jar\GetAccess.class" file.
2006-05-06 19:26:09 SYSTEM 1648 Sign of "JS:OpenConnection-I" has been found in "C:\Documents and Settings\Janusz\Dane aplikacji\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-76d25779-18a4898d.zip" file.
2006-05-06 19:26:47 SYSTEM 1648 Sign of "MS06-001 WMF Exploit" has been found in "C:\Documents and Settings\Janusz\Ustawienia lokalne\Temporary Internet Files\Content.IE5\X7R351SE\xpladv661[1].wmf" file.
2006-05-07 12:17:30 SYSTEM 200 Sign of "Win32:Istbar-AU [Trj]" has been found in "http://www.esimetrija.com/ysbinstall_1002755_3.exe\[UPX]" file.
2006-05-07 12:17:31 SYSTEM 200 Sign of "Win32:Istbar-AU [Trj]" has been found in "http://www.esimetrija.com/ysbinstall_1002755_3.exe\[UPX]" file.
2006-05-07 12:23:52 SYSTEM 200 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\System32\1024\ldDF03.tmp\[UPX]" file.
2006-05-07 12:49:21 SYSTEM 200 Sign of "Win32:Trojano-CL [Trj]" has been found in "C:\WINDOWS\System32\1024\ld3198.tmp\[UPX]" file. [/quote]
A tu logi z HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 16:44:18, on 2006-05-07
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Instalki\programy\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\System32\hp1632.tmp
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Analizuj za pomocą LeechGet - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pobierz używając kreatora LeechGet - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: Pobierz używając LeechGet - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146830468421
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe