prosze o pomoc

[Gość: kamil]

niedawno pojawily mi sie na komputerze dziwne pop-upy, czy ktos mogłby
sprawdzic mojego loga?
Logfile of HijackThis v1.97.7
Scan saved at 16:27:22, on 2005-11-28
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BearShare\BearShare.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\mentor\USTAWI~1\Temp\Rar$EX00.141\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.interia.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program
Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box -
C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {3334504D-9980-0010-8000-00AA00389B71} -
download.microsoft.com/download/0/C/8/0C8EDFAB-30BC-4792-898E-2DABE27B2C4D/mp43dmo.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{523F4DAB-1577-4748-B176-45F486359436}:
NameServer = 192.168.0.1
O17 -
HKLM\System\CS1\Services\Tcpip\..\{523F4DAB-1577-4748-B176-45F486359436}:
NameServer = 192.168.0.1
O17 -
HKLM\System\CS2\Services\Tcpip\..\{523F4DAB-1577-4748-B176-45F486359436}:
NameServer = 192.168.0.1

[Gość: k]

Jakie maja adresy te reklamy?

W menadzerze zadan zakoncz:
C:\Program Files\Save\Save.exe
I usun katalog Save
W hijackthis:
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

I jeszcze skan ewido (znajdziesz na google).
Zamknij tez porty tym:
www.firewallleaktester.com/tools/wwdc.exe