Ten pierwszy moze byc plikiem systemowym, ale z tego co widac dalej, raczej dialerem laczacym ze stronami porno. Mozesz wiec usunac a w razie czego, przywrocisz poprzez Backup z HJ.

Po kliknieciu Fix checked, ewentualnym wylaczeniu procesow o takich nazwach jak w logu, odszukaj i usun te pliki – wszystkie znalezione w logu.

C:WINDOWSSystem32mshta.exe

C:WINDOWSSystem32qceu.exe
R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = about:blank
O2 – BHO: (no name) – {0019C3E2–DD48–4A6D–ABCD–8D32436323D9} – C:WINDOWSxxs5.dll (file missing)
O2 – BHO: (no name) – {6FFA6101–9C10–04E2–875E–11550BA12E3F} – C:WINDOWSSystem32afriopqy.dll
O2 – BHO: NavErrRedir Class – {A045DC85–FC44–45be–8A50–E4F9C62C9A84} – C:PROGRA~1PERFEC~1BHOPERFEC~2.DLL (file missing)
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [bxxs5] RunDLL32.EXE ,DllRun
O4 – HKCU..Run: [ClockSync] "C:Program FilesClockSyncSync.exe" /q
O16 – DPF: {02C20140–76F8–4763–83D5–B660107B7A90} – http://connect.online–dialer.com/cax.cab
O16 – DPF: {10000030–1000–0000–1000–000000000000} – its:mhtml:file://c:\MAIN.MHT!http://zloeboogle.biz/dial.chm?wmid=3303::/x.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://C:foo.mht!http://195.225.177.13/573/online.chm::/on–line.exe
O16 – DPF: {11010101–1001–1111–1000–110112345678} – ms–its:mhtml:file://C:
oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=vad::/win.exe
O16 – DPF: {11010101–1001–1111–1000–115676576822} – ms–its:mhtml:file://c: osuch.mht!http://www.ustimerz.com/nm22222/par1.chm::/par1.exe
O16 – DPF: {11111111–1111–1111–1111–111111111123} – its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://d:foo.mht!http://66.98.190.22/jd45//x.chm::/load.exe
O16 – DPF: {11120607–1001–1111–1000–110199901123} – ms–its:mhtml:file://c: osuch.mht!http://2awm.com/pop/chm/paxaall.chm::/webload.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ383303.exe
O16 – DPF: {11456451–1561–1111–1000–134466001123} – ms–its:mhtml:file://C:MAIN.MHT!http://www.wofldsex.com///src.chm::/project1.exe
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.2/g_bin/pl/cards_2_0_0_44.cab
O16 – DPF: {663C8FEF–1EF9–11CF–A3DB–080036F12502} – ms–its:mhtml:file://c: osuch.mht!http://67.18.129.78/b/bd/1/x.chm::/load.exe
O16 – DPF: {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab

Witam

Ten sam temat, zapis ze scanu wykonanego u mojego kolegi

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesSymantec SharedccEvtMgr.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSystem32sm56hlpr.exe
C:WINDOWSSystem32CTHELPER.EXE
C:WINDOWSSystem32CTsvcCDA.exe
C:Program FilesCommon FilesSymantec SharedccApp.exe
C:Program FilesNorton SystemWorksNorton AntiVirus avapsvc.exe
C:WINDOWSSystem32 vsvc32.exe
C:Program FilesWinampWinampa.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSSystem32MsPMSPSv.exe
C:Program FilesAdaptecEasy CD Creator 5DirectCDDirectCD.exe
C:windows undll32.exe
C:Program FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
C:WINDOWS wain_32C6U14KWATCH.exe
C:WINDOWSSystem32qceu.exe
C:Program FilesGadu–Gadugg.exe
C:WINDOWSSystem32mshta.exe
C:Program FilesInternet Exploreriexplore.exe
C:WINDOWSSystem32mshta.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesInternet Exploreriexplore.exe
C:Documents and SettingsJaPulpitHijackThis.exe

R1 – HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = about:blank
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {0019C3E2–DD48–4A6D–ABCD–8D32436323D9} – C:WINDOWSxxs5.dll (file missing)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 – BHO: (no name) – {53707962–6F74–2D53–2644–206D7942484F} – C:PROGRA~1SPYBOT~2SDHelper.dll
O2 – BHO: (no name) – {6FFA6101–9C10–04E2–875E–11550BA12E3F} – C:WINDOWSSystem32afriopqy.dll
O2 – BHO: NavErrRedir Class – {A045DC85–FC44–45be–8A50–E4F9C62C9A84} – C:PROGRA~1PERFEC~1BHOPERFEC~2.DLL (file missing)
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:WINDOWSSystem32msdxm.ocx
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:Program FilesNorton SystemWorksNorton AntiVirusNavShExt.dll
O4 – HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 – HKLM..Run: [nwiz] nwiz.exe /install
O4 – HKLM..Run: [SM56ACL] sm56hlpr.exe
O4 – HKLM..Run: [CTHelper] CTHELPER.EXE
O4 – HKLM..Run: [NeroCheck] C:WINDOWSSystem32\NeroCheck.exe
O4 – HKLM..Run: [ccApp] "C:Program FilesCommon FilesSymantec SharedccApp.exe"
O4 – HKLM..Run: [ccRegVfy] "C:Program FilesCommon FilesSymantec SharedccRegVfy.exe"
O4 – HKLM..Run: [WinampAgent] "C:Program FilesWinampWinampa.exe"
O4 – HKLM..Run: [AdaptecDirectCD] "C:Program FilesAdaptecEasy CD Creator 5DirectCDDirectCD.exe"
O4 – HKLM..Run: [AutoUpdater] "C:Program FilesAutoUpdateAutoUpdate.exe"
O4 – HKLM..Run: [bxxs5] RunDLL32.EXE ,DllRun
O4 – HKCU..Run: [Gadu–Gadu] "C:Program FilesGadu–Gadugg.exe" /tray
O4 – HKCU..Run: [ClockSync] "C:Program FilesClockSyncSync.exe" /q
O4 – HKCU..Run: [StartPage] C:windows undll32.exe
O4 – Global Startup: Ulead Photo Express 3.0 SE Calendar Checker.lnk = C:Program FilesUlead SystemsUlead Photo Express 3.0 SECalCheck.exe
O4 – Global Startup: Watch.lnk = C:WINDOWS wain_32C6U14KWATCH.exe
O4 – Global Startup: GStartup.lnk.disabled
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: SEARCH (HKLM)
O9 – Extra button: ENTERTAINMENT (HKLM)
O9 – Extra button: PILLS (HKLM)
O9 – Extra button: SECURITY (HKLM)
O9 – Extra button: SEARCH (HKLM)
O12 – Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 – DPF: {02C20140–76F8–4763–83D5–B660107B7A90} – http://connect.online–dialer.com/cax.cab
O16 – DPF: {10000030–1000–0000–1000–000000000000} – its:mhtml:file://c:\MAIN.MHT!http://zloeboogle.biz/dial.chm?wmid=3303::/x.exe
O16 – DPF: {10003000–1000–0000–1000–000000000000} – ms–its:mhtml:file://C:foo.mht!http://195.225.177.13/573/online.chm::/on–line.exe
O16 – DPF: {11010101–1001–1111–1000–110112345678} – ms–its:mhtml:file://C:oo.mhtml!http://81.9.3.86//scripts//dw//chm.chm?id=vad::/win.exe
O16 – DPF: {11010101–1001–1111–1000–115676576822} – ms–its:mhtml:file://c: osuch.mht!http://www.ustimerz.com/nm22222/par1.chm::/par1.exe
O16 – DPF: {11111111–1111–1111–1111–111111111123} – its:mhtml:file://C:.mht!http://69.50.191.52/668/b.chm::/b.exe
O16 – DPF: {11111111–1111–1111–1111–111111111157} – ms–its:mhtml:file://d:foo.mht!http://66.98.190.22/jd45//x.chm::/load.exe
O16 – DPF: {11120607–1001–1111–1000–110199901123} – ms–its:mhtml:file://c: osuch.mht!http://2awm.com/pop/chm/paxaall.chm::/webload.exe
O16 – DPF: {11311111–1111–1111–1111–111111111157} – file://C:RecycledQ330995.exe
O16 – DPF: {11311111–1111–1111–1111–11111121115F} – file://C:RecycledQ383303.exe
O16 – DPF: {11456451–1561–1111–1000–134466001123} – ms–its:mhtml:file://C:MAIN.MHT!http://www.wofldsex.com///src.chm::/project1.exe
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.2/g_bin/pl/cards_2_0_0_44.cab
O16 – DPF: {2FC9A21E–2069–4E47–8235–36318989DB13} (PPSDKActiveXScanner.MainScreen) – http://www.pestscan.com/scanner/axscanner.cab
O16 – DPF: {4539348E–01D7–11D5–9A39–0080C8D85044} (GINSLOTS90 Class) – http://gryonline.wp.pl/files/slots90_2_0_0_9.cab
O16 – DPF: {663C8FEF–1EF9–11CF–A3DB–080036F12502} – ms–its:mhtml:file://c: osuch.mht!http://67.18.129.78/b/bd/1/x.chm::/load.exe
O16 – DPF: {80B410C0–BADA–11D4–8308–0080C8D7ED4A} (GINTHOUSAND Class) – http://gryonline.wp.pl/files/tysiac_2_0_0_6.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GINPOKER Class) – http://gryonline.wp.pl/files/poker_2_0_0_7.cab
O16 – DPF: {881290B9–F53C–4676–8DAF–3DBEFC297308} (GINMAKAO Class) – http://gryonline.wp.pl/files/makao_2_0_0_6.cab
O16 – DPF: {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 – DPF: {9EB320CE–BE1D–4304–A081–4B4665414BEF} (MediaTicketsInstaller Control) – http://www.mt–download.com/MediaTicketsInstaller.cab
O16 – DPF: {A1FE3DE0–CF77–11D4–8340–0080C8D7ED4A} (GINDEMON Class) – http://gryonline.wp.pl/files/demon_2_0_0_6.cab
O16 – DPF: {A6212120–01D4–11D5–9A39–0080C8D85044} (GINSLOTS70 Class) – http://gryonline.wp.pl/files/slots70_2_0_0_9.cab
O16 – DPF: {A7196C8E–35A5–4FF0–9E46–E28918B5CAF6} (GINDOMINO Class) – http://gryonline.wp.pl/files/domino_2_0_0_6.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GINWORDS Class) – http://gryonline.wp.pl/files/words_2_0_0_18.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {DCB16E44–D6DB–473E–A251–F6FBB381C1C3} (GINCHESS Class) – http://gryonline.wp.pl/files/chess_2_0_0_6.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GINSLOTS80 Class) – http://gryonline.wp.pl/files/slots80_2_0_0_9.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GINBILLARD8 Class) – http://gryonline.wp.pl/files/billard8_2_0_0_6.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C2} (GameDesire Pool 9) – http://67.15.101.2/g_bin/pl/billard9_2_0_0_20.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C3} (GINBILLARD14 Class) – http://gryonline.wp.pl/files/billard14_2_0_0_6.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C4} (GINBILLARDT Class) – http://gryonline.wp.pl/files/billardt_2_0_0_6.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C5} (GINSNOOKER Class) – http://gryonline.wp.pl/files/snooker_2_0_0_6.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C6} (GINBILLARD8UK Class) – http://gryonline.wp.pl/files/billard8UK_2_0_0_6.cab

dzięki wielkie za wielką pomoc ;)
Ludzie, skąd Wy taką wiedzę macie ;]

Wyłącz przywracanie systemu.

Fix :

R0 – HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = file:///C:/Documents%20and%20Settings/Figa/Moje%20dokumenty/startowa/startowa.html
R0 – HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 – HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 – HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *hot–searches.com*;*lender–search.com*
R0 – HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {000020DD–C72E–4113–AF77–DD56626C6C42} – C:WINDOWS waintec.dll
O2 – BHO: (no name) – {83DE62E0–5805–11D8–9B25–00E04C60FAF2} – C:WINDOWS2_0_1browserhelper2.dll
O2 – BHO: (no name) – {9C691A33–7DDA–4C2F–BE4C–C176083F35CF} – C:WINDOWSSystem32ridge.dll
O4 – HKLM..Run: [Windows Automation] mslaugh.exe
O4 – HKLM..Run: [RunDLL] rundll32.exe "C:WINDOWSSystem32ridge.dll",Load
O4 – HKLM..Run: [ubvilvbhocyq] C:WINDOWSSystem32 dfscoa.exe
O4 – HKLM..Run: [msbb] c:docume~1figaustawi~1 empmsbb.exe
O4 – HKLM..Run: [lof] C:WINDOWSlof.exe
O9 – Extra button: Badanie (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)

Zakonczyć procesy w Task`u :

mslaugh.exe
ndfscoa.exe
msbb.exe
lof.exe

Wyszukać zaznaczając ukryte i usunać :

mslaugh.exe
ndfscoa.exe
msbb.exe
lof.exe
startowa.html
redir.dll
twaintec.dll ( wcześniej wyrejestrować bibliotekę regsvr32 /u C:WINDOWS waintec.dll )
2_0_1browserhelper2.dll
bridge.dll

Włącz przywracanie systemu.
Włącz zaporę systemową lub jeśli nie posiadasz zapore firm trzecich.
Dodatkowo aktualizacja zabezpieczeń systemu ( zobacz przyklejony Topic dotyczący Blastera ).