perfectnav.com co to jest

IP: *.chello.pl 24.10.05, 09:00
Po wpisaniu w wyszukiwarce tekstu pomyłkowo lub nie znalezieniu go w
Internecie od razu zawsze wklejami się ta strona : www.perfectnav.com
chciałbym to usunąc jak to zrobić
    • Gość: Kolobos Re: perfectnav.com co to jest IP: *.warszawa.sdi.tpnet.pl 24.10.05, 09:39
      Wklej log z hijackthis.
      • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 14:41
        a można jaśniej
        • neder Re: perfectnav.com co to jest 24.10.05, 14:45
          w co drugim poście jest jaśniej ;P
          www.mgregor.republika.pl
          pzdr
      • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 15:03
        Logfile of HijackThis v1.99.1
        Scan saved at 14:58:45, on 05-10-24
        Platform: Windows 98 SE (Win9x 4.10.2222A)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\SYSTEM\KERNEL32.DLL
        C:\WINDOWS\SYSTEM\MSGSRV32.EXE
        C:\WINDOWS\SYSTEM\MPREXE.EXE
        C:\WINDOWS\SYSTEM\mmtask.tsk
        C:\WINDOWS\SYSTEM\MDM.EXE
        C:\WINDOWS\SYSTEM\MSTASK.EXE
        C:\WINDOWS\EXPLORER.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
        C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
        C:\WINDOWS\SYSTEM\INTERNAT.EXE
        C:\WINDOWS\SYSTEM\SYSTRAY.EXE
        C:\WINDOWS\V38SHELL.EXE
        C:\WINDOWS\SYSTEM\RPCSS.EXE
        C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDTASK.EXE
        C:\WINDOWS\VCDPLAYX.EXE
        C:\PROGRAM FILES\SCANNERU\TBRIDGE\BIN\INSTANTACCESS.EXE
        C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
        C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
        C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
        C:\PROGRAM FILES\GADU-GADU\GG.EXE
        C:\WINDOWS\SYSTEM\WMIEXE.EXE
        C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
        C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
        C:\WINDOWS\SYSTEM\PSTORES.EXE
        C:\WINDOWS\SYSTEM\DDHELP.EXE
        C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
        C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
        C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
        about:blank
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
        res://C:\WINDOWS\bbspn.dll/sp.html#12345
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
        red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*http://www.yahoo.com
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-
        3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
        F1 - win.ini: run=hpfsched
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
        O2 - BHO: (no name) - {C23A3931-7986-D600-52CD-D52ABEE43493} - (no file)
        O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
        C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
        O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
        Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} -
        C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\SYSTEM\MSDXM.OCX
        O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
        A37C9A5676A7} - C:\Program Files\Common Files\Symantec
        Shared\AdBlocking\NISShExt.dll
        O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
        C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
        O4 - HKLM\..\Run: [internat.exe] internat.exe
        O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
        O4 - HKLM\..\Run: [V38Shell] V38SHELL.EXE
        O4 - HKLM\..\Run: [VirtualDrive] "C:\Program
        Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
        O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
        O4 - HKLM\..\Run: [InstantAccess] C:\Program
        Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
        O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program
        Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
        O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
        O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
        O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
        O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
        O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\SYSTEM\autorun.exe
        O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
        Shared\ccApp.exe"
        O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
        Shared\CCPD-LC\symlcsvc.exe start
        O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
        \SNDMON.EXE /Consumer
        O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
        O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
        O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program
        Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
        O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
        O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
        O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
        powrprof.dll,LoadCurrentPwrScheme
        O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
        O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
        \ashServ.exe
        O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
        Shared\ccEvtMgr.exe"
        O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
        Shared\ccSetMgr.exe"
        O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet
        Security\ISSVC.exe"
        O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec
        Shared\ccProxy.exe
        O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
        Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
        O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
        Files\Adobe\Calibration\Adobe Gamma Loader.exe
        O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
        res://C:\PROGRA~1\MICROS~1\OFFICE\1045\PHDINTL.DLL/phdContext.htm
        O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM
        FILES\GO!ZILLA\download-with-gozilla.html
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
        C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
        00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
        C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
        00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
        O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
        O12 - Plugin for .swf: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin7.dll
        O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
        O15 - Trusted Zone: *.05p.com
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.slotch.com
        O15 - Trusted Zone: *.xxxtoolbar.com
        O15 - Trusted Zone: *.my-internet.info
        O15 -
        • Gość: m Re: perfectnav.com co to jest IP: *.neoplus.adsl.tpnet.pl 24.10.05, 16:53
          ale masz syfu!!! doklej pozostałą część loga, bo się nie zmieścił, a zaraz
          Kolobos się wścieknie :)
          • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 17:45
            O15 - Trusted Zone: *.scoobidoo.com
            O15 - Trusted Zone: *.searchbarcash.com
            O15 - Trusted Zone: *.awmdabest.com
            O15 - Trusted Zone: *.frame.crazywinnings.com
            O15 - Trusted Zone: *.static.topconverting.com
            O15 - Trusted Zone: *.05p.com (HKLM)
            O15 - Trusted Zone: *.searchmiracle.com (HKLM)
            O15 - Trusted Zone: *.clickspring.net (HKLM)
            O15 - Trusted Zone: *.blazefind.com (HKLM)
            O15 - Trusted Zone: *.mt-download.com (HKLM)
            O15 - Trusted Zone: *.flingstone.com (HKLM)
            O15 - Trusted Zone: *.slotch.com (HKLM)
            O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
            O15 - Trusted Zone: *.my-internet.info (HKLM)
            O15 - Trusted Zone: *.scoobidoo.com (HKLM)
            O15 - Trusted Zone: *.searchbarcash.com (HKLM)
            O15 - Trusted Zone: *.awmdabest.com (HKLM)
            O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
            O15 - Trusted Zone: *.static.topconverting.com (HKLM)
            O15 - Trusted IP range: 206.161.125.149
            O15 - Trusted IP range: 206.161.125.149 (HKLM)
            O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be
            Internet Zone
            O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be
            Internet Zone (HKLM)
            O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
            erotyka.to.sex.pl/sex_bez_granic.exe
            O16 - DPF: BSK Online - ssl.bsk.com.pl/component/BSKOnl.cab
            O16 - DPF: komentator - sport.onet.pl/komentator.cab
            O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
            www.cult3d.com/download/cult.cab
            O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
            bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
            O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab
            O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) -
            comp.mediaring.com/consumer/pcphone/ver5.4.4.0/wbaxuiph544.cab
            O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
            static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c282.cab
            O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
            tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab
            • Gość: Kolobos Re: perfectnav.com co to jest IP: *.warszawa.sdi.tpnet.pl 24.10.05, 18:29
              Odinstaluj nortona i tak Ci do niczego nie potrzebny.
              Uzyj:
              www.searchengines.pl/phpbb203/index.php?act=Attach&type=post&id=459

              Opis usuwania CWS'a tutaj:
              www.searchengines.pl/phpbb203/index.php?showtopic=14185&st=45&#entry87957
              Usun w hijackthis:

              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
              about:blank
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
              res://C:\WINDOWS\bbspn.dll/sp.html#12345
              R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
              red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*www.yahoo.com
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              R3 - URLSearchHook: PerfectNavBHO Class - {0428FFC7-1931-45b7-95CB-
              3CBB919777E1} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL <- odinstaluj o ile sie
              da i usun katalog PerfectNav
              O2 - BHO: (no name) - {C23A3931-7986-D600-52CD-D52ABEE43493} - (no file)
              O2 - BHO: NavErrRedir Class - {0428FFC7-1931-45b7-95CB-3CBB919777E1} -
              C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
              O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe <-
              kasujesz caly katalog Media Access
              O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
              C:\WINDOWS\web\related.htm
              O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
              00aa003c157a} - C:\WINDOWS\web\related.htm
              Wszystkie O15:
              O15 - Trusted Zone: *.05p.com
              O15 - Trusted Zone: *.searchmiracle.com
              O15 - Trusted Zone: *.clickspring.net
              O15 - Trusted IP range: 206.161.125.149
              O15 - Trusted IP range: 206.161.125.149 (HKLM)
              O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be
              Internet Zone
              O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be
              Internet Zone (HKLM)
              O16 - DPF: {A67BA5E3-5B79-11D6-A711-00C12601EADE} -
              erotyka.to.sex.pl/sex_bez_granic.exe
              O16 - DPF: {342999A3-728D-4DF6-BB81-CDD1A743096A} (MRActivXUI Class) -
              comp.mediaring.com/consumer/pcphone/ver5.4.4.0/wbaxuiph544.cab
              O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
              static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c282.cab
              O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
              tools.ebayimg.com/eps/activex/EPUWALControl_v1-0-3-18.cab

              Przeskanuj tez tym o ile dziala pod 98:
              download.ewido.net/ewido-setup.exe <- zrob update przed skanowaniem, po
              przeskanowaniu odinstaluj.

              Oraz zainstaluj to:
              www.safer-networking.org/pl/mirrors/index.html <- SpyBot S&D ->
              przeskanuj i wlacz ochrone przegladarki
              www.javacoolsoftware.com/spywareblaster.html <- SpywareBlaster -> wlacz
              ochrone przegladarki
              www.wilderssecurity.net/spywareguard.html <- SpywareGuard

              Po wszystkim wklej nowy log.
              • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 20:08
                Nie ze wszystkim sobie poradziłem, ale zobacz teraz jak to wygląda:
                Logfile of HijackThis v1.99.1
                Scan saved at 20:05:54, on 05-10-24
                Platform: Windows 98 SE (Win9x 4.10.2222A)
                MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

                Running processes:
                C:\WINDOWS\SYSTEM\KERNEL32.DLL
                C:\WINDOWS\SYSTEM\MSGSRV32.EXE
                C:\WINDOWS\SYSTEM\MPREXE.EXE
                C:\WINDOWS\SYSTEM\mmtask.tsk
                C:\WINDOWS\SYSTEM\MDM.EXE
                C:\WINDOWS\EXPLORER.EXE
                C:\WINDOWS\SYSTEM\MSTASK.EXE
                C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSETMGR.EXE
                C:\PROGRAM FILES\NORTON INTERNET SECURITY\ISSVC.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPROXY.EXE
                C:\WINDOWS\SYSTEM\INTERNAT.EXE
                C:\WINDOWS\SYSTEM\SYSTRAY.EXE
                C:\WINDOWS\V38SHELL.EXE
                C:\WINDOWS\SYSTEM\RPCSS.EXE
                C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDTASK.EXE
                C:\WINDOWS\VCDPLAYX.EXE
                C:\PROGRAM FILES\SCANNERU\TBRIDGE\BIN\INSTANTACCESS.EXE
                C:\PROGRAM FILES\A4TECH\MOUSE\AMOUMAIN.EXE
                C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCPD-LC\SYMLCSVC.EXE
                C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
                C:\PROGRAM FILES\GADU-GADU\GG.EXE
                C:\WINDOWS\SYSTEM\WMIEXE.EXE
                C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SNDSRVC.EXE
                C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
                C:\WINDOWS\SYSTEM\PSTORES.EXE
                C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
                C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
                C:\WINDOWS\SYSTEM\DDHELP.EXE
                C:\PROGRAM FILES\NORTON INTERNET SECURITY\NORTON ANTIVIRUS\OPSCAN.EXE
                C:\WINDOWS\PULPIT\HIJACKTHIS\HIJACKTHIS.EXE

                R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
                www.onet.pl/
                F1 - win.ini: run=hpfsched
                O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
                C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
                O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} -
                C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
                O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
                Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
                C:\WINDOWS\SYSTEM\MSDXM.OCX
                O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-
                A37C9A5676A7} - C:\Program Files\Common Files\Symantec
                Shared\AdBlocking\NISShExt.dll
                O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -
                C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
                O4 - HKLM\..\Run: [internat.exe] internat.exe
                O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
                O4 - HKLM\..\Run: [V38Shell] V38SHELL.EXE
                O4 - HKLM\..\Run: [VirtualDrive] "C:\Program
                Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
                O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
                O4 - HKLM\..\Run: [InstantAccess] C:\Program
                Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe /h
                O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program
                Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
                O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
                O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
                O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4TECH\MOUSE\AMOUMAIN.EXE
                O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
                O4 - HKLM\..\Run: [Soltek] C:\WINDOWS\SYSTEM\autorun.exe
                O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec
                Shared\ccApp.exe"
                O4 - HKLM\..\Run: [Symantec Core LC] C:\Program Files\Common Files\Symantec
                Shared\CCPD-LC\symlcsvc.exe start
                O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1
                \SNDMON.EXE /Consumer
                O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
                O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program
                Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.exe
                O4 - HKLM\..\RunServices: [RNBOStart] C:\WINDOWS\SYSTEM\RNBOSENT\SENTSTRT.EXE
                O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
                O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
                powrprof.dll,LoadCurrentPwrScheme
                O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
                O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4
                \ashServ.exe
                O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec
                Shared\ccEvtMgr.exe"
                O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Program Files\Common Files\Symantec
                Shared\ccSetMgr.exe"
                O4 - HKLM\..\RunServices: [ISSVC] "C:\Program Files\Norton Internet
                Security\ISSVC.exe"
                O4 - HKLM\..\RunServices: [ccProxy] C:\Program Files\Common Files\Symantec
                Shared\ccProxy.exe
                O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common
                Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
                O4 - HKCU\..\Run: [Gadu-Gadu] "C:\PROGRAM FILES\GADU-GADU\GG.EXE" /tray
                O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
                Files\Adobe\Calibration\Adobe Gamma Loader.exe
                O8 - Extra context menu item: Otwórz obraz w programie &Microsoft PhotoDraw -
                res://C:\PROGRA~1\MICROS~1\OFFICE\1045\PHDINTL.DLL/phdContext.htm
                O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAM
                FILES\GO!ZILLA\download-with-gozilla.html
                O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
                C:\Program Files\Messenger\MSMSGS.EXE
                O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-
                00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
                O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
                O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
                O12 - Plugin for .swf: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin7.dll
                O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
                O15 - Trusted Zone: *.blazefind.com
                O15 - Trusted Zone: *.mt-download.com
                O15 - Trusted Zone: *.flingstone.com
                O15 - Trusted Zone: *.slotch.com
                O15 - Trusted Zone: *.xxxtoolbar.com
                O15 - Trusted Zone: *.my-internet.info
                O15 - Trusted Zone: *.scoobidoo.com
                O15 - Trusted Zone: *.searchbarcash.com
                O15 - Trusted Zone: *.awmdabest.com
                O15 - Trusted Zone: *.frame.crazywinnings.com
                O15 - Trusted Zone: *.static.topconverting.com
                O15 - Trusted Zone: *.05p.com (HKLM)
                O15 - Trusted Zone: *.searchmiracle.com (HKLM)
                O15 - Trusted Zone: *.blazefind.com (HKLM)
                O15 - Trusted Zone: *.mt-download.com (HKLM)
                O15 - Trusted Zone: *.flingstone.com (HKLM)
                O15 - Trusted Zone: *.slotch.com (HKLM)
                O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
                O15 - Trusted Zone: *.my-internet.info (HKLM)
                O15 - Trusted Zone: *.scoobidoo.com (HKLM)
                O15 - Trusted Zone: *.searchbarcash.com (HKLM)
                O15 - Trusted Zone: *.awmdabest.com (HKLM)
                O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
                O15 - Trusted Zone: *.static.topconverting.com (HKLM)
                O15 - Trusted IP range: 206.161.125.149
                O15 - Trusted IP range: 206.161.125.149 (HKLM)
                O16 - DPF: BSK Online - ssl.bsk.com.pl/component/BSKOnl.cab
                O16 - DPF: komentator - sport.onet.pl/komentator.cab
                O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -
                www.cult3d.com/download/cult.cab
                O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
                bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
                O16 - DPF: ING Bank Online - ssl.bsk.com.pl/bskonl/component/INGOnl.cab

                • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 20:11
                  Usunąć wszystkie O15 czy tylko wymienione, czy usówać w hijackthis można w
                  trybie normalnym czy TYLKO w awaryjnym?????
                  • Gość: Kolobos Re: perfectnav.com co to jest IP: *.icm.edu.pl / *.icm.edu.pl 24.10.05, 20:45
                    Przeciez wyraznie napisalem "Wszystkie O15" wiec czemu pytasz?
                    Zreszta miales uzyc:
                    www.searchengines.pl/phpbb203/index.php?act=Attach&type=post&id=459
                    To by usunelo wszystkie trusted.

                    Usun:

                    O15 - Trusted Zone: *.blazefind.com
                    O15 - Trusted Zone: *.mt-download.com
                    O15 - Trusted Zone: *.flingstone.com
                    O15 - Trusted Zone: *.slotch.com
                    O15 - Trusted Zone: *.xxxtoolbar.com
                    O15 - Trusted Zone: *.my-internet.info
                    O15 - Trusted Zone: *.scoobidoo.com
                    O15 - Trusted Zone: *.searchbarcash.com
                    O15 - Trusted Zone: *.awmdabest.com
                    O15 - Trusted Zone: *.frame.crazywinnings.com
                    O15 - Trusted Zone: *.static.topconverting.com
                    O15 - Trusted Zone: *.05p.com (HKLM)
                    O15 - Trusted Zone: *.searchmiracle.com (HKLM)
                    O15 - Trusted Zone: *.blazefind.com (HKLM)
                    O15 - Trusted Zone: *.mt-download.com (HKLM)
                    O15 - Trusted Zone: *.flingstone.com (HKLM)
                    O15 - Trusted Zone: *.slotch.com (HKLM)
                    O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
                    O15 - Trusted Zone: *.my-internet.info (HKLM)
                    O15 - Trusted Zone: *.scoobidoo.com (HKLM)
                    O15 - Trusted Zone: *.searchbarcash.com (HKLM)
                    O15 - Trusted Zone: *.awmdabest.com (HKLM)
                    O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
                    O15 - Trusted Zone: *.static.topconverting.com (HKLM)
                    O15 - Trusted IP range: 206.161.125.149
                    O15 - Trusted IP range: 206.161.125.149 (HKLM)
                    • Gość: sos Re: perfectnav.com co to jest IP: *.chello.pl 24.10.05, 20:56
                      Usunołem, dzięki i przepraszam za kłopot
Pełna wersja