Dodaj do ulubionych

Daosearch.com

IP: *.ssnet.pl 29.03.05, 16:32
Jak mam to usunąć?? Ten daosearch mi się pojawiana różnych stronach,
wyskakuje mi co jakiś czas i wyświetla jakieś okna o tym, że coś tam będę
miał za darmo. Bardzo bym prosił o dokładne wytłumaczenie, bo w takich
sprawach (usuwanie wirusów itp.) jestem kompletnym laikem.
Obserwuj wątek
    • Gość: Kolobos Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 16:39
      Wklej log z hijackthis -> www.spychecker.com/program/hijackthis.html
      "Do a system scan and save a logfile"
      • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 16:57
        Logfile of HijackThis v1.99.1
        Scan saved at 16:56:41, on 2005-03-29
        Platform: Windows XP (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 (6.00.2600.0000)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sygate\SPF\smc.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\LEXBCES.EXE
        C:\WINDOWS\system32\LEXPPS.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\LXSUPMON.EXE
        C:\Program Files\MKS\Bin\mks_menu.exe
        C:\Program Files\MKS\Bin\ABregmon.exe
        C:\WINDOWS\System32\Services\{FEED1986-85C9-476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
        C:\WINDOWS\System32\RUNDLL32.exe
        C:\WINDOWS\ltwpqrud.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\WINDOWS\System32\ssct.exe
        C:\WINDOWS\System32\r?ndll.exe
        C:\Program Files\MKS\Bin\NetMonSV.exe
        C:\Program Files\MKS\Bin\mksmonsv.exe
        C:\WINDOWS\System32\nvsvc32.exe
        C:\WINDOWS\System32\wbem\wmiprvse.exe
        C:\Program Files\MKS\Bin\mks_scan.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
        www.onet.pl/
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
        \FlashGet\jccatch.dll
        O2 - BHO: (no name) - {D906503D-C283-CA23-F829-C8C9D9B73DE6} -
        C:\WINDOWS\System32\jerkm.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
        C:\PROGRA~1\FlashGet\fgiebar.dll
        O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
        \printray.exe
        O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
        O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
        \NvCpl.dll,NvStartup
        O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
        O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
        \NvMcTray.dll,NvTaskbarInit
        O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
        Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
        O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
        O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
        O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
        O4 - HKLM\..\Run: [Shellspl] spools.exe
        O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Dawid\USTAWI~1\Temp\keep.exe
        O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FEED1986-85C9-
        476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
        O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
        O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
        O4 - HKLM\..\Run: [tbfffnvhumaywajenbqcswo] C:\WINDOWS\ltwpqrud.exe
        O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
        O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
        O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
        O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
        O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
        O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\hfnjlepm.exe
        O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
        O4 - HKCU\..\Run: [Urce] C:\WINDOWS\System32\ssct.exe
        O4 - HKCU\..\Run: [Isny] C:\WINDOWS\System32\r?ndll.exe
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
        Office\Office10\OSA.EXE
        O8 - Extra context menu item: Download All by FlashGet - C:\Program
        Files\FlashGet\jc_all.htm
        O8 - Extra context menu item: Download using FlashGet - C:\Program
        Files\FlashGet\jc_link.htm
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
        O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
        C:\PROGRA~1\FlashGet\flashget.exe
        O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
        0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
        O15 - Trusted Zone: *.blazefind.com
        O15 - Trusted Zone: *.clickspring.net
        O15 - Trusted Zone: *.flingstone.com
        O15 - Trusted Zone: *.iframedollars.biz
        O15 - Trusted Zone: *.mt-download.com
        O15 - Trusted Zone: *.my-internet.info
        O15 - Trusted Zone: *.searchmiracle.com
        O15 - Trusted Zone: *.skoobidoo.com
        O15 - Trusted Zone: *.slotchbar.com
        O15 - Trusted Zone: *.windupdates.com
        O15 - Trusted Zone: *.ysbweb.com
        O15 - Trusted Zone: *.blazefind.com (HKLM)
        O15 - Trusted Zone: *.clickspring.net (HKLM)
        O15 - Trusted Zone: *.flingstone.com (HKLM)
        O15 - Trusted Zone: *.iframedollars.biz (HKLM)
        O15 - Trusted Zone: *.mt-download.com (HKLM)
        O15 - Trusted Zone: *.my-internet.info (HKLM)
        O15 - Trusted Zone: *.searchmiracle.com (HKLM)
        O15 - Trusted Zone: *.skoobidoo.com (HKLM)
        O15 - Trusted Zone: *.slotchbar.com (HKLM)
        O15 - Trusted Zone: *.windupdates.com (HKLM)
        O15 - Trusted Zone: *.ysbweb.com (HKLM)
        O15 - Trusted IP range: 213.159.117.202
        O15 - Trusted IP range: 213.159.117.202 (HKLM)
        O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
        iframedollars.biz/tb/loader2.ocx
        O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
        Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
        O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
        O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
        Files\MKS\Bin\NetMonSV.exe
        O23 - Service: Trace network connections (ACCRA) - Unknown owner -
        C:\WINDOWS\System32\mocih.exe (file missing)
        O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
        C:\WINDOWS\System32\dev32.exe (file missing)
        O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
        C:\WINDOWS\system32\LEXBCES.EXE
        O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
        Files\MKS\bin\MkSUpdateInt.exe
        O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
        Files\MKS\Bin\mksmonsv.exe
        O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
        O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
        C:\WINDOWS\System32\nvsvc32.exe
        O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
        Inc. - C:\Program Files\Sygate\SPF\smc.exe

        • Gość: Kolobs Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 17:10
          Uruchom hijackthis i zaznacz te wpisy:

          O2 - BHO: (no name) - {D906503D-C283-CA23-F829-C8C9D9B73DE6} -
          C:\WINDOWS\System32\jerkm.dll
          O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          O4 - HKLM\..\Run: [Shellspl] spools.exe
          O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Dawid\USTAWI~1\Temp\keep.exe
          O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FEED1986-85C9-
          476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
          O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
          O4 - HKLM\..\Run: [tbfffnvhumaywajenbqcswo] C:\WINDOWS\ltwpqrud.exe
          O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
          O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
          O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
          O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\hfnjlepm.exe
          O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKCU\..\Run: [Urce] C:\WINDOWS\System32\ssct.exe
          O4 - HKCU\..\Run: [Isny] C:\WINDOWS\System32\r?ndll.exe

          Wszystkie O15

          O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
          iframedollars.biz/tb/loader2.ocx
          O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
          Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
          O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
          O23 - Service: Trace network connections (ACCRA) - Unknown owner -
          C:\WINDOWS\System32\mocih.exe (file missing)
          O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
          C:\WINDOWS\System32\dev32.exe (file missing)

          I Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log.
          • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 17:21
            Logfile of HijackThis v1.99.1
            Scan saved at 17:20:51, on 2005-03-29
            Platform: Windows XP (WinNT 5.01.2600)
            MSIE: Internet Explorer v6.00 (6.00.2600.0000)

            Running processes:
            C:\WINDOWS\System32\smss.exe
            C:\WINDOWS\system32\winlogon.exe
            C:\WINDOWS\system32\services.exe
            C:\WINDOWS\system32\lsass.exe
            C:\WINDOWS\system32\svchost.exe
            C:\WINDOWS\System32\svchost.exe
            C:\WINDOWS\system32\LEXBCES.EXE
            C:\WINDOWS\system32\spoolsv.exe
            C:\WINDOWS\system32\LEXPPS.EXE
            C:\Program Files\MKS\Bin\NetMonSV.exe
            C:\Program Files\MKS\Bin\mksmonsv.exe
            C:\WINDOWS\System32\nvsvc32.exe
            C:\WINDOWS\Explorer.EXE
            C:\WINDOWS\System32\LXSUPMON.EXE
            C:\Program Files\MKS\Bin\mks_menu.exe
            C:\Program Files\MKS\Bin\ABregmon.exe
            C:\WINDOWS\System32\ctfmon.exe
            C:\Program Files\Gadu-Gadu\gg.exe
            C:\Program Files\MKS\Bin\mks_scan.exe
            C:\Program Files\Sygate\SPF\smc.exe
            C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe
            C:\Program Files\Internet Explorer\iexplore.exe

            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
            www.onet.pl/
            R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
            R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
            O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
            \FlashGet\jccatch.dll
            O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
            C:\WINDOWS\System32\msdxm.ocx
            O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
            C:\PROGRA~1\FlashGet\fgiebar.dll
            O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
            \printray.exe
            O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
            O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
            \NvCpl.dll,NvStartup
            O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
            O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
            \NvMcTray.dll,NvTaskbarInit
            O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
            Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
            O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
            O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
            O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
            O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
            O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
            O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
            O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
            Office\Office10\OSA.EXE
            O8 - Extra context menu item: Download All by FlashGet - C:\Program
            Files\FlashGet\jc_all.htm
            O8 - Extra context menu item: Download using FlashGet - C:\Program
            Files\FlashGet\jc_link.htm
            O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
            res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
            O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
            C:\PROGRA~1\FlashGet\flashget.exe
            O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
            0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
            O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
            Files\MKS\Bin\NetMonSV.exe
            O23 - Service: Trace network connections (ACCRA) - Unknown owner -
            C:\WINDOWS\System32\mocih.exe (file missing)
            O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
            C:\WINDOWS\System32\dev32.exe (file missing)
            O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
            C:\WINDOWS\system32\LEXBCES.EXE
            O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
            Files\MKS\bin\MkSUpdateInt.exe
            O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
            Files\MKS\Bin\mksmonsv.exe
            O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
            O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
            C:\WINDOWS\System32\nvsvc32.exe
            O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
            Inc. - C:\Program Files\Sygate\SPF\smc.exe
            • Gość: Kolobos Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 17:35
              Log jest juz czysty, zostaly tylko te dwa wpisy:
              O23 - Service: Trace network connections (ACCRA) - Unknown owner -
              C:\WINDOWS\System32\mocih.exe (file missing)
              O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
              C:\WINDOWS\System32\dev32.exe (file missing)

              Ale to i tak juz nie aktywne wpisy, wiec moga zostac.
              • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 18:08
                Dzięki wielki. Narazie wszystko gra. :)
        • neder Re: Daosearch.com 29.03.05, 17:37
          brak firewalla + niezaktualizowany system
          • neder Re: Daosearch.com 29.03.05, 17:38
            sorki - zostaje tylko brak aktualizacji systemu- źle dziś widzę:)

Nie masz jeszcze konta? Zarejestruj się


Nakarm Pajacyka