Forum Komputery Wirusy, trojany, spyware
ZMIEŃ
    Dodaj do ulubionych

    Daosearch.com

    IP: *.ssnet.pl 29.03.05, 16:32
    Jak mam to usunąć?? Ten daosearch mi się pojawiana różnych stronach,
    wyskakuje mi co jakiś czas i wyświetla jakieś okna o tym, że coś tam będę
    miał za darmo. Bardzo bym prosił o dokładne wytłumaczenie, bo w takich
    sprawach (usuwanie wirusów itp.) jestem kompletnym laikem.
    Obserwuj wątek
      • Gość: Kolobos Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 16:39
        Wklej log z hijackthis -> www.spychecker.com/program/hijackthis.html
        "Do a system scan and save a logfile"
        • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 16:57
          Logfile of HijackThis v1.99.1
          Scan saved at 16:56:41, on 2005-03-29
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\csrss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\Program Files\Sygate\SPF\smc.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\Explorer.EXE
          C:\WINDOWS\System32\LXSUPMON.EXE
          C:\Program Files\MKS\Bin\mks_menu.exe
          C:\Program Files\MKS\Bin\ABregmon.exe
          C:\WINDOWS\System32\Services\{FEED1986-85C9-476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
          C:\WINDOWS\System32\RUNDLL32.exe
          C:\WINDOWS\ltwpqrud.exe
          C:\WINDOWS\System32\ctfmon.exe
          C:\WINDOWS\System32\ssct.exe
          C:\WINDOWS\System32\r?ndll.exe
          C:\Program Files\MKS\Bin\NetMonSV.exe
          C:\Program Files\MKS\Bin\mksmonsv.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\System32\wbem\wmiprvse.exe
          C:\Program Files\MKS\Bin\mks_scan.exe
          C:\Program Files\Internet Explorer\iexplore.exe
          C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
          www.onet.pl/
          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
          \FlashGet\jccatch.dll
          O2 - BHO: (no name) - {D906503D-C283-CA23-F829-C8C9D9B73DE6} -
          C:\WINDOWS\System32\jerkm.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
          C:\PROGRA~1\FlashGet\fgiebar.dll
          O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
          \printray.exe
          O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
          \NvMcTray.dll,NvTaskbarInit
          O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
          Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
          O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
          O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
          O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          O4 - HKLM\..\Run: [Shellspl] spools.exe
          O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Dawid\USTAWI~1\Temp\keep.exe
          O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FEED1986-85C9-
          476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
          O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
          O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
          O4 - HKLM\..\Run: [tbfffnvhumaywajenbqcswo] C:\WINDOWS\ltwpqrud.exe
          O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
          O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
          O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
          O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
          O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
          O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
          O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
          O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\hfnjlepm.exe
          O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
          O4 - HKCU\..\Run: [Urce] C:\WINDOWS\System32\ssct.exe
          O4 - HKCU\..\Run: [Isny] C:\WINDOWS\System32\r?ndll.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office10\OSA.EXE
          O8 - Extra context menu item: Download All by FlashGet - C:\Program
          Files\FlashGet\jc_all.htm
          O8 - Extra context menu item: Download using FlashGet - C:\Program
          Files\FlashGet\jc_link.htm
          O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
          res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
          C:\PROGRA~1\FlashGet\flashget.exe
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
          0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
          O15 - Trusted Zone: *.blazefind.com
          O15 - Trusted Zone: *.clickspring.net
          O15 - Trusted Zone: *.flingstone.com
          O15 - Trusted Zone: *.iframedollars.biz
          O15 - Trusted Zone: *.mt-download.com
          O15 - Trusted Zone: *.my-internet.info
          O15 - Trusted Zone: *.searchmiracle.com
          O15 - Trusted Zone: *.skoobidoo.com
          O15 - Trusted Zone: *.slotchbar.com
          O15 - Trusted Zone: *.windupdates.com
          O15 - Trusted Zone: *.ysbweb.com
          O15 - Trusted Zone: *.blazefind.com (HKLM)
          O15 - Trusted Zone: *.clickspring.net (HKLM)
          O15 - Trusted Zone: *.flingstone.com (HKLM)
          O15 - Trusted Zone: *.iframedollars.biz (HKLM)
          O15 - Trusted Zone: *.mt-download.com (HKLM)
          O15 - Trusted Zone: *.my-internet.info (HKLM)
          O15 - Trusted Zone: *.searchmiracle.com (HKLM)
          O15 - Trusted Zone: *.skoobidoo.com (HKLM)
          O15 - Trusted Zone: *.slotchbar.com (HKLM)
          O15 - Trusted Zone: *.windupdates.com (HKLM)
          O15 - Trusted Zone: *.ysbweb.com (HKLM)
          O15 - Trusted IP range: 213.159.117.202
          O15 - Trusted IP range: 213.159.117.202 (HKLM)
          O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
          iframedollars.biz/tb/loader2.ocx
          O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
          Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
          O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
          O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
          Files\MKS\Bin\NetMonSV.exe
          O23 - Service: Trace network connections (ACCRA) - Unknown owner -
          C:\WINDOWS\System32\mocih.exe (file missing)
          O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
          C:\WINDOWS\System32\dev32.exe (file missing)
          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
          C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
          Files\MKS\bin\MkSUpdateInt.exe
          O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
          Files\MKS\Bin\mksmonsv.exe
          O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
          O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\System32\nvsvc32.exe
          O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
          Inc. - C:\Program Files\Sygate\SPF\smc.exe

          • Gość: Kolobs Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 17:10
            Uruchom hijackthis i zaznacz te wpisy:

            O2 - BHO: (no name) - {D906503D-C283-CA23-F829-C8C9D9B73DE6} -
            C:\WINDOWS\System32\jerkm.dll
            O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
            O4 - HKLM\..\Run: [Shellspl] spools.exe
            O4 - HKLM\..\Run: [Disk Keeper] C:\DOCUME~1\Dawid\USTAWI~1\Temp\keep.exe
            O4 - HKLM\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
            O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{FEED1986-85C9-
            476A-AD45-EEB8AE84E1B9}\SVCHOST.EXE
            O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
            O4 - HKLM\..\Run: [tbfffnvhumaywajenbqcswo] C:\WINDOWS\ltwpqrud.exe
            O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe
            O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
            O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
            O4 - HKLM\..\RunServices: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
            O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
            O4 - HKCU\..\Run: [x3yy] C:\WINDOWS\System32\x3yy\hfnjlepm.exe
            O4 - HKCU\..\Run: [ntddetect] C:\WINDOWS\System32\ntddetect.exe
            O4 - HKCU\..\Run: [Urce] C:\WINDOWS\System32\ssct.exe
            O4 - HKCU\..\Run: [Isny] C:\WINDOWS\System32\r?ndll.exe

            Wszystkie O15

            O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) -
            iframedollars.biz/tb/loader2.ocx
            O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller
            Control) - www.mt-download.com/MediaTicketsInstaller.cab?refid=2732
            O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
            O23 - Service: Trace network connections (ACCRA) - Unknown owner -
            C:\WINDOWS\System32\mocih.exe (file missing)
            O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
            C:\WINDOWS\System32\dev32.exe (file missing)

            I Fix Checked, nastepnie uruchom ponownie komputer i wklej nowy log.
            • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 17:21
              Logfile of HijackThis v1.99.1
              Scan saved at 17:20:51, on 2005-03-29
              Platform: Windows XP (WinNT 5.01.2600)
              MSIE: Internet Explorer v6.00 (6.00.2600.0000)

              Running processes:
              C:\WINDOWS\System32\smss.exe
              C:\WINDOWS\system32\winlogon.exe
              C:\WINDOWS\system32\services.exe
              C:\WINDOWS\system32\lsass.exe
              C:\WINDOWS\system32\svchost.exe
              C:\WINDOWS\System32\svchost.exe
              C:\WINDOWS\system32\LEXBCES.EXE
              C:\WINDOWS\system32\spoolsv.exe
              C:\WINDOWS\system32\LEXPPS.EXE
              C:\Program Files\MKS\Bin\NetMonSV.exe
              C:\Program Files\MKS\Bin\mksmonsv.exe
              C:\WINDOWS\System32\nvsvc32.exe
              C:\WINDOWS\Explorer.EXE
              C:\WINDOWS\System32\LXSUPMON.EXE
              C:\Program Files\MKS\Bin\mks_menu.exe
              C:\Program Files\MKS\Bin\ABregmon.exe
              C:\WINDOWS\System32\ctfmon.exe
              C:\Program Files\Gadu-Gadu\gg.exe
              C:\Program Files\MKS\Bin\mks_scan.exe
              C:\Program Files\Sygate\SPF\smc.exe
              C:\Documents and Settings\Dawid\Moje dokumenty\HijackThis.exe
              C:\Program Files\Internet Explorer\iexplore.exe

              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
              www.onet.pl/
              R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
              R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
              O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1
              \FlashGet\jccatch.dll
              O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
              C:\WINDOWS\System32\msdxm.ocx
              O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} -
              C:\PROGRA~1\FlashGet\fgiebar.dll
              O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2
              \printray.exe
              O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
              O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
              \NvCpl.dll,NvStartup
              O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
              O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32
              \NvMcTray.dll,NvTaskbarInit
              O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate
              Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
              O4 - HKLM\..\Run: [MKS_MENU] C:\Program Files\MKS\Bin\mks_menu.exe
              O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\MKS\Bin\ABregmon.exe
              O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
              O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
              O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
              O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
              O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
              Office\Office10\OSA.EXE
              O8 - Extra context menu item: Download All by FlashGet - C:\Program
              Files\FlashGet\jc_all.htm
              O8 - Extra context menu item: Download using FlashGet - C:\Program
              Files\FlashGet\jc_link.htm
              O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
              res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
              O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
              C:\PROGRA~1\FlashGet\flashget.exe
              O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
              0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
              O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program
              Files\MKS\Bin\NetMonSV.exe
              O23 - Service: Trace network connections (ACCRA) - Unknown owner -
              C:\WINDOWS\System32\mocih.exe (file missing)
              O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
              C:\WINDOWS\System32\dev32.exe (file missing)
              O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
              C:\WINDOWS\system32\LEXBCES.EXE
              O23 - Service: MkSUpdateInt - MkS Sp. z o. o. - C:\Program
              Files\MKS\bin\MkSUpdateInt.exe
              O23 - Service: MkS_Vir Monitor (MksVirMonSvc) - Unknown owner - C:\Program
              Files\MKS\Bin\mksmonsv.exe
              O23 - Service: MkS_Scan - Unknown owner - C:\Program Files\MKS\Bin\mks_scan.exe
              O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
              C:\WINDOWS\System32\nvsvc32.exe
              O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies,
              Inc. - C:\Program Files\Sygate\SPF\smc.exe
              • Gość: Kolobos Re: Daosearch.com IP: *.warszawa.sdi.tpnet.pl 29.03.05, 17:35
                Log jest juz czysty, zostaly tylko te dwa wpisy:
                O23 - Service: Trace network connections (ACCRA) - Unknown owner -
                C:\WINDOWS\System32\mocih.exe (file missing)
                O23 - Service: Provides three management service (FreeBSD) - Unknown owner -
                C:\WINDOWS\System32\dev32.exe (file missing)

                Ale to i tak juz nie aktywne wpisy, wiec moga zostac.
                • Gość: Daw Re: Daosearch.com IP: *.ssnet.pl 29.03.05, 18:08
                  Dzięki wielki. Narazie wszystko gra. :)
          • neder Re: Daosearch.com 29.03.05, 17:37
            brak firewalla + niezaktualizowany system
            • neder Re: Daosearch.com 29.03.05, 17:38
              sorki - zostaje tylko brak aktualizacji systemu- źle dziś widzę:)
    Inne wątki na temat:

    Najnowsze z forum Wirusy, trojany, spyware

    Nie masz jeszcze konta? Zarejestruj się

    Nakarm Pajacyka
    Osoby zamieszczające wypowiedzi naruszające prawo lub prawem chronione dobra osób trzecich mogą ponieść z tego tytułu odpowiedzialność karną lub cywilną. Regulamin