Dodaj do ulubionych

Jak się pozbyć tego robala-> Win32:Opasoft-A-ASP

IP: *.neoplus.adsl.tpnet.pl 07.07.05, 18:37
Od paru dni antywirus znajduje mi tego robala ->Win32:Opasoft-A-ASP za każdym
razem go usuwa, ale on za parę minut znowu się pojawia i co chwilę wyskakuje
mi okienko żeby go usunąć (mam avasta). Jak skanuję dysk to mam spokój do
ponownego uruchomienia kompa, później znowu. Potrzebuję jakieś lekarstwo bo
nie mogę tak pracować. Mam lekarstwo kaspersky ale nie pomaga, próbowałem
skanerem mks i też nic!!!
Obserwuj wątek
    • Gość: Pinex Re: Jak się pozbyć tego robala-> Win32:Opasof IP: *.neoplus.adsl.tpnet.pl 07.07.05, 19:41
      Logfile of HijackThis v1.99.1
      Scan saved at 19:38:23, on 2005-07-07
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\WINDOWS\System32\wuamkop32.exe
      C:\Program Files\AutoConnect\AutoConnect.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\WINDOWS\system32\crypserv.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      D:\Programy\RevConnect\DCPlusPlus.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\WINDOWS\System32\wuauclt.exe
      C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
      \Pulpit\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      www.google.pl/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
      C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
      F2 - REG:system.ini: Shell=explorer.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
      C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1
      \FLASHGET\jccatch.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
      C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
      \NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
      O4 - HKLM\..\Run: [Network Access] winssh.exe
      O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
      O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
      O4 - HKLM\..\Run: [mouse] mouse.exe
      O4 - HKLM\..\RunServices: [Network Access] winssh.exe
      O4 - HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
      O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
      O4 - HKLM\..\RunServices: [mouse] mouse.exe
      O4 - HKCU\..\Run: [snapple] snapple.exe
      O4 - HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
      O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
      \dslmon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
      Office\Office\OSA9.EXE
      O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
      Files\Microsoft Office\Office\1045\OLFSNT40.EXE
      O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program
      Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
      D:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      C:\WINDOWS\web\related.htm
      O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      00aa003c157a} - C:\WINDOWS\web\related.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
      D:\PROGRA~1\FLASHGET\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
      0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
      O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
      O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
      static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c5.cab
      O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
      O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
      O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
      skaner.mks.com.pl/SkanerOnline.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
      NameServer = 194.204.152.34 217.98.63.164
      O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
      NameServer = 194.204.152.34 217.98.63.164
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
      Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32
      \crypserv.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
      C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
      C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: snapple - Unknown owner - C:\WINDOWS\System32\snapple.exe" -
      netsvcs (file missing)

      • Gość: Kolobos Re: Jak się pozbyć tego robala-> Win32:Opasof IP: *.warszawa.sdi.tpnet.pl 07.07.05, 20:32
        eh. slyszales kiedys o aktualizacjach systemu? pewnie nie skoro masz piracki
        windows...

        Zamknij porty tym:
        www.firewallleaktester.com/tools/wwdc.exe
        Skan i usuwanie wszystkieg:
        download.microsoft.com/download/8/1/5/815d2d60-49b5-44dc-ae35-fca2f2c6f0cc/MicrosoftAntiSpywareInstall.exe
        securityresponse.symantec.com/avcenter/FxIstbar.exe
        W hijackthis to:

        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} -
        C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL (file missing)
        O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\
        O4 - HKLM\..\Run: [Network Access] winssh.exe
        O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
        O4 - HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
        O4 - HKLM\..\Run: [Microsoft Update] wuamkop32.exe
        O4 - HKLM\..\Run: [mouse] mouse.exe
        O4 - HKLM\..\RunServices: [Network Access] winssh.exe
        O4 - HKLM\..\RunServices: [Microsoft uptime Service] sysuptime.exe
        O4 - HKLM\..\RunServices: [Microsoft Update] wuamkop32.exe
        O4 - HKLM\..\RunServices: [mouse] mouse.exe
        O4 - HKCU\..\Run: [snapple] snapple.exe
        O4 - HKCU\..\Run: [Microsoft uptime Service] sysuptime.exe
        O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -
        static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c5.cab
        O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
        O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
        O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
        O23 - Service: snapple - Unknown owner - C:\WINDOWS\System32\snapple.exe" -
        netsvcs (file missing)

        I wszystkie te pliki kasujesz z dysku killbox'em:
        www.downloads.subratam.org/KillBox.zip
        z zaznaczona opcja delete on reboot.

        Jak wszystko zrobisz to wklej nowy log.
        • Gość: Pinex Re: Jak się pozbyć tego robala-> Win32:Opasof IP: *.neoplus.adsl.tpnet.pl 07.07.05, 23:07
          Logfile of HijackThis v1.99.1
          Scan saved at 23:02:31, on 2005-07-07
          Platform: Windows XP (WinNT 5.01.2600)
          MSIE: Internet Explorer v6.00 (6.00.2600.0000)

          Running processes:
          C:\WINDOWS\System32\smss.exe
          C:\WINDOWS\system32\winlogon.exe
          C:\WINDOWS\system32\services.exe
          C:\WINDOWS\system32\lsass.exe
          C:\WINDOWS\system32\svchost.exe
          C:\WINDOWS\System32\svchost.exe
          C:\WINDOWS\explorer.exe
          C:\WINDOWS\system32\LEXBCES.EXE
          C:\WINDOWS\system32\spoolsv.exe
          C:\WINDOWS\system32\LEXPPS.EXE
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          C:\Program Files\Alwil Software\Avast4\ashServ.exe
          C:\WINDOWS\system32\crypserv.exe
          C:\WINDOWS\System32\nvsvc32.exe
          C:\WINDOWS\SOUNDMAN.EXE
          C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
          C:\Program Files\AutoConnect\AutoConnect.exe
          C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
          C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
          C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
          C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
          C:\Documents and Settings\Wątroba.W-HB0802LYSBEX5
          \Pulpit\hijackthis\HijackThis.exe

          R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
          F2 - REG:system.ini: Shell=explorer.exe
          O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
          C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
          O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1
          \FLASHGET\jccatch.dll
          O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
          C:\WINDOWS\System32\msdxm.ocx
          O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
          O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32
          \NvCpl.dll,NvStartup
          O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
          O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
          O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
          O4 - HKLM\..\Run: [Microsoft uptime Service] sysuptime.exe
          O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
          AntiSpyware\gcasServ.exe"
          O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
          O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
          \dslmon.exe
          O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
          Office\Office\OSA9.EXE
          O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program
          Files\Microsoft Office\Office\1045\OLFSNT40.EXE
          O8 - Extra context menu item: Ściągnij przy pomocy FlashGet'a - D:\Program
          Files\FlashGet\jc_link.htm
          O8 - Extra context menu item: Ściągnij wszystko przy pomocy FlashGet'a -
          D:\Program Files\FlashGet\jc_all.htm
          O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
          C:\WINDOWS\web\related.htm
          O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
          00aa003c157a} - C:\WINDOWS\web\related.htm
          O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
          D:\PROGRA~1\FLASHGET\flashget.exe
          O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-
          0050BA6940E3} - D:\PROGRA~1\FLASHGET\flashget.exe
          O12 - Plugin for .qt: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
          O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
          skaner.mks.com.pl/SkanerOnline.cab
          O17 - HKLM\System\CCS\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
          NameServer = 194.204.152.34 217.98.63.164
          O17 - HKLM\System\CS1\Services\Tcpip\..\{4F2F2C88-BDB9-46E5-A658-6E2722072C64}:
          NameServer = 194.204.152.34 217.98.63.164
          O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
          C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
          O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashServ.exe
          O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashMaiSv.exe" /service (file missing)
          O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil
          Software\Avast4\ashWebSv.exe" /service (file missing)
          O23 - Service: Crypkey License - Unknown owner - C:\WINDOWS\SYSTEM32
          \crypserv.exe
          O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
          C:\WINDOWS\system32\LEXBCES.EXE
          O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -
          C:\WINDOWS\System32\nvsvc32.exe




          dzięki za pomoc. myślę żę się troszkę przeczyściło?

Popularne wątki

Nie pamiętasz hasła

lub ?

 

Nie masz jeszcze konta? Zarejestruj się

Nakarm Pajacyka