Cynthiagoossens
Gebruiker
- Lid geworden
- 9 dec 2004
- Berichten
- 5
hallo,
ik heb er spyware opzitten die ik niet verwijderd krijg.
ik heb het geprobeert met:
adaware SE
spybot
online virusscan
norton virusscan 2004
bitdefender
stinger
het gaat om : istsvc
bij bitdefender gaf ie aan dat er ook een worm zit,maar ik denk dat het het zelfde is.
log file bitdefender:
//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 09/12/2004 10:17:35
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
D:\
E:\
F:\
G:\
Folders : 2327
Files : 332172
Archives : 819
Packed files : 49679
Identified viruses : 2
Infected files : 6
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 4
Renamed files : 0
I/O errors : 27
Scan time : 00:33:20
Scan speed (files/sec) : 166
Virus definitions : 95933
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\Program Files\ISTsvc\istsvc.exe Infected Trojan.Downloader.IstBar.GM
C:\Program Files\ISTsvc\istsvc.exe Disinfection failed
C:\Program Files\ISTsvc\istsvc.exe Move failed
C:\Program Files\ISTsvc\istsvc.exe=>(Upx) Infected Trojan.Downloader.IstBar.GM
C:\Program Files\ISTsvc\istsvc.exe=>(Upx) Disinfection failed
C:\Program Files\ISTsvc\istsvc.exe Move failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Moved
Scanned files
dus ik ben gaan zoeken naar het bestand op internet en kwam uit op deze site, ik heb hijackthis gedownload en gescand
log file:
Logfile of HijackThis v1.98.2
Scan saved at 13:46:17, on 9-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\axkqqg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [mvwbqf] C:\WINDOWS\mvwbqf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [vxdfymfIS] C:\WINDOWS\axkqqg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab
zou u me kunnen helpen het virus/spyware te kunnen verwijderen.
ik heb gister spywareblaster gedownload en hoop dat de spyware daardoor al minder word.
alvast bedankt!
m.v.g.
Cynthia
ik heb er spyware opzitten die ik niet verwijderd krijg.
ik heb het geprobeert met:
adaware SE
spybot
online virusscan
norton virusscan 2004
bitdefender
stinger
het gaat om : istsvc
bij bitdefender gaf ie aan dat er ook een worm zit,maar ik denk dat het het zelfde is.
log file bitdefender:
//-----------------------------------------------------------------
//
// BitDefender report file
//
// Created on: 09/12/2004 10:17:35
//
//-----------------------------------------------------------------
Statistics
Scan path : C:\
D:\
E:\
F:\
G:\
Folders : 2327
Files : 332172
Archives : 819
Packed files : 49679
Identified viruses : 2
Infected files : 6
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 4
Renamed files : 0
I/O errors : 27
Scan time : 00:33:20
Scan speed (files/sec) : 166
Virus definitions : 95933
Scan plugins : 13
Archive plugins : 38
Unpack plugins : 4
Mail plugins : 6
System plugins : 1
Scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report
Summary:
C:\Program Files\ISTsvc\istsvc.exe Infected Trojan.Downloader.IstBar.GM
C:\Program Files\ISTsvc\istsvc.exe Disinfection failed
C:\Program Files\ISTsvc\istsvc.exe Move failed
C:\Program Files\ISTsvc\istsvc.exe=>(Upx) Infected Trojan.Downloader.IstBar.GM
C:\Program Files\ISTsvc\istsvc.exe=>(Upx) Disinfection failed
C:\Program Files\ISTsvc\istsvc.exe Move failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc15.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc17.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc2.exe Moved
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Infected Trojan.Downloader.IstBar.GN
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Disinfection failed
C:\RECYCLER\S-1-5-21-776561741-606747145-725345543-1003\Dc31.exe Moved
Scanned files
dus ik ben gaan zoeken naar het bestand op internet en kwam uit op deze site, ik heb hijackthis gedownload en gescand
log file:
Logfile of HijackThis v1.98.2
Scan saved at 13:46:17, on 9-12-2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Messenger Plus! 3\MsgPlus.exe
D:\Program Files\Winamp\winampa.exe
C:\Program Files\Parallel Tasking\ptask.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\axkqqg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softwin\BitDefender Free Edition\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\hijack this\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WinampAgent] d:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [mvwbqf] C:\WINDOWS\mvwbqf.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [vxdfymfIS] C:\WINDOWS\axkqqg.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender Free Edition\bdnagent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "d:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://host.cycore.net/plugins/windows/ie/Cult3D_IE_5.3.0.228.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4412/mcfscan.cab
zou u me kunnen helpen het virus/spyware te kunnen verwijderen.
ik heb gister spywareblaster gedownload en hoop dat de spyware daardoor al minder word.
alvast bedankt!
m.v.g.
Cynthia
