merci voor de feedback allebei.
nu ik krijg het virus er dus niet af...
dus ik denk aan een format.
is het wijs om mijn belangrijke files(muziek,school en foto's etc..) over te zetten naar een externe en dan te formatten?
of te risky?
het is duidelijk dat het virus vooral in mijn System32 map is.
ik was vrij overtuigt dat het ruststock b was... ma de fix ervoor werkt niet.
(het is trouwens het befaamde Stop: 0x0000008e probleem)
edit: even Anti vir report bij gedaan.
Avira AntiVir Personal
Report file date: vrijdag 28 november 2008 22:46
Scanning for 1038808 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: macin
Computer name: MACIN2
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/18/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:30:36
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 16:57:13
ANTIVIR2.VDF : 7.1.0.89 221184 Bytes 11/16/2008 16:16:47
ANTIVIR3.VDF : 7.1.0.97 45056 Bytes 11/17/2008 16:38:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/14/2008 10:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 11/11/2008 14:00:07
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/7/2008 15:06:41
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/7/2008 15:06:41
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/7/2008 15:06:41
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/7/2008 15:06:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 10:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 11/7/2008 15:06:41
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vrijdag 28 november 2008 22:46
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'NinjaVideo Helper.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'CTDetect.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '58' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8RSTCDWX\mss32[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a36782.qua'!
C:\Documents and Settings\macin\Local Settings\Temp\TDSS79ef.tmp
[DETECTION] Is the TR/Patched.CL Trojan
[NOTE] The file was moved to '49836844.qua'!
C:\Documents and Settings\macin\My Documents\SFTPMSI.exe.part
[0] Archive type: NSIS
--> ProgramFilesDir/setup.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\macin\My Documents\My Games\sysshock2.zip
[0] Archive type: ZIP
--> Sshock2.exe
[1] Archive type: ACE SFX (self extracting)
--> 00000409.016
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\SoftwareDistribution\Download\0a120212db9f8797932f46def01672fc\BIT16.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0002._p
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\ahbokwk.dll
[DETECTION] Is the TR/Fakealert.abz.6 Trojan
[NOTE] The file was moved to '49928577.qua'!
C:\WINDOWS\system32\svchost.exe:ext.exe
[DETECTION] Is the TR/Agent.wyi.1 Trojan
[NOTE] The file was moved to '499385d7.qua'!
C:\WINDOWS\system32\TDSShrxx.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was moved to '498385a8.qua'!
C:\WINDOWS\system32\TDSSoiqt.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.JW back-door program
[NOTE] The file was moved to '48f851e9.qua'!
C:\WINDOWS\system32\TDSSvkql.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was moved to '498385aa.qua'!
C:\WINDOWS\system32\drivers\ati4msxx.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\TDSSpqlt.sys
[DETECTION] Contains recognition pattern of the RKIT/TDss.G.22 root kit
[NOTE] The file was moved to '4983864a.qua'!
C:\WINDOWS\Temp\BN2.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4962866d.qua'!
C:\WINDOWS\Temp\BN3.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4963866d.qua'!
C:\WINDOWS\Temp\BN38.tmp
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4818522e.qua'!
C:\WINDOWS\Temp\BN39.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4963866e.qua'!
C:\WINDOWS\Temp\BN4.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4964866e.qua'!
C:\WINDOWS\Temp\BN5.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4965866e.qua'!
C:\WINDOWS\Temp\BN6.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4966866f.qua'!
C:\WINDOWS\Temp\BN7.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4967866f.qua'!
C:\WINDOWS\Temp\BN8.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '4968866f.qua'!
C:\WINDOWS\Temp\BN9.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '49698670.qua'!
C:\WINDOWS\Temp\BNA.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '49718670.qua'!
C:\WINDOWS\Temp\BNB.tmp
[DETECTION] Is the TR/Proxy.GHY Trojan
[NOTE] The file was moved to '49728671.qua'!
Begin scan in 'D:\' <RECOVERY>
End of the scan: zaterdag 29 november 2008 01:03
Used time: 2:17:09 Hour(s)
The scan has been done completely.
11300 Scanning directories
490515 Files were scanned
20 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
20 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
490492 Files not concerned
2581 Archives were scanned
6 Warnings
20 Notes