Mededeling

Collapse
No announcement yet.

Internetopties

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Internetopties

    Beste Nucia, Ongeveer een week geleden is mijn computer geinfecteerd geraakt. Het resultaat is dat ik geen toegang meer heb tot de internetopties en netwerkopties bij eht configuratiescherm. Hij geeft dan het bericht: De bewerking is geannuleerd vanwege op uw systeem geldende beperkingen.Neem contact met de systeembeheerder op. Ik ben de systeembeheerder en weet niet wat ik er aan kan doen. Zouden jullie mij kunnen helpen,

    Aendem

  • #2
    Ik zie geen Hijackthis logje?

    Download Malwarebytes' Anti-Malware via hier of hier.

    Dubbelklik mbam-setup.exe om het programma te installeren.
    • Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Launch Malwarebytes' Anti-Malware, Klik daarna op "finish".
    • Indien een update gevonden werd, zal het die downloaden en de laatste versie installeren.
    • Wanneer het programma volledig up to date is, selecteer "Perform Quick Scan", daarna klik Scan.
    • Het scannen kan een tijdje duren, dus wees geduldig.
    • Wanneer de scan voltooid is, klik OK, daarna "Show Results" om de resultaten te zien.
    • Zorg ervoor dat daar alles aangevinkt is, daarna klik: Remove Selected.
    • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie extra nota onderaan)
    • De log wordt automatisch bewaard door MBAM die je kan zien door de "Logs" tab te klikken in MBAM.
    • Kopieer en plak de resultaten van de log in je volgend antwoord, samen met een nieuw HijackThislog.

    Extra opmerking:
    Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de Computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

    Comment


    • #3
      oh sorry vergeten

      bij deze:

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:21:04, on 19-5-2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Dit.exe
      C:\WINDOWS\zHotkey.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\Internet Security Pack\Common\FSM32.EXE
      C:\Program Files\Spyware Doctor\SDTrayApp.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\PackethSvc.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Internet Security Pack\Anti-Virus\fsgk32st.exe
      C:\Program Files\Internet Security Pack\Anti-Virus\FSGK32.EXE
      C:\Program Files\Internet Security Pack\Common\FSMA32.EXE
      C:\Program Files\Internet Security Pack\Common\FSMB32.EXE
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Internet Security Pack\Common\FCH32.EXE
      C:\Program Files\Spyware Doctor\svcntaux.exe
      C:\Program Files\Internet Security Pack\Common\FAMEH32.EXE
      C:\Program Files\Internet Security Pack\Anti-Virus\fsqh.exe
      C:\Program Files\Internet Security Pack\FSGUI\fsguidll.exe
      C:\Program Files\Spyware Doctor\swdsvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Windows Media Player\WMPNetwk.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Internet Security Pack\FSAUA\program\fsaua.exe
      C:\Program Files\Internet Security Pack\Anti-Virus\fssm32.exe
      C:\Program Files\Internet Security Pack\FWES\Program\fsdfwd.exe
      C:\Program Files\Internet Security Pack\FSAUA\program\fsus.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Security Pack\Anti-Virus\fsav32.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.acdaendemunnik.nl/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Dit] Dit.exe
      O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Iso slow.exe
      O4 - HKLM\..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe SILENT
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internet Security Pack\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [SDTray] C:\Program Files\Spyware Doctor\SDTrayApp.exe
      O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [Registry Helper] "C:\Program Files\Registry Helper\RegistryHelper.Exe" /boot
      O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
      O14 - IERESET.INF: START_PAGE_URL=http://www.msn.nl/
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0846d3b71faefaf41a15/netzip/RdxIE601.cab
      O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://www.home.nl/f-secure/ols/fscax.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install3.5/installer.exe
      O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
      O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Internet Security Pack\Anti-Virus\fsgk32st.exe
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Internet Security Pack\FSAUA\program\fsaua.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internet Security Pack\FWES\Program\fsdfwd.exe
      O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internet Security Pack\Common\FSMA32.EXE
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
      O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
      O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

      --
      End of file - 11821 bytes






      en de malwarelog (de bestanden zijn verwijdert, nog steeds heb ik geen toegang):

      Malwarebytes' Anti-Malware 1.12
      Database versie: 765

      Scan type: Snelle Scan
      Objecten gescand: 39730
      Verstreken tijd: 8 minute(s), 7 second(s)

      Geheugenprocessen geïnfecteerd: 0
      Geheugenmodulen geïnfecteerd: 0
      Registersleutels geïnfecteerd: 4
      Registerwaarden geïnfecteerd: 2
      Registerdata bestanden geïnfecteerd: 0
      Mappen geïnfecteerd: 0
      Bestanden geïnfecteerd: 0

      Geheugenprocessen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Geheugenmodulen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Registersleutels geïnfecteerd:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37b85a2b-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Online Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

      Registerwaarden geïnfecteerd:
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{37b85a29-692b-4205-9cad-2626e4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\Zango 10.0.314.0 (Adware.Zango) -> Quarantined and deleted successfully.

      Registerdata bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Mappen geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Bestanden geïnfecteerd:
      (Geen kwaadaardige items gevonden)

      Comment


      • #4
        Start Hijackthis en vink alleen de volgende regels aan:
        O4 - HKLM\..\Run: [bone thunk axis copy] C:\Documents and Settings\All Users\Application Data\pure coal bone thunk\Iso slow.exe
        O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0846d3b7...p/RdxIE601.cab

        Sluit alle openstaande vensters(behalve Hijackthis) en klik op de knop "Fix checked".

        Download: RVAXO.exe
        • Sla het bestand op je bureaublad op, dubbelklik het en kies voor "Unzip" om het uit te pakken.
        • Start de computer in veilige modus.
        • Open nu de map RVAXO op je bureaublad en dubbeklik RunMe.cmd
          Er zal een cmd-schermpje openen, daarin zullen snel enkele regels over niet gevonden bestanden voorbijkomen, dit is normaal.
        • Mogelijk start er ook een uninstaller van een rogue scanner op, sluit deze niet af maar volg eventuele aanwijzingen en laat deze gewoon zijn werk doen.
        • Daarna zal je PC herstarten, laat hem nu weer in normale modus starten. Na de herstart opent het cmd-venster van RVAXO opnieuw.
          Laat deze lopen en wacht tot er een logfile opent: C:\RVAXO-results.log
        • Herstart je computer niet vanzelf, of start de tool niet na de reboot, doe dit dan handmatig.
        • Post de inhoud van de logfile in je volgende bericht.
        Post ook de inhoud van het 2e logje: C:\RVAXO-Vfind.log

        Comment


        • #5
          Ik heb de bestanden die ik moest aanvinken "gefixt" (hij doet het nog steeds niet)


          hier is/zijn het/de RVAXO-results:

          ---RVAXO.exe Updated: 2008-05-19---first run---
          Uninstallers:

          Files found:

          Folders Found:

          Hosts-file was reset, If you use a custom hosts file please replace it...

          --------------RVAXO.exe last run---------------
          Not deleted items:

          --------------RVAXO.exe finished----------------


          en hey 2e logje: C:\RVAXO-Vfind.log
          ======C:\WINDOWS====
          ----a-w 0 2008-05-19 13:10:07 C:\WINDOWS\0.log
          --s-a-w 2,048 2008-05-19 13:20:02 C:\WINDOWS\bootstat.dat
          ----a-w 304,988 2008-05-14 07:40:46 C:\WINDOWS\comsetup.log
          ----a-w 2,204 2008-05-02 15:13:20 C:\WINDOWS\DAASINST.LOG
          ----a-w 129,375 2008-04-25 11:21:26 C:\WINDOWS\DirectX.log
          ----a-w 907,210 2008-05-14 07:40:46 C:\WINDOWS\FaxSetup.log
          ----a-w 8,770 2008-05-02 15:14:05 C:\WINDOWS\FSASWINS.LOG
          ----a-w 79,463 2008-05-02 15:13:45 C:\WINDOWS\fsauains.LOG
          ----a-w 10,023 2008-05-02 15:14:07 C:\WINDOWS\FSAVCSIN.LOG
          ----a-w 99,019 2008-05-02 15:13:44 C:\WINDOWS\FSAVINST.LOG
          ----a-w 3,566 2008-05-02 15:14:07 C:\WINDOWS\fsavunin.log
          ----a-w 629 2008-05-02 15:14:06 C:\WINDOWS\fsav_db_setup.log
          ----a-w 364,396 2008-05-02 15:12:08 C:\WINDOWS\FSDEPH.log
          ----a-w 2,052 2008-05-02 15:14:02 C:\WINDOWS\fsdginst.log
          ----a-w 3,557 2008-05-02 15:14:07 C:\WINDOWS\FSGemini.LOG
          ----a-w 4,187 2008-05-02 15:14:07 C:\WINDOWS\FSGKIAIN.log
          ----a-w 17,864 2008-05-02 15:14:05 C:\WINDOWS\FSGUIINS.LOG
          ----a-w 48,015 2008-05-02 15:33:18 C:\WINDOWS\fshfcntl.log
          ----a-w 10,500 2008-05-02 15:14:07 C:\WINDOWS\FSHIPS.LOG
          ----a-w 197 2008-05-02 15:09:55 C:\WINDOWS\fsihcomptest.log
          ----a-w 601,175 2008-05-02 15:14:18 C:\WINDOWS\fsinstaller.log
          ----a-w 9,735,267 2008-05-02 15:14:08 C:\WINDOWS\FSISU.log
          ----a-w 0 2008-05-02 15:24:19 C:\WINDOWS\fsiugeneric.log
          ----a-w 13,960 2008-05-02 15:26:35 C:\WINDOWS\fsiuupd.log
          ----a-w 4,617 2008-05-02 15:14:07 C:\WINDOWS\FSLDIN.LOG
          ----a-w 19,222 2008-05-02 15:14:07 C:\WINDOWS\fsmainst.log
          ----a-w 205,792 2008-05-02 15:14:07 C:\WINDOWS\FSPROD.log
          ----a-w 2,536 2008-05-02 15:11:49 C:\WINDOWS\FSPRODRM.LOG
          ----a-w 6,167 2008-05-02 15:14:07 C:\WINDOWS\FSPSINST.LOG
          ----a-w 1,020 2008-05-02 15:14:07 C:\WINDOWS\FSSCINST.log
          ----a-w 1,330,436 2008-05-02 15:14:07 C:\WINDOWS\FSSETUP.log
          ----a-w 3,116,805 2008-05-02 15:14:08 C:\WINDOWS\FSSFM.log
          ----a-w 1,791,524 2008-05-02 15:11:49 C:\WINDOWS\fssgpex.LOG
          ----a-w 305 2008-05-02 15:14:07 C:\WINDOWS\FSSSINST.log
          ----a-w 13,477 2008-05-19 13:09:53 C:\WINDOWS\FSSTM.LOG
          ----a-w 5,980 2008-05-02 15:14:07 C:\WINDOWS\FSSYSUPD.LOG
          ----a-w 51,315 2008-05-02 15:14:02 C:\WINDOWS\fstnbins.LOG
          ----a-w 821 2008-05-02 15:09:57 C:\WINDOWS\fswil.log

          Comment


          • #6
            Download Combofix eens en maak daar een logje mee, post dat in je volgende bericht.

            Comment


            • #7
              Hier is de log:

              ComboFix 08-05-15.3 - Oude Munnink 2008-05-19 21:33:57.2 - NTFSx86
              Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1043.18.126 [GMT 2:00]
              Gestart vanuit: C:\Documents and Settings\Oude Munnink\Bureaublad\ComboFix.exe
              * Resident AV is active


              WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
              .

              (((((((((((((((((((( Bestanden Gemaakt van 2008-04-19 to 2008-05-19 ))))))))))))))))))))))))))))))
              .

              2008-05-19 15:28 . 2007-07-04 20:32 16,384 --a------ C:\WINDOWS\system32\Restart.exe
              2008-05-19 15:20 . 2008-05-19 15:33 <DIR> d-------- C:\RVAXO
              2008-05-19 15:16 . 2008-05-19 14:40 823,696 --a------ C:\WINDOWS\system32\RVAXO.bat
              2008-05-19 15:16 . 2001-10-01 14:51 69,632 --a------ C:\WINDOWS\system32\remove.exe
              2008-05-19 15:14 . 2004-06-24 16:36 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
              2008-05-19 15:14 . 2004-11-08 12:42 <DIR> d--h----- C:\Documents and Settings\Administrator\Sjablonen
              2008-05-19 15:14 . 2004-11-08 19:00 <DIR> dr-h----- C:\Documents and Settings\Administrator\Onlangs geopend
              2008-05-19 15:14 . 2004-06-24 15:53 <DIR> d--h----- C:\Documents and Settings\Administrator\Netwerkprinteromgeving
              2008-05-19 15:14 . 2004-11-08 18:13 <DIR> dr------- C:\Documents and Settings\Administrator\Mijn documenten
              2008-05-19 15:14 . 2004-06-24 15:53 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Start
              2008-05-19 15:14 . 2004-11-08 17:22 <DIR> dr------- C:\Documents and Settings\Administrator\Favorieten
              2008-05-19 15:14 . 2004-11-08 18:44 <DIR> d-------- C:\Documents and Settings\Administrator\Bureaublad
              2008-05-19 15:14 . 2004-09-29 17:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
              2008-05-19 15:14 . 2004-08-17 18:38 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
              2008-05-19 15:14 . 2004-06-24 17:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
              2008-05-19 15:14 . 2008-05-19 15:14 <DIR> d-------- C:\Documents and Settings\Administrator
              2008-05-19 15:14 . 2008-05-19 21:33 1,024 --ah----- C:\Documents and Settings\Administrator\ntuser.dat.LOG
              2008-05-19 14:18 . 2008-05-19 14:18 <DIR> d-------- C:\Program Files\Trend Micro
              2008-05-19 13:44 . 2008-05-19 13:44 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
              2008-05-19 13:44 . 2008-05-19 13:44 <DIR> d-------- C:\Documents and Settings\Oude Munnink\Application Data\Malwarebytes
              2008-05-19 13:44 . 2008-05-19 13:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
              2008-05-19 13:44 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
              2008-05-19 13:44 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
              2008-05-14 19:54 . 2008-05-14 19:54 <DIR> d-------- C:\Documents and Settings\NetworkService\Mijn documenten
              2008-05-02 17:17 . 2008-05-02 17:17 <DIR> d-------- C:\Documents and Settings\Oude Munnink\Application Data\F-Secure
              2008-05-02 17:13 . 2008-05-02 17:24 51,072 --a------ C:\WINDOWS\system32\drivers\fsdfw.sys
              2008-05-02 17:13 . 2008-05-02 17:24 30,016 --a------ C:\WINDOWS\system32\drivers\fsndis5.sys
              2008-05-02 17:12 . 2008-05-16 11:05 <DIR> d-------- C:\Program Files\Internet Security Pack
              2008-05-02 17:12 . 2008-05-02 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
              2008-05-02 17:10 . 2008-05-02 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
              2008-05-02 14:28 . 2008-05-02 14:28 <DIR> d-------- C:\fsaua.data
              2008-05-01 19:11 . 2008-05-19 21:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
              2008-05-01 19:11 . 2008-05-01 19:11 1,409 --a------ C:\WINDOWS\QTFont.for
              2008-04-25 13:04 . 2008-04-25 13:19 <DIR> d-------- C:\Program Files\Commandos II
              2008-04-24 13:25 . 2008-04-24 13:25 <DIR> d-------- C:\ShoppingReport
              2008-04-24 13:25 . 2008-04-24 13:25 <DIR> d-------- C:\Documents and Settings\Oude Munnink\report
              2008-04-24 13:25 . 2008-04-24 13:25 <DIR> d-------- C:\Documents and Settings\cs

              .
              ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              2008-05-19 19:24 --------- d-----w C:\Program Files\Steam
              2008-05-19 14:38 --------- d-----w C:\Program Files\Spyware Doctor
              2008-05-19 13:33 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS
              2008-05-15 14:05 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\Hamachi
              2008-05-09 21:03 --------- d-----w C:\Program Files\LimeWire
              2008-05-09 07:40 --------- d-----w C:\Program Files\CompuServe 6.0
              2008-05-02 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\clp
              2008-04-27 09:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
              2008-04-20 11:43 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\LimeWire
              2008-04-16 09:21 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\Roxio
              2008-04-16 09:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
              2008-04-16 09:14 --------- d-----w C:\Program Files\Common Files\Sonic Shared
              2008-04-16 09:14 --------- d-----w C:\Program Files\Common Files\Roxio Shared
              2008-04-16 09:13 --------- d-----w C:\Program Files\Roxio
              2008-04-15 21:32 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
              2008-04-15 21:24 --------- d-----w C:\Program Files\Common Files\PC Tools
              2008-04-15 21:23 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\PC Tools
              2008-04-15 21:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
              2008-04-15 20:23 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\Backup MyPC Deluxe
              2008-04-15 20:21 --------- d-----w C:\Program Files\Common Files\InstallShield
              2008-04-15 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
              2008-04-05 10:00 --------- d-----w C:\Documents and Settings\Oude Munnink\Application Data\Apple Computer
              2008-04-05 09:51 --------- d-----w C:\Program Files\QuickTime
              2008-04-03 10:32 --------- d-----w C:\Program Files\Google
              2008-03-29 11:29 --------- d-----w C:\Program Files\Rockstar Games
              2008-03-29 11:27 --------- d-----w C:\Program Files\Electronic Arts
              2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
              2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
              2008-03-20 14:50 --------- d-----w C:\Program Files\Hamachi
              2008-03-20 14:49 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
              2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
              2008-03-14 13:36 10,348 ----a-w C:\Documents and Settings\Oude Munnink\Application Data\wklnhst.dat
              2008-03-01 13:05 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
              2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
              2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
              .

              ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
              .
              .
              REGEDIT4
              *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

              [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "Steam"="c:\program files\steam\steam.exe" [2008-03-28 11:43 1271032]
              "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:03 15360]
              "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]
              "Registry Helper"="C:\Program Files\Registry Helper\RegistryHelper.exe" [ ]
              "OM2_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-02-08 21:43 95800]
              "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 23:53 204288]

              [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
              "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
              "Dit"="Dit.exe" [2004-04-02 13:31 86016 C:\WINDOWS\Dit.exe]
              "CHotkey"="zHotkey.exe" [2004-05-17 19:30 543232 C:\WINDOWS\zHotkey.exe]
              "Cmaudio"="cmicnfg.cpl"
              "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-07-12 17:50 4112384]
              "nwiz"="nwiz.exe" [2004-07-12 17:50 843776 C:\WINDOWS\system32\nwiz.exe]
              "AGRSMMSG"="AGRSMMSG.exe" [2004-10-08 11:50 88363 C:\WINDOWS\AGRSMMSG.exe]
              "Blubster"="C:\Program Files\Blubster\Blubster.exe" [ ]
              "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
              "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
              "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
              "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
              "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 13:55 226224]
              "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-11-16 13:55 86960]
              "F-Secure Manager"="C:\Program Files\Internet Security Pack\Common\FSM32.exe" [2008-01-22 20:55 182936]
              "F-Secure TNB"="C:\Program Files\Internet Security Pack\FSGUI\TNBUtil.exe" [2008-01-22 20:54 739936]

              [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
              "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:03 15360]

              [HKEY_LOCAL_MACHINE\software\microsoft\security center]
              "AntiVirusOverride"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
              "DisableMonitoring"=dword:00000001

              [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
              "DisableMonitoring"=dword:00000001

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
              "EnableFirewall"= 0 (0x0)

              [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
              "C:\\WINDOWS\\system32\\sessmgr.exe"=
              "C:\\Program Files\\Messenger\\msmsgs.exe"=
              "C:\\WINDOWS\\system32\\fxsclnt.exe"=
              "C:\\Program Files\\CompuServe 6.0\\cs.exe"=
              "C:\\Program Files\\Steam\\SteamApps\\therom12\\counter-strike source\\hl2.exe"=
              "C:\\Program Files\\Steam\\SteamApps\\therom12\\half-life 2 deathmatch\\hl2.exe"=
              "C:\\Program Files\\Steam\\SteamApps\\therom12\\day of defeat source\\hl2.exe"=
              "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
              "C:\\WINDOWS\\system32\\dplaysvr.exe"=
              "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
              "C:\\Program Files\\LimeWire\\LimeWire.exe"=
              "C:\\Program Files\\Steam\\steam.exe"=
              "C:\\Program Files\\HLSW\\hlsw.exe"=
              "C:\\Program Files\\iTunes\\iTunes.exe"=
              "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
              "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
              "C:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.4\\cnc3game.dat"=

              R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2008-05-02 17:24]
              R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\Internet Security Pack\HIPS\fshs.sys [2008-05-02 17:24]
              R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe [2002-09-20 18:29]
              R2 PackethSvc;Virtual NIC Service;C:\WINDOWS\system32\PackethSvc.exe [2001-08-09 17:46]
              R3 CardReaderFilter;Card Reader Filter;C:\WINDOWS\system32\Drivers\USBCRFT.SYS [2008-05-19 15:33]
              R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-10-01 15:58]
              R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\Internet Security Pack\Anti-Virus\minifilter\fsgk.sys [2008-01-22 20:53]
              S3 CA_LIC_CLNT;CA License Client;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe [2002-09-20 18:27]
              S3 CA_LIC_SRVR;CA License Server;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe [2002-09-20 18:41]
              S3 IIUSBISP;USB Mass Storage for USB ISP;C:\WINDOWS\system32\Drivers\iiusbisp.sys
              S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\Internet Security Pack\Anti-Virus\Win2K\FSfilter.sys [2008-01-22 20:53]
              S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\Internet Security Pack\Anti-Virus\Win2K\FSrec.sys [2008-01-22 20:53]

              .
              Inhoud van de 'Gedeelde Taken' map
              "2008-05-09 21:04:06 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
              - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
              "2008-03-14 07:50:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
              - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
              "2008-01-14 07:50:20 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
              - C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
              .
              **************************************************************************

              catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
              Rootkit scan 2008-05-19 21:39:19
              Windows 5.1.2600 Service Pack 2 NTFS

              scannen van verborgen processen ...

              scannen van verborgen autostart items ...

              scannen van verborgen bestanden ...

              Scan succesvol afgerond
              verborgen bestanden: 0

              **************************************************************************
              .
              Voltooingstijd: 2008-05-19 21:43:09
              ComboFix-quarantined-files.txt 2008-05-19 19:42:59
              ComboFix2.txt 2008-05-18 15:59:27

              Pre-Run: 27,218,767,872 bytes beschikbaar
              Post-Run: 27,349,409,792 bytes beschikbaar

              180 --- E O F --- 2008-05-18 09:20:13

              Comment


              • #8
                Ik zie eigenlijk geen sporen van infecties in je logje.

                Heb je betaald voor Spyware Doctor of is het een trial?

                Mogelijk is deze verantwoordelijk voor het niet kunnen wijzigen van je internet-instellingen.

                Comment


                • #9
                  Ik heb deze niet betaald, hij zat gratis op mijn multimedia-harddisk. Maar ik verwijder hem wel om te zien of het daar aan ligt.

                  Comment


                  • #10
                    hmm daar heeft het niet aan gelegen. hij geeft nu steeds een foutmelding over de netwerkverbindingsservice die hij niet kan vinden. Word denk ik toch tijd voor alles configureren of nieuwe computer kopen. Maar super bedankt voor je hulp .

                    Comment


                    • #11
                      Misschien helpt dit:

                      Ga naar configuratiescherm en klik op software.
                      Dan links klikken op de knop 'windows onderdelen toevoegen en verwijderen'.

                      Klik op netwerkservices en vervolgens op 'details'.
                      Daar TCP/IP services' aanvinken. Dus windows XP cd erin en aanvinken.

                      Comment


                      • #12
                        Het heeft er wel mee te maken maar hij kan hem neit opstarten, hij zegt dat eht te lang duurt en dan kan hij eht bestand neit toevoegen. Het heeft inderdaad wel emt de netwerkservice te maken.

                        Comment


                        • #13
                          Download Dial-a-fix-2006 en pak beide bestanden in hun eigen map uit naar je Bureaublad.
                          • In de map Dial-a-fix-v0.60.0.24, dubbelklik op Dial-a-fix.exe
                            In het venster dat opengaat, klik onderaan op het icoontje met het dubbele groene vinkje (check all).
                            Klik daarna op "GO" en laat de tool alle instellingen terugzetten.
                            Sluit dit venster na afloop door onderaan op "Exit" te klikken.
                          Vertel of dat verbetering geeft

                          Comment


                          • #14
                            Ok bedankt, maar hij geeft de volgende twee foutmeldingen :

                            Error 126 (*The specified module could not be found*) was encountered while calling LoadLibrary (C:\windows\system32\inetcpl.cpl). This is usually caused by a missing or corrupt dependency, or a dependency not present in the PATH or the current folder (which is: C:\WINDOWS\system32)

                            en

                            Error 126 (*The specified module could not be found*) was encountered while calling LoadLibrary (C:\windows\system32\netman.dl). This is usually caused by a missing or corrupt dependency, or a dependency not present in the PATH or the current folder (which is: C:\WINDOWS\system32)

                            hopelijk weet je wat er word bedoeld en nogmaals bedankt voor alle moeite

                            Comment


                            • #15
                              Probeer Dial-a-fix eens in veilige modus.

                              Comment

                              Sorry, you are not authorized to view this page
                              Working...
                              X