logbestand

  • Bikkel

    ja zal ik doe maar had ik volgens mij al gedaan maar ik heb fat32 en kan alleen opslaan met ntfs dacht ik hoor maar zal het nog eens proberen

    Bikkel

  • Bikkel

    deze?

    “Silent Runners.vbs”, revision 41, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by “{++}”

    Startup items buried in registry:

    ———————————

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    “WeatherWatcher” = “C:\Program Files\Weather Watcher\ww.exe”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    “UserFaultCheck” = “%systemroot%\system32\dumprep 0 -u”

    “SystemTray” = “SysTray.Exe”

    “Symantec NetDriver Monitor” = “C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer”

    “Run StartupMonitor” = “StartupMonitor.exe”

    “LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE”

    “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme”

    “FLMK08KB” = “C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE”

    “FLMBROWSEMOUSE” = “C:\Program Files\Trust\302KS\Mouse\mouse32a.exe”

    “Daily Weather Forecast” = “C:\Program Files\Daily Weather Forecast\weather.exe”

    “ccApp” = “”C:\Program Files\Common Files\Symantec Shared\ccApp.exe“”

    “MessengerPlus3” = “”C:\Program Files\MessengerPlus! 3\MsgPlus.exe“”

    “New.net Startup” = “rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s”

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = “AcroIEHlprObj Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll”

    {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\(Default) = “URLLink”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\NewDotNet\newdotnet6_90.dll”

    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll”

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = “UberButton Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Common\yiesrvc.dll”

    {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = “YahooTaggedBM Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Common\YIeTagBm.dll”

    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = “CNavExtBho Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Configuratiescherm-uitbreiding Beeldscherm-panning”

    -> {CLSID}\InProcServer32\(Default) = “deskpan.dll”

    “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal-pictogramuitbreiding”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\System32\hticons.dll”

  • lucas

    Hoi Bikkel,

    Volgens mij heb je last van newdotnet:

    http://securityresponse.symantec.com/avcenter/venc/data/adware.ndotnet.html

    Volg de stappen van deze link om newdotnet helemaal te verwijderen

    www.newdotnet.com/removal.html

    Herstart daarna je computer en plaats een nieuw logje

    Lucas :)

  • pablo

    dit is ook niet het hele bestand ;)

    wacht geduldig tot hij helemaal klaar is en plaats dan pas het gemaakte logje :)

    paul :)

  • Bikkel

    ja dit is hem helemaal

  • pablo

    nee hoor ;)

    dit is een compleet log,bij jou mis ik minimaal de helft :?

    http://www.prikpagina.nl/read.php?f=123&i=151465&t=151404

    paul

  • Bikkel

    hier nog een keer dan.

    “Silent Runners.vbs”, revision 41, http://www.silentrunners.org/

    Operating System: Windows XP SP2

    Output limited to non-default values, except where indicated by “{++}”

    Startup items buried in registry:

    ———————————

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    “WeatherWatcher” = “C:\Program Files\Weather Watcher\ww.exe”

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

    “UserFaultCheck” = “%systemroot%\system32\dumprep 0 -u”

    “SystemTray” = “SysTray.Exe”

    “Symantec NetDriver Monitor” = “C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer”

    “Run StartupMonitor” = “StartupMonitor.exe”

    “LVCOMSX” = “C:\WINDOWS\system32\LVCOMSX.EXE”

    “LoadPowerProfile” = “Rundll32.exe powrprof.dll,LoadCurrentPwrScheme”

    “FLMK08KB” = “C:\Program Files\Trust\302KS\Keyboard\MMKEYBD.EXE”

    “FLMBROWSEMOUSE” = “C:\Program Files\Trust\302KS\Mouse\mouse32a.exe”

    “Daily Weather Forecast” = “C:\Program Files\Daily Weather Forecast\weather.exe”

    “ccApp” = “”C:\Program Files\Common Files\Symantec Shared\ccApp.exe“”

    “MessengerPlus3” = “”C:\Program Files\MessengerPlus! 3\MsgPlus.exe“”

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = “AcroIEHlprObj Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll”

    {53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\SPYBOT~1\SDHelper.dll”

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\(Default) = “UberButton Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Common\yiesrvc.dll”

    {65D886A2-7CA7-479B-BB95-14D1EFB7946A}\(Default) = “YahooTaggedBM Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Common\YIeTagBm.dll”

    {BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = “CNavExtBho Class”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

    “{42071714-76d4-11d1-8b24-00a0c9068ff3}” = “Configuratiescherm-uitbreiding Beeldscherm-panning”

    -> {CLSID}\InProcServer32\(Default) = “deskpan.dll”

    “{88895560-9AA2-1069-930E-00AA0030EBC8}” = “HyperTerminal-pictogramuitbreiding”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\System32\hticons.dll”

    “{5b4dae26-b807-11d0-9815-00c04fd91972}” = “Menu Band”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{8278F931-2A3E-11d2-838F-00C04FD918D0}” = “Tracking Shell Menu”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{E13EF4E4-D2F2-11d0-9816-00C04FD91972}” = “Menu Site”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{ECD4FC4F-521C-11D0-B792-00A0C90312E1}” = “Menu Desk Bar”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{D82BE2B0-5764-11D0-A96E-00C04FD705A2}” = “IShellFolderBand”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{0E5CBF21-D15F-11d0-8301-00AA005B4383}” = “K&oppelingen”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{7487cd30-f71a-11d0-9ea7-00805f714772}” = “Thumbnail Image”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\SHELL32.dll”

    “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Desktop Icon Handler”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL”

    “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Office Outlook Custom Icon Handler”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL”

    “{42042206-2D85-11D3-8CFF-005004838597}” = “Microsoft Office HTML Icon Handler”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Microsoft Office\OFFICE11\msohev.dll”

    “{640167b4-59b0-47a6-b335-a6b3c0695aea}” = “Portable Media Devices”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\Audiodev.dll”

    “{cc86590a-b60a-48e6-996b-41d25ed39a1e}” = “Portable Media Devices Menu”

    -> {CLSID}\InProcServer32\(Default) = “C:\WINDOWS\system32\Audiodev.dll”

    “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}” = “Webroot Spy Sweeper Context Menu Integration”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll”

    “{950FF917-7A57-46BC-8017-59D9BF474000}” = “Shell Extension for CDRW”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Ahead\InCD\incdshx.dll”

    “{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}” = “My Logitech Pictures”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Logitech\Video\Namespc2.dll”

    “{5464D816-CF16-4784-B9F3-75C0DB52B499}” = “Yahoo! Mail”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll”

    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

    INFECTION WARNING! “{54D9498B-CF93-414F-8984-8CE7FDE0D391}” = “ewido shell guard”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\ewido\security suite\shellhook.dll”

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\

    INFECTION WARNING! “AppInit_DLLs” = “MsgPlusLoader.dll”

    HKLM\Software\Classes\PROTOCOLS\Filter\

    INFECTION WARNING! text/xml\CLSID = “{807553E5-5146-11D5-A672-00B0D022E945}”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL”

    HKLM\Software\Classes\*\shellex\ContextMenuHandlers\

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    Yahoo! Mail\(Default) = “{5464D816-CF16-4784-B9F3-75C0DB52B499}”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll”

    HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\

    SpySweeper\(Default) = “{7C9D5882-CB4A-4090-96C8-430BFE8B795B}”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll”

    Symantec.Norton.Antivirus.IEContextMenu\(Default) = “{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    Active Desktop and Wallpaper:

    —————————–

    Active Desktop is disabled at this entry:

    HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

    HKCU\Control Panel\Desktop\

    “Wallpaper” = “C:\Documents and Settings\Frits den Elsen\Local Settings\Application Data\Microsoft\Wallpaper1.bmp”

    Enabled Screen Saver:

    ———————

    HKCU\Control Panel\Desktop\

    “SCRNSAVE.EXE” = “C:\WINDOWS\System32\sstext3d.scr”

    Startup items in “Frits den Elsen” & “All Users” startup folders:

    —————————————————————–

    C:\Documents and Settings\Frits den Elsen\Menu Start\Programma's\Opstarten

    “Quick Macros” -> shortcut to: “C:\Program Files\Quick Macros 2\qm.exe S”

    Enabled Scheduled Tasks:

    ————————

    “Toepassing Optimalisatie Start” -> launches: “walign”

    “Symantec NetDetect” -> launches: “C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE”

    “Norton AntiVirus - Mijn computer scannen - Frits den Elsen” -> launches: “C:\PROGRA~1\NORTON~1\Navw32.exe /task:”C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca“”

    Winsock2 Service Provider DLLs:

    ——————————-

    Namespace Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

    000000000001\LibraryPath = “%SystemRoot%\System32\mswsock.dll”

    000000000002\LibraryPath = “%SystemRoot%\System32\winrnr.dll”

    000000000003\LibraryPath = “%SystemRoot%\System32\mswsock.dll”

    Transport Service Providers

    HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

    00000000000#\PackedCatalogItem (contains) DLL , (at) # range:

    %SystemRoot%\system32\mswsock.dll , 1 - 3

    %SystemRoot%\system32\rsvpsp.dll , 4 - 5

    Toolbars, Explorer Bars, Extensions:

    ————————————

    Toolbars

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\

    “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

    “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll”

    HKLM\Software\Microsoft\Internet Explorer\Toolbar\

    “{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}” = “Norton AntiVirus”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Norton AntiVirus\NavShExt.dll”

    “{EF99BD32-C1FB-11D2-892F-0090271D4F88}” = “Yahoo! Toolbar”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll”

    Explorer Bars

    HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

    {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = “&Yahoo! Messenger”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll”

    HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

    {4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = “&Yahoo! Messenger”

    -> {CLSID}\InProcServer32\(Default) = “C:\PROGRA~1\YAHOO!\COMMON\yhexbmesus.dll”

    Extensions (Tools menu items, main toolbar menu buttons)

    HKLM\Software\Microsoft\Internet Explorer\Extensions\

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

    “MenuText” = “Sun Java Console”

    “CLSIDExtension” = “{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll”

    {2D663D1A-8670-49D9-A1A5-4C56B4E14E84}\

    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}\

    “ButtonText” = “Yahoo! Services”

    “CLSIDExtension” = “{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}”

    -> {CLSID}\InProcServer32\(Default) = “C:\Program Files\Yahoo!\Common\yiesrvc.dll”

    {641F4F4E-6C91-4159-869E-9F5CE6F0F64E}\

    “ButtonText” = “MultiPoker”

    “MenuText” = “MultiPoker”

    “Exec” = “C:\Program Files\MultiPoker\MultiPoker.exe”

    {77E68763-4284-41D6-B7E7-B6E1F053A9E7}\

    “ButtonText” = “EmpirePoker”

    “MenuText” = “EmpirePoker”

    “Exec” = “C:\Program Files\EmpirePoker\EmpirePoker.exe”

    {92780B25-18CC-41C8-B9BE-3C9C571A8263}\

    “ButtonText” = “Onderzoek”

    {FB5F1910-F110-11D2-BB9E-00C04F795683}\

    “ButtonText” = “Messenger”

    “MenuText” = “Windows Messenger”

    “Exec” = “C:\Program Files\Messenger\msmsgs.exe”

    Running Services (Display Name, Service Name, Path {Service DLL}):

    ——————————————————————

    ewido security suite control, ewido security suite control, “C:\Program Files\ewido\security suite\ewidoctrl.exe”

    InCD File System Service, InCDsrv, “C:\Program Files\Ahead\InCD\InCDsrv.exe”

    LexBce Server, LexBceS, “C:\WINDOWS\system32\LEXBCES.EXE”

    Norton AntiVirus Auto-Protect-service, navapsvc, “”C:\Program Files\Norton AntiVirus\navapsvc.exe“”

    Norton AntiVirus Firewall Monitor Service, NPFMntor, “”C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe“”

    SoundMAX Agent Service, SoundMAX Agent Service (default), “C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe”

    Symantec Core LC, Symantec Core LC, “C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe”

    Symantec Event Manager, ccEvtMgr, “”C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe“”

    Symantec Network Drivers Service, SNDSrvc, “”C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe“”

    Symantec Settings Manager, ccSetMgr, “”C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe“”

    Symantec SPBBCSvc, SPBBCSvc, “”C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe“”

    Windows User Mode Driver Framework, UMWdf, “C:\WINDOWS\system32\wdfmgr.exe”

    WMDM PMSP Service, WMDM PMSP Service, “C:\WINDOWS\system32\MsPMSPSv.exe”

    Print Monitors:

    —————

    HKLM\System\CurrentControlSet\Control\Print\Monitors\

    Lexmark Network Port\Driver = “LEXLMPM.DLL”

    Microsoft Document Imaging Writer Monitor\Driver = “mdimon.dll”

    ———-

    + This report excludes default entries except where indicated.

    + To see *everywhere* the script checks and *everything* it finds,

    launch it from a command prompt or a shortcut with the -all parameter.

    + To search all directories of local fixed drives for DESKTOP.INI

    DLL launch points and all Registry CLSIDs for dormant Explorer Bars,

    use the -supp parameter or answer “No” at the first message box.

    ———- (total run time: 19 seconds, including 4 seconds for message boxes)

  • Bikkel

    klopt hij was niet helemaal doorgelopen sorry.

  • pablo

    hoi bikkel,

    ziet er netjes schoon uit ;)

    maar er zit dus nog een bestand op je pc wat telkens die dll van de trojan terug probeert te plaatsen :?

    start eens op in veilige modus en doe dan een volledige systeemscan met norton,verwijder alle gevonden bestanden :)

    herstart in de normale modus en doe hier een online scan:

    http://www.kaspersky.com/downloads/kws/kavwebscan.html

    bewaar het logje wat gemaakt word en plaats dat hier :)

    paul

  • Bikkel

    hier is hij

    ——————————————————————————-

    KASPERSKY ON-LINE SCANNER REPORT

    Friday, October 14, 2005 23:12:06

    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

    Kaspersky On-line Scanner version: 5.0.67.0

    Kaspersky Anti-Virus database last update: 14/10/2005

    Kaspersky Anti-Virus database records: 144863

    ——————————————————————————-

    Scan Settings:

    Scan using the following antivirus database: standard

    Scan Archives: true

    Scan Mail Bases: true

    Scan Target - My Computer:

    A:\

    C:\

    D:\

    E:\

    F:\

    G:\

    Scan Statistics:

    Total number of scanned objects: 39096

    Number of viruses found: 7

    Number of infected objects: 74

    Number of suspicious objects: 2

    Duration of the scan process: 1715 sec

    Infected Object Name - Virus Name

    C:\Program Files\Norton AntiVirus\Quarantine\62D46ABA.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\3EAF6FA5.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\6C9B5D1C.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\48700E0D.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\76602581.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\244C12F8.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\003115D7.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\2E936ACD.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Norton AntiVirus\Quarantine\1D38050A.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\Program Files\Daily Weather Forecast\weather.exe Infected: Trojan-Downloader.Win32.Centim.an

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip/backWeb-8876480.exe Suspicious: Password-protected-EXE

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BackWeblite.zip Suspicious: Password-protected-EXE

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001282.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001283.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001284.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001285.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001286.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001287.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001288.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001289.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001290.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001291.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001292.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001293.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001294.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001295.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001296.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001297.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001298.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001299.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001300.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001301.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001302.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001303.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001304.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001305.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001306.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001307.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001308.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001309.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001310.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001311.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001312.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001313.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001314.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001315.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001316.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001317.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001318.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001319.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001320.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001321.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001322.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001323.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001324.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001325.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001326.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP3\A0001327.dll Infected: Trojan-Downloader.Win32.Delf.wp

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001910.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001911.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001912.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001913.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001914.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001936.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001937.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001938.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001939.dll Infected: Trojan-Downloader.Win32.Delf.h

    C:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001940.dll Infected: Trojan-Downloader.Win32.Delf.h

    E:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001862.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja

    E:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001862.exe Infected: Trojan-Downloader.Win32.INService.ja

    E:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001864.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja

    E:\System Volume Information\_restore{E2BE89EE-0F50-4AD6-B2A3-6494B0F1CA34}\RP5\A0001864.exe Infected: Trojan-Downloader.Win32.INService.ja

    E:\Nero\dvdvideopluginversion6009vonneroburningromneroexpress_PxDfZxHjHkSdWnXv.zip/install_cheat_001.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ki

    E:\Nero\dvdvideopluginversion6009vonneroburningromneroexpress_PxDfZxHjHkSdWnXv.zip/install_cheat_001.exe Infected: Trojan-Downloader.Win32.IstBar.ki

    E:\Nero\dvdvideopluginversion6009vonneroburningromneroexpress_PxDfZxHjHkSdWnXv.zip Infected: Trojan-Downloader.Win32.IstBar.ki

    E:\Nero\Nero_DVD_Video_Plugin_Fixed (www.crack.cd)\vdb.exe Infected: Trojan-Downloader.Win32.INService.gen

    Scan process completed.

    Bikkel