kan ik deze geïnfecteerde bestanden wel zomaar verwijderen?

daverend · 2 maart 2013

Ik heb op 01 maart j.l. een virusscan gedaan met AVG 2013. Hier kwamen 5 (volgens AVG) geïnfecteerde bestanden uit naar voren, waarvan ik bij 2 bestanden mijn twijfels heb of ik deze zomaar kan verwijderen of dat dit gevolgen zal hebben voor de werking van mijn pc met Windows xp. Het gaat om de volgende meldingen:

"";"atapi.sys, koppelpunt import HAL.dll READ_PORT_UCHAR -> spgm.sys +0x2040, C:\WINDOWS\system32\drivers\spgm.sys";"Geïnfecteerd"

"";"atapi.sys, koppelpunt import HAL.dll READ_PORT_BUFFER_USHORT -> spgm.sys +0x213C, C:\WINDOWS\system32\drivers\spgm.sys";"Geïnfecteerd"

Via Google heb ik zelf al op een forum vernomen, hiervoor mijn pc eens te scannen met FixTDSS.exe. Dit heb ik gedaan, daarna mijn pc opnieuw opgestart en nogmaals gescand met AVG 2013. Hieruit bleek dat de betreffende geïnfecteerde bestanden nog steeds op mijn pc staan. Dus dit hielp niet. Wat te doen?

Bij voorbaat hartelijk dank. Met vriendelijke groet, David.

juisterr · 2 maart 2013

Ik zou dit niet zomaar verwijderen.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
(hier of hier) kan je lezen hoe je dat doet.
Dubbelklik op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
```
startupall;
filesrcm;
```
Klik op de knop "Options" en vink nu de onderstaande opties aan.
- Running processes
- Recently Created
- Startup Information
- System Specs
- Silent Runners
- Empty Temp Folders
- IE Defaults
- Auto Clean
[*] Klik daarna op de knop "Run script".

[*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

[*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

[*] Post nu de inhoud van het geopende logje in het volgende bericht.

daverend · 3 maart 2013

Zoek.exe Version 4.0.0.2 Updated 02-March-2013

Tool run by Administrator on za 02-03-2013 at 20:26:26,73.

Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\Explorer.EXE

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\UPHClean\uphclean.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Desktop Tray Clock\DTClock.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe

C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\notepad.exe

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Tijdelijke map 1 voor zoek.zip\zoek.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{76CFD0CD-240B-4447-B616-94783628092D} deleted successfully

HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{D565ACA0-4530-4596-9DF1-88146F4F0050} deleted successfully

HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Internet Explorer\SearchScopes\{ECE851C0-0209-4725-B086-94D050FCA641} deleted successfully

==== Deleting CLSID Registry Values ======================

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default

user.js not found

---- Lines OneClickDownload removed from prefs.js ----

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_02-03-2013_2032_.backup

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default

user.js not found

---- Lines OneClickDownload removed from prefs.js ----

user_pref("network.protocol-handler.warn-external.oneclickdownload", false);

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_02-03-2013_2032_.backup

ProfilePath: C:\Documents and Settings\Default User\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default

user.js not found

---- Lines OneClickDownload removed from prefs.js ----

user_pref("network.protocol-handler.warn-external.oneclickdownload", false);

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_02-03-2013_2032_.backup

==== System Specs ======================

Windows: Windows XP Professional Service Pack 3 (Build 2600)

Internet Explorer: 7.0.5730.13

Memory (RAM): 960 MB

CPU Info: Intel® Pentium® D CPU 2.66GHz

CPU Speed: 2603,0 MHz

Sound Card: Realtek HD Audio rear output |

Display Adapters: ATI RADEON XPRESS 200 Series | ATI RADEON XPRESS 200 Series | NetMeeting driver | RDPDD Chained DD

Monitors: 1x; V201LZ201942MD20666 | V201LZ201942MD20666 |

Screen Resolution: 1920 X 1080 - 32 bit

Network: Network Present

Network Adapters: Realtek RTL8139/810x Family Fast Ethernet NIC

CD / DVD Drives: 2x (E: | F: | ) E: TSSTcorpCDDVDW SH-222BB | F: IDE-DVD DROM6216

Ports: COM Ports NOT Present. LPT1

Mouse: 8 Button Wheel Mouse Present

Hard Disks: C: 97,7GB | D: 181,8GB | L: 1396,9GB

Hard Disks - Free: C: 49,4GB | D: 173,6GB | L: 594,2GB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 08/17/06 | HP-CPC - 8000617

Time Zone: West-Europa (standaardtijd)

Motherboard *: Hewleet-Packard Asterope2

Sun Java version: 1.6.0_07

Country: Nederland

Language: NLD

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp ====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\Administrator\Application Data ======

====== C:\Documents and Settings\Administrator ======

====== C: exe-files ==

2013-02-28 23:31:05 0415AB744E0BE99287ABAFE434365346 1931088 ----a-w- C:\Documents and Settings\Administrator\Bureaublad\FixTDSS.exe

=== C: other files ==

2013-03-01 17:44:55 833A32C63F92724611EDA5F6854F7B63 902863 ----a-w- C:\WINDOWS\Temp\avgdiag2\28525365-80a7-4816-8f7d-25387d22e720\out\28525365-80a7-4816-8f7d-25387d22e720[0cccbbfc-27ef-47d6-8256-d15067a3a010].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

[HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_USERS\S-1-5-21-682003330-117609710-1606980848-500\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"ShowDeskFix"="regsvr32 /s /n /i:u shell32"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE"

"Alcmtr"="ALCMTR.EXE"

"ehTray"="C:\WINDOWS\ehome\ehtray.exe"

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe"

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

"SilverCrest PH 1012B"="C:\WINDOWS\Silvercrest PH 1012B.exe"

"Launch SilverCrest DMTS2017-K"="C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe"

"Launch SilverCrest DMTS2017-M"="C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe"

"DivXUpdate"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"AVG_UI"="C:\Program Files\AVG\AVG2013\avgui.exe /TRAYONLY"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="C:\Program Files\Desktop Tray Clock\DTClock.exe"

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe /autoRun"

"KiesHelper"="C:\Program Files\Samsung\Kies\KiesHelper.exe /s"

"KiesTrayAgent"="C:\Program Files\Samsung\Kies\KiesTrayAgent.exe"

"KiesPDLR"="C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"Google Update"="C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin"

==== Startup Folders ======================

2012-07-29 12:06:51 1007 ----a-w- C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten\Wuala.lnk

2012-05-31 12:25:45 1815 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

2012-05-31 12:27:27 805 ----a-w- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\HP Photosmart Premier Snelstart.lnk

2010-11-13 03:13:27 1725 ----a-r- C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\RocketDock.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500Core.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [21-09-2012 22:08]

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500UA.job --a------ C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [21-09-2012 22:08]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default

- DivX Plus Web Player HTML5 lt;videogt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

- LavaFox V2-Blue - %ProfilePath%\extensions\djziggy@gmail.com

- FT SleekDark - %ProfilePath%\extensions\{a21cd440-41d6-11e0-9207-0800200c9a66}

- Greasemonkey - %ProfilePath%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

- Adblock Plus Pop-up Addon - %ProfilePath%\extensions\adblockpopups@jessehakanen.net.xpi

- Stylish - %ProfilePath%\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi

- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

- FoxTab - %ProfilePath%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi

ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\Nstavc2y.Default

- Free YouTube Download Free Studio Menu - %ProfilePath%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

AppDir: C:\Program Files\Mozilla Firefox

- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default

E0FF893763BA82BAABB869A351F0C455 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll - Google Update

A3E477ACDA2C5A427E56FB075ADEB536 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll - Shockwave Flash

21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat

9013599B12923A45C029C34E8D2211AC - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll - Silverlight Plug-In

A66A630E101E7B5CF0946F34935660CC - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll - DivX Plus Web Player

B938C1AE3ADCE166190895685B0BEB0D - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll - DivX VOD Helper Plug-in

BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9

C41576CBD076B6895C20B465CDC26958 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9

D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9

7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9

D9F5A433758BC151850E53690D57663A - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9

2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9

8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9

15A40ADA2CFCC400348E37A40237337E - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll - iTunes Application Detector

F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

B3EFFE7C6EDBA9A754158B8EA2BF7BBA - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

AB87EEFFD18F2BAAFC274E7075EA6C67 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

BA31D3FB803BBA92413D9D7D4E214D52 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.9

C41576CBD076B6895C20B465CDC26958 - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.9

D8F8E45ACC404661CF0787F2A0888180 - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.9

7B55FEF2BA47A2420BB49CD93320077A - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.9

D9F5A433758BC151850E53690D57663A - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.9

2FE95733EB36CD762EAE54BBE9D8B11C - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.9

8FD41344CB62DDB06E2A339F2C5F1947 - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.9

21FF3F07336CE4F8DF6AF1746BC26AAB - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

E0BCE90537E4A41AF36D5BDD5963A09D - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

BF2AD333C79072EEBE5AE0D72670E64E - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[12-12-2011 14:13]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft\dvsYoutubeDownload.crx[26-09-2012 18:56]

AVG Safe Search - Administrator - Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

"Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

"Default_Search_URL"="http://www.google.nl"

"Search Bar"="http://www.google.com/ie"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

"Start Page"="http://downloads.phpnuke.org/nl/index.php?rvs=google"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

@="http://www.google.com/search?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://www.google.nl/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{76CFD0CD-240B-4447-B616-94783628092D}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{76CFD0CD-240B-4447-B616-94783628092D}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

"(Default)"="http://search.msn.com/results.asp?q=%s"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{C09ED1D4-B134-4F60-8B26-5E6FF788D1F7} Google Zoeken Url="http://www.google.nl/search?hl=nl&q={searchTerms}&meta="

==== Silent Runners ======================

"Silent Runners.vbs", revision 69, Silent Runners - Adware? Disinfect, don't reformat!

Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:

---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}

SkinClock = C:\Program Files\Desktop Tray Clock\DTClock.exe [null data]

Sidebar = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [MS]

KiesHelper = C:\Program Files\Samsung\Kies\KiesHelper.exe /s [null data]

KiesTrayAgent = C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [samsung Electronics Co., Ltd.]

KiesPDLR = C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [null data]

Google Update = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [Google Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++}

FlashPlayerUpdate = C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_5_502_110_Plugin.exe -update plugin [Adobe Systems Incorporated]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

RTHDCPL = RTHDCPL.EXE [Realtek Semiconductor Corp.]

Alcmtr = ALCMTR.EXE [Realtek Semiconductor Corp.]

ehTray = C:\WINDOWS\ehome\ehtray.exe [MS]

SkinClock = C:\Program Files\Desktop Tray Clock\DTClock.exe [null data]

NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe [Ahead Software Gmbh]

StartCCC = "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [Advanced Micro Devices, Inc.]

QuickTime Task = "C:\Program Files\QuickTime\QTTask.exe" -atboottime [Apple Inc.]

iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe" [Apple Inc.]

SilverCrest PH 1012B = C:\WINDOWS\Silvercrest PH 1012B.exe [null data]

Launch SilverCrest DMTS2017-K = C:\Program Files\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [siliten]

Launch SilverCrest DMTS2017-M = C:\Program Files\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [siliten]

DivXUpdate = "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [null data]

HP Software Update = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [Hewlett-Packard Development Company, L.P.]

Adobe ARM = "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]

AVG_UI = "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{00011268-E188-40DF-A514-835FCD78B1BF}\(Default) = IE7Pro

-> {HKLM.CLSID} = IE7Pro BHO

\InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com]

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub

-> {HKLM.CLSID} = Adobe PDF Link Helper

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{326E768D-4182-46FD-9C16-1449A49795F4}\(Default) = Increase performance and video formats for your HTML5 <video>

-> {HKLM.CLSID} = DivX Plus Web Player HTML5 <video>

\InProcServer32\(Default) = C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [DivX, LLC]

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\(Default) = WormRadar.com IESiteBlocker.NavFilter

-> {HKLM.CLSID} = AVG Safe Search

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgssie.dll [file not found]

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)

-> {HKLM.CLSID} = SSVHelper Class

\InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [sun Microsystems, Inc.]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)

-> {HKLM.CLSID} = Windows Live Aanmelden - Help

\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO

-> {HKLM.CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

0WualaOverlayIcon1\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}

-> {HKLM.CLSID} = WualaOverlayIcon 1

\InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG]

0WualaOverlayIcon2\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}

-> {HKLM.CLSID} = WualaOverlayIcon 2

\InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG]

0WualaOverlayIcon3\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}

-> {HKLM.CLSID} = WualaOverlayIcon 3

\InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG]

0WualaOverlayIcon4\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}

-> {HKLM.CLSID} = WualaOverlayIcon 4

\InProcServer32\(Default) = C:\Program Files\Wuala OverlayIcons\OverlayIcon.dll [LaCie AG]

1EldosIconOverlay\(Default) = {20D9C431-26EC-4A8A-96B5-ECF7528E2F0A}

-> {HKLM.CLSID} = 1EldosIconOverlay

\InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation]

EldosIconOverlay\(Default) = {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}

-> {HKLM.CLSID} = VSMntNtfOverlayIcon Class

\InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{42071714-76d4-11d1-8b24-00a0c9068ff3} = Configuratiescherm-uitbreiding Beeldscherm-panning

-> {HKLM.CLSID} = Configuratiescherm-uitbreiding Beeldscherm-panning

\InProcServer32\(Default) = deskpan.dll [file not found]

{88895560-9AA2-1069-930E-00AA0030EBC8} = HyperTerminal-pictogramuitbreiding

-> {HKLM.CLSID} = HyperTerminal Icon Ext

\InProcServer32\(Default) = C:\WINDOWS\system32\hticons.dll [Hilgraeve, Inc.]

{8A56567E-A333-4843-B6E1-C3A262E41D8C} = HashTab Property Page

-> {HKLM.CLSID} = HashPage Class

\InProcServer32\(Default) = C:\Program Files\HashTab Shell Extension\HashTab32.dll [beeblebrox.org]

{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = UnlockerShellExtension

-> {HKLM.CLSID} = UnlockerShellExtension

\InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data]

{5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension

-> {HKLM.CLSID} = SimpleShlExt Class

\InProcServer32\(Default) = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Advanced Micro Devices, Inc.]

{0563DB41-F538-4B37-A92D-4659049B7766} = WLMD Message Handler

-> {HKLM.CLSID} = CLSID_WLMCMimeFilter

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes

-> {HKLM.CLSID} = iTunes

\InProcServer32\(Default) = C:\Program Files\iTunes\iTunesMiniPlayer.dll [Apple Inc.]

{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension

-> {HKLM.CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

{5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM.CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation]

{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = AVG Shell Extension

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

<<!>> {5FF49FE8-B332-4CB9-B102-FB6951629E55} = Virtual Storage Mount Notification

-> {HKLM.CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

EldosMountNotificator = {5FF49FE8-B332-4CB9-B102-FB6951629E55}

-> {HKLM.CLSID} = Virtual Storage Mount Notification

\InProcServer32\(Default) = C:\WINDOWS\system32\CbFsMntNtf3.dll [EldoS Corporation]

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\

<<!>> BootExecute = autocheck autochk *|pgdfgsvc C 1 [sysinternals - www.sysinternals.com]|C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\

<<!>> AtiExtEvent\DLLName = Ati2evxx.dll [ATI Technologies Inc.]

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

<<!>> linkscanner\CLSID = {F274614C-63F8-47D5-A4D1-FBDDE494F8D1}

-> {HKLM.CLSID} = XPLPPFilter Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2012\avgpp.dll [file not found]

<<!>> livecall\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]

<<!>> msnim\CLSID = {828030A1-22C1-4009-854F-8E305202313F}

-> {HKLM.CLSID} = (no title provided)

\InProcServer32\(Default) = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL [MS]

<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}

-> {HKLM.CLSID} = Skype IE add-on Pluggable Protocol

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

<<!>> skype4com\CLSID = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

-> {HKLM.CLSID} = IEProtocolHandler Class

\InProcServer32\(Default) = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL [skype Technologies]

<<!>> wlmailhtml\CLSID = {03C514A3-1EFB-4856-9F99-10D7BE1653C0}

-> {HKLM.CLSID} = Windows Live Mail HTML Asynchronous Pluggable Protocol Handler

\InProcServer32\(Default) = C:\Program Files\Windows Live\Mail\mailcomm.dll [MS]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM.CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

HashTab\(Default) = {8A56567E-A333-4843-B6E1-C3A262E41D8C}

-> {HKLM.CLSID} = HashPage Class

\InProcServer32\(Default) = C:\Program Files\HashTab Shell Extension\HashTab32.dll [beeblebrox.org]

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM.CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}

-> {HKLM.CLSID} = UnlockerShellExtension

\InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM.CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}

-> {HKLM.CLSID} = 7-Zip Shell Extension

\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000}

-> {HKLM.CLSID} = SimpleShlExt Class

\InProcServer32\(Default) = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll [Advanced Micro Devices, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info

-> {HKLM.CLSID} = PDF Shell Extension

\InProcServer32\(Default) = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

AVG Shell Extension\(Default) = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}

-> {HKLM.CLSID} = AVG Shell Extension Class

\InProcServer32\(Default) = C:\Program Files\AVG\AVG2013\avgse.dll [AVG Technologies CZ, s.r.o.]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}

-> {HKLM.CLSID} = MBAMShlExt Class

\InProcServer32\(Default) = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

UnlockerShellExtension\(Default) = {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83}

-> {HKLM.CLSID} = UnlockerShellExtension

\InProcServer32\(Default) = C:\Program Files\Unlocker\UnlockerCOM.dll [null data]

Group Policies {GPedit.msc branch and setting}:

-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoUserNameInStartMenu = (REG_DWORD) dword:0x00000001

{unrecognized setting}

NoSaveSettings = (REG_DWORD) dword:0x00000000

{User Configuration|Administrative Templates|Desktop|

Don't save settings at exit}

NoRecentDocsMenu = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoRemoteRecursiveEvents = (REG_DWORD) dword:0x00000001

{unrecognized setting}

NoRecentDocsMenu = (REG_DWORD) dword:0x00000001

{unrecognized setting}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

InstallVisualStyle = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Inspirat\Inspirat.msstyles

{unrecognized setting}

InstallTheme = (REG_EXPAND_SZ) C:\WINDOWS\Resources\Themes\Ultimate.theme

{unrecognized setting}

NoInternetOpenWith = (REG_DWORD) dword:0x00000001

{unrecognized setting}

Active Desktop and Wallpaper:

-----------------------------

Active Desktop may be disabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:

HKCU\Software\Microsoft\Internet Explorer\Desktop\General\

Wallpaper = %APPDATA%\Mozilla\Firefox\Bureaubladachtergrond.bmp

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:

HKCU\Control Panel\Desktop\

Wallpaper = C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Bureaubladachtergrond.bmp

Windows Portable Device AutoPlay Handlers

-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

EHomeMusicDropTarget\

Provider = Media Center

InvokeProgID = EHomeDropTarget.EHomeMusicDropTarget

InvokeVerb = play

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeMusicDropTarget\shell\play\DropTarget\CLSID = {ED87EFF3-FF22-404E-B2BD-BC3841BDCB2C}

-> {HKLM.CLSID} = EHomeMusicDropTarget Class

\InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS]

EHomePhotosHandler\

Provider = Media Center

InvokeProgID = EHomeDropTarget.EHomePhotosHandler

InvokeVerb = play

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomePhotosHandler\shell\play\DropTarget\CLSID = {4b7601c1-d292-4902-89f4-583a5ce0c535}

-> {HKLM.CLSID} = EHomePhotosHandler Class

\InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS]

EHomeVideoDropTarget\

Provider = Media Center

InvokeProgID = EHomeDropTarget.EHomeVideoDropTarget

InvokeVerb = play

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideoDropTarget\shell\play\DropTarget\CLSID = {A48E70A4-8E15-4465-9D85-CCE9E63F8AAB}

-> {HKLM.CLSID} = EHomeVideoDropTarget Class

\InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS]

EHomeVideosHandler\

Provider = Media Center

InvokeProgID = EHomeDropTarget.EHomeVideosHandler

InvokeVerb = play

HKLM\SOFTWARE\Classes\EHomeDropTarget.EHomeVideosHandler\shell\play\DropTarget\CLSID = {4f61ec50-acef-4ae7-b4c6-b19bddc0f745}

-> {HKLM.CLSID} = EHomeVideosHandler Class

\InProcServer32\(Default) = C:\WINDOWS\eHome\ehdrop.dll [MS]

HPAutoplayExpress\

Provider = HP Photosmart Express-software

InvokeProgID = HpqUnApl.Autoplay

InvokeVerb = Express

HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Express\DropTarget\CLSID = {57FA3F08-E36E-4820-9CC4-122D46114993}

-> {HKLM.CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard]

HPUnloadAutoplay\

Provider = HP Photosmart Overbrengen-software

InvokeProgID = HpqUnApl.Autoplay

InvokeVerb = Play

HKLM\SOFTWARE\Classes\HpqUnApl.Autoplay\shell\Play\DropTarget\CLSID = {E1A1C814-FD09-4c9d-BB4A-0394B836A1F0}

-> {HKLM.CLSID} = (no title provided)

\LocalServer32\(Default) = C:\Program Files\HP\Digital Imaging\Unload\HpqUnApl.exe [Hewlett-Packard]

iTunesBurnCDOnArrival\

Provider = iTunes

InvokeProgID = iTunes.BurnCD

InvokeVerb = burn

HKLM\SOFTWARE\Classes\iTunes.BurnCD\shell\burn\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayBurn "%L" [Apple Inc.]

iTunesImportSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ImportSongsOnCD

InvokeVerb = import

HKLM\SOFTWARE\Classes\iTunes.ImportSongsOnCD\shell\import\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayImportSongs "%L" [Apple Inc.]

iTunesPlaySongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.PlaySongsOnCD

InvokeVerb = play

HKLM\SOFTWARE\Classes\iTunes.PlaySongsOnCD\shell\play\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /playCD "%L" [Apple Inc.]

iTunesShowSongsOnArrival\

Provider = iTunes

InvokeProgID = iTunes.ShowSongsOnCD

InvokeVerb = showsongs

HKLM\SOFTWARE\Classes\iTunes.ShowSongsOnCD\shell\showsongs\command\(Default) = "C:\Program Files\iTunes\iTunes.exe" /AutoPlayShowSongs "%L" [Apple Inc.]

MSWPDShellNamespaceHandler\

Provider = @%SystemRoot%\System32\WPDShextRes.dll,-501

CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}

InitCmdLine =

-> {HKLM.CLSID} = WPDShextAutoplay

\LocalServer32\(Default) = C:\WINDOWS\system32\WPDShextAutoplay.exe [MS]

VLCPlayCDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.CDAudio

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team]

VLCPlayDVDAudioOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]

VLCPlayDVDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.DVDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team]

VLCPlayMusicFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]

VLCPlaySVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.SVCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team]

VLCPlayVCDMovieOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.VCDMovie

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file vcd://%1 [the VideoLAN Team]

VLCPlayVideoFilesOnArrival\

Provider = VideoLAN VLC media player

InvokeProgID = VLC.OPENFolder

InvokeVerb = Open

HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files\VideoLAN\VLC\vlc.exe" %1 [the VideoLAN Team]

Startup items in "Administrator" & "All Users" startup folders:

---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Start\Programma's\Opstarten {++}

Wuala -> shortcut to: C:\Documents and Settings\Administrator\Application Data\Wuala\Roaming\Wuala.exe -silent [LaCie]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten {++}

HP Digital Imaging Monitor -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [Hewlett-Packard Development Company, L.P.]

HP Photosmart Premier Snelstart -> shortcut to: C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s [null data]

RocketDock -> shortcut to: C:\Program Files\RocketDock\RocketDock.exe [null data]

Enabled Scheduled Tasks: {++}

------------------------

GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500Core -> launches: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /c [Google Inc.]

GoogleUpdateTaskUserS-1-5-21-682003330-117609710-1606980848-500UA -> launches: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]

SmartDefrag -> launches: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe /Schedule [iObit]

Winsock2 Service Provider DLLs:

-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000002\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]

000000000003\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]

000000000004\LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll [Apple Inc.]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:

------------------------------------

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

{000002A3-84FE-43F1-B958-F2C3CA804F1A}\

ButtonText = IE7Pro Grab and Drag

MenuText = IE7Pro Grab and Drag

CLSIDExtension = {CD275D4E-791A-4993-9D4D-6A071EDD2709}

-> {HKLM.CLSID} = IE7Pro GrabDragBtn

\InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com]

{0026439F-A980-4F18-8C95-4F1CBBF9C1D8}\

ButtonText = IE7Pro Preferences

MenuText = IE7Pro Preferences

CLSIDExtension = {B119EB0C-C021-46CF-85B0-34A760E0D5FE}

-> {HKLM.CLSID} = IE7Pro ToolsExt

\InProcServer32\(Default) = C:\Program Files\IEPro\iepro.dll [iE7Pro.com]

{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\

MenuText = Sun Java Console

CLSIDExtension = {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

-> {HKCU.CLSID} = Java Plug-in 1.6.0_07

\InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [sun Microsystems, Inc.]

-> {HKLM.CLSID} = Java Plug-in 1.6.0_07

\InProcServer32\(Default) = C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [sun Microsystems, Inc.]

{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\

ButtonText = Skype Click to Call

MenuText = Skype Click to Call

CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}

-> {HKLM.CLSID} = Skype Browser Helper

\InProcServer32\(Default) = C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]

{8B2D996F-B7D1-4961-A929-414D9CF5BA7B}\

ButtonText = MS-KB

MenuText = MS-KB

Exec = Microsoft Support [file not found]

{E2E2DD38-D088-4134-82B7-F2BA38496583}\

MenuText = @xpsp3res.dll,-20001

Exec = %windir%\Network Diagnostic\xpnetdiag.exe [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.]

AVG WatchDog, avgwd, "C:\Program Files\AVG\AVG2013\avgwdsvc.exe" [AVG Technologies CZ, s.r.o.]

Bonjour-service, Bonjour Service, "C:\Program Files\Bonjour\mDNSResponder.exe" [Apple Inc.]

iPod-service, iPod Service, "C:\Program Files\iPod\bin\iPodService.exe" [Apple Inc.]

Media Center Extender Service, McrdSvc, C:\WINDOWS\ehome\mcrdsvc.exe [MS]

Media Center Receiver Service, ehRecvr, C:\WINDOWS\eHome\ehRecvr.exe [MS]

Media Center Scheduler-service, ehSched, C:\WINDOWS\eHome\ehSched.exe [MS]

Mobiel Apple apparaat, Apple Mobile Device, "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [Apple Inc.]

User Profile Hive Cleanup, UPHClean, C:\Program Files\UPHClean\uphclean.exe [MS]

Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [MS]

Print Monitors:

---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\

HP Standard TCP/IP Port\Driver = HpTcpMon.dll [Hewlett Packard]

PCL hpz3l054\Driver = hpz3l054.dll [Hewlett-Packard Company]

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\i1nx5yu6.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

After Reboot

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat" deleted

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

juisterr · 3 maart 2013

Beter nu ?

daverend · 3 maart 2013

Helaas geeft AVG na een nieuwe virusscan deze twee bestanden nog steeds weer. Het vreemde is ook, dat als ik naar de betreffende map ga waar deze bestanden in zouden moeten staan, ze niet te vinden zijn. En ik heb 'verborgen mappen weergeven' aan staan

juisterr · 3 maart 2013

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.

>>Hier<< kunt u lezen hoe u Combofix dient te gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.

* (hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

daverend · 3 maart 2013

Bij het opstarten van Combofix geeft het de volgende melding weer:

"ComboFix heeft vastgesteld dat de volgende real time scanner(s) actief zijn:

antivirus: AVG update module"

Toch heb ik voordat ik ComboFix opstartte, volgens de instructies op de betreffende website van bleepingcomputer.com, AVG uitgeschakeld via rechtermuisknop, vervolgens geklikt op: "Beveiliging door AVG uitschakelen". Als ik er nog eens op zou klikken staat er "Beveiliging door AVG inschakelen". Dus AVG is inderdaad uitgeschakeld. Maar wat moet ik dan nog meer doen om de update module uit te schakelen?

kape · 4 maart 2013

Kan je bij het opstarten die foutmelding gewoon doorklikken om Combofix te laten werken ? Zo ja, probeer dat even en zet dan het bekomen logje in volgend bericht.

Maxstar · 4 maart 2013

Ik kan met zekerheid zeggen dat dit een False-Positive van AVG betreft, de oorzaak dat AVG deze kernel-drivers als "rootkit" detecteert komt doordat er CD/DVD emulatiesoftware is geinstalleerd zoals b.v. Deamon Tools of Alcohol 120%.

Zie ook het onderstaande artikel.

Computer Forum - PC Web Plus ? Toon onderwerp - AVG Rootkit gedetecteerd

daverend · 4 maart 2013

Als reactie op Maxstar:

ik heb een aantal onderdelen van DVDVideoSoft geinstalleerd. Dit is wel al lang geleden, ik weet niet eens meer wanneer. (Ik heb van de meeste onderdelen al lang geen software-update meer heb uitgevoerd). Maar heb er eigenlijk nooit problemen mee gehad wat betreft detectie-meldingen van AVG. Kan dit misschien toch nu de veroorzaker zijn? Zo ja, hoe kan ik dat met zekerheid vaststellen? En is het noodzakelijk dit uit te schakelen/ te verwijderen? Want ik gebruik het programma op regelmatige basis.

Inloggen

kan ik deze geïnfecteerde bestanden wel zomaar verwijderen?

Aanbevolen berichten

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Belangrijke informatie