Weergegeven resultaten: 1 t/m 6 van 6
  1. #1
    Beginner  
    Geregistreerd
    12 December 2013
    Berichten
    4
    Bedankjes
    1
    Bedankt
    0 keer in 0 posts

    laptop start alleen op in veilige modus

    Hallo,
    sinds vandaag start mijn laptop enkel in veilige modus.
    Wat heb ik dan gedaan:
    - McAfee scan : niets gevonden
    - online scan van Eset : 8 items gevonden (waaronder 6 x Ransom.B trojan) en opgeruimd.

    Dan vond ik dit forum.
    -MBAM
    -GMER
    -dds uitgevoerd.
    Hijackthis kan ik niet installeren in veilige modus.

    Bij normaal opstarten wordt het scherm (na het Windows logo) zwart.

    Hieronder de MBAM en GMER logs.

    Alle hulp is welkom.



    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Databaseversie: v2013.12.12.06

    Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden)
    Internet Explorer 8.0.7600.16385
    Bruno :: BRUNO-HP [administrator]

    12/12/2013 21:03:34
    mbam-log-2013-12-12 (21-03-34).txt

    Scan type: Snelle scan
    Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scan opties: P2P
    Objecten gescand: 282551
    Verstreken tijd: 16 minuut/minuten, 37 seconde

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 1
    C:\Recycle.Bin (Trojan.Spyeyes) -> Succesvol in quarantaine geplaatst en verwijderd.


    GMER 2.1.19163 - http://www.gmer.net
    Rootkit scan 2013-12-12 22:46:06
    Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH01 298,09GB
    Running: v198k85w.exe; Driver: C:\Users\Bruno\AppData\Local\Temp\ugtiqpog.sys


    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
    .text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
    .text ... * 2

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Windows\system32\mfevtps.exe[680] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fb9ba40] C:\Windows\system32\mfevtps.exe

    ---- Registry - GMER 2.1 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\002713d5d118
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\002713d5d118 (not active ControlSet)

    ---- Disk sectors - GMER 2.1 ----

    Disk \Device\Harddisk0\DR0 unknown MBR code

    ---- EOF - GMER 2.1 ----

  2. #2
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Hallo,

    probeer via een goedwerkende PC of laptop vogende nar een USB stick te downloaden en daarna in veilige modus op jouw laptop
    deze instructies uitvoeren:

    Download ComboFix van één van deze locaties:

    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op
    • Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
      Klik hier

      Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
    • Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
    • ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

      **Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.
    • Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.




    Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:



    Klik op Ja om verder te gaan met het scannen naar malware.

    Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

    Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

  3. #3
    Beginner  
    Geregistreerd
    12 December 2013
    Berichten
    4
    Bedankjes
    1
    Bedankt
    0 keer in 0 posts
    Alleszins bedankt voor jouw reactie.

    Het is mij niet gelukt om McAfee Antivirus en Antispyware uit te schakelen. Telkens ik dit probeer in McAfee Security Center, springen ze automatisch terug op 'Aan'.

    Ik heb toch de Combifix laten lopen. Ik kreeg echter niet de schermen die je opgeeft.

    Dit is de inhoud van het logbestand:


    ComboFix 13-12-13.01 - Bruno 13/12/2013 21:18:12.1.4 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3894.3056 [GMT 1:00]
    Gestart vanuit: c:\users\Bruno\Desktop\ComboFix.exe
    AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\7799746.bat
    c:\programdata\7799746.reg
    c:\programdata\qreqd.pad
    c:\users\Bruno\Documents\~WRL0003.tmp
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-11-13 to 2013-12-13 ))))))))))))))))))))))))))))))
    .
    .
    2013-12-13 20:29 . 2013-12-13 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-12-12 20:02 . 2013-12-12 20:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-12-12 20:02 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2013-11-26 18:38 . 2013-11-26 18:38 -------- d-----w- c:\users\Bruno\AppData\Local\Programs
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
    .
    2013-11-15 15:38 . 2012-04-09 12:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-11-15 15:38 . 2011-05-27 06:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-11-14 13:46 . 2010-11-14 17:11 82896128 ----a-w- c:\windows\system32\MRT.exe
    2013-11-04 15:51 . 2012-04-12 11:25 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2013-11-04 15:46 . 2012-04-12 11:25 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2013-11-04 15:46 . 2012-04-12 11:14 182752 ----a-w- c:\windows\system32\mfevtps.exe
    2013-11-04 15:43 . 2011-10-15 10:16 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2013-11-04 15:41 . 2012-04-12 11:25 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2013-11-04 15:40 . 2012-04-12 11:25 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2013-11-04 15:39 . 2011-10-15 10:16 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2013-09-23 11:49 . 2013-10-20 13:23 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
    2013-09-20 07:38 . 2013-09-20 07:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
    2013-09-20 07:38 . 2013-09-20 07:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys
    2013-09-20 07:37 . 2013-09-20 07:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "Device Detector"="DevDetect.exe -autorun" [X]
    "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
    "Facebook Update"="c:\users\Bruno\AppData\Local\Facebook\Upd ate\FacebookUpdate.exe" [2012-07-11 138096]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
    "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
    "DVAPTray"="c:\windows\System32\DVAPTray.exe" [2012-05-30 192512]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcpltsvc]
    @=""
    .
    R2 0252641386505522mcinstcleanup;McAfee Application Installer Cleanup (0252641386505522);c:\windows\TEMP\025264~1.EXE;c: \windows\TEMP\025264~1.EXE [x]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
    R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\pro gram files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
    R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c: \windows\SYSNATIVE\ezSharedSvcHost.exe [x]
    R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
    R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
    R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
    R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
    R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
    R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\w indows\SYSNATIVE\DRIVERS\a38usb.sys [x]
    R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\p rogram files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\w indows\SYSNATIVE\drivers\cfwids.sys [x]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
    R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windo ws\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873 .0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsb Io_x64_7.2.47873.0.sys [x]
    R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbP ort_5.6.31854.0.sys;c:\windows\SYSNATIVE\DRIVERS\D isplayLinkUsbPort_5.6.31854.0.sys [x]
    R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys; c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK. sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
    R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdp md64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
    R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys; c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
    R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c: \windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c: \windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c: \windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys ;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkm dldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c: \windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows \SYSNATIVE\mfevtps.exe [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys; c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys; c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-12-06 07:45 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-09 15:38]
    .
    2013-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3259525486-1747808784-3476929563-1001Core.job
    - c:\users\Bruno\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2012-01-20 20:54]
    .
    2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3259525486-1747808784-3476929563-1001UA.job
    - c:\users\Bruno\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2012-01-20 20:54]
    .
    2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:11]
    .
    2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:11]
    .
    2013-12-08 c:\windows\Tasks\HPCeeScheduleForBruno.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
    "Persistence"="c:\windows\system32\igfxpers.ex e" [2010-06-22 414744]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
    "NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe " [2013-11-26 21720]
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_sou rce=startpage
    uLocal Page = c:\windows\system32\blank.htm
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Pro files\9pyt3fdc.default\
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
    AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.032"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ani"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.apd"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.bay"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.bmp"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.bw"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.crw\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.cs1"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.cur"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.dcx"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.dib"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.djv"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.djvu"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dng\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.emf"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.eps"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.erf"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.fff"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.fpx"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.gif\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.gif"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.icl"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.icn"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ico\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ico"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.iff"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ilbm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.int"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.inta"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.iw4"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.j2c"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.j2k"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jfif"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jif"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jp2"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpc"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpe"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpeg"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpg"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpk"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.jpx"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.lbm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.mos"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nef\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.orf\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pbm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pcd"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pct"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pcx"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pef\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pgm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pic"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pict"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.pix"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.png\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.png"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ppm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.psd"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.psp"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raf\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ras"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raw\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.rgb"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.rgba"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.rle"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.rsb"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.sgi"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.srf\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="Google.PhotoViewer.3.0"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.tga"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.thm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tif\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.tif"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.tiff"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ttc"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.ttf"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9o\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.v9o"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9p\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.v9p"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9pf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.v9pf"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.wbm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.wbmp"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.wmf"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.xbm"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.xif"
    .
    [HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee 9.0.xpm"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macrome d\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUt il64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macrome d\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUt il32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32 _11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00 ,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-12-13 21:32:02
    ComboFix-quarantined-files.txt 2013-12-13 20:32
    .
    Pre-Run: 152.020.234.240 bytes beschikbaar
    Post-Run: 172.672.876.544 bytes beschikbaar
    .
    - - End Of File - - DC59029A31B05405CDB668E6ECE31AE0

  4. #4
    Beginner  
    Geregistreerd
    12 December 2013
    Berichten
    4
    Bedankjes
    1
    Bedankt
    0 keer in 0 posts
    Even een bijkomende gedachte: kan dit iets te maken hebben met de grafische kaart? Het lijkt erop dat in normale modus de computer toch opstart, hoewel ik het niet zie. Het Windows logo verschijnt (Windows opstarten) en dan wordt het scherm zwart ... maar hoor ik wel het geluidje dat ik normaal hoor bij het aanlogscherm ...

  5. #5
    Beginner  
    Geregistreerd
    12 December 2013
    Berichten
    4
    Bedankjes
    1
    Bedankt
    0 keer in 0 posts
    Wat ik hiervoor schreef is waarschijnlijk een deel van het probleem. Wanneer ik de 2 beeldschermadaptors uitschakel, start de laptop op in normale modus; weliswaar met een slechte beeldschikking maar OK.
    Dan zit deze topic op een verkeerde plaats. Het feit dat ik de Ransom.B trojan vond deed mij vermoeden dat deze er voor iets tussenzat.

  6. #6
    Spyware Slayer   Rosty's schermafbeelding
    Geregistreerd
    19 May 2005
    Locatie
    Zandvliet/ Ledegem
    Berichten
    4.212
    Bedankjes
    1.205
    Bedankt
    2.705 keer in 1.758 posts
    Ik zie in ieder geval niets verdachts hoor!! Zoals jezelf aangeeft zal het waarschijnlijk je grafische kaart zijn.

  7. De volgende gebruiker bedankt Rosty voor deze nuttige post:

    CaptainB (19 December 2013)

Discussie informatie

Users Browsing this Thread

Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)

Soortgelijke discussies

  1. Reacties: 58
    Laatste bericht: 10 October 2012, 20:19
  2. office start alleen nog op in veilige modus
    Door gideon in forum Office
    Reacties: 8
    Laatste bericht: 31 October 2011, 16:30

Favorieten/bladwijzers

Favorieten/bladwijzers

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •