Hallo,
sinds vandaag start mijn laptop enkel in veilige modus.
Wat heb ik dan gedaan:
- McAfee scan : niets gevonden
- online scan van Eset : 8 items gevonden (waaronder 6 x Ransom.B trojan) en opgeruimd.

Dan vond ik dit forum.
-MBAM
-GMER
-dds uitgevoerd.
Hijackthis kan ik niet installeren in veilige modus.

Bij normaal opstarten wordt het scherm (na het Windows logo) zwart.

Hieronder de MBAM en GMER logs.

Alle hulp is welkom.



Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Databaseversie: v2013.12.12.06

Windows 7 x64 NTFS (Veilige modus/netwerkmogelijkheden)
Internet Explorer 8.0.7600.16385
Bruno :: BRUNO-HP [administrator]

12/12/2013 21:03:34
mbam-log-2013-12-12 (21-03-34).txt

Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 282551
Verstreken tijd: 16 minuut/minuten, 37 seconde(n)

Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 1
C:\Recycle.Bin (Trojan.Spyeyes) -> Succesvol in quarantaine geplaatst en verwijderd.


GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-12-12 22:46:06
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LH01 298,09GB
Running: v198k85w.exe; Driver: C:\Users\Bruno\AppData\Local\Temp\ugtiqpog.sys


---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760a1465 2 bytes [0A, 76]
.text C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe[1844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760a14bb 2 bytes [0A, 76]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\mfevtps.exe[680] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fb9ba40] C:\Windows\system32\mfevtps.exe

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Par ameters\Keys\002713d5d118
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Paramet ers\Keys\002713d5d118 (not active ControlSet)

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

Hallo,

probeer via een goedwerkende PC of laptop vogende nar een USB stick te downloaden en daarna in veilige modus op jouw laptop
deze instructies uitvoeren:

Download ComboFix van één van deze locaties:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier (http://www.bleepingcomputer.com/forums/topic114351.html)

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

http://www.bleepstatic.com/combofix/nl/cf-rc-auto.jpg

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

http://www.bleepstatic.com/combofix/nl/rc-auto-done.jpg

Klik op Ja om verder te gaan met het scannen naar malware.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Indien je problemen hebt bij het uitvoeren van ComboFix, gelieve dit te melden.

Alleszins bedankt voor jouw reactie.

Het is mij niet gelukt om McAfee Antivirus en Antispyware uit te schakelen. Telkens ik dit probeer in McAfee Security Center, springen ze automatisch terug op 'Aan'.

Ik heb toch de Combifix laten lopen. Ik kreeg echter niet de schermen die je opgeeft.

Dit is de inhoud van het logbestand:


ComboFix 13-12-13.01 - Bruno 13/12/2013 21:18:12.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3894.3056 [GMT 1:00]
Gestart vanuit: c:\users\Bruno\Desktop\ComboFix.exe
AV: McAfeeAntivirus en antispyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfeeFirewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfeeAntivirus en antispyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\7799746.bat
c:\programdata\7799746.reg
c:\programdata\qreqd.pad
c:\users\Bruno\Documents\~WRL0003.tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-11-13 to 2013-12-13 ))))))))))))))))))))))))))))))
.
.
2013-12-13 20:29 . 2013-12-13 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-12 20:02 . 2013-12-12 20:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-12 20:02 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-26 18:38 . 2013-11-26 18:38 -------- d-----w- c:\users\Bruno\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-11-15 15:38 . 2012-04-09 12:59 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-15 15:38 . 2011-05-27 06:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-14 13:46 . 2010-11-14 17:11 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-04 15:51 . 2012-04-12 11:25 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 15:46 . 2012-04-12 11:25 343696 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 15:46 . 2012-04-12 11:14 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 15:43 . 2011-10-15 10:16 782360 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 15:41 . 2012-04-12 11:25 519576 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 15:40 . 2012-04-12 11:25 311120 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 15:39 . 2011-10-15 10:16 179792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-09-23 11:49 . 2013-10-20 13:23 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-20 07:38 . 2013-09-20 07:38 10856 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 07:38 . 2013-09-20 07:38 95984 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 07:37 . 2013-09-20 07:37 390552 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Device Detector"="DevDetect.exe -autorun" [X]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-05-19 2736128]
"Facebook Update"="c:\users\Bruno\AppData\Local\Facebook\Update\Faceb ookUpdate.exe" [2012-07-11 138096]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-06-21 98304]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-06-02 61112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"beid"="c:\program files (x86)\Belgium Identity Card\beid35gui.exe" [2011-02-03 2068480]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"DVAPTray"="c:\windows\System32\DVAPTray.exe" [2012-05-30 192512]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-9 4236288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\ windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 0252641386505522mcinstcleanup;McAfee Application Installer Cleanup (0252641386505522);c:\windows\TEMP\025264~1.EXE;c: \windows\TEMP\025264~1.EXE [x]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\window s\SYSNATIVE\atiesrxx.exe [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe;c:\pro gram files (x86)\Microsoft\BingBar\7.2.241.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET \Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [x]
R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c: \windows\SYSNATIVE\ezSharedSvcHost.exe [x]
R2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 RtVOsdService;RtVOsdService Installer;c:\program files\Realtek\RtVOsd\RtVOsdService.exe;c:\program files\Realtek\RtVOsd\RtVOsdService.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\w indows\SYSNATIVE\DRIVERS\a38usb.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe;c:\p rogram files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\w indows\SYSNATIVE\drivers\cfwids.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 DisplayLinkUsbIo_x64;DisplayLinkUsbIo_x64;c:\windo ws\system32\DRIVERS\DisplayLinkUsbIo_x64_7.2.47873 .0.sys;c:\windows\SYSNATIVE\DRIVERS\DisplayLinkUsb Io_x64_7.2.47873.0.sys [x]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbP ort_5.6.31854.0.sys;c:\windows\SYSNATIVE\DRIVERS\D isplayLinkUsbPort_5.6.31854.0.sys [x]
R3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys; c:\windows\SYSNATIVE\drivers\dlkmd.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK. sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdp md64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys; c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c: \windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\wi ndows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c: \windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c: \windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VS TAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VS TDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVER S\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNX T6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\w indows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c: \windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c: \windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys ;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkm dldr.sys;c:\windows\SYSNATIVE\drivers\dlkmdldr.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c: \windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\pr ogram files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows \SYSNATIVE\mfevtps.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys; c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys; c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-05-19 08:36 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-06 07:45 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-09 15:38]
.
2013-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3259525486-1747808784-3476929563-1001Core.job
- c:\users\Bruno\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2012-01-20 20:54]
.
2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3259525486-1747808784-3476929563-1001UA.job
- c:\users\Bruno\AppData\Local\Facebook\Update\Faceb ookUpdate.exe [2012-01-20 20:54]
.
2013-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:11]
.
2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-26 08:11]
.
2013-12-08 c:\windows\Tasks\HPCeeScheduleForBruno.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-22 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-22 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-22 414744]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-06-18 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2013-11-26 21720]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_source=startpage
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bruno\AppData\Roaming\Mozilla\Firefox\Pro files\9pyt3fdc.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-McAfee Virtual Technician - c:\program files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.apd"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bmp"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcx"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dib"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.emf"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.gif"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jfif"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jif"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpe"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpeg"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpg"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcx"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pic"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.png"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rle"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="Google.PhotoViewer.3.0"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tga"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tif"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-3259525486-1747808784-3476929563-1001)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.tiff"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wbmp"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.wmf"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xif"
.
[HKEY_USERS\S-1-5-21-3259525486-1747808784-3476929563-1001\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil 64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil6 4_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA 0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE 38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil3 2_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11 _9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11 _9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11 _9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11 _9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00, 72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00 ,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-12-13 21:32:02
ComboFix-quarantined-files.txt 2013-12-13 20:32
.
Pre-Run: 152.020.234.240 bytes beschikbaar
Post-Run: 172.672.876.544 bytes beschikbaar
.
- - End Of File - - DC59029A31B05405CDB668E6ECE31AE0

Even een bijkomende gedachte: kan dit iets te maken hebben met de grafische kaart? Het lijkt erop dat in normale modus de computer toch opstart, hoewel ik het niet zie. Het Windows logo verschijnt (Windows opstarten) en dan wordt het scherm zwart ... maar hoor ik wel het geluidje dat ik normaal hoor bij het aanlogscherm ...

Wat ik hiervoor schreef is waarschijnlijk een deel van het probleem. Wanneer ik de 2 beeldschermadaptors uitschakel, start de laptop op in normale modus; weliswaar met een slechte beeldschikking maar OK.
Dan zit deze topic op een verkeerde plaats. Het feit dat ik de Ransom.B trojan vond deed mij vermoeden dat deze er voor iets tussenzat.

Ik zie in ieder geval niets verdachts hoor!! Zoals jezelf aangeeft zal het waarschijnlijk je grafische kaart zijn.