ComboFix 14-04-03.01 - Tanneke 03-04-2014  16:35:11.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.31.1043.18.747.287 [GMT 2:00]
Gestart vanuit: c:\users\Tanneke\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Persoonlijke firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tanneke\AppData\Local\assembly\tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-03-03 to 2014-04-03  ))))))))))))))))))))))))))))))
.
.
2014-04-03 14:49 . 2014-04-03 14:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-04-03 14:38 . 2014-04-03 14:38	--------	d-----w-	c:\users\Tanneke\AppData\Local\CrashDumps
2014-04-01 16:06 . 2014-03-17 09:16	7969936	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A31B158-917E-4F0C-BC21-081841340451}\mpengine.dll
2014-03-31 15:02 . 2014-03-31 14:20	24064	----a-w-	c:\windows\zoek-delete.exe
2014-03-31 15:02 . 2014-04-03 14:49	--------	d-----w-	c:\users\Tanneke\AppData\Local\Temp
2014-03-13 18:44 . 2014-03-13 18:44	--------	d-----w-	c:\users\Tanneke\voip
2014-03-13 14:09 . 2014-01-28 02:07	185344	----a-w-	c:\windows\system32\wwansvc.dll
2014-03-13 14:09 . 2014-02-07 01:07	2349056	----a-w-	c:\windows\system32\win32k.sys
2014-03-13 14:09 . 2014-02-04 02:04	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2014-03-13 14:09 . 2014-01-29 02:06	381440	----a-w-	c:\windows\system32\wer.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-12 15:00 . 2012-08-02 16:48	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-03-12 15:00 . 2011-07-22 10:52	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-23 17:42 . 2012-01-26 13:26	332144	------w-	c:\program files\Common Files\MediaOrganizer.dll
2011-08-23 17:35 . 2012-01-26 13:26	33136	------w-	c:\program files\Common Files\FlickrProvider.dll
2011-08-23 17:35 . 2012-01-26 13:26	402800	------w-	c:\program files\Common Files\facebook.dll
2011-08-23 17:35 . 2012-01-26 13:26	130416	------w-	c:\program files\Common Files\PluginCommon.dll
2011-08-23 17:34 . 2012-01-26 13:26	465264	------w-	c:\program files\Common Files\AppFramework.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Tanneke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Tanneke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Tanneke\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-10-08 1934632]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 715368]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-20 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^Users^Tanneke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Tanneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Tanneke^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\users\Tanneke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerCloud]
2013-06-21 15:30	19503176	----a-w-	c:\program files\Acer\Acer Cloud\acpanel_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57	959904	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner]
2013-12-17 14:14	4370712	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cobian Backup 10]
2010-09-23 15:46	421376	----a-w-	c:\program files\Cobian Backup 10\Cobian.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2011-09-07 18:07	522752	------w-	c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-12 17:16	138096	----atw-	c:\users\Tanneke\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2011-05-25 06:45	336384	------w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.SYS [2010-08-09 82768]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-01 108032]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-01-18 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-01-18 11104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-11-28 47056]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-24 176128]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [2010-09-23 67584]
S2 CCDMonitorService;CCDMonitorService;c:\program files\Acer\Acer Cloud\CCDMonitorService.exe [2013-06-21 2651208]
S2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 739944]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-03-30 100880]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2011-01-25 68720]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-28 35968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2014-04-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 15:01]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3154680278-51844745-3711090763-1000Core.job
- c:\users\Tanneke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 17:16]
.
2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3154680278-51844745-3711090763-1000UA.job
- c:\users\Tanneke\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-02-19 17:16]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Tanneke\AppData\Roaming\Mozilla\Firefox\Profiles\kyzxi0ed.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-04-03  16:54:31
ComboFix-quarantined-files.txt  2014-04-03 14:54
.
Pre-Run: 26.123.751.424 bytes beschikbaar
Post-Run: 25.778.077.696 bytes beschikbaar
.
- - End Of File - - 6851D26E31F5EEEF2CA3E4E36B09C952
A36C5E4F47E84449FF07ED3517B43A31