
Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by Johnny on ma 05-01-2015 at 12:43:23,14.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Johnny\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== Older Logs ======================

C:\zoek-results2015-01-01-214548.log	134872 bytes

==== Empty Folders Check ======================

C:\PROGRA~3\Synology deleted successfully
C:\Users\Johnny\AppData\Local\CrashDumps deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Johnny\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-01 18:46:40	B9F9FD6188CC732F19DB69CAE5CC597C	272808	----a-w-	C:\Windows\SysWOW64\javaws.exe
2015-01-01 18:46:37	8FA677D5F2AFE2A3F111C50D68A93542	98216	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-01 18:46:37	3594C0ABBFFE10B3CF95714B8B3C89A4	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2015-01-01 18:46:37	095826BCBBFA5C09C72463A82612B23C	175528	----a-w-	C:\Windows\SysWOW64\java.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-12-28 13:02:23	8265CD5C67D0A35DFC40F3D1A8AC994C	94656	----a-w-	C:\Windows\Sysnative\WPRO_41_2001woem.tmp
====== C:\Windows\Sysnative\drivers =====
2014-12-31 17:49:19	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-12-31 17:49:03	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\Sysnative\drivers\mbam.sys
2014-12-31 17:49:03	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\Sysnative\drivers\mwac.sys
2014-12-31 17:49:03	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\Sysnative\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
2014-12-28 13:03:47	B63AD96D5AB77552EFDB7D2277C3B0CB	3886	----a-w-	C:\Windows\Sysnative\Tasks\Adobe Acrobat Update Task
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-01 18:51:54	--------	d-----w-	C:\Program Files\trend micro
2014-12-28 13:10:52	--------	d-----w-	C:\Program Files\iTunes
2014-12-28 13:10:52	--------	d-----w-	C:\Program Files\iPod
======= C:\PROGRA~2 =====
2015-01-01 18:46:41	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2014-12-28 13:11:25	--------	d-----w-	C:\PROGRA~2\QuickTime
2014-12-28 13:10:52	--------	d-----w-	C:\PROGRA~2\iTunes
2014-12-27 16:03:29	--------	d-----w-	C:\PROGRA~2\uunisales
2014-12-26 12:17:32	--------	d-----w-	C:\PROGRA~2\Faasoft
======= C: =====
====== C:\Users\Johnny\AppData\Roaming ======
2015-01-01 21:44:43	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Users\Kinderen\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Users\Johnny\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-01-01 21:44:43	--------	d-----w-	C:\Users\An\AppData\Local\Temp
2015-01-01 18:47:10	--------	d-----w-	C:\Users\Johnny\AppData\Roaming\Oracle
2014-12-28 13:05:36	--------	d-----w-	C:\Users\Johnny\AppData\Local\Mozilla
2014-12-26 12:17:38	--------	d-----w-	C:\Users\Johnny\AppData\Roaming\Faasoft Audio Converter
2014-12-26 12:17:33	--------	d-----w-	C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Faasoft
2014-12-26 12:10:05	--------	d-----w-	C:\Users\Johnny\AppData\Roaming\vlc
2014-12-14 16:31:21	--------	d-----w-	C:\Users\Johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HEMA fotoalbum be-nl
2014-12-14 16:31:20	--------	d-----w-	C:\Users\Johnny\AppData\Local\HEMA fotoalbum be-nl
====== C:\Users\Johnny ======
2015-01-01 18:42:42	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Johnny\Desktop\RSITx64.exe
2014-12-28 13:11:27	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-12-28 13:11:01	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-28 13:10:52	--------	d-----w-	C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7

====== C: exe-files ==
2015-01-01 18:51:54	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Johnny.exe
2015-01-01 18:46:40	B9F9FD6188CC732F19DB69CAE5CC597C	272808	----a-w-	C:\Windows\SysWOW64\javaws.exe
2015-01-01 18:46:37	3594C0ABBFFE10B3CF95714B8B3C89A4	175528	----a-w-	C:\Windows\SysWOW64\javaw.exe
2015-01-01 18:46:37	095826BCBBFA5C09C72463A82612B23C	175528	----a-w-	C:\Windows\SysWOW64\java.exe
2015-01-01 18:45:51	3842C46F2FBC7522EF625F1833530804	145408	----a-w-	C:\Users\Johnny\AppData\LocalLow\Sun\Java\jre1.7.0_71\lzma.exe
2015-01-01 18:42:42	8045ABB21A3BDD66A48E1ED5C0F0EF6A	1222144	----a-w-	C:\Users\Johnny\Desktop\RSITx64.exe
=== C: other files ==
2014-12-31 17:49:19	26C43960C99EE861A5D0EDC4DCF3B1C3	129752	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-12-31 17:49:03	CA43F8904E24BBE49982E4C0B29E6579	25816	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-12-31 17:49:03	A646C2DDB8C46E9B20A326FAF566646C	63704	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-12-31 17:49:03	478CC94C937D235CB0A96AB8F2359D81	93400	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1557971413-1195436277-1032636412-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Johnny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"AVG_UI"="C:\Program Files (x86)\AVG\AVG2015\avgui.exe /TRAYONLY"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"Reader Application Helper"="D:\Software proberen\appHelper\ReaderAppHelper.exe"
"vProt"="C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Johnny\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"CCleaner Monitoring"="C:\Program Files\CCleaner\CCleaner64.exe /MONITOR"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acronis Scheduler2Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acronis Scheduler2Service"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="APSDaemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUS EPM tray]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EaseUS EPM tray"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\EaseUS\\EaseUS Partition Master 9.3.0\\bin\\EpmNews.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Plex Media Server]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Plex Media Server"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Plex\\Plex Media Server\\Plex Media Server.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="QuickTime Task"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SAOB Monitor]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SAOB Monitor"
"hkey"="HKLM"
"command"="C:\\Program Files (x86)\\Acronis\\TrueImageHome\\OnlineBackupStandalone\\TrueImageMonitor.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify"
"hkey"="HKCU"
"command"="\"C:\\Users\\Johnny\\AppData\\Roaming\\Spotify\\spotify.exe\" /uri spotify:autostart"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spotify Web Helper"
"hkey"="HKCU"
"command"="\"C:\\Users\\Johnny\\AppData\\Roaming\\Spotify\\Data\\SpotifyWebHelper.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TrueImageMonitor.exe]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrueImageMonitor.exe"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Acronis\\TrueImageHome\\TrueImageMonitor.exe\""


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Johnny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
"path"="C:\\Users\\Johnny\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dropbox.lnk"
"backup"="C:\\Windows\\pss\\Dropbox.lnk.Startup"
"backupExtension"=".Startup"
"command"="C:\\Users\\Johnny\\AppData\\Roaming\\Dropbox\\bin\\Dropbox.exe /systemstartup"
"item"="Dropbox"


==== Startup Folders ======================

2014-01-17 20:26:38	2054	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\ASRock Internet Setup" [E:\ASRSetup.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473" [C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe]
"C:\Windows\SysNative\tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon" ["C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe"]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Johnny\AppData\Roaming\Mozilla\Firefox\Profiles\gmqwmhef.default
B207B7E0FB4172B73DF4A240A8DD90FE	- D:\Software proberen\npreaderdetectmoz.dll -	Reader Application Detector


==== C:\zoek_backup content ======================

C:\zoek_backup (files=551 folders=165 253594391 bytes)

==== EOF on ma 05-01-2015 at 12:45:40,08 ======================