
Zoek.exe v5.0.0.0 Updated 30-06-2014
Tool run by Gebruiker on za 05/07/2014 at 15:06:42,76.
Microsoft Windows 7 Professional  6.1.7600  x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users]  [Checkboxes used]

==== System Restore Info ======================

5/07/2014 15:11:40 Zoek.exe System Restore Point Created Succesfully.

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\GEBRUI~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2014-07-05 09:43:31	12E71DA845D76665B56753AD149E32B3	110296	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 09:43:07	BD27D97297934FD4217A37FD28A7ABC7	51928	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-07-05 09:43:07	8683C1B450F4B3872839308D836E0F92	23256	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-07-05 09:43:07	1AA835E8A0B8EDF3D676B4ED4BF5EF07	74456	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-05 09:22:27	--------	d-----w-	C:\Program Files\trend micro
2014-07-04 23:49:58	--------	d-----w-	C:\Program Files\Enigma Software Group
2014-07-04 23:48:57	--------	d-----w-	C:\Program Files\Common Files\Wise Installation Wizard
2014-06-23 08:43:39	--------	d-----w-	C:\Program Files\Common Files\Skype
======= C: =====
====== C:\Users\Gebruiker\AppData\Roaming ======
2014-07-05 12:59:46	--------	d-----w-	C:\Users\Gebruiker\AppData\Local\Adobe
2014-07-05 09:41:39	--------	d-----w-	C:\Users\Gebruiker\AppData\Local\Programs
====== C:\Users\Gebruiker ======
2014-07-05 09:40:53	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\Gebruiker\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 09:26:03	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\Gebruiker\Downloads\RSIT.exe
2014-07-05 09:16:40	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\Gebruiker\Desktop\RSIT.exe
2014-07-04 23:47:50	F45901843F9ABC3166F9333A34868CB5	728960	----a-w-	C:\Users\Gebruiker\Downloads\SpyHunter-Installer.exe
2014-06-25 12:38:52	C882E29819596BB487E59B4ABD6C33B7	4812672	----a-w-	C:\Users\Gebruiker\Downloads\ccsetup415 (1).exe
2014-06-25 12:38:49	C882E29819596BB487E59B4ABD6C33B7	4812672	----a-w-	C:\Users\Gebruiker\Downloads\ccsetup415.exe

====== C: exe-files ==
2014-07-05 13:00:07	699714221DFC31F26A41E53B0129225F	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-326445503-1950938359-1181011224-1001\$IDKOQ9Y.exe
2014-07-05 13:00:04	0E3F7459E22E408E05A0666F2D201274	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-326445503-1950938359-1181011224-1001\$IQGY9R3.exe
2014-07-05 09:40:53	E90BF9E1562F40140161573B79CD5720	17292760	----a-w-	C:\Users\Gebruiker\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-05 09:26:03	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\Gebruiker\Downloads\RSIT.exe
2014-07-05 09:22:28	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\Gebruiker.exe
2014-07-05 09:16:40	8685FAF50C04F9A9C2F56FF64B0B7ACB	1107968	----a-w-	C:\Users\Gebruiker\Desktop\RSIT.exe
2014-07-05 00:29:23	6B110E925294547A7D288F26DA19D199	179687	----a-w-	C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla18.exe
2014-07-04 23:49:04	2349274E327CAC32501C93AE37E16B48	180934	----a-w-	C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
2014-07-04 23:47:50	F45901843F9ABC3166F9333A34868CB5	728960	----a-w-	C:\Users\Gebruiker\Downloads\SpyHunter-Installer.exe
2014-07-04 23:31:10	70D09276FE2AAA808813399245A2F493	1542696	----a-w-	C:\Windows\Temp\contentDATs.exe
2014-07-04 17:38:49	68798D3E1B65A8C9777F99D78732A05B	168100	----a-w-	C:\$Recycle.Bin\S-1-5-21-326445503-1950938359-1181011224-1001\$RQGY9R3.exe
2014-07-04 17:29:39	6B407FC1D64EE620C21C833CC92ABD0F	168061	----a-w-	C:\$Recycle.Bin\S-1-5-21-326445503-1950938359-1181011224-1001\$RDKOQ9Y.exe
=== C: other files ==
2014-07-05 09:43:31	12E71DA845D76665B56753AD149E32B3	110296	----a-w-	C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-05 09:43:07	BD27D97297934FD4217A37FD28A7ABC7	51928	----a-w-	C:\Windows\System32\drivers\mwac.sys
2014-07-05 09:43:07	8683C1B450F4B3872839308D836E0F92	23256	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-07-05 09:43:07	1AA835E8A0B8EDF3D676B4ED4BF5EF07	74456	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-29 13:54:58	075517D50EDD2B912000F1385AE6B241	6075	----a-w-	C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-326445503-1950938359-1181011224-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"HP Photosmart 6520 series (NET)"="C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe -deviceID CN2AD351K705XP:NW -scfn HP Photosmart 6520 series (NET) -AutoStart 1"
"iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GetNowUpdater"="C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe /silent_startup"
"M6"="C:\Users\Gebruiker\AppData\Roaming\M6 Processing\M6.exe"
"vm6"="C:\Users\Gebruiker\AppData\Roaming\M6 Processing\vm6.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"cAudioFilterAgent"="C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe"
"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"BackupManagerTray"="C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe -h -k"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"Acer ePower Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN"
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mobilegeni daemon"="C:\Program Files\Mobogenie\DaemonProcess.exe"
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe -atboottime"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"HP Photosmart 6520 series (NET)"="C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe -deviceID CN2AD351K705XP:NW -scfn HP Photosmart 6520 series (NET) -AutoStart 1"
"iCloudServices"="C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe"
"ApplePhotoStreams"="C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"
"GetNowUpdater"="C:\Users\Gebruiker\AppData\Roaming\GetNowUpdater\update.0\bin\GetNowUpdater.exe /silent_startup"
"M6"="C:\Users\Gebruiker\AppData\Roaming\M6 Processing\M6.exe"
"vm6"="C:\Users\Gebruiker\AppData\Roaming\M6 Processing\vm6.exe"

==== Startup Folders ======================

2011-03-04 06:12:35	1728	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
2011-04-21 14:01:20	834	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/06/2011 16:40]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [19/06/2011 16:40]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001Core.job --a------ C:@C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001UA.job --a------ C:\@C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001Core" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskUserS-1-5-21-326445503-1950938359-1181011224-1001UA" [C:\Users\Gebruiker\AppData\Local\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HPCustParticipation HP Photosmart 6520 series" ["C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPCustPartic.exe"]
"C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe]
"C:\Windows\system32\tasks\{7F2509FE-B0C5-4242-98B0-6AABA52F3C5A}" [C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE]
"C:\Windows\system32\tasks\{93BB05C6-880E-4F80-8EC2-CCB4C6F174AC}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://ui.skype.com/ui/0/4.1.0.179.367/nl/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;notincluded]
"C:\Windows\system32\tasks\{CD34657B-AC64-434D-B285-9C5870D70150}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\Windows\system32\tasks\{F0FD11B8-4610-4899-910C-A23B466BC1AF}" [C:\Program Files\Skype\Phone\Skype.exe]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
godimpbmfohihoaikgfknnnmlncabkkp - C:\Windows\KBD2341Update-godimpbmfohihoaikgfknnnmlncabkkp\coc.crx[29/06/2014 15:54]
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Gebruiker\AppData\Local\Torch\Plugins\TorchPlugin.crx[28/08/2013 15:47]

ECHO is off (uit). - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\godimpbmfohihoaikgfknnnmlncabkkp
Google Wallet - Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Movies Toolbar - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaaabcbmongicmdegkmmfgdickgnnob
Ask Toolbar - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\aaaalejpmnocmhmlbmlkjemekckoagne
DropToS - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\cipmepknanmbbaneimacddfemfbfgpgo
FaceLift - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\gimjmfipknpppbpmkdenjjpfhobiiojk
Torch Helper - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\lecpjhggilhbceadobnggaagnpfpafhg
Torch Music - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\ohimbkoaphfnmekmfppijeblmkncneed
Hola - Gebruiker\AppData\Local\Torch\User Data\Default\Extensions\pdehmppfilefbolgganhfihpbmjlgebh

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=1 0 bytes)

==== EOF on za 05/07/2014 at 15:17:20,60 ======================