
Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by R.P.W. van Tienen on vr 25-07-2014 at 19:46:31,33.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: D:\Users\R.P.W. van Tienen\Downloads\zoek.exe    [Scan all users] [Script inserted] 

==== System Restore Info ======================

25-7-2014 19:48:10 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\stinger deleted successfully
C:\Users\R.P.W. van Tienen\AppData\Roaming\Database Table Merger deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SpyHunter 4 Service deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] 
""=- 
"fst_nl_71"=- 
"BlockAndSurf"=- 

==== Deleting Files \ Folders ======================

C:\Program Files (x86)\di5BlockAndSurf not found
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCall.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla2.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla21.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla31.exe" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla32.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla33.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla34.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.dll" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseCustomCalla37.exe" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP\WiseData.ini" deleted
"C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\RPW~1.VAN\AppData\Local\Temp ====
2014-07-23 21:10:18	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\ESGScanner.sys
2014-07-23 21:10:18	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\ESGScanner.sys
2014-07-23 21:05:15	DCB0B55017256D985C34C9277A4DA0F6	47329360	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\SHSetup.exe
2014-07-23 21:05:15	DCB0B55017256D985C34C9277A4DA0F6	47329360	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\SHSetup.exe
2014-07-23 19:14:52	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n5676\s5676.exe
2014-07-23 19:14:52	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n5676\s5676.exe
2014-07-23 19:14:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n5643\s5643.exe
2014-07-23 19:14:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n5643\s5643.exe
2014-07-23 19:11:11	AB7822F0CA840D51ABBD49EC0F71A593	1883792	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n4709\irfanview-4.37-multi.exe
2014-07-23 19:11:11	AB7822F0CA840D51ABBD49EC0F71A593	1883792	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\irfanview-4.37-multi.exe
2014-07-23 19:10:31	F0F3706910D84499E7845934117022BA	55363	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n4709\wajam_2207-6c14163c.exe
2014-07-23 19:10:31	F0F3706910D84499E7845934117022BA	55363	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\wajam_2207-6c14163c.exe
2014-07-23 19:10:29	2701B76FD4D3163E20B75A613198AC84	5077425	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n4709\FLVMPlayerSetup-c45490cb.exe
2014-07-23 19:10:29	!HASH: COULD NOT OPEN FILE !!!!!	5077425	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\FLVMPlayerSetup-c45490cb.exe
2014-07-23 19:09:56	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n4709\s4709.exe
2014-07-23 19:09:56	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\s4709.exe
2014-07-23 19:09:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\RPW~1.VAN\AppData\Local\Temp\n4663\s4663.exe
2014-07-23 19:09:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4663\s4663.exe
2014-07-23 12:51:44	A7ED81A0BB0F50C456CFD6048B9A5389	575544	------w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\is45637729\74525_stp\AnyProtectScannerSetup.exe
2014-07-23 12:51:44	A7ED81A0BB0F50C456CFD6048B9A5389	575544	------w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\is45637729\74525_stp\AnyProtectScannerSetup.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\nsz9469.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\nst7787.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\nsp79DA.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\nsh2C61.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\RPW~1.VAN\AppData\Local\Temp\nsg9749.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\nsz9469.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\nst7787.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\nsp79DA.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\nsh2C61.exe
2014-07-16 16:40:08	02C162FD7706E887624DFCC410979355	156061	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\nsg9749.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-07-23 20:49:04	0DC5AF80D059DEC792B665ED598C6567	536576	----a-w-	C:\Windows\SysWOW64\sqlite3.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-07-23 04:21:20	04142EC4BDD7F502922914F65A5EE1D1	4756992	----a-w-	C:\Windows\Sysnative\SyncEngine.dll
2014-07-23 04:21:19	BCCFB97B1B68DD18F2BDACFE37409386	716800	----a-w-	C:\Windows\Sysnative\SkyDriveTelemetry.dll
2014-07-23 04:21:19	11FD8DDAB6014EECCE88F1F581604C30	1120256	----a-w-	C:\Windows\Sysnative\SkyDrive.exe
====== C:\Windows\Sysnative\drivers =====
2014-07-23 21:10:18	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Windows\Sysnative\drivers\EsgScanner.sys
2014-07-23 19:35:38	D41D8CD98F00B204E9800998ECF8427E	0	---ha-w-	C:\Windows\Sysnative\drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-09 10:03:00	374E27295F0A9DCAA8FC96370F9BEEA5	563200	----a-w-	C:\Windows\Sysnative\drivers\afd.sys
2014-07-09 10:02:55	1CD3A907D64D08F49208DA00B69BF35E	565576	----a-w-	C:\Windows\Sysnative\drivers\cng.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-07-23 21:10:05	--------	d-----w-	C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2014-07-24 18:44:28	--------	d-----w-	C:\PROGRA~2\trend micro
2014-07-23 21:09:07	--------	d-----w-	C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-07-23 19:19:05	--------	d-----w-	C:\PROGRA~2\IrfanView
======= C: =====
2014-07-23 21:10:29	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\autoexec.bat
====== C:\Users\R.P.W. van Tienen\AppData\Roaming ======
2014-07-23 19:24:52	--------	d-----w-	C:\Users\RPW~1.VAN\AppData\Local\RepositoryScrollingSyntax
2014-07-23 19:24:52	--------	d-----w-	C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax
2014-07-23 19:19:05	--------	d-----w-	C:\Users\RPW~1.VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 19:19:05	--------	d-----w-	C:\Users\RPW~1.VAN\AppData\Roaming\IrfanView
2014-07-23 19:19:05	--------	d-----w-	C:\Users\R.P.W. van Tienen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-07-23 19:19:05	--------	d-----w-	C:\Users\R.P.W. van Tienen\AppData\Roaming\IrfanView
====== C:\Users\R.P.W. van Tienen ======
2014-07-23 19:35:38	02C1EE40968BAA67C3A785CDA9807125	262	--sha-r-	C:\ProgramData\ntuser.pol
2014-07-11 13:42:06	--------	d-----r-	C:\Windows\SysNative\config\systemprofile\Searches

====== C: exe-files ==
2014-07-24 18:44:29	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files (x86)\trend micro\R.P.W. van Tienen.exe
2014-07-23 21:05:15	DCB0B55017256D985C34C9277A4DA0F6	47329360	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\SHSetup.exe
2014-07-23 20:01:10	B101DD27C79ADE265E2704EFD28E9D67	170880	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\IE\MQQ4RULB\spstub[1].exe
2014-07-23 19:59:06	A3248115AA7D2D7BA1689EA8BFFF67A1	645864	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\Low\IE\6BYRX0JS\cbsidlm-cbsi188-EXIF_Viewer-SEO-75912951[1].exe
2014-07-23 19:34:38	09B110D8ACCCC4658949DA0379CEACAE	237196	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Microsoft\Windows\INetCache\IE\TTOEBY3D\VuuPC_VO2_8907[1].exe
2014-07-23 19:25:03	F14D09A83005FC7E50FF169323959069	98341	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\RepositoryScrollingSyntax.exe
2014-07-23 19:24:52	BA5F0E52CE1756D6D2FE7D30934F442A	226853	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\RepositoryScrollingSyntax\ClassFrozenSprite.exe
2014-07-23 19:19:05	D5C0C468F5CE03E680F73283EC5DF1AC	598160	----a-w-	C:\Program Files (x86)\IrfanView\i_view32.exe
2014-07-23 19:19:05	6D57AD64C3E9120D0D433981C49C5D72	38056	----a-w-	C:\Program Files (x86)\IrfanView\iv_uninstall.exe
2014-07-23 19:19:05	5C8B9185EC13998B7B848F34706790A1	97792	----a-w-	C:\Program Files (x86)\IrfanView\Plugins\Slideshow.exe
2014-07-23 19:14:52	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n5676\s5676.exe
2014-07-23 19:14:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n5643\s5643.exe
2014-07-23 19:11:11	AB7822F0CA840D51ABBD49EC0F71A593	1883792	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\irfanview-4.37-multi.exe
2014-07-23 19:10:31	F0F3706910D84499E7845934117022BA	55363	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\wajam_2207-6c14163c.exe
2014-07-23 19:10:29	2701B76FD4D3163E20B75A613198AC84	5077425	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\FLVMPlayerSetup-c45490cb.exe
2014-07-23 19:09:56	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4709\s4709.exe
2014-07-23 19:09:42	13B3E3BB0757730A2442C8149381B458	295256	----atw-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\n4663\s4663.exe
2014-07-23 12:51:44	A7ED81A0BB0F50C456CFD6048B9A5389	575544	------w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\is45637729\74525_stp\AnyProtectScannerSetup.exe
2014-07-23 04:21:19	11FD8DDAB6014EECCE88F1F581604C30	1120256	----a-w-	C:\Windows\System32\SkyDrive.exe
2014-07-20 21:25:44	97F8A99B8063A15665FFF82EDF0F4302	716145	----a-w-	C:\Program Files (x86)\gsak\unins000.exe
2014-07-19 04:14:18	C5D237A3DA4A914D19D825C73FDE4487	8848464	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\36.0.1985.125\36.0.1985.125_35.0.1916.153_chrome_updater.exe
=== C: other files ==
2014-07-24 18:40:25	031C5C2713239D159669CF41F5DD2961	182525524	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Roaming\gsak\Backup\GSAKAuto1.zip
2014-07-23 21:10:29	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\autoexec.bat
2014-07-23 21:10:18	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Windows\System32\drivers\EsgScanner.sys
2014-07-23 21:10:18	3B32CAA07D672F8A2E0DF5CB3A873F45	22704	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Local\Temp\ESGScanner.sys

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"HP Software Update"="C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 60"
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SamsungRapidApp"="C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe"
"Logitech Download Assistant"="C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch"

==== Startup Folders ======================

2014-04-10 12:22:34	1299	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
2014-04-30 17:41:53	1129	----a-w-	C:\Users\R.P.W. van Tienen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk
2014-04-10 12:22:34	1299	----a-w-	C:\Users\RPW~1.VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
2014-04-30 17:41:53	1129	----a-w-	C:\Users\RPW~1.VAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verzenden naar OneNote.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore1cf69721ec9a6dd.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-04-2014 21:03]
C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf8a67ee72dda8.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [16-04-2014 21:03]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\BrowserChoice\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore1cf69721ec9a6dd" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA1cf8a67ee72dda8" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{D4271788-CA1F-471C-99AC-21850301F2B1}" [C:\Windows\system32\msfeedssync.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [03-07-2014 17:13]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]

Google Docs - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - R.P.W. van Tienen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
SiteAdvisor - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Google Wallet - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - RPW~1.VAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== C:\zoek_backup content ======================

C:\zoek_backup (files=12 folders=1 1715695 bytes)

==== EOF on vr 25-07-2014 at 19:54:54,26 ======================