Zoek.exe v5.0.0.0 Updated 04-May-2015 Tool run by Gebruiker on di 11-08-2015 at 2:22:03,45. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Gebruiker\Downloads\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 11-8-2015 2:27:33 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\PROGRA~2\CanonEPP deleted successfully C:\PROGRA~2\CanonIJEPPEX2 deleted successfully C:\Users\Administrator\AppData\Local\Comodo deleted successfully C:\Users\Administrator\AppData\Local\Google deleted successfully C:\Users\Gast\AppData\Local\Comodo deleted successfully C:\Users\Gast\AppData\Local\Google deleted successfully C:\Users\Gebruiker\AppData\Local\Comodo deleted successfully C:\Users\Gebruiker\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\Gebruiker\AppData\Local\EmieSiteList deleted successfully C:\Users\Gebruiker\AppData\Local\EmieUserList deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Comodo deleted successfully C:\Users\HomeGroupUser$\AppData\Local\Google deleted successfully ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\GEBRUI~1\AppData\Local\Temp ==== 2015-08-11 00:17:06 BCA0388139FF5F60970FB96E56BC00EB 71168 ----a-w- C:\Users\Gebruiker\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpniz377.dll ====== Java Cache ===== ====== C:\Windows\system32 ===== 2015-07-28 06:59:21 394D7CF0A2B06C200E2F71F55985791E 587264 ----a-w- C:\Windows\System32\generaltel.dll 2015-07-28 06:59:20 EFDA27EFA3AAC7BEA00ED05ADA6F8352 932864 ----a-w- C:\Windows\System32\aeinv.dll 2015-07-28 06:59:20 BD632CE07DB16F06C06B18990F364E5B 924160 ----a-w- C:\Windows\System32\appraiser.dll 2015-07-28 06:59:20 773A6A82D7CDFB342617B66343AE5025 342016 ----a-w- C:\Windows\System32\devinv.dll 2015-07-28 06:59:20 62C5665D4ACC76CE0B9FC50741327575 58880 ----a-w- C:\Windows\System32\acmigration.dll 2015-07-28 06:59:20 0891AAA18F533C85FE106CE5141B8F3C 628736 ----a-w- C:\Windows\System32\invagent.dll 2015-07-28 06:59:19 76E04932A0B9959A9489580BDA1377B5 202752 ----a-w- C:\Windows\System32\aepdu.dll 2015-07-28 06:59:19 26D145018CC3DCE0330A400B9322F320 15808 ----a-w- C:\Windows\System32\CompatTelRunner.exe ====== C:\Windows\system32\drivers ===== 2015-07-29 20:46:26 A740F780721D99970A816687CB7B5D3C 218264 ----a-w- C:\Windows\System32\drivers\RapportKELL.sys 2015-07-29 20:46:26 38519A44D6A273593898A95FCF1F39AE 68280 ----a-w- C:\Windows\System32\drivers\RapportHades.sys 2015-07-15 08:31:19 C48A8284F018BEAAFC7A027A570D9C84 225792 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2015-07-15 08:31:18 C1CC047CE391BB88350379153BC1C8FA 98304 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2015-07-15 08:31:18 A1F4064171DB9F314BDABA0B43014CA4 67520 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2015-07-15 08:31:18 8A8BA57DF21630B36B2FAA229AC5B1D1 137664 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2015-07-15 08:31:18 01C5B803F6E1FDF8F16F0763DA9B997D 124416 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== ======= C: ===== ====== C:\Users\Gebruiker\AppData\Roaming ====== 2015-07-30 20:19:07 -------- d-----w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2015-07-20 11:13:19 -------- d-----w- C:\Users\Gebruiker\AppData\Local\CEF ====== C:\Users\Gebruiker ====== 2015-08-07 09:15:16 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gebruiker\Downloads\RSIT.exe ====== C: exe-files == 2015-08-07 10:13:51 F6C5B13482DA0C33517E32C9537EF309 544 ----a-w- C:\$RECYCLE.BIN\S-1-5-21-2690800931-1078553500-2598438441-1000\$I1P0ZKB.exe 2015-08-07 09:15:16 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\Gebruiker\Downloads\RSIT.exe === C: other files == 2015-08-11 00:22:13 41620441EAA22A06DAB0D90C11877B7D 921176 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1412121.sys 2015-08-11 00:22:13 21EDEE372C0E7464CE52C26BA70C58E1 535800 ----a-w- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_1412121.sys ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2690800931-1078553500-2598438441-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce] "SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:http://go.microsoft.com/fwlink/?LinkID=122915 /build:7601" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey" "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon" "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon" "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" "FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Dropbox Update"="C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" ==== Startup Folders ====================== 2015-06-14 06:48:59 1151 ----a-w- C:\Users\Gebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk 2015-04-05 23:28:02 2015 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [14-07-2015 15:44] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2690800931-1078553500-2598438441-1000Core.job --a------ C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [14-06-2015 08:41] C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-2690800931-1078553500-2598438441-1000UA.job --a------ C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe [14-06-2015 08:41] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-2690800931-1078553500-2598438441-1000Core" [C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\DropboxUpdateTaskUserS-1-5-21-2690800931-1078553500-2598438441-1000UA" [C:\Users\Gebruiker\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\Windows\system32\tasks\SidebarExecute" [C:\Program Files\Windows Sidebar\sidebar.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{456E6CF6-8977-4E34-A12B-4F285E71A992}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions ====================== AppDir: C:\Program Files\Mozilla Firefox - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\eywjyma1.default 0A1788EE70EF444DABA1E958092F4B85 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat 073A22FDCDAFD513DAD0D972BD2DF76E - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll - Silverlight Plug-In CA808688B28D12B368F9A511FC5E3697 - C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll - Java(TM) Platform SE 8 U45 B28862688B70415A3C0C5DCC8B242388 - C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 8.0.450.15 5B4DA1113F240C3F06FFF9D52761528B - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa CE252B04FB9F4F773A7DB5338BFEEA5B - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL - CANON iMAGE GATEWAY Album Plugin Utility 66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director FD82108FD60B63010325D9AF6F00AF99 - C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_209.dll - Shockwave Flash 6D23BB87BCF88731959BF79082D442E6 - C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrlui.dll - Microsoft® Silverlight ==== C:\zoek_backup content ====================== C:\zoek_backup (files=0 folders=0 0 bytes) ==== EOF on di 11-08-2015 at 2:34:05,32 ======================