
Zoek.exe v5.0.0.0 Updated 23-09-2015
Tool run by bart jansen on wo 23/09/2015 at 11:39:31,07.
Microsoft Windows 8.1 Pro 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\bart jansen\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used]

==== Older Logs ======================

C:\zoek-results2015-09-22-064114.log	25877 bytes

==== Torpig Check ======================

HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\DropboxCopyHook {FBC9D74C-AF55-4309-9FB2-C426E071637F} C:\Users\bart jansen\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileZilla3CopyHook {DB70412E-EEC9-479C-BBA9-BE36BFDDA41B} C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 


==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================


==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\BARTJA~1\AppData\Local\Temp ====
2015-09-23 08:21:37	78F768C4E0BD116AAF5EE41D760F899D	71168	----a-w-	C:\Users\bart jansen\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpju4kq7.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
====== C:\Windows\Tasks ======
2015-09-17 10:58:53	--------	d-----w-	C:\Windows\Sysnative\Tasks\Apple
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-09-21 06:18:38	--------	d-----w-	C:\Program Files\trend micro
2015-09-17 11:01:32	--------	d-----w-	C:\Program Files\iPod
2015-09-17 10:59:21	--------	d-----w-	C:\Program Files\Bonjour
======= C:\PROGRA~2 =====
2015-09-17 11:01:32	--------	d-----w-	C:\PROGRA~2\iTunes
2015-09-17 10:59:21	--------	d-----w-	C:\PROGRA~2\Bonjour
2015-09-17 10:58:52	--------	d-----w-	C:\PROGRA~2\Apple Software Update
2015-08-27 06:11:34	--------	d-----w-	C:\PROGRA~2\COMMON~1\Java
2015-08-25 05:56:51	--------	d-----w-	C:\PROGRA~2\QuickTime
======= C: =====
====== C:\Users\bart jansen\AppData\Roaming ======
2015-09-22 06:36:17	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2015-09-22 06:36:17	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2015-09-22 06:36:17	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2015-09-22 06:36:16	--------	d-----w-	C:\Users\bart jansen\AppData\Local\Temp
2015-09-04 06:12:15	--------	d-----w-	C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-27 06:55:38	--------	d-----w-	C:\Users\bart jansen\AppData\Roaming\TeamViewer
2015-08-27 06:09:01	--------	d-----w-	C:\Users\bart jansen\AppData\Roaming\Sun
2015-08-25 05:56:32	--------	d-----w-	C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Apple Computer
====== C:\Users\bart jansen ======
2015-09-22 12:42:44	D4DC35D50455CDA1E8BC20E993DE3BDB	1662976	----a-w-	C:\Users\bart jansen\Desktop\adwcleaner_5.008.exe
2015-09-17 11:03:01	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-04 07:03:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BNPPF Services
2015-08-27 06:09:00	--------	d-----w-	C:\Users\bart jansen\.oracle_jre_usage
2015-08-25 05:57:08	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

====== C: exe-files ==
2015-09-22 07:05:42	F051A6D1D7D27C094928DB1157291E5A	2934864	----a-w-	C:\Program Files (x86)\Google\Update\Install\{C4FADBF3-6B28-45DF-85C7-5D596AC2A397}\45.0.2454.99_45.0.2454.93_chrome_updater.exe
2015-09-22 07:05:41	F051A6D1D7D27C094928DB1157291E5A	2934864	----a-w-	C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\45.0.2454.99\45.0.2454.99_45.0.2454.93_chrome_updater.exe
2015-09-21 06:18:38	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\trend micro\bart jansen.exe
2015-09-17 11:06:19	9E919FC6F2B5ED86E4726697136B3F5F	1072720	----a-w-	C:\Program Files (x86)\Google\Update\Install\{F49EFECB-0AB9-4356-8CAB-895C1BA3C726}\45.0.2454.93_45.0.2454.85_chrome_updater.exe
2015-09-17 10:56:56	2DA6DBB603866CBFE35293E1331775ED	77080	----a-w-	C:\ProgramData\Apple Computer\Installer Cache\iTunes 12.3.0.44\SetupAdmin.exe
2015-09-17 06:08:32	30146DBA43CD38099789C4BC84FA661B	1273072	----a-w-	C:\Program Files (x86)\2BrightSparks\SyncBackFree\unins000.exe
=== C: other files ==
2015-09-23 09:31:55	10B1572BABFD7C716AF2FC1CFC91C4E3	130931	----a-w-	C:\Users\bart jansen\Desktop\8d135ec1-3239-4fce-a2b7-1c6e101ede22.zip
2015-09-22 10:34:17	DA621AA9D5FBD58B93EC2D55F7FF9856	8880625	----a-w-	C:\Users\bart jansen\Desktop\SCOCCA M2010 Prova 03.zip
2015-09-22 08:07:48	0D0265CF495A174610E184FF19639EA1	399261	----a-w-	C:\KeyShot 5 Network Resources\Master\835\result.zip
2015-09-22 08:07:00	2B8F79EE61ECF0298E1C36BB8B7E771A	412597	----a-w-	C:\KeyShot 5 Network Resources\Master\834\result.zip
2015-09-19 14:46:23	2FC0BEA32989A166089A9F319653E827	2541372	----a-w-	C:\Users\bart jansen\Desktop\TR1280.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\S-1-5-21-3477065875-901350911-2823266285-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"ACDSeeCommanderPro8"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe"
"Dropbox Update"="C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"iCloud"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NuTCSetupEnviron"="C:\PROGRA~1\PTC\MKSTOO~1\bin\ncoeenv.exe"
"DLSService"="C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
"IsaCertUpdate"="C:\Program Files (x86)\Common Files\Isabel\isacertupdate.exe"
"beid"="C:\Program Files (x86)\Belgium Identity Card\beid35gui.exe /startup"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DymoQuickPrint"="C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe /startup"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"iCloudDrive"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"
"ACDSeeCommanderPro8"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe"
"Dropbox Update"="C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Keyshot 5 Network SlaveTray"="C:\KeyShot5 Network Rendering\keyshot5_network_slave_tray.exe"
"Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"ACPW08EN"="C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe"
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"Seagull Drivers"="ssdal_nc.exe startup"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

==== Startup Folders ======================

2015-04-30 13:33:37	1206	----a-w-	C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2015-01-27 08:43:51	2862	----a-w-	C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Outlook 2013.lnk
2015-01-30 10:24:38	1506	----a-w-	C:\Users\bart jansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vlc.exe - Snelkoppeling.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001Core.job --a-------- C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 12:04]
C:\Windows\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001UA.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 14:54]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 14:54]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Acrobat Update Task" [C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\SysNative\tasks\Apple Diagnostics" [C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001Core" [C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\DropboxUpdateTaskUserS-1-5-21-3477065875-901350911-2823266285-1001UA" [C:\Users\bart jansen\AppData\Local\Dropbox\Update\DropboxUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{3596BD9F-8057-475C-9D0A-541240B37F45}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\2BrightSparks\SyncBackFree\bmbur01-bart jansen\D" [C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe]
"C:\Windows\SysNative\tasks\2BrightSparks\SyncBackFree\bmbur01-bart jansen\SyncBackFree" [C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2015-03-30 12:33:28	--------	d-----w-	C:\PROGRA~3\ACD Systems
2015-04-15 12:12:49	--------	d-----w-	C:\PROGRA~3\regid.1986-12.com.adobe
2015-04-27 14:39:09	--------	d-----w-	C:\PROGRA~3\Oracle
2015-04-27 14:39:34	--------	d-----w-	C:\PROGRA~3\Sun
2015-05-04 16:24:16	--------	d-----w-	C:\PROGRA~3\Apple Computer
2015-06-03 06:09:12	--------	d-----w-	C:\PROGRA~3\TuneUpMedia
2015-06-12 13:13:35	--------	d-----w-	C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-06-15 07:46:49	--------	d-----w-	C:\PROGRA~3\Isabel Services
2015-06-19 10:04:52	--------	d-----w-	C:\PROGRA~3\Dropbox
2015-06-27 13:13:13	--------	d-----w-	C:\PROGRA~3\Seagull
2015-07-15 17:18:17	--------	d-----w-	C:\PROGRA~3\Hewlett-Packard

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" []

==== Chromium Look ======================

Google Slides - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
iCloud Bookmarks - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah
Google Docs Offline - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi
Chrome Web Store Payments - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - bart jansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://cpb.bnpparibasfortis.be/cpbb/nl/Online-Services/Home/PC-banking-Business/page.aspx/11973"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://cpb.bnpparibasfortis.be/cpbb/nl/Online-Services/Home/PC-banking-Business/page.aspx/11973"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\SFW5AXHA will be deleted at reboot
C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\ZRKMZDUM will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\bart jansen\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=76 folders=60 31065367 bytes)

==== Empty Temp Folders ======================

C:\Users\bart jansen\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\BARTJA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\SFW5AXHA" not found
"C:\Users\bart jansen\AppData\Local\Microsoft\Windows\INetCache\IE\ZRKMZDUM" not found

==== EOF on wo 23/09/2015 at 13:47:13,33 ======================