Zoek.exe v5.0.0.0 Updated 28-December-2013 Tool run by siemens on zo 29/12/2013 at 23:16:25,58. Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\siemens\Desktop\zoek\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe C:\Windows\system32\nvvsvc.exe C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe C:\Windows\system32\lxbkcoms.exe C:\Program Files\Athan\Athan.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\System32\MsSpellCheckingFacility.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\Desktop\zoek\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== System Restore Info ====================== 29/12/2013 23:18:50 Zoek.exe System Restore Point Created Succesfully. ==== Torpig Check ====================== HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll ==== Empty Folders Check ====================== C:\Program Files\Nokia deleted successfully C:\Program Files\WinZipper deleted successfully C:\ProgramData\Babylon deleted successfully C:\ProgramData\Wincert deleted successfully C:\Users\siemens\AppData\Roaming\PerformerSoft deleted successfully C:\Users\siemens\AppData\Roaming\QuickScan deleted successfully C:\Users\siemens\AppData\Roaming\WinZipper deleted successfully C:\Users\siemens\AppData\Local\CUSTPDF Writer deleted successfully C:\Users\siemens\AppData\Local\MigWiz deleted successfully C:\Users\siemens\AppData\Local\PackageAware deleted successfully ==== Checking Systemdrive for Symlinks ====================== Het volume in station C heeft geen naam. Het volumenummer is 184D-F658 Map van C:\ 14/07/2009 05:53 Documents and Settings [C:\Users] 0 bestand(en) 0 bytes Map van C:\Program Files\Windows NT 01/01/2012 16:31 Bureau-accessoires [C:\Program Files\Windows NT\Accessories] 0 bestand(en) 0 bytes Map van C:\ProgramData 14/07/2009 05:53 Application Data [C:\ProgramData] 01/01/2012 16:31 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 01/01/2012 16:31 Documenten [C:\Users\Public\Documents] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 01/01/2012 16:31 Favorieten [C:\Users\Public\Favorites] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 01/01/2012 16:31 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 01/01/2012 16:31 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\ProgramData\Microsoft\Windows\Start Menu 01/01/2012 16:31 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users 14/07/2009 05:53 All Users [C:\ProgramData] 14/07/2009 05:53 Default User [C:\Users\Default] 0 bestand(en) 0 bytes Map van C:\Users\All Users 14/07/2009 05:53 Application Data [C:\ProgramData] 01/01/2012 16:31 Bureaublad [C:\Users\Public\Desktop] 14/07/2009 05:53 Desktop [C:\Users\Public\Desktop] 01/01/2012 16:31 Documenten [C:\Users\Public\Documents] 14/07/2009 05:53 Documents [C:\Users\Public\Documents] 01/01/2012 16:31 Favorieten [C:\Users\Public\Favorites] 14/07/2009 05:53 Favorites [C:\Users\Public\Favorites] 01/01/2012 16:31 Menu Start [C:\ProgramData\Microsoft\Windows\Start Menu] 01/01/2012 16:31 Sjablonen [C:\ProgramData\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\All Users\Microsoft\Windows\Start Menu 01/01/2012 16:31 Programma's [C:\ProgramData\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 05:53 Local Settings [C:\Users\Default\AppData\Local] 01/01/2012 16:31 Menu Start [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 01/01/2012 16:31 Mijn documenten [C:\Users\Default\Documents] 14/07/2009 05:53 My Documents [C:\Users\Default\Documents] 14/07/2009 05:53 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 01/01/2012 16:31 Netwerkprinteromgeving [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 05:53 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 05:53 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 05:53 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 01/01/2012 16:31 Sjablonen [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 14/07/2009 05:53 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 05:53 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Local 14/07/2009 05:53 Application Data [C:\Users\Default\AppData\Local] 01/01/2012 16:31 Geschiedenis [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 05:53 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 05:53 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu 01/01/2012 16:31 Programma's [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\Default\Documents 01/01/2012 16:31 Mijn afbeeldingen [C:\Users\Default\Pictures] 01/01/2012 16:31 Mijn muziek [C:\Users\Default\Music] 01/01/2012 16:31 Mijn video's [C:\Users\Default\Videos] 14/07/2009 05:53 My Music [C:\Users\Default\Music] 14/07/2009 05:53 My Pictures [C:\Users\Default\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Default\Videos] 0 bestand(en) 0 bytes Map van C:\Users\DefaultAppPool 19/03/2013 20:39 Application Data [C:\Users\DefaultAppPool\AppData\Roaming] 19/03/2013 20:39 Cookies [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Cookies] 19/03/2013 20:39 Local Settings [C:\Users\DefaultAppPool\AppData\Local] 19/03/2013 20:39 Menu Start [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu] 19/03/2013 20:39 Mijn documenten [C:\Users\DefaultAppPool\Documents] 19/03/2013 20:39 NetHood [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 19/03/2013 20:39 Netwerkprinteromgeving [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 19/03/2013 20:39 Recent [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Recent] 19/03/2013 20:39 SendTo [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo] 19/03/2013 20:39 Sjablonen [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\DefaultAppPool\AppData\Local 19/03/2013 20:39 Application Data [C:\Users\DefaultAppPool\AppData\Local] 19/03/2013 20:39 Geschiedenis [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\History] 19/03/2013 20:39 Temporary Internet Files [C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu 19/03/2013 20:39 Programma's [C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\DefaultAppPool\Documents 19/03/2013 20:39 Mijn afbeeldingen [C:\Users\DefaultAppPool\Pictures] 19/03/2013 20:39 Mijn muziek [C:\Users\DefaultAppPool\Music] 19/03/2013 20:39 Mijn video's [C:\Users\DefaultAppPool\Videos] 0 bestand(en) 0 bytes Map van C:\Users\Public\Documents 01/01/2012 16:31 Mijn afbeeldingen [C:\Users\Public\Pictures] 01/01/2012 16:31 Mijn muziek [C:\Users\Public\Music] 01/01/2012 16:31 Mijn video's [C:\Users\Public\Videos] 14/07/2009 05:53 My Music [C:\Users\Public\Music] 14/07/2009 05:53 My Pictures [C:\Users\Public\Pictures] 14/07/2009 05:53 My Videos [C:\Users\Public\Videos] 0 bestand(en) 0 bytes Map van C:\Users\siemens 01/01/2012 16:32 Application Data [C:\Users\siemens\AppData\Roaming] 01/01/2012 16:32 Cookies [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Cookies] 01/01/2012 16:32 Local Settings [C:\Users\siemens\AppData\Local] 01/01/2012 16:32 Menu Start [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Start Menu] 01/01/2012 16:32 Mijn documenten [C:\Users\siemens\Documents] 01/01/2012 16:32 NetHood [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 01/01/2012 16:32 Netwerkprinteromgeving [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 01/01/2012 16:32 Recent [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Recent] 01/01/2012 16:32 SendTo [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\SendTo] 01/01/2012 16:32 Sjablonen [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\siemens\AppData\Local 01/01/2012 16:32 Application Data [C:\Users\siemens\AppData\Local] 01/01/2012 16:32 Geschiedenis [C:\Users\siemens\AppData\Local\Microsoft\Windows\History] 01/01/2012 16:32 Temporary Internet Files [C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\siemens\AppData\LocalLow 24/09/2012 18:13 PlayReady [C:\ProgramData\Microsoft\PlayReady] 0 bestand(en) 0 bytes Map van C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Start Menu 01/01/2012 16:32 Programma's [C:\Users\siemens\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\siemens\Documents 01/01/2012 16:32 Mijn afbeeldingen [C:\Users\siemens\Pictures] 01/01/2012 16:32 Mijn muziek [C:\Users\siemens\Music] 01/01/2012 16:32 Mijn video's [C:\Users\siemens\Videos] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser 01/01/2012 18:17 Application Data [C:\Users\UpdatusUser\AppData\Roaming] 01/01/2012 18:17 Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies] 01/01/2012 18:17 Local Settings [C:\Users\UpdatusUser\AppData\Local] 01/01/2012 18:17 Menu Start [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu] 01/01/2012 18:17 Mijn documenten [C:\Users\UpdatusUser\Documents] 01/01/2012 18:17 NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 01/01/2012 18:17 Netwerkprinteromgeving [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 01/01/2012 18:17 Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent] 01/01/2012 18:17 SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo] 01/01/2012 18:17 Sjablonen [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Local 01/01/2012 18:17 Application Data [C:\Users\UpdatusUser\AppData\Local] 01/01/2012 18:17 Geschiedenis [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History] 01/01/2012 18:17 Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu 01/01/2012 18:17 Programma's [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs] 0 bestand(en) 0 bytes Map van C:\Users\UpdatusUser\Documents 01/01/2012 18:17 Mijn afbeeldingen [C:\Users\UpdatusUser\Pictures] 01/01/2012 18:17 Mijn muziek [C:\Users\UpdatusUser\Music] 01/01/2012 18:17 Mijn video's [C:\Users\UpdatusUser\Videos] 0 bestand(en) 0 bytes Totaal aantal weergegeven bestanden: 0 bestand(en) 0 bytes 110 map(pen) 43.692.216.320 bytes beschikbaar ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully HKEY_CLASSES_ROOT\CLSID\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_CLASSES_ROOT\CLSID\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_CLASSES_ROOT\CLSID\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775b} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{4c60e5ab-5c68-4c59-abaa-885010b24b32} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{00000000-0000-0000-0000-000000000000} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{d28c7e56-2cc6-415c-8727-d71334085926} deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} deleted successfully ==== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) ABBYY FineReader 4.0 Sprint Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader XI (11.0.05) - Nederlands Adobe Shockwave Player 12.0 Apple Application Support Apple Mobile Device Support Apple Software Update Athan Basic 4.4 Bitdefender Internet Security 2012 Bonjour BrowseToSave 1.74 CCleaner doPDF 5.2 printer Free PDF to Word Converter 1.3 FromDocToPDF Toolbar Google Chrome Google Toolbar for Internet Explorer Google Update Helper iCloud iTunes Lexmark X1100 Series Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile NLD Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended NLD Language Pack Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (Dutch) 2007 Microsoft Office Excel MUI (Dutch) 2007 Microsoft Office File Validation Add-In Microsoft Office InfoPath MUI (Dutch) 2007 Microsoft Office Outlook MUI (Dutch) 2007 Microsoft Office PowerPoint MUI (Dutch) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (Dutch) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proofing (Dutch) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (Dutch) 2007 Microsoft Office Shared MUI (Dutch) 2007 Microsoft Office Word MUI (Dutch) 2007 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works 6-9 Converter Microsoft_VC100_CRT_SP1_x86 MSVC80_x86_v2 MSVC90_x86 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2758694) MyTomTom 3.2.0.700 Nero 7 Ultra Edition neroxml NVIDIA-configuratiescherm 311.06 NVIDIA 3D Vision stuurprogramma 311.06 NVIDIA Grafisch stuurprogramma 311.06 NVIDIA Install Application NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.11.3 NVIDIA Update Components PDF Creator QuickTime RealDownloader RealNetworks - Microsoft Visual C++ 2008 Runtime RealNetworks - Microsoft Visual C++ 2010 Runtime RealPlayer RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition SkypeT 6.11 swMSM Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD Taalpakket voor Microsoft .NET Framework 4 Extended - NLD TomTom HOME TomTom HOME Visual Studio Merge Modules Unity Web Player Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition Update voor Microsoft Office Excel 2007 Help (KB963678) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) Update voor Microsoft Office Word 2007 Help (KB963665) Upgrade VC80CRTRedist - 8.0.50727.6195 Visual Studio C++ 10.0 Runtime Windows Mobile Apparaatcentrum WinPcap 4.1.2 WinRAR WiseConvert Toolbar ==== Deleting Services ====================== ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF Search Scope Monitor] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command] @="C:\\Program Files\\Internet Explorer\\iexplore.exe" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== C:\Program Files\WiseConvert deleted C:\Users\siemens\appdata\locallow\WiseConvert deleted C:\Users\siemens\AppData\Local\FromDocToPDF_65 deleted C:\Users\siemens\appdata\locallow\FromDocToPDF_65 deleted C:\Program Files\BrowseToSave deleted C:\Program Files\FoxTabPDFConverter deleted C:\Program Files\Common Files\337 deleted C:\Program Files\Desk 365 deleted C:\Program Files\Conduit deleted C:\Users\siemens\AppData\Roaming\7go deleted C:\Users\siemens\AppData\Roaming\speedanalysis.ico deleted C:\Users\siemens\AppData\Roaming\SpeedAnalysis2 deleted C:\Users\siemens\AppData\Roaming\Desk 365 deleted C:\Users\siemens\AppData\Roaming\eIntaller deleted C:\Users\siemens\AppData\Roaming\BabSolution deleted C:\Users\siemens\AppData\Roaming\Babylon deleted C:\Users\siemens\AppData\Roaming\File Scout deleted C:\Users\siemens\AppData\Roaming\NCdownloader deleted C:\ProgramData\Conduit deleted C:\ProgramData\eSafe deleted C:\ProgramData\boost_interprocess deleted C:\ProgramData\IBUpdaterService deleted C:\ProgramData\InstallMate deleted C:\ProgramData\Tarma Installer deleted C:\ProgramData\Premium deleted C:\Users\siemens\AppData\Local\Ilivid Player deleted C:\Users\siemens\AppData\Local\IAC deleted C:\Users\siemens\AppData\Local\Programs deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save deleted C:\Windows\System32\Tasks\PC Performer_DEFAULT deleted C:\Windows\System32\Tasks\PC Performer_UPDATES deleted C:\Users\siemens\AppData\LocalLow\Browse2save deleted C:\Users\siemens\AppData\LocalLow\IAC deleted C:\Users\siemens\AppData\LocalLow\searchquband deleted C:\Users\siemens\AppData\LocalLow\searchresultstb deleted C:\Users\siemens\AppData\LocalLow\Delta deleted C:\Users\siemens\AppData\LocalLow\DataMngr deleted C:\Users\siemens\AppData\LocalLow\PriceGong deleted C:\Users\siemens\AppData\LocalLow\Conduit deleted C:\Windows\tasks\PC Performer_DEFAULT.job deleted C:\Windows\tasks\PC Performer_UPDATES.job deleted C:\Windows\system32\tasks\Desk 365 RunAsStdUser deleted C:\Windows\system32\tasks\LyricsViewer Update deleted C:\Windows\tasks\LyricsViewer Update.job deleted C:\user.js deleted C:\END deleted C:\Windows\system32\roboot.exe deleted C:\Windows\System32\searchplugins deleted C:\Windows\System32\Extensions deleted C:\Users\siemens\AppData\Roaming\Mozilla\Extensions\7go@7go.com deleted C:\Users\siemens\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\65barsvc.exe" deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin\T8RES.DLL" deleted "C:\Program Files\FromDocToPDF_65" not deleted "C:\Program Files\FromDocToPDF_65" not deleted "C:\Program Files\FromDocToPDF_65\bar" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin" not deleted "C:\Program Files\FromDocToPDF_65\bar" not deleted "C:\Program Files\FromDocToPDF_65\bar\1.bin" not deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Athan"="C:\Program Files\Athan\Athan.exe" "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" "TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe -osboot" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun" ==== Startup Registry Disabled ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] "command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "hkey"="HKLM" "item"="Adobe ARM" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon] "command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "hkey"="HKLM" "item"="APSDaemon" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FromDocToPDF_65 Browser Plugin Loader] "command"="C:\\PROGRA~1\\FROMDO~2\\bar\\1.bin\\65brmon.exe" "hkey"="HKLM" "item"="FromDocToPDF_65 Browser Plugin Loader" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint] "command"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\"" "hkey"="HKLM" "item"="IntelliPoint" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "hkey"="HKLM" "item"="iTunesHelper" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lxbkbmgr.exe] "command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\"" "hkey"="HKLM" "item"="lxbkbmgr.exe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NSU_agent] "command"="\"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu3ui_agent.exe\"" "hkey"="HKLM" "item"="NSU_agent" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task] "command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime" "hkey"="HKLM" "item"="QuickTime Task" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe] "command"="\"c:\\program files\\real\\realplayer\\Update\\realsched.exe\" -osboot" "hkey"="HKLM" "item"="TkBellExe" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center] "command"="C:\\Windows\\WindowsMobile\\wmdc.exe" "hkey"="HKLM" "item"="Windows Mobile Device Center" "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" "msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background" "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-] "Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\"" "APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\"" "Athan"="C:\\Program Files\\Athan\\Athan.exe" "BDAgent"="\"C:\\Program Files\\Bitdefender\\Bitdefender 2012\\bdagent.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "snpstd3"="C:\\Windows\\vsnpstd3.exe" "TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 14:20] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/03/2012 16:40] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/03/2012 16:40] ==== Other Scheduled Tasks ====================== "C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe] "C:\Windows\system32\tasks\4937" [wscript.exe C:\Users\siemens\AppData\Local\Temp\launchie.vbs //B] "C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"] "C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe] "C:\Windows\system32\tasks\User_Feed_Synchronization-{1AC3E8F1-8BA5-4796-A020-258BD0BD1186}" [C:\Windows\system32\msfeedssync.exe] "C:\Windows\system32\tasks\{0C0B54A5-9C71-44A5-A1EA-E8C489EE91EF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar] "C:\Windows\system32\tasks\{1F1B7320-8862-4F85-A4D8-27FB9B51825A}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar] "C:\Windows\system32\tasks\{402BDF80-74A8-4B72-B657-7D6D20C7827D}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar] "C:\Windows\system32\tasks\{44A406A9-72DC-49AC-9F19-033132ADBE33}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&page=tsProgressBar] "C:\Windows\system32\tasks\{50833EEA-AE01-4986-930D-02357B6254B9}" [C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe] "C:\Windows\system32\tasks\{6CCC9085-BF77-4590-9FB3-2A54D0A74020}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/nl/abandoninstall?page=tsMain] "C:\Windows\system32\tasks\{6F544C63-F146-4782-901F-FB205581AC16}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&page=tsProgressBar] "C:\Windows\system32\tasks\{74B4947C-B7C3-43A0-AB43-878AF74372D1}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&page=tsProgressBar] "C:\Windows\system32\tasks\{87EB79D3-F801-4DC4-B928-71684EAE7F55}" [C:\Program Files\Lexmark X1100 Series\LXBKaiox.exe] "C:\Windows\system32\tasks\{9F1F3B66-175B-48D4-B15F-A87966E19C91}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.0.0.126/nl/abandoninstall?page=tsProgressBar] "C:\Windows\system32\tasks\{9F761698-7CC5-42A2-B341-43F896800D21}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.8.0.154&LastError=12002] "C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe] ==== Folders in C:\ProgramData 0-6 Months Old ====================== 2013-07-12 12:18:05 -------- d-----w- C:\ProgramData\Installations 2013-07-12 12:40:12 -------- d-----w- C:\ProgramData\PC Suite 2013-07-12 13:58:30 -------- d-----w- C:\ProgramData\NokiaInstallerCache 2013-08-21 20:22:00 -------- d-----w- C:\ProgramData\DivX 2013-10-08 06:02:13 -------- d-----w- C:\ProgramData\Apple Computer 2013-12-24 10:07:10 -------- d-----w- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-12-27 13:58:27 -------- d-----w- C:\ProgramData\RealNetworks ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [27/12/2013 14:58] [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions] "speedanalysis02@SpeedAnalysis.com"="C:\Users\siemens\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com" [] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eooncjejnppfjjklapaamhcdmjbilmde - C:\Users\siemens\AppData\Roaming\BabSolution\CR\Delta.crx[] gjajpkikblccgefaibcafkfbanllpefi - C:\Users\siemens\AppData\Roaming\7go\7go.crx[] idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24] 7Go Games - siemens - Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi MoneyMillionaire extension - siemens - Default\Extensions\iapkompmljjcdangdahmcnicaoianjnf Tuvaro Chrome Toolbar - siemens - Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh Google Docs - siemens - Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - siemens - Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - siemens - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - siemens - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Delta Toolbar - siemens - Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde RealDownloader - siemens - Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji Google Wallet - siemens - Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - siemens - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chrome Fix ====================== C:\Users\siemens\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully C:\Users\siemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjajpkikblccgefaibcafkfbanllpefi deleted successfully C:\Users\siemens\AppData\Local\Google\Chrome\User Data\Default\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Use Search Asst"="yes" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=BE&userid=7c0abb94-8858-6978-458e-300b1439d3cc&searchtype=ds&q={searchTerms}&installDate={installDate}" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266" "SearchAssistant"="http://search.qvo6.com/web/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=ds&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=BE&userid=7c0abb94-8858-6978-458e-300b1439d3cc&searchtype=ds&q={searchTerms}&installDate={installDate}" "SearchAssistant"="http://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=BE&userid=7c0abb94-8858-6978-458e-300b1439d3cc&searchtype=ds&q={searchTerms}&installDate={installDate}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{006ee092-9658-4fd6-bd8e-a21a348e59f5}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search] "CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown Url="Not_Found" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully HKEY_CLASSES_ROOT\CLSID\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Mozilla\Firefox\Extensions\7go@7go.com deleted successfully HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Mozilla\Firefox\Extensions\speedanalysis02@SpeedAnalysis.com deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{c66a678d-5e6c-4af9-8f57-c6192f42cf74} deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\7go@7go.com deleted successfully HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\speedanalysis02@SpeedAnalysis.com deleted successfully ==== shortcuts on Users Desktops ====================== C:\Users\siemens\Desktop\Athan.lnk - C:\Program Files\Athan\Athan.exe C:\Users\siemens\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\Desktop\Varia\Souad\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\UpdatusUser\Desktop\Athan.lnk - C:\Program Files\Athan\Athan.exe C:\Users\UpdatusUser\Desktop\Free PDF to Word Converterr.lnk - C:\Program Files\Free PDF to Word Converter\PDF2Word.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\Lexmark X1100 Series Takencentrum.lnk - C:\Program Files\Lexmark X1100 Series\LXBKaiox.exe C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files\QuickTime\QuickTimePlayer.exe C:\Users\Public\Desktop\RealPlayer.lnk - C:\program files\real\realplayer\RealPlay.exe /launch:desktop C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Agenda.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe calendar C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Contactgegevens.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe contacts C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\E-mail.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe mail C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Herinneringen.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe reminders C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud-foto's.lnk - C:\Program Files\Common Files\Apple\Internet Services\ShellStreamsShortcut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\iCloud.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloud.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Notities.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe notes C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud\Zoek mijn iPhone.lnk - C:\Program Files\Common Files\Apple\Internet Services\iCloudWeb.exe find C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Info iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\nl.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk - C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk - C:\Program Files\Real\RealPlayer\realconverter.exe /launch:start_menu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk - C:\Program Files\Real\RealPlayer\realtrimmer.exe /launch:start_menu C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer.lnk - C:\Program Files\Real\RealPlayer\realplay.exe /launch:start_menu ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free PDF to Word Converter.lnk - C:\Program Files\Free PDF to Word Converter\PDF2Word.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk - C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe -ScParameter=8 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk - C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe -ScParameter=8 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Athan.lnk - C:\Program Files\Athan\Athan.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (2).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (3).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (4).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (5).lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=vtt&utm_campaign=eXQ&utm_content=sc&from=vtt&uid=MaxtorX6L200M0_L40BTJTH&ts=1378204266 C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Preferences.lnk - C:\Program Files\PDFCreator\Actual\Preferences.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Welcome Center.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Athan.lnk - C:\Program Files\Athan\Athan.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype .lnk - C:\Program Files\Skype\Phone\Skype.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free PDF to Word Converter.lnk - C:\Program Files\Free PDF to Word Converter\PDF2Word.exe C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== shortcuts After Repair ====================== C:\Users\siemens\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\siemens\Desktop\Varia\Souad\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (2).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (3).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (4).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer (5).lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\siemens\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E0B3E353-BC68-CA01-AB2D-A45EA29B9EC0} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\gjajpkikblccgefaibcafkfbanllpefi deleted successfully HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WiseConvert Toolbar deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FromDocToPDF_65 Browser Plugin Loader deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSU_agent deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FromDocToPDFService (FromDocToPDF_65Service) - Unknown owner - C:\PROGRA~1\FROMDO~2\bar\1.bin\65barsvc.exe (file missing) O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lxbk_device - - C:\Windows\system32\lxbkcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: BitDefender Update Server v2 (Update Server) - BitDefender - C:\Program Files\Common Files\Bitdefender\Bitdefender Arrakis Server\bin\arrakis3.exe O23 - Service: BitDefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe ==== Empty IE Cache ====================== C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X5V1ZP will be deleted at reboot C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN78QSH will be deleted at reboot C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q63O8VUU will be deleted at reboot C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPJH5PT0 will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\siemens\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1289 folders=187 102180628 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\Temp emptied successfully C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Users\siemens\AppData\Local\Temp will be emptied at reboot C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\siemens\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Program Files\FromDocToPDF_65" not found "C:\Program Files\FromDocToPDF_65" not found "C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9X5V1ZP" not found "C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIN78QSH" not found "C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q63O8VUU" not found "C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SPJH5PT0" not found ==== EOF on zo 29/12/2013 at 23:35:22,41 ======================