
Zoek.exe v5.0.0.0 Updated 28-December-2013
Tool run by siemens on ma 30/12/2013 at 12:30:18,85.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\siemens\Desktop\zoek\zoek.exe [Scan all users]   [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2013-12-29-223522.log	68268 bytes
C:\zoek-results2013-12-30-111323.log	47262 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\siemens\AppData\Local\Temp ====
2013-12-29 22:34:47	945D09C0925F771F907DEE3D0452ECF4	40960	----a-w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\rtdrvmon.exe
====== C:\Windows\system32 =====
====== C:\Windows\system32\drivers =====
2013-12-13 21:04:17	EB6137D696A9B4E9718AC6F8641CB4C9	177152	----a-w-	C:\Windows\System32\drivers\portcls.sys
2013-12-13 21:04:17	9842041E2F5ACE1E2F5FB4EF02053DC8	81408	----a-w-	C:\Windows\System32\drivers\drmk.sys
====== C:\Windows\Tasks ======
2013-12-29 10:03:05	A12EF6A040CF5543B1445B71619040EC	3336	----a-w-	C:\Windows\system32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3150744332-8020426-1136381390-1000
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-12-27 13:58:27	--------	d-----w-	C:\Program Files\RealNetworks
2013-12-27 13:56:55	--------	d-----w-	C:\Program Files\Common Files\xing shared
2013-12-24 14:16:50	--------	d-----w-	C:\Program Files\Trend Micro
2013-12-24 10:07:13	--------	d-----w-	C:\Program Files\iPod
2013-12-24 10:07:10	--------	d-----w-	C:\Program Files\iTunes
======= C: =====
====== C:\Users\siemens\AppData\Roaming ======
2013-12-29 22:31:55	--------	d-----w-	C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\UpdatusUser\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\siemens\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\Public\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\DefaultAppPool\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\Default\AppData\Local\Temp
2013-12-29 22:31:55	--------	d-----w-	C:\Users\Default User\AppData\Local\Temp
2013-12-27 14:01:02	--------	d-----w-	C:\Users\siemens\AppData\Roaming\RealNetworks
====== C:\Users\siemens ======
2013-12-27 13:58:27	--------	d-----w-	C:\ProgramData\RealNetworks
2013-12-26 13:40:47	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Users\siemens\Desktop\RSIT.exe
2013-12-24 10:10:40	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2013-12-24 10:08:53	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2013-12-24 10:07:10	--------	d-----w-	C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-15 19:19:36	5BEA420BA345AAA7E07FD4513AC5A3F1	486	--sha-r-	C:\ProgramData\ntuser.pol

====== C: exe-files ==
2013-12-29 22:34:47	945D09C0925F771F907DEE3D0452ECF4	40960	----a-w-	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\rtdrvmon.exe
2013-12-27 13:55:59	6E8A9D3EF552ABF757ED6C4DB9DADB96	579208	----a-w-	C:\Program Files\Real\RealPlayer\Update\r1puninst.exe
2013-12-26 13:41:20	9A2347903D6EDB84C10F288BC0578C1C	388608	----a-w-	C:\Program Files\Trend Micro\siemens.exe
2013-12-26 13:40:47	69CA82A7482A00D8EE063D2B97FC4338	781383	----a-w-	C:\Users\siemens\Desktop\RSIT.exe
2013-12-24 10:09:29	A1F6D7EE6C6DB3B58EC352DE1A4B7628	77128	----a-w-	C:\ProgramData\Apple\Installer Cache\iCloud Control Panel 3.1.0.40\SetupAdmin.exe
2013-12-24 10:03:23	2DA49F579107981542CF920F8B70648A	77136	----a-w-	C:\ProgramData\Apple Computer\Installer Cache\iTunes 11.1.3.8\SetupAdmin.exe
=== C: other files ==
2013-12-29 22:52:15	733404CAC3F7F81902EA21DC675B021D	14786	----a-w-	C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VP9EVCQY\stormtrooper[1].zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3150744332-8020426-1136381390-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Athan"="C:\Program Files\Athan\Athan.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe -osboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"hkey"="HKLM"
"item"="Adobe ARM"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APSDaemon]
"command"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"hkey"="HKLM"
"item"="APSDaemon"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IntelliPoint]
"command"="\"C:\\Program Files\\Microsoft IntelliPoint\\ipoint.exe\""
"hkey"="HKLM"
"item"="IntelliPoint"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"hkey"="HKLM"
"item"="iTunesHelper"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lxbkbmgr.exe]
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"hkey"="HKLM"
"item"="lxbkbmgr.exe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]
"command"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"hkey"="HKLM"
"item"="QuickTime Task"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe]
"command"="\"c:\\program files\\real\\realplayer\\Update\\realsched.exe\" -osboot"
"hkey"="HKLM"
"item"="TkBellExe"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Windows Mobile Device Center]
"command"="C:\\Windows\\WindowsMobile\\wmdc.exe"
"hkey"="HKLM"
"item"="Windows Mobile Device Center"
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"msnmsgr"="\"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"APSDaemon"="\"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe\""
"Athan"="C:\\Program Files\\Athan\\Athan.exe"
"BDAgent"="\"C:\\Program Files\\Bitdefender\\Bitdefender 2012\\bdagent.exe\""
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"snpstd3"="C:\\Windows\\vsnpstd3.exe"
"TkBellExe"="\"C:\\Program Files\\Real\\RealPlayer\\Update\\realsched.exe\" -osboot"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11/12/2013 14:20]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/03/2012 16:40]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe [08/03/2012 16:40]

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\0" [c:\program files\internet explorer\iexplore.exe]
"C:\Windows\system32\tasks\4937" [wscript.exe C:\Users\siemens\AppData\Local\Temp\launchie.vbs //B]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\system32\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealUpgradeLogonTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\RealUpgradeScheduledTaskS-1-5-21-3150744332-8020426-1136381390-1000" [C:\Program Files\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\system32\tasks\User_Feed_Synchronization-{1AC3E8F1-8BA5-4796-A020-258BD0BD1186}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\system32\tasks\{0C0B54A5-9C71-44A5-A1EA-E8C489EE91EF}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\system32\tasks\{1F1B7320-8862-4F85-A4D8-27FB9B51825A}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\system32\tasks\{402BDF80-74A8-4B72-B657-7D6D20C7827D}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\system32\tasks\{44A406A9-72DC-49AC-9F19-033132ADBE33}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&amp;page=tsProgressBar]
"C:\Windows\system32\tasks\{50833EEA-AE01-4986-930D-02357B6254B9}" [C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe]
"C:\Windows\system32\tasks\{6CCC9085-BF77-4590-9FB3-2A54D0A74020}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.6.0.106/nl/abandoninstall?page=tsMain]
"C:\Windows\system32\tasks\{6F544C63-F146-4782-901F-FB205581AC16}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&amp;page=tsProgressBar]
"C:\Windows\system32\tasks\{74B4947C-B7C3-43A0-AB43-878AF74372D1}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.3.0.105/nl/abandoninstall?source=lightinstaller&amp;page=tsProgressBar]
"C:\Windows\system32\tasks\{87EB79D3-F801-4DC4-B928-71684EAE7F55}" [C:\Program Files\Lexmark X1100 Series\LXBKaiox.exe]
"C:\Windows\system32\tasks\{9F1F3B66-175B-48D4-B15F-A87966E19C91}" ["c:\program files\internet explorer\iexplore.exe" http://ui.skype.com/ui/0/6.0.0.126/nl/abandoninstall?page=tsProgressBar]
"C:\Windows\system32\tasks\{9F761698-7CC5-42A2-B341-43F896800D21}" ["C:\Program Files\Internet Explorer\iexplore.exe" http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.8.0.154&amp;LastError=12002]
"C:\Windows\system32\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files\Apple Software Update\SoftwareUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [27/12/2013 14:58]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

MoneyMillionaire extension - siemens - Default\Extensions\iapkompmljjcdangdahmcnicaoianjnf
Google Docs - siemens - Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - siemens - Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - siemens - Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - siemens - Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - siemens - Profile 1\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - siemens - Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - siemens - Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S040JJL will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\siemens\AppData\Local\Google\Chrome\User Data\Profile 1\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1289 folders=187 102180628 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\Public\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\siemens\AppData\Local\Temp  will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\siemens\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\siemens\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1S040JJL" not found

==== EOF on ma 30/12/2013 at 12:47:21,89 ======================