Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by fabien.lavens on do 04/07/2013 at 12:53:30,63.
Microsoft(R) Windows(R) XP Professional x64 Edition 5.2.3790 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k WinErr
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SysWOW64\msiexec.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Documents and Settings\fabien.lavens\Desktop\zoek.exe

==== System Restore Info ======================

4/07/2013 12:54:50 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_20130407_1259.zip ======================
 
Copied file C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe to sample\VOLlai2R.exe
sample\VOLlai2R.exe renamed to F8FF207663B4757E8BD68198D74D6694

C:\Documents and Settings\All Users\Desktop\sample_20130407_1259.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Akamai NetSession Interface  
JNLP  
SancMedia  

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\prefs.js:
user_pref("browser.search.defaulturl", "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");

Added to C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

"C:\Documents and Settings\fabien.lavens\Application Data\desktop.ini" deleted
"C:\WINDOWS\SET3.tmp" deleted
"C:\WINDOWS\SET5.tmp" deleted
"C:\WINDOWS\Syswow64\AUTOEXEC.TMP" deleted
"C:\Documents and Settings\All Users\Application Data\bbrz6.pad" deleted
"C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Ibudx\ryve.syu" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Nenexy\raiz.eho" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Nenexy\raiz.tmp" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Acbo" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Ibudx" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\msnmsg" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\Nenexy" deleted
"C:\Kernels" deleted
"C:\Documents and Settings\fabien.lavens\Application Data\SpeedyPC Software" deleted
"C:\Documents and Settings\All Users\Application Data\SpeedyPC Software" deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp ====
2013-07-02 12:28:25	F8FF207663B4757E8BD68198D74D6694	129176	--sha-w-	C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp\1343041571.exe
2013-06-26 11:09:10	E12E5AACE2482EA38DF2B1F99F934024	40328	----a-w-	C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp\AcDeltree.exe
2013-06-26 11:09:03	A2D4CC869568EF596F8024AD2CA5F2CA	11440128	----a-w-	C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp\bd6e2f.msi
====== C:\WINDOWS\SysWOW64 =====
2013-07-03 08:37:07	351D111CD5C5479946EB724DBBB1275E	96168	----a-w-	C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 12:51:39	8A4CEBF34370D689E198E6673C1F2C40	74072	----a-w-	C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2013-06-28 12:51:39	81DFDDFB401D663BA7E6AD1C80364216	527192	----a-w-	C:\WINDOWS\SysWOW64\XAudio2_7.dll
2013-06-28 12:51:36	4FD7BCB9D8AF6A165E9BA0C2EB702E7C	239960	----a-w-	C:\WINDOWS\SysWOW64\xactengine3_7.dll
2013-06-28 12:51:34	83EBA442F07AAB8D6375D2EEC945C46C	1868128	----a-w-	C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2013-06-28 12:51:21	F1726346E583442541FE73429F8E9C10	62672	----a-w-	C:\WINDOWS\SysWOW64\xinput1_1.dll
2013-06-28 12:51:17	7C9952111F4C743B9F0D8B68B6ED93C9	229584	----a-w-	C:\WINDOWS\SysWOW64\xactengine2_1.dll
2013-06-28 12:51:17	4E961525CC7FF0E5D7DA19E170B7C14C	14032	----a-w-	C:\WINDOWS\SysWOW64\x3daudio1_0.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
====== C:\WINDOWS\Tasks ======
2013-07-02 12:28:26	F9183C9ADD0C441B62FDBDE40FDEC2B3	342	----a-w-	C:\WINDOWS\Tasks\At83.job
2013-07-02 12:28:26	F7EEC40738FF212EFEA967608047F175	344	----a-w-	C:\WINDOWS\Tasks\At68.job
2013-07-02 12:28:26	F02E430D3E783C5D5984A97798B63CF9	342	----a-w-	C:\WINDOWS\Tasks\At69.job
2013-07-02 12:28:26	E735EF7EE8D8DD7F5352EA0F6869383C	344	----a-w-	C:\WINDOWS\Tasks\At82.job
2013-07-02 12:28:26	CC366622AD08AE4304AF0DB94F306ADF	344	----a-w-	C:\WINDOWS\Tasks\At86.job
2013-07-02 12:28:26	CA2A83F983938D28CDE1D351029D72DC	342	----a-w-	C:\WINDOWS\Tasks\At87.job
2013-07-02 12:28:26	B94505CA66319A0BF103FFC20E7E4F89	344	----a-w-	C:\WINDOWS\Tasks\At88.job
2013-07-02 12:28:26	AFF1A0C1825A99E746B9C65F1F49C1AD	344	----a-w-	C:\WINDOWS\Tasks\At66.job
2013-07-02 12:28:26	AD7E2FC7658E2B3E8B7B54E83390BBC4	344	----a-w-	C:\WINDOWS\Tasks\At94.job
2013-07-02 12:28:26	A3E50F63ED891F675E2988BF16D1636D	342	----a-w-	C:\WINDOWS\Tasks\At89.job
2013-07-02 12:28:26	9789D52E1F8A4160CA3490894E7E7F35	344	----a-w-	C:\WINDOWS\Tasks\At90.job
2013-07-02 12:28:26	955EEEBBAA2B1A740B4E7947DED936CB	342	----a-w-	C:\WINDOWS\Tasks\At93.job
2013-07-02 12:28:26	93246FE00391D38DAFCB9E48EA569522	344	----a-w-	C:\WINDOWS\Tasks\At72.job
2013-07-02 12:28:26	8EFAC1E00FF3A3BF5A7E494C276D61C3	344	----a-w-	C:\WINDOWS\Tasks\At74.job
2013-07-02 12:28:26	855A508BFC4F8503D75A033D80FDFCCC	342	----a-w-	C:\WINDOWS\Tasks\At73.job
2013-07-02 12:28:26	79723AE4D416507F2EF27AD6E8262F7F	342	----a-w-	C:\WINDOWS\Tasks\At95.job
2013-07-02 12:28:26	68905162CCB188BE6358A284469AEE48	344	----a-w-	C:\WINDOWS\Tasks\At78.job
2013-07-02 12:28:26	5CEA44CDD5ADA5954AC3CDF0D3C9254B	344	----a-w-	C:\WINDOWS\Tasks\At84.job
2013-07-02 12:28:26	5717F0F7D7C436F1C24BC92C45AEC98E	344	----a-w-	C:\WINDOWS\Tasks\At80.job
2013-07-02 12:28:26	54659FFF9BA45C35929A7F9EE8F0A6B0	344	----a-w-	C:\WINDOWS\Tasks\At76.job
2013-07-02 12:28:26	513008678C61F7F5093A6A34DF330CF2	342	----a-w-	C:\WINDOWS\Tasks\At81.job
2013-07-02 12:28:26	48B7B76E7F95BA6685ABD8C119CC10A0	344	----a-w-	C:\WINDOWS\Tasks\At96.job
2013-07-02 12:28:26	44657A063321CD372A3F1FED863DB07F	342	----a-w-	C:\WINDOWS\Tasks\At67.job
2013-07-02 12:28:26	3BD1DD9F3ABAD7AC37FA50CEE2BA3718	342	----a-w-	C:\WINDOWS\Tasks\At91.job
2013-07-02 12:28:26	305F927578B6789C9063A6CCF5F18653	342	----a-w-	C:\WINDOWS\Tasks\At75.job
2013-07-02 12:28:26	222B6D2C04E18DCD7325E4C5685EA00C	342	----a-w-	C:\WINDOWS\Tasks\At65.job
2013-07-02 12:28:26	21DC6CC222463F9704ADE93E40C7B403	342	----a-w-	C:\WINDOWS\Tasks\At85.job
2013-07-02 12:28:26	1EEF192E135736F367B4C39F122042B7	342	----a-w-	C:\WINDOWS\Tasks\At79.job
2013-07-02 12:28:26	1C786FE04E24A3AE2E4FCEB9FE75EDB1	344	----a-w-	C:\WINDOWS\Tasks\At70.job
2013-07-02 12:28:26	0D03683179BFBDFFDB70903B9558D5D2	342	----a-w-	C:\WINDOWS\Tasks\At71.job
2013-07-02 12:28:26	098A37417D6B2681E4AE95E1E54D0642	342	----a-w-	C:\WINDOWS\Tasks\At77.job
2013-07-02 12:28:26	01B39F4D71B916881DB413F8558736E6	344	----a-w-	C:\WINDOWS\Tasks\At92.job
2013-07-02 12:28:25	F03849F3CABAC853C6249F38FBC6D6A4	344	----a-w-	C:\WINDOWS\Tasks\At64.job
2013-07-02 12:28:25	EFFAF82DB973322B761CF3CFC6B70405	342	----a-w-	C:\WINDOWS\Tasks\At53.job
2013-07-02 12:28:25	E4BA9FC9C29859876B2764046BAF0E36	342	----a-w-	C:\WINDOWS\Tasks\At61.job
2013-07-02 12:28:25	B5E481AB17EE0A8CB2399CE5F268F237	344	----a-w-	C:\WINDOWS\Tasks\At54.job
2013-07-02 12:28:25	B193227C0A50F71CD8C4AE4AB1448596	342	----a-w-	C:\WINDOWS\Tasks\At49.job
2013-07-02 12:28:25	B139720262CD813C4DCC0ABEFBE4E6A6	342	----a-w-	C:\WINDOWS\Tasks\At55.job
2013-07-02 12:28:25	A7A33107F0E4215DB98DDD029597F38F	344	----a-w-	C:\WINDOWS\Tasks\At58.job
2013-07-02 12:28:25	7CEAF42E90B4A5C6947067BEDF50EAFF	344	----a-w-	C:\WINDOWS\Tasks\At60.job
2013-07-02 12:28:25	785D4587B703FE58ED0B8C668FE64F35	344	----a-w-	C:\WINDOWS\Tasks\At56.job
2013-07-02 12:28:25	7341971535FF881D952863A66525E998	342	----a-w-	C:\WINDOWS\Tasks\At63.job
2013-07-02 12:28:25	5CA6D0D5C89EF82550C5C1E6951589C4	344	----a-w-	C:\WINDOWS\Tasks\At52.job
2013-07-02 12:28:25	5B0B597CCC630A442C030450940A7780	344	----a-w-	C:\WINDOWS\Tasks\At50.job
2013-07-02 12:28:25	4F2E4463A16256CAE5B898115013491F	342	----a-w-	C:\WINDOWS\Tasks\At59.job
2013-07-02 12:28:25	49403E8BA7829FCF4A3C6AA5724CE7CE	342	----a-w-	C:\WINDOWS\Tasks\At51.job
2013-07-02 12:28:25	3F762C0923B40E43E353922AFB857570	342	----a-w-	C:\WINDOWS\Tasks\At57.job
2013-07-02 12:28:25	2DF2C0710845534A8622680AA30A5AAD	344	----a-w-	C:\WINDOWS\Tasks\At62.job
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-28 13:16:07	--------	d-----w-	C:\Program Files (x86)\DWG TrueView 2014
======= H: =====
====== C:\Documents and Settings\fabien.lavens\Application Data ======
2013-07-03 08:37:54	--------	d-----w-	C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Sun
2013-07-02 12:28:27	F8FF207663B4757E8BD68198D74D6694	129176	----a-w-	C:\Documents and Settings\All Users\Application Data\VOLlai2R.exesearch
2013-06-28 13:21:29	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\FARO
2013-06-28 13:21:23	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk ReCap
2013-06-28 13:17:29	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\DWG TrueView 2014
2013-06-28 13:12:57	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk Inventor View 2014\Tools
2013-06-28 13:12:57	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk Inventor View 2014
2013-06-28 13:06:10	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\AutoCAD Mechanical 2014 - English\Migrate Custom Settings
2013-06-28 13:06:10	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\AutoCAD Mechanical 2014 - English
2013-06-07 07:00:43	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Documents and Settings\All Users\Application Data\as98213.txt
====== C:\Documents and Settings\fabien.lavens ======
2013-07-03 12:01:23	7F403C4ED8A6F3C138BF7E2257F3D634	3620	----a-w-	C:\Documents and Settings\fabien.lavens\.recently-used.xbel
2013-07-03 07:03:22	DE5AD9ECC4A42CDB4596CAE348864023	33150376	----a-w-	C:\Documents and Settings\fabien.lavens\Desktop\jre-7u25-windows-x64.exe

====== C: exe-files ==
=== C: other files ==
2013-07-04 11:00:02	0F44DF7355C643CEC463291F360FF404	82712	----a-w-	C:\Documents and Settings\All Users\Desktop\sample_20130407_1259.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\S-1-5-21-3678358739-909676964-1010166891-1152\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Akamai NetSession Interface"="C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\Documents and Settings\All Users\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
"McAfeeUpdaterUI"="C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe /StartedFromRunKey"
"ShStatEXE"="C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FtpServer.exe"="C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe -usedefault"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Akamai NetSession Interface"="C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"2016"="c:\docume~1\alluse~1\dxelhd.exe"

==== Startup Folders ======================

2012-08-14 08:56:03	822	----a-w-	C:\Documents and Settings\fabien.lavens\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/07/2013 13:17]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [30/07/2008 13:34]
C:\WINDOWS\tasks\At1.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At10.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At11.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At12.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At13.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At14.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At15.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At16.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At17.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At18.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At19.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At2.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At20.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At21.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At22.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At23.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At24.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At25.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At26.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At27.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At28.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At29.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At3.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At30.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At31.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At32.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At33.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At34.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At35.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At36.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At37.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At38.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At39.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At4.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At40.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At41.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At42.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At43.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At44.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At45.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At46.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At47.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At48.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At49.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At5.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At50.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At51.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At52.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At53.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At54.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At55.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At56.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At57.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At58.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At59.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At6.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At60.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At61.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At62.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At63.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At64.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At65.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At66.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At67.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At68.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At69.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At7.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At70.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At71.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At72.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At73.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At74.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At75.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At76.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At77.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At78.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At79.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At8.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At80.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At81.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At82.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At83.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At84.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At85.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At86.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At87.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At88.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At89.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At9.job --a------ C:\Documents and Settings\All Users\Application Data\VOLlai2R.exe []
C:\WINDOWS\tasks\At90.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At91.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At92.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At93.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At94.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At95.job --a------ [Undetermined Task]
C:\WINDOWS\tasks\At96.job --a------ [Undetermined Task]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default
- MoneyMillionaire extension - C:\Documents and Settings\All Users\Application Data\Kortingzoeker\FFExtension20130221121043
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default
F13A0DF244CED22684AF1ECAAA5983BF	- C:\Documents and Settings\All Users\Application Data\Kortingzoeker\FFExtension20130221121043\plugins\npdf.dll -	MoneyMillionaire plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
72B7F936C68B8B9A1944753702E1F1FF	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll -	Shockwave Flash
C974BFEBDEF0470E89957B9F432C1138	- C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iapkompmljjcdangdahmcnicaoianjnf - C:\Documents and Settings\All Users\Application Data\Kortingzoeker\GCExtension.crx[21/02/2013 13:10]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_source=startpage"
"Default_Page_URL"="http://companyweb"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_source=startpage"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\fabien.lavens\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\fabien.lavens\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\All Users\Application Data\VOLlai2R.exesearch"  not found
"C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\fabien.lavens\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on do 04/07/2013 at 13:13:38,51 ======================