
Zoek.exe Version 4.0.0.3 Updated 27-June-2013
Tool run by fabien.lavens on do 04/07/2013 at 14:05:47,58.
Microsoft(R) Windows(R) XP Professional x64 Edition 5.2.3790 Service Pack 2 x64
Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe -k WinErr
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc64.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
svchost.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SysWOW64\msiexec.exe
C:\WINDOWS\SysWOW64\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe
C:\Program Files (x86)\QuickTime\qttask.exe
C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Sharp\Sharpdesk\nsapp.exe
C:\Program Files (x86)\MSN Messenger\msnmsgr.exe
C:\Program Files (x86)\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\fabien.lavens\Desktop\zoek.exe

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Installed Programs ======================

Akamai NetSession Interface  
JNLP  
SancMedia  

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====
====== C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp ====
====== C:\WINDOWS\SysWOW64 =====
2013-07-03 08:37:07	351D111CD5C5479946EB724DBBB1275E	96168	----a-w-	C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-06-28 12:51:39	8A4CEBF34370D689E198E6673C1F2C40	74072	----a-w-	C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2013-06-28 12:51:39	81DFDDFB401D663BA7E6AD1C80364216	527192	----a-w-	C:\WINDOWS\SysWOW64\XAudio2_7.dll
2013-06-28 12:51:36	4FD7BCB9D8AF6A165E9BA0C2EB702E7C	239960	----a-w-	C:\WINDOWS\SysWOW64\xactengine3_7.dll
2013-06-28 12:51:34	83EBA442F07AAB8D6375D2EEC945C46C	1868128	----a-w-	C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2013-06-28 12:51:21	F1726346E583442541FE73429F8E9C10	62672	----a-w-	C:\WINDOWS\SysWOW64\xinput1_1.dll
2013-06-28 12:51:17	7C9952111F4C743B9F0D8B68B6ED93C9	229584	----a-w-	C:\WINDOWS\SysWOW64\xactengine2_1.dll
2013-06-28 12:51:17	4E961525CC7FF0E5D7DA19E170B7C14C	14032	----a-w-	C:\WINDOWS\SysWOW64\x3daudio1_0.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
====== C:\WINDOWS\Sysnative\drivers =====
====== C:\WINDOWS\Tasks ======
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-28 13:16:07	--------	d-----w-	C:\Program Files (x86)\DWG TrueView 2014
======= H: =====
====== C:\Documents and Settings\fabien.lavens\Application Data ======
2013-07-03 08:37:54	--------	d-----w-	C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Sun
2013-06-28 13:21:29	--------	d-----w-	C:\Documents and Settings\All Users\Application Data\FARO
2013-06-28 13:21:23	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk ReCap
2013-06-28 13:17:29	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\DWG TrueView 2014
2013-06-28 13:12:57	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk Inventor View 2014\Tools
2013-06-28 13:12:57	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\Autodesk Inventor View 2014
2013-06-28 13:06:10	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\AutoCAD Mechanical 2014 - English\Migrate Custom Settings
2013-06-28 13:06:10	--------	d-----w-	C:\Documents and Settings\All Users\Start Menu\Programs\Autodesk\AutoCAD Mechanical 2014 - English
2013-06-07 07:00:43	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Documents and Settings\All Users\Application Data\as98213.txt
====== C:\Documents and Settings\fabien.lavens ======
2013-07-03 12:01:23	7F403C4ED8A6F3C138BF7E2257F3D634	3620	----a-w-	C:\Documents and Settings\fabien.lavens\.recently-used.xbel
2013-07-03 07:03:22	DE5AD9ECC4A42CDB4596CAE348864023	33150376	----a-w-	C:\Documents and Settings\fabien.lavens\Desktop\jre-7u25-windows-x64.exe

====== C: exe-files ==
=== C: other files ==
2013-07-04 11:00:02	0F44DF7355C643CEC463291F360FF404	82712	----a-w-	C:\Documents and Settings\All Users\Desktop\sample_20130407_1259.zip
2013-07-01 06:07:09	B30926EDDEA7CBCCB19660BD151AA7D4	72017883	----a-w-	C:\Documents and Settings\fabien.lavens\Desktop\wetransfer-c5a086.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\S-1-5-21-3678358739-909676964-1010166891-1152\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Akamai NetSession Interface"="C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\Documents and Settings\All Users\Application Data\Nuance\PDF Reader\Ereg\Ereg.ini"
"McAfeeUpdaterUI"="C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe /StartedFromRunKey"
"ShStatEXE"="C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE /STANDALONE"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\qttask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"FtpServer.exe"="C:\Program Files (x86)\Sharp\Sharpdesk\FtpServer.exe -usedefault"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"ISUSPM"="C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Akamai NetSession Interface"="C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Akamai\netsession_win.exe"
"Autodesk Sync"="C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"2016"="c:\docume~1\alluse~1\dxelhd.exe"

==== Startup Folders ======================

2012-08-14 08:56:03	822	----a-w-	C:\Documents and Settings\fabien.lavens\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk

==== Task Scheduler Jobs ======================

C:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [01/07/2013 13:17]
C:\WINDOWS\tasks\AppleSoftwareUpdate.job --a------ C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [30/07/2008 13:34]

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default
- MoneyMillionaire extension - C:\Documents and Settings\All Users\Application Data\Kortingzoeker\FFExtension20130221121043
- Google Toolbar for Firefox - %ProfilePath%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\fabien.lavens\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default
F13A0DF244CED22684AF1ECAAA5983BF	- C:\Documents and Settings\All Users\Application Data\Kortingzoeker\FFExtension20130221121043\plugins\npdf.dll -	MoneyMillionaire plugin
AB87EEFFD18F2BAAFC274E7075EA6C67	- c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll -	Windows Presentation Foundation / Windows Presentation Foundation
72B7F936C68B8B9A1944753702E1F1FF	- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll -	Shockwave Flash
C974BFEBDEF0470E89957B9F432C1138	- C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll -	Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iapkompmljjcdangdahmcnicaoianjnf - C:\Documents and Settings\All Users\Application Data\Kortingzoeker\GCExtension.crx[21/02/2013 13:10]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_source=startpage"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.hln.be/?utm_campaign=iphone5&utm_medium=startpage&utm_source=startpage"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512  Url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\fabien.lavens\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Documents and Settings\fabien.lavens\Local Settings\Application Data\Mozilla\Firefox\Profiles\xd3u6247.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\FABIEN~1.LAV\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Documents and Settings\fabien.lavens\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on do 04/07/2013 at 14:22:51,50 ======================