hijack-logje

pas · 3 december 2013

Beste mensen,

Sinds afgelopen weekend ondervind ik problemen met m'n pc. Enerzijds m'n yahoo-mail, die plots 'cannot display the page' zegt, anderzijds als ik verschillende pagina's bezoek op internet, zie ik bepaalde woorden in het groen staan. Ook bij het doorklikken gaat ie vaak naar een andere site, nl https://jsn.dorecore.net

Hierbij een logje van de pc. Thuis zal ik eens proberen op de laptop, daar hij me vrij snel van m'n yahoo-pagina gooit.

Met ,alweer, veel dank

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:12:08, on 3/12/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\PROGRA~1\AVG\AVG2014\avgrsx.exe

C:\Program Files\AVG\AVG2014\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG2014\avgidsagent.exe

C:\Program Files\AVG\AVG2014\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ExpressFiles\EFUpdater.exe

C:\Program Files\AVG\AVG2014\avgnsx.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\AVG\AVG2014\avgui.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\ExpressFiles\ExpressFiles.exe

C:\Program Files\Microsoft Office\Office\EXCEL.EXE

C:\Program Files\Microsoft Office\Office\WINWORD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Start.qone8.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.nl/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Start.qone8.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Search}

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Search}

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Start.qone8.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Search}

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Search}

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: BetterSrf - {8271B5D6-76D3-4ABF-AEB3-1721161C76BC} - C:\Program Files\Better-Surf\ie\BetterSrf.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll

O3 - Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [NTRedirect] C:\WINDOWS\system32\rundll32.exe "C:\Documents and Settings\esso\Application Data\BabSolution\Shared\enhancedNT.dll",Run

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: login.bat

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll

O20 - AppInit_DLLs: c:\docume~1\alluse~1\applic~1\browse~1\261562~1.220\{c16c1~1\browse~1.dll

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2014\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe

O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

O23 - Service: vToolbarUpdater17.1.2 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe

--

End of file - 8432 bytes

juisterr · 3 december 2013

Zit inderdaad een browser hijacker in.

Download Zoek.zip naar het bureaublad.

Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
Dubbelklik vervolgens op Zoek.exe om de tool te starten.
Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
Kopieer nu onderstaande code en plak die in het grote invulvenster:
Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.
```
Qone8;U
emptyclsid;
emptyfolderscheck;delete
firefoxlook; 
Chromelook;  
autoclean; 
iedefaults; 
filesrcm;
```
Klik nu op de knop "Run script".
Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
Post het geopende logje in het volgende bericht als bijlage.

pas · 3 december 2013

He Juisterr, bedankt voor je snelle reactie!

Ik kan pas vrijdag terug op die pc, kan je nog effe wachten?

Met dank

Pascal

juisterr · 3 december 2013

Ik wel hoor.

pas · 6 december 2013

Bedankt voor 't wachten

Zoek.exe Version 4.0.0.5 Updated 05-December-2013

Tool run by esso on vr 06/12/2013 at 11:22:28,96.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Online Services deleted successfully

C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully

C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully

C:\Documents and Settings\esso\Application Data\searchquband deleted successfully

C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default

---- Lines Softonic removed from prefs.js ----

user_pref("extensions.Softonic.admin", false);

user_pref("extensions.Softonic.aflt", "orgnl");

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic.cntry", "BE");

user_pref("extensions.Softonic.cv", "cv5");

user_pref("extensions.Softonic.dfltLng", "");

user_pref("extensions.Softonic.envrmnt", "production");

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B");

user_pref("extensions.Softonic.hmpg", false);

user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.Softonic.instlDay", "15519");

user_pref("extensions.Softonic.instlRef", "MON00001");

user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

user_pref("extensions.Softonic.newTab", false);

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");

user_pref("extensions.Softonic.sg", "az");

user_pref("extensions.Softonic.smplGrp", "none");

user_pref("extensions.Softonic.tlbrId", "base");

user_pref("extensions.Softonic.tlbrSrchUrl", "Web search=");

user_pref("extensions.Softonic.vrsn", "1.5.24.3");

user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.vrsni", "1.5.24.3");

user_pref("extensions.Softonic_i.newTab", false);

user_pref("extensions.Softonic_i.smplGrp", "none");

user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");

---- Lines Softonic modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605

---- Lines Softonic removed from user.js ----

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic_i.newTab", false);

user_pref("extensions.Softonic.tlbrSrchUrl", "Web search=");

user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.Softonic.instlDay", "15519");

user_pref("extensions.Softonic.vrsn", "1.5.24.3");

user_pref("extensions.Softonic.vrsni", "1.5.24.3");

user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.aflt", "orgnl");

user_pref("extensions.Softonic_i.smplGrp", "none");

user_pref("extensions.Softonic.tlbrId", "base");

user_pref("extensions.Softonic.instlRef", "MON00001");

user_pref("extensions.Softonic.dfltLng", "");

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.admin", false);

---- Lines delta removed from prefs.js ----

user_pref("browser.newtab.url", "Delta Search");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.babExt", "");

user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta.bbDpng", "12");

user_pref("extensions.delta.cntry", "BE");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1");

user_pref("extensions.delta.hmpg", false);

user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.delta.instlDay", "15938");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.lastVrsnTs", "");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.sg", "azb");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.srcExt", "ss");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15938");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines CT2704262 removed from prefs.js ----

user_pref("CT2704262.1000082.isPlayDisplay", "true");

user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"PC Helpforum - Gratis hulp bij computer problemen

user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT2704262.cbcountry_001", "BE");

user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))");

user_pref("CT2704262.CBOpenMAMSettings", "0");

user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C

user_pref("CT2704262.CT2704262current_term", "");

user_pref("CT2704262.CT2704262sdate", "21");

user_pref("CT2704262.defaultSearch", "FALSE");

user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.enableAlerts", "never");

user_pref("CT2704262.FirstTime", "true");

user_pref("CT2704262.firstTimeDialogOpened", "true");

user_pref("CT2704262.FirstTimeFF3", "true");

user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");

user_pref("CT2704262.fixUrls", true);

user_pref("CT2704262.installId", "ConduitStubGeneric");

user_pref("CT2704262.installType", "ConduitIntegration");

user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.isNewTabEnabled", true);

user_pref("CT2704262.isPerformedSmartBarTransition", "true");

user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN

user_pref("CT2704262.openThankYouPage", "TRUE");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 ");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");

user_pref("CT2704262.search.searchAppId", "129234816889425546");

user_pref("CT2704262.search.searchCount", "0");

user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");

user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"PC Helpforum - Gratis hulp bij computer problemen

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreeSoundRecorder\"}");

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"1\"}");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1356094125040");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1356094125457");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "1356094126343");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1356094126275");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-google_lastUpdate", "1356094125364");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1356094124706");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-time_lastUpdate", "1356094126790");

user_pref("CT2704262.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1356094126433");

user_pref("CT2704262.serviceLayer_services_appsMetadata_lastUpdate", "1356094094611");

user_pref("CT2704262.serviceLayer_services_appTracking_lastUpdate", "1353666522766");

user_pref("CT2704262.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356094094604");

user_pref("CT2704262.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356094094316");

user_pref("CT2704262.serviceLayer_services_login_10.10.27.6_lastUpdate", "1356094094783");

user_pref("CT2704262.serviceLayer_services_optimizer_lastUpdate", "1353666518023");

user_pref("CT2704262.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356094094014");

user_pref("CT2704262.serviceLayer_services_searchAPI_lastUpdate", "1356094094776");

user_pref("CT2704262.serviceLayer_services_serviceMap_lastUpdate", "1356094092691");

user_pref("CT2704262.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356094093891");

user_pref("CT2704262.serviceLayer_services_toolbarSettings_lastUpdate", "1356094094491");

user_pref("CT2704262.serviceLayer_services_translation_lastUpdate", "1356094092991");

user_pref("CT2704262.settingsINI", true);

user_pref("CT2704262.smartbar.CTID", "CT2704262");

user_pref("CT2704262.smartbar.toolbarName", "FreeSoundRecorder ");

user_pref("CT2704262.smartbar.Uninstall", "0");

user_pref("CT2704262.startPage", "FALSE");

user_pref("CT2704262.toolbarBornServerTime", "23-11-2012");

user_pref("CT2704262.toolbarCurrentServerTime", "21-12-2012");

user_pref("CT2704262.UserID", "UN56628252825158463");

---- Lines qone8 removed from prefs.js ----

user_pref("browser.search.defaultenginename", "qone8");

user_pref("browser.search.selectedEngine", "qone8");

user_pref("browser.startup.homepage", "Start.qone8.com");

---- Lines searchqu removed from prefs.js ----

user_pref("avg.install.userHPSettings", "Search");

user_pref("keyword.URL", "Ask.com=");

---- Lines Web Search removed from prefs.js ----

user_pref("avg.install.userSPSettings", "iLivid Web Search");

user_pref("browser.search.order.1", "iLivid Web Search");

---- Lines mysearch removed from prefs.js ----

---- Lines browser.startup.page removed from prefs.js ----

user_pref("browser.startup.page", 3);

---- FireFox user.js and prefs.js backups ----

user_20130612_1134_.backup

prefs_20130612_1134_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]

@="C:\\Program Files\\Mozilla Firefox\\firefox.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]

@="C:\\Program Files\\Internet Explorer\\iexplore.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"bProtectTabs"=-

==== Deleting Files \ Folders ======================

C:\Program Files\Better-Surf deleted

C:\Program Files\Delta deleted

C:\Documents and Settings\esso\Application Data\Delta deleted

C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml deleted

C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml deleted

C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml deleted

C:\Program Files\Common Files\DVDVideoSoft\bin deleted

C:\Program Files\Mozilla Firefox\.autoreg deleted

C:\Program Files\iLivid deleted

C:\Program Files\Windows iLivid Toolbar deleted

C:\Program Files\Conduit deleted

C:\Documents and Settings\esso\Application Data\ExpressFiles deleted

C:\Documents and Settings\esso\Application Data\BabSolution deleted

C:\Documents and Settings\esso\Application Data\Babylon deleted

C:\Documents and Settings\esso\Application Data\SwvUpdater deleted

C:\Documents and Settings\esso\Application Data\AVG Secure Search deleted

C:\Documents and Settings\esso\Application Data\searchqutoolbar deleted

C:\Documents and Settings\esso\Application Data\OpenCandy deleted

C:\Documents and Settings\esso\Application Data\PriceGong deleted

C:\Documents and Settings\All Users\Application Data\BrowserDefender deleted

C:\Documents and Settings\All Users\Application Data\boost_interprocess deleted

C:\Documents and Settings\All Users\Application Data\AVG Secure Search deleted

C:\Documents and Settings\esso\Local Settings\Application Data\Ilivid Player deleted

C:\Documents and Settings\esso\Local Settings\Application Data\AVG Secure Search deleted

C:\Documents and Settings\esso\Local Settings\Application Data\Conduit deleted

C:\Documents and Settings\NetworkService\Local Settings\Application Data\AVG Secure Search deleted

C:\WINDOWS\wininit.ini deleted

C:\WINDOWS\tasks\AmiUpdXp.job deleted

C:\WINDOWS\Tasks\Express FilesUpdate.job deleted

C:\WINDOWS\tasks\EPUpdater.job deleted

C:\user.js deleted

C:\Documents and Settings\esso\AppData\LocalLow\DataMngr deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\searchplugins\SearchResults.xml deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@babylon.com deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_extensions.rdf deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\bprotector_prefs.js deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\CT2704262 deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b} deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbra@softonic.com deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\extensions\ffxtlbr@delta.com deleted

C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default\smartbar deleted

"C:\Program Files\Mozilla Firefox\searchplugins\qone8.xml" deleted

"C:\Program Files\ExpressFiles\EFUpdater.exe" deleted

"C:\Program Files\ExpressFiles\htmlayout.dll" deleted

"C:\Program Files\AVG Secure Search\vprot.exe" deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2\SiteSafety.dll" deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll" deleted

"C:\Program Files\ExpressFiles" not deleted

"C:\Program Files\AVG Secure Search" not deleted

"C:\Program Files\Common Files\AVG Secure Search" not deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller" not deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater" not deleted

"C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.2" not deleted

"C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2" not deleted

==== Files Recently Created / Modified ======================

====== C:\WINDOWS ====

====== C:\DOCUME~1\esso\LOCALS~1\Temp ====

====== C:\WINDOWS\system32 =====

====== C:\WINDOWS\system32\drivers =====

====== C:\WINDOWS\Tasks ======

====== C:\WINDOWS\Temp ======

======= C:\Program Files =====

======= C: =====

====== C:\Documents and Settings\esso\Application Data ======

2013-11-30 08:30:54 -------- d-----w- C:\Documents and Settings\Default User\Local Settings\Application Data\Avg2014

2013-11-12 12:16:51 -------- d-----w- C:\Documents and Settings\esso\Local Settings\Application Data\ZaraRadio

====== C:\Documents and Settings\esso ======

2013-12-03 11:34:23 -------- d--h--r- C:\Documents and Settings\esso\Onlangs geopend

====== C: exe-files ==

2013-12-03 22:25:32 4C2AE8D0E01A80BD6A4C71E799BBBE67 5494320 ----a-w- C:\Program Files\AVG\AVG2014\avgcremx.exe

2013-11-30 08:24:34 1616A89B0034F53FC6760B9DB7185B33 5927000 ----a-w- C:\Program Files\AVG\AVG2014\avgmfapx.exe

=== C: other files ==

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"12x3q4@3244516.com"="C:\Program Files\Better-Surf\ff" []

==== Firefox Extensions ======================

ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default

- Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

- Undetermined - C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\17.1.2.1

- Undetermined - C:\Program Files\Better-Surf\ff

AppDir: C:\Program Files\Mozilla Firefox

- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default

901DF887DBDF87FA3C659239F68F3228 - C:\Program Files\Windows Media Player\npdrmv2.dll - Microsoft® DRM

F89E6BBD6A080D8C714DFB6F30678288 - C:\Program Files\Windows Media Player\npwmsdrm.dll - Microsoft® DRM

0F9DEA5814D22F83FED5F427E263DED0 - C:\Program Files\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library

2AD31341BE41AC9B086128AD86A2B53F - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll - Java Plug-in

AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation

BE501CBC29B2025A263D80D399F1797A - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In

B16EC84E06F26B8B85800F3B07B8D757 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - Shockwave Flash

8686640BD98DB1EE2C4C8649F8AEF647 - C:\Program Files\QuickTime\Plugins\npqtplugin7.dll - QuickTime Plug-in 7.6.4

5FB3472848C15354B95FC523FF80DC2C - C:\Program Files\QuickTime\Plugins\npqtplugin6.dll - QuickTime Plug-in 7.6.4

BF74A76F78EBBFD3A2328EC4AD9DA3CB - C:\Program Files\QuickTime\Plugins\npqtplugin5.dll - QuickTime Plug-in 7.6.4

8EE2B9B90D024BDC7C6F32649935A137 - C:\Program Files\QuickTime\Plugins\npqtplugin4.dll - QuickTime Plug-in 7.6.4

3D85D0C5B2B138D596820B3418BC1A18 - C:\Program Files\QuickTime\Plugins\npqtplugin3.dll - QuickTime Plug-in 7.6.4

2C20711D6825B986342FAB9A5572AF26 - C:\Program Files\QuickTime\Plugins\npqtplugin2.dll - QuickTime Plug-in 7.6.4

A9CD542376B547E89964D7308E8917BF - C:\Program Files\QuickTime\Plugins\npqtplugin.dll - QuickTime Plug-in 7.6.4

CFBA47A7C02AC0F3B295DB302384A453 - C:\Program Files\Mozilla Firefox\plugins\npnul32.dll - Mozilla Default Plug-in

865250E2742E49C02B0C4307AB042478 - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll - Adobe Acrobat

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

eooncjejnppfjjklapaamhcdmjbilmde - C:\Documents and Settings\esso\Application Data\BabSolution\CR\Delta.crx[]

poheodfamflhhhdcmjfeggbgigeefaco - C:\Program Files\Better-Surf\ch\Chrome.crx[]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="https://www.google.nl/"

"Search Bar"="http://dellsearchedit.myway.com/samisc/dellsidebar.jhtml?p=DW"

"Default_Page_URL"="Start.qone8.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="Start.qone8.com"

"Default_Search_URL"="Search}"

"Search Page"="Search}"

"Start Page"="Start.qone8.com"

"Home_Page"="Dell Officiële Site | Dell België"

"Help_Page"="Welcome to Dell Support"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="Delta Search"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="Search}"

"CustomizeSearch"="Search}"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Bar"="Bing"

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Start Page"="https://www.google.nl/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="Bing"

"Search Page"="Bing"

"Default_Page_URL"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Start Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Home_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

"Help_Page"="MSN NL: Hotmail, Outlook, Skype, het laatste nieuws, entertainment en meer!"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ieframe.dll,-12512 Url="{searchTerms} - Bing"

{3DF61ADA-6CAC-4C42-BC89-068ECE9CAACC} Google Url="{searchTerms - Google Search}"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="{searchTerms} - Google Search}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\avg@toolbar deleted successfully

HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully

==== shortcuts on Users Desktops ======================

C:\Documents and Settings\esso\Bureaublad\CUBIC.lnk - C:\CUBIC\CUBIC.BAT

C:\Documents and Settings\esso\Bureaublad\USB Audio.lnk - C:\Program Files\USB Audio\USB Radio.exe

C:\Documents and Settings\esso\Bureaublad\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts on All Users Desktop ======================

C:\Documents and Settings\All Users\Bureaublad\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe

C:\Documents and Settings\All Users\Bureaublad\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe

C:\Documents and Settings\All Users\Bureaublad\Express Files.lnk - C:\Program Files\ExpressFiles\ExpressFiles.exe

C:\Documents and Settings\All Users\Bureaublad\Free YouTube to MP3 Converter.lnk - C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\FreeYouTubeToMP3Converter.exe

C:\Documents and Settings\All Users\Bureaublad\TuneUp 1-Click Maintenance.lnk - C:\Program Files\TuneUp Utilities 2012\OneClick.exe

C:\Documents and Settings\All Users\Bureaublad\TuneUp Utilities 2012.lnk - C:\Program Files\TuneUp Utilities 2012\Integrator.exe

==== shortcuts in Users Start Menu ======================

C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com

C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com

C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com

C:\Documents and Settings\esso\Menu Start\Programma's\HiJackThis\HiJackThis.lnk - C:\Documents and Settings\esso\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts in All Users Start Menu ======================

C:\Documents and Settings\All Users\Menu Start\Programma's\Microsoft Word.lnk - C:\WINDOWS\Installer\{00000413-78E1-11D2-B60F-006097C998E7}\wordicon.exe

C:\Documents and Settings\All Users\Menu Start\Programma's\AVG\AVG 2014.lnk - C:\Program Files\AVG\AVG2014\avgui.exe

==== shortcuts in Quick Launch ======================

C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\Corel Paint Shop Pro X.lnk - C:\Program Files\Corel\Corel Paint Shop Pro X\Paint Shop Pro X.exe

C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe Start.qone8.com

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe Start.qone8.com

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1

==== shortcuts After Repair ======================

C:\Documents and Settings\esso\Menu Start\Programma's\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\esso\Menu Start\Programma's\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

C:\Documents and Settings\esso\Menu Start\Programma's\Bureau-accessoires\Systeembeheer\Internet Explorer (zonder invoegtoepassingen).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\De Internet Explorer-browser starten.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\esso\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\esso\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully

C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== Empty Temp Folders ======================

C:\Documents and Settings\Default User\Local Settings\Temp emptied successfully

C:\Documents and Settings\LocalService\Local Settings\Temp emptied successfully

C:\Documents and Settings\NetworkService\Local Settings\Temp emptied successfully

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp emptied successfully

C:\Documents and Settings\esso\Local Settings\Temp will be emptied at reboot

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied

C:\DOCUME~1\esso\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\esso\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\Program Files\ExpressFiles" not found

"C:\Program Files\AVG Secure Search" not found

"C:\Program Files\Common Files\AVG Secure Search" deleted

==== EOF on vr 06/12/2013 at 12:38:31,70 ======================

- - - Updated - - -

Bedankt voor 't wachten

Zoek.exe Version 4.0.0.5 Updated 05-December-2013

Tool run by esso on vr 06/12/2013 at 11:22:28,96.

Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Documents and Settings\esso\Bureaublad\zoek\zoek.exe [script inserted]

==== System Restore Info ======================

6/12/2013 11:23:33 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\Program Files\Online Services deleted successfully

C:\Documents and Settings\All Users\Application Data\Babylon deleted successfully

C:\Documents and Settings\esso\Application Data\AdobeUM deleted successfully

C:\Documents and Settings\esso\Application Data\searchquband deleted successfully

C:\Documents and Settings\esso\Local Settings\Application Data\PackageAware deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-509847818-96974743-3785196500-1006\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vToolbarUpdater17.1.2 deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vToolbarUpdater17.1.2 deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Documents and Settings\esso\Application Data\Mozilla\Firefox\Profiles\j4vusdkv.default

---- Lines Softonic removed from prefs.js ----

user_pref("extensions.Softonic.admin", false);

user_pref("extensions.Softonic.aflt", "orgnl");

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic.cntry", "BE");

user_pref("extensions.Softonic.cv", "cv5");

user_pref("extensions.Softonic.dfltLng", "");

user_pref("extensions.Softonic.envrmnt", "production");

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.hdrMd5", "252F411272D633C082E5D317981C7B5B");

user_pref("extensions.Softonic.hmpg", false);

user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.Softonic.instlDay", "15519");

user_pref("extensions.Softonic.instlRef", "MON00001");

user_pref("extensions.Softonic.lastVrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.mntrvrsn", "1.3.0");

user_pref("extensions.Softonic.newTab", false);

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");

user_pref("extensions.Softonic.sg", "az");

user_pref("extensions.Softonic.smplGrp", "none");

user_pref("extensions.Softonic.tlbrId", "base");

user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");

user_pref("extensions.Softonic.vrsn", "1.5.24.3");

user_pref("extensions.Softonic.vrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.vrsni", "1.5.24.3");

user_pref("extensions.Softonic_i.newTab", false);

user_pref("extensions.Softonic_i.smplGrp", "none");

user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");

---- Lines Softonic modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbra@softonic.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605

---- Lines Softonic removed from user.js ----

user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search settings, Click No to restore original settings");

user_pref("extensions.Softonic.autoRvrt", "false");

user_pref("extensions.Softonic_i.newTab", false);

user_pref("extensions.Softonic.tlbrSrchUrl", "http://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=");

user_pref("extensions.Softonic.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.Softonic.instlDay", "15519");

user_pref("extensions.Softonic.vrsn", "1.5.24.3");

user_pref("extensions.Softonic.vrsni", "1.5.24.3");

user_pref("extensions.Softonic_i.vrsnTs", "1.5.24.310:46:35");

user_pref("extensions.Softonic.prtnrId", "softonic");

user_pref("extensions.Softonic.prdct", "Softonic");

user_pref("extensions.Softonic.aflt", "orgnl");

user_pref("extensions.Softonic_i.smplGrp", "none");

user_pref("extensions.Softonic.tlbrId", "base");

user_pref("extensions.Softonic.instlRef", "MON00001");

user_pref("extensions.Softonic.dfltLng", "");

user_pref("extensions.Softonic.excTlbr", false);

user_pref("extensions.Softonic.admin", false);

---- Lines delta removed from prefs.js ----

user_pref("browser.newtab.url", "http://www1.delta-search.com/?babsrc=NT_ss&mntrId=2C71001320D1CB27&affID=121564&tsp=4981");

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.babExt", "");

user_pref("extensions.delta.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta.bbDpng", "12");

user_pref("extensions.delta.cntry", "BE");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.hdrMd5", "BE68B142A0FBEAE9E9695719EC12B0A1");

user_pref("extensions.delta.hmpg", false);

user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.delta.instlDay", "15938");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.lastVrsnTs", "");

user_pref("extensions.delta.newTab", false);

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.sg", "azb");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.srcExt", "ss");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta_i.srcExt", "ss");

---- Lines delta modified from prefs.js ----

user_pref("extensions.enabledItems", "ffxtlbra@disabled.com:1.5.0,{32b29df0-2237-4370-9a29-37cebb730e9b}:10.10.27.6,{20a82645-c095-46ed-80e3-088257605

---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");

user_pref("extensions.delta.id", "2c71d45e000000000000001320d1cb27");

user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");

user_pref("extensions.delta.instlDay", "15938");

user_pref("extensions.delta.vrsn", "1.8.24.6");

user_pref("extensions.delta.vrsni", "1.8.24.6");

user_pref("extensions.delta.vrsnTs", "1.8.24.612:13:43");

user_pref("extensions.delta.prtnrId", "delta");

user_pref("extensions.delta.prdct", "delta");

user_pref("extensions.delta.aflt", "babsst");

user_pref("extensions.delta.smplGrp", "none");

user_pref("extensions.delta.tlbrId", "base");

user_pref("extensions.delta.instlRef", "sst");

user_pref("extensions.delta.dfltLng", "nl");

user_pref("extensions.delta.excTlbr", false);

user_pref("extensions.delta.ffxUnstlRst", true);

user_pref("extensions.delta.admin", false);

user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=4981");

user_pref("extensions.delta_i.babExt", "");

user_pref("extensions.delta_i.srcExt", "ss");

user_pref("extensions.delta.autoRvrt", "false");

user_pref("extensions.delta.rvrt", "false");

user_pref("extensions.delta.newTab", false);

---- Lines CT2704262 removed from prefs.js ----

user_pref("CT2704262.1000082.isPlayDisplay", "true");

user_pref("CT2704262.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"http://feedlive.n

user_pref("CT2704262.addressBarTakeOverEnabledInHidden", "true");

user_pref("CT2704262.cbcountry_001", "BE");

user_pref("CT2704262.cbfirsttime", "Fri Nov 23 2012 11:28:48 GMT+0100 (Romance (standaardtijd))");

user_pref("CT2704262.CBOpenMAMSettings", "0");

user_pref("CT2704262.CT2704262ads1", "%7B%22ads%22%3A%5B%7B%22aid%22%3A%22122259%22%2C%22title%22%3A%22%u2666%20PLAY%20FOR%20FREE%20NOW%20%u2666%22%2C

user_pref("CT2704262.CT2704262current_term", "");

user_pref("CT2704262.CT2704262sdate", "21");

user_pref("CT2704262.defaultSearch", "FALSE");

user_pref("CT2704262.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.enableAlerts", "never");

user_pref("CT2704262.FirstTime", "true");

user_pref("CT2704262.firstTimeDialogOpened", "true");

user_pref("CT2704262.FirstTimeFF3", "true");

user_pref("CT2704262.fixPageNotFoundErrorInHidden", "true");

user_pref("CT2704262.fixUrls", true);

user_pref("CT2704262.installId", "ConduitStubGeneric");

user_pref("CT2704262.installType", "ConduitIntegration");

user_pref("CT2704262.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.isNewTabEnabled", true);

user_pref("CT2704262.isPerformedSmartBarTransition", "true");

user_pref("CT2704262.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

user_pref("CT2704262.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2704262.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN

user_pref("CT2704262.openThankYouPage", "TRUE");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000embeddedVersion", "2.5.0");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000lastReportTime", "1375707255284 ");

user_pref("CT2704262.RSSapp2704262a129531303481232105000000newFeeds", "newFeeds");

user_pref("CT2704262.search.searchAppId", "129234816889425546");

user_pref("CT2704262.search.searchCount", "0");

user_pref("CT2704262.searchInNewTabEnabledInHidden", "true");

user_pref("CT2704262.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

user_pref("CT2704262.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

user_pref("CT2704262.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2704262\"}");

user_pref("CT2704262.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"http://FreeSoundRecorder.MyRadioToo