E-Peek v 1.0.5.5 © Emphyrio/Onsia Patrick 2013-2014
Downloaded @ [url=http://www.antimalwarehelp.be/EDev/Tools/E-Peek/EPeekDL.html]E Dev[/url]
Run at di 18 nov 2014 09:53
.
Windows 8.1   (64 bits)
C:\WINDOWS [NTFS - Fixed]
Default Browser: Google Chrome
Boot mode: Normal boot
User logged in: rita
.
Java x86: 1.7.0_71
Java x64: n/a
.
AV : Avira Desktop [Updated -  Not Running]
AV : Windows Defender [Updated -  Not Running]
AS : Avira Desktop [Updated -  Not Running]
AS : Windows Defender [Updated -  Not Running]
FW : Windows firewall
.
==================== Files and Folders history =================================

 Folders Created Last 7 days :

18/11/2014   ##### r-h-s-d+a-  C:\Program Files (x86)\E Dev
17/11/2014   ##### r-h-s-d+a-  C:\rsit
17/11/2014   ##### r-h-s-d+a-  C:\Program Files\trend micro
15/11/2014   ##### r-h-s-d+a-  C:\Program Files (x86)\QuickTime

 Files Modified Last 7 days :

17/11/2014   01823174 r-h-s-d-a+  C:\WINDOWS\system32\PerfStringBackup.INI
17/11/2014   00806704 r-h-s-d-a+  C:\WINDOWS\system32\perfh013.dat
17/11/2014   00722476 r-h-s-d-a+  C:\WINDOWS\system32\perfh009.dat
17/11/2014   00162170 r-h-s-d-a+  C:\WINDOWS\system32\perfc013.dat
17/11/2014   00135592 r-h-s-d-a+  C:\WINDOWS\system32\perfc009.dat
16/11/2014   103374192 r-h-s-d-a+  C:\WINDOWS\system32\MRT.exe
15/11/2014   00483848 r-h-s-d-a+  C:\WINDOWS\system32\FNTCACHE.DAT

 Files Created Last 7 days :

15/11/2014   00524288 r-h+s+d-a+  C:\Users\rita\ntuser.dat{ef2cb422-6cbc-11e4-bf01-7c05071d3d47}.TMContainer00000000000000000002.regtrans-ms
15/11/2014   00524288 r-h+s+d-a+  C:\Users\rita\ntuser.dat{ef2cb422-6cbc-11e4-bf01-7c05071d3d47}.TMContainer00000000000000000001.regtrans-ms
15/11/2014   00122392 r-h-s-d-a+  C:\Users\rita\AppData\Local\GDIPFONTCACHEV1.DAT
15/11/2014   00065536 r-h+s+d-a+  C:\Users\rita\ntuser.dat{ef2cb422-6cbc-11e4-bf01-7c05071d3d47}.TM.blf
12/11/2014   25110016 r-h-s-d-a+  C:\WINDOWS\system32\mshtml.dll
12/11/2014   21197152 r-h-s-d-a+  C:\WINDOWS\system32\shell32.dll
12/11/2014   19781632 r-h-s-d-a+  C:\WINDOWS\SysWOW64\mshtml.dll
12/11/2014   18723112 r-h-s-d-a+  C:\WINDOWS\SysWOW64\shell32.dll
12/11/2014   14390272 r-h-s-d-a+  C:\WINDOWS\system32\ieframe.dll
12/11/2014   13424128 r-h-s-d-a+  C:\WINDOWS\system32\twinui.dll
12/11/2014   12819456 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ieframe.dll
12/11/2014   11820544 r-h-s-d-a+  C:\WINDOWS\SysWOW64\twinui.dll
12/11/2014   07484224 r-h-s-d-a+  C:\WINDOWS\system32\ntoskrnl.exe
12/11/2014   06040064 r-h-s-d-a+  C:\WINDOWS\system32\jscript9.dll
12/11/2014   04298240 r-h-s-d-a+  C:\WINDOWS\SysWOW64\jscript9.dll
12/11/2014   04182016 r-h-s-d-a+  C:\WINDOWS\system32\win32k.sys
12/11/2014   03607040 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msi.dll
12/11/2014   03557376 r-h-s-d-a+  C:\WINDOWS\system32\wuaueng.dll
12/11/2014   03547648 r-h-s-d-a+  C:\WINDOWS\system32\rdpcorets.dll
12/11/2014   03320320 r-h-s-d-a+  C:\WINDOWS\system32\msi.dll
12/11/2014   02773504 r-h-s-d-a+  C:\WINDOWS\system32\authui.dll
12/11/2014   02714112 r-h-s-d-a+  C:\WINDOWS\system32\SettingsHandlers.dll
12/11/2014   02480128 r-h-s-d-a+  C:\WINDOWS\system32\WsmSvc.dll
12/11/2014   02459136 r-h-s-d-a+  C:\WINDOWS\SysWOW64\authui.dll
12/11/2014   02149376 r-h-s-d-a+  C:\WINDOWS\system32\msxml3.dll
12/11/2014   02124288 r-h-s-d-a+  C:\WINDOWS\system32\inetcpl.cpl
12/11/2014   02051072 r-h-s-d-a+  C:\WINDOWS\SysWOW64\inetcpl.cpl
12/11/2014   02030592 r-h-s-d-a+  C:\WINDOWS\SysWOW64\WsmSvc.dll
12/11/2014   01714176 r-h-s-d-a+  C:\WINDOWS\system32\wucltux.dll
12/11/2014   01519488 r-h-s-d-a+  C:\WINDOWS\system32\user32.dll
12/11/2014   01346048 r-h-s-d-a+  C:\WINDOWS\SysWOW64\user32.dll
12/11/2014   01346048 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msxml3.dll
12/11/2014   01310208 r-h-s-d-a+  C:\WINDOWS\SysWOW64\urlmon.dll
12/11/2014   01053184 r-h-s-d-a+  C:\WINDOWS\system32\localspl.dll
12/11/2014   01042944 r-h-s-d-a+  C:\WINDOWS\SysWOW64\actxprxy.dll
12/11/2014   01032704 r-h-s-d-a+  C:\WINDOWS\system32\inetcomm.dll
12/11/2014   00941568 r-h-s-d-a+  C:\WINDOWS\system32\MFMediaEngine.dll
12/11/2014   00911360 r-h-s-d-a+  C:\WINDOWS\system32\audiosrv.dll
12/11/2014   00894976 r-h-s-d-a+  C:\WINDOWS\system32\wuapi.dll
12/11/2014   00880128 r-h-s-d-a+  C:\WINDOWS\SysWOW64\inetcomm.dll
12/11/2014   00836176 r-h-s-d-a+  C:\WINDOWS\system32\mfmp4srcsnk.dll
12/11/2014   00822272 r-h-s-d-a+  C:\WINDOWS\system32\win32spl.dll
12/11/2014   00814080 r-h-s-d-a+  C:\WINDOWS\system32\jscript9diag.dll
12/11/2014   00812544 r-h-s-d-a+  C:\WINDOWS\system32\jscript.dll
12/11/2014   00800768 r-h-s-d-a+  C:\WINDOWS\system32\msfeeds.dll
12/11/2014   00799744 r-h-s-d-a+  C:\WINDOWS\SysWOW64\MFMediaEngine.dll
12/11/2014   00799232 r-h-s-d-a+  C:\WINDOWS\system32\ieapfltr.dll
12/11/2014   00736768 r-h-s-d-a+  C:\WINDOWS\SysWOW64\adtschema.dll
12/11/2014   00736768 r-h-s-d-a+  C:\WINDOWS\system32\adtschema.dll
12/11/2014   00723968 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wuapi.dll
12/11/2014   00716800 r-h-s-d-a+  C:\WINDOWS\system32\ie4uinit.exe
12/11/2014   00708096 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ieapfltr.dll
12/11/2014   00688640 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msfeeds.dll
12/11/2014   00670384 r-h-s-d-a+  C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
12/11/2014   00661504 r-h-s-d-a+  C:\WINDOWS\SysWOW64\jscript.dll
12/11/2014   00633856 r-h-s-d-a+  C:\WINDOWS\system32\ieui.dll
12/11/2014   00620032 r-h-s-d-a+  C:\WINDOWS\SysWOW64\jscript9diag.dll
12/11/2014   00615424 r-h-s-d-a+  C:\WINDOWS\system32\FXSCOMEX.dll
12/11/2014   00580096 r-h-s-d-a+  C:\WINDOWS\system32\vbscript.dll
12/11/2014   00545792 r-h-s-d-a+  C:\WINDOWS\system32\untfs.dll
12/11/2014   00537088 r-h-s-d-a+  C:\WINDOWS\system32\aeinv.dll
12/11/2014   00501248 r-h-s-d-a+  C:\WINDOWS\SysWOW64\vbscript.dll
12/11/2014   00500016 r-h-s-d-a+  C:\WINDOWS\system32\AudioSes.dll
12/11/2014   00490496 r-h-s-d-a+  C:\WINDOWS\system32\dxtmsft.dll
12/11/2014   00485376 r-h-s-d-a+  C:\WINDOWS\SysWOW64\untfs.dll
12/11/2014   00482872 r-h-s-d-a+  C:\WINDOWS\system32\AudioEng.dll
12/11/2014   00478208 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ieui.dll
12/11/2014   00448512 r-h-s-d-a+  C:\WINDOWS\system32\puiobj.dll
12/11/2014   00445440 r-h-s-d-a+  C:\WINDOWS\system32\certcli.dll
12/11/2014   00428032 r-h-s-d-a+  C:\WINDOWS\system32\msihnd.dll
12/11/2014   00424544 r-h-s-d-a+  C:\WINDOWS\SysWOW64\AudioEng.dll
12/11/2014   00418304 r-h-s-d-a+  C:\WINDOWS\SysWOW64\dxtmsft.dll
12/11/2014   00417280 r-h-s-d-a+  C:\WINDOWS\system32\html.iec
12/11/2014   00407552 r-h-s-d-a+  C:\WINDOWS\system32\WUSettingsProvider.dll
12/11/2014   00394120 r-h-s-d-a+  C:\WINDOWS\system32\AUDIOKSE.dll
12/11/2014   00391168 r-h-s-d-a+  C:\WINDOWS\system32\devinv.dll
12/11/2014   00389176 r-h-s-d-a+  C:\WINDOWS\system32\ApnDatabase.xml
12/11/2014   00372736 r-h-s-d-a+  C:\WINDOWS\system32\iedkcs32.dll
12/11/2014   00370424 r-h-s-d-a+  C:\WINDOWS\SysWOW64\AudioSes.dll
12/11/2014   00357376 r-h-s-d-a+  C:\WINDOWS\SysWOW64\schannel.dll
12/11/2014   00344536 r-h-s-d-a+  C:\WINDOWS\SysWOW64\AUDIOKSE.dll
12/11/2014   00340992 r-h-s-d-a+  C:\WINDOWS\SysWOW64\html.iec
12/11/2014   00334336 r-h-s-d-a+  C:\WINDOWS\SysWOW64\puiobj.dll
12/11/2014   00325632 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iedkcs32.dll
12/11/2014   00325120 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msihnd.dll
12/11/2014   00324096 r-h-s-d-a+  C:\WINDOWS\SysWOW64\certcli.dll
12/11/2014   00316928 r-h-s-d-a+  C:\WINDOWS\system32\dxtrans.dll
12/11/2014   00304128 r-h-s-d-a+  C:\WINDOWS\system32\generaltel.dll
12/11/2014   00285696 r-h-s-d-a+  C:\WINDOWS\SysWOW64\dxtrans.dll
12/11/2014   00275968 r-h-s-d-a+  C:\WINDOWS\system32\FXSAPI.dll
12/11/2014   00272248 r-h-s-d-a+  C:\WINDOWS\system32\audiodg.exe
12/11/2014   00262144 r-h-s-d-a+  C:\WINDOWS\system32\webcheck.dll
12/11/2014   00239104 r-h-s-d-a+  C:\WINDOWS\SysWOW64\FXSAPI.dll
12/11/2014   00237568 r-h-s-d-a+  C:\WINDOWS\system32\url.dll
12/11/2014   00235520 r-h-s-d-a+  C:\WINDOWS\SysWOW64\url.dll
12/11/2014   00230400 r-h-s-d-a+  C:\WINDOWS\SysWOW64\webcheck.dll
12/11/2014   00228864 r-h-s-d-a+  C:\WINDOWS\system32\aepdu.dll
12/11/2014   00226304 r-h-s-d-a+  C:\WINDOWS\system32\AudioEndpointBuilder.dll
12/11/2014   00199680 r-h-s-d-a+  C:\WINDOWS\system32\msrating.dll
12/11/2014   00168960 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msrating.dll
12/11/2014   00167424 r-h-s-d-a+  C:\WINDOWS\system32\iexpress.exe
12/11/2014   00154112 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msaudite.dll
12/11/2014   00154112 r-h-s-d-a+  C:\WINDOWS\system32\msaudite.dll
12/11/2014   00152064 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iexpress.exe
12/11/2014   00152064 r-h-s-d-a+  C:\WINDOWS\system32\occache.dll
12/11/2014   00145408 r-h-s-d-a+  C:\WINDOWS\system32\iepeers.dll
12/11/2014   00144384 r-h-s-d-a+  C:\WINDOWS\system32\ieUnatt.exe
12/11/2014   00143872 r-h-s-d-a+  C:\WINDOWS\system32\wextract.exe
12/11/2014   00140288 r-h-s-d-a+  C:\WINDOWS\system32\wuwebv.dll
12/11/2014   00137728 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wextract.exe
12/11/2014   00132096 r-h-s-d-a+  C:\WINDOWS\system32\IEAdvpack.dll
12/11/2014   00131584 r-h-s-d-a+  C:\WINDOWS\system32\rdpudd.dll
12/11/2014   00130048 r-h-s-d-a+  C:\WINDOWS\SysWOW64\occache.dll
12/11/2014   00128000 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iepeers.dll
12/11/2014   00124928 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wuwebv.dll
12/11/2014   00116032 r-h-s-d-a+  C:\WINDOWS\system32\consent.exe
12/11/2014   00115712 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ieUnatt.exe
12/11/2014   00114688 r-h-s-d-a+  C:\WINDOWS\system32\ieetwcollector.exe
12/11/2014   00112128 r-h-s-d-a+  C:\WINDOWS\SysWOW64\IEAdvpack.dll
12/11/2014   00111616 r-h-s-d-a+  C:\WINDOWS\system32\iesysprep.dll
12/11/2014   00110080 r-h-s-d-a+  C:\WINDOWS\system32\appinfo.dll
12/11/2014   00108544 r-h-s-d-a+  C:\WINDOWS\system32\hlink.dll
12/11/2014   00108432 r-h-s-d-a+  C:\WINDOWS\system32\EncDump.dll
12/11/2014   00107520 r-h-s-d-a+  C:\WINDOWS\system32\inseng.dll
12/11/2014   00099328 r-h-s-d-a+  C:\WINDOWS\SysWOW64\hlink.dll
12/11/2014   00098816 r-h-s-d-a+  C:\WINDOWS\system32\aepic.dll
12/11/2014   00095744 r-h-s-d-a+  C:\WINDOWS\system32\wudriver.dll
12/11/2014   00092160 r-h-s-d-a+  C:\WINDOWS\system32\mshtmled.dll
12/11/2014   00091136 r-h-s-d-a+  C:\WINDOWS\SysWOW64\inseng.dll
12/11/2014   00090624 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iesysprep.dll
12/11/2014   00088800 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ncryptsslp.dll
12/11/2014   00088064 r-h-s-d-a+  C:\WINDOWS\system32\MshtmlDac.dll
12/11/2014   00087552 r-h-s-d-a+  C:\WINDOWS\system32\tdc.ocx
12/11/2014   00081920 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wudriver.dll
12/11/2014   00081408 r-h-s-d-a+  C:\WINDOWS\system32\packager.dll
12/11/2014   00077824 r-h-s-d-a+  C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
12/11/2014   00076288 r-h-s-d-a+  C:\WINDOWS\SysWOW64\mshtmled.dll
12/11/2014   00073216 r-h-s-d-a+  C:\WINDOWS\SysWOW64\tdc.ocx
12/11/2014   00072192 r-h-s-d-a+  C:\WINDOWS\SysWOW64\packager.dll
12/11/2014   00066560 r-h-s-d-a+  C:\WINDOWS\system32\iesetup.dll
12/11/2014   00064512 r-h-s-d-a+  C:\WINDOWS\system32\pngfilt.dll
12/11/2014   00064000 r-h-s-d-a+  C:\WINDOWS\SysWOW64\MshtmlDac.dll
12/11/2014   00062464 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iesetup.dll
12/11/2014   00060416 r-h-s-d-a+  C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
12/11/2014   00060416 r-h-s-d-a+  C:\WINDOWS\system32\wups.dll
12/11/2014   00060416 r-h-s-d-a+  C:\WINDOWS\system32\msfeedsbs.dll
12/11/2014   00057344 r-h-s-d-a+  C:\WINDOWS\SysWOW64\pngfilt.dll
12/11/2014   00055776 r-h-s-d-a+  C:\WINDOWS\system32\wuauclt.exe
12/11/2014   00054784 r-h-s-d-a+  C:\WINDOWS\system32\jsproxy.dll
12/11/2014   00052736 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msfeedsbs.dll
12/11/2014   00051712 r-h-s-d-a+  C:\WINDOWS\system32\wups2.dll
12/11/2014   00051200 r-h-s-d-a+  C:\WINDOWS\system32\imgutil.dll
12/11/2014   00048640 r-h-s-d-a+  C:\WINDOWS\system32\ieetwproxystub.dll
12/11/2014   00047616 r-h-s-d-a+  C:\WINDOWS\SysWOW64\ieetwproxystub.dll
12/11/2014   00047104 r-h-s-d-a+  C:\WINDOWS\SysWOW64\jsproxy.dll
12/11/2014   00040448 r-h-s-d-a+  C:\WINDOWS\SysWOW64\imgutil.dll
12/11/2014   00040448 r-h-s-d-a+  C:\WINDOWS\system32\rfxvmt.dll
12/11/2014   00035840 r-h-s-d-a+  C:\WINDOWS\system32\wuapp.exe
12/11/2014   00034304 r-h-s-d-a+  C:\WINDOWS\system32\iernonce.dll
12/11/2014   00033280 r-h-s-d-a+  C:\WINDOWS\system32\licmgr10.dll
12/11/2014   00030720 r-h-s-d-a+  C:\WINDOWS\SysWOW64\iernonce.dll
12/11/2014   00029696 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wuapp.exe
12/11/2014   00027136 r-h-s-d-a+  C:\WINDOWS\SysWOW64\licmgr10.dll
12/11/2014   00025600 r-h-s-d-a+  C:\WINDOWS\SysWOW64\wups.dll
12/11/2014   00017408 r-h-s-d-a+  C:\WINDOWS\system32\wuaext.dll
12/11/2014   00014336 r-h-s-d-a+  C:\WINDOWS\system32\winshfhc.dll
12/11/2014   00013824 r-h-s-d-a+  C:\WINDOWS\system32\mshta.exe
12/11/2014   00012800 r-h-s-d-a+  C:\WINDOWS\SysWOW64\winshfhc.dll
12/11/2014   00012800 r-h-s-d-a+  C:\WINDOWS\SysWOW64\mshta.exe
12/11/2014   00012800 r-h-s-d-a+  C:\WINDOWS\system32\msfeedssync.exe
12/11/2014   00011264 r-h-s-d-a+  C:\WINDOWS\SysWOW64\msfeedssync.exe

==================== RUNNING PROCESSES =========================================

[BBDaemon] -SYSTEM- C:\Program Files (x86)\BrytonBridge2\BBDaemon.exe - ()
[FastPlayerUpdaterService] -SYSTEM- C:\Program Files (x86)\FastPlayer\FastPlayerUpdaterService.exe - ()
[winlogon] -SYSTEM- C:\WINDOWS\system32\winlogon.exe - (Microsoft Corporation)

==================== IE PAGES ==================================================

IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.msn.com/nl-be/?pc=U207&ocid=U207DHP
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0KpmHQlPAOcVFJMXPHhRQyW3_NO86tcf-dt-8q6Ty_jOUbbRNExSZ16rrpzbqgWA47doZls9PmCpm9fMcPIebuL24dm-6NRl1K4clVV0mq1Pf817cKqAHufl7677BWO1vbxGHu2W3Fs&q={searchTerms}
IE02 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408906748&from=tugs&uid=ST500LT012-9WS142_S0V5E7ASXXXXS0V5E7AS
IE04 - HKCU\..\SearchScopes 797DF6AA7E804A198B32EF9E4B02C6A0 @ DisplayName: [Trovi search] @ URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324332&octid=EB_ORIGINAL_CTID&ISID=MDFE6B482-F1E4-4FD0-89D0-02479BB58F78&SearchSource=58&CUI=&UM=6&UP=SP2F0D5959-658F-4AD5-850C-7C456828025E&q={searchTerms}&SSPV=
IE04 - HKCU\..\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} @ DisplayName: [Web Search] @ URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0KpmHQlPAOcVFJMXPHhRQyW3_NO86tcf-dt-8q6Ty_jOUbbRNExSZ16rrpzbqgWA47doZls9PmCpm9fMcPIebuL24dm-6NRl1K4clVV0mq1Pf817cKqAHufl7677BWO1vbxGHu2W3Fs&q={searchTerms}
IE04 - HKCU\..\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} @ DisplayName: [Trovi search] @ URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324332&octid=EB_ORIGINAL_CTID&ISID=MDFE6B482-F1E4-4FD0-89D0-02479BB58F78&SearchSource=58&CUI=&UM=6&UP=SP2F0D5959-658F-4AD5-850C-7C456828025E&q={searchTerms}&SSPV=
IE04 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE04 - HKCU\..\SearchScopes {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} @ DisplayName: [Search The Web] @ URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5116&q={searchTerms}
IE05 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\SysWOW64\ieframe.dll
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = about:blank
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = about:blank
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = about:blank
IE08 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = about:blank
IE10 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE10 - HKLM\..\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} @ DisplayName: [Web Search] @ URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0KpmHQlPAOcVFJMXPHhRQyW3_NO86tcf-dt-8q6Ty_jOUbbRNExSZ16rrpzbqgWA47doZls9PmCpm9fMcPIebuL24dm-6NRl1K4clVV0mq1Pf817cKqAHufl7677BWO1vbxGHu2W3Fr&q={searchTerms}
IE10 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE12 - HKLM\..\Toolbar{ccb24e92-62c4-4c53-95d2-65f9eed476bc} @ Default = C:\Program Files (x86)\mystarttb\mystartDx.dll
IE12 - HKLM\..\Toolbar{eec0f710-38b5-4aba-99bf-ec87564a4e13} @ Default = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Start Page = hxxp://www.msn.com/nl-be/?pc=U207&ocid=U207DHP
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\WINDOWS\system32\blank.htm
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0KpmHQlPAOcVFJMXPHhRQyW3_NO86tcf-dt-8q6Ty_jOUbbRNExSZ16rrpzbqgWA47doZls9PmCpm9fMcPIebuL24dm-6NRl1K4clVV0mq1Pf817cKqAHufl7677BWO1vbxGHu2W3Fs&q={searchTerms}
IE02 x64 - HKCU\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1408906748&from=tugs&uid=ST500LT012-9WS142_S0V5E7ASXXXXS0V5E7AS
IE04 x64 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = 797DF6AA7E804A198B32EF9E4B02C6A0
IE04 x64 - HKCU\..\SearchScopes 797DF6AA7E804A198B32EF9E4B02C6A0 @ DisplayName: [Trovi search] @ URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324332&octid=EB_ORIGINAL_CTID&ISID=MDFE6B482-F1E4-4FD0-89D0-02479BB58F78&SearchSource=58&CUI=&UM=6&UP=SP2F0D5959-658F-4AD5-850C-7C456828025E&q={searchTerms}&SSPV=
IE04 x64 - HKCU\..\SearchScopes {006ee092-9658-4fd6-bd8e-a21a348e59f5} @ DisplayName: [Web Search] @ URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0KpmHQlPAOcVFJMXPHhRQyW3_NO86tcf-dt-8q6Ty_jOUbbRNExSZ16rrpzbqgWA47doZls9PmCpm9fMcPIebuL24dm-6NRl1K4clVV0mq1Pf817cKqAHufl7677BWO1vbxGHu2W3Fs&q={searchTerms}
IE04 x64 - HKCU\..\SearchScopes {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} @ DisplayName: [Trovi search] @ URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3324332&octid=EB_ORIGINAL_CTID&ISID=MDFE6B482-F1E4-4FD0-89D0-02479BB58F78&SearchSource=58&CUI=&UM=6&UP=SP2F0D5959-658F-4AD5-850C-7C456828025E&q={searchTerms}&SSPV=
IE04 x64 - HKCU\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q={searchTerms}&src=IE-SearchBox
IE04 x64 - HKCU\..\SearchScopes {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} @ DisplayName: [Search The Web] @ URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5116&q={searchTerms}
IE05 x64 - HKCU\..\URLSearchHooks @ {CFBFAE00-17A6-11D0-99CB-00C04FD64497} = C:\Windows\System32\ieframe.dll
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Start Page = about:blank
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Local Page = C:\Windows\System32\blank.htm
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Page_URL = about:blank
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Default_Search_URL = about:blank
IE08 x64 - HKLM\Software\Microsoft\Internet Explorer\Main @ Search Page = about:blank
IE10 x64 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes @ DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE10 x64 - HKLM\..\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} @ DisplayName: [@ieframe.dll,-12512] @ URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE10 x64 - HKLM\..\SearchScopes {DA6A79F6-5E4F-492C-BB27-EE9F60E3C6C8} @ DisplayName: [Bing] @ URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAPBJS
IE12 - HKLM\..\Toolbar{ccb24e92-62c4-4c53-95d2-65f9eed476bc} @ Default = C:\Program Files (x86)\mystarttb\mystartDx64.dll
IE12 - HKLM\..\Toolbar{eec0f710-38b5-4aba-99bf-ec87564a4e13} @ Default = "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll"

==================== Auto Load =================================================

AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = userinit.exe
AL00 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Userinit = C:\WINDOWS\System32\Userinit.exe,
AL00 x64 - HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon @ Shell = explorer.exe

==================== Firefox ===================================================

FF - ProfilePath - C:\Users\rita\AppData\Roaming\Mozilla\firefox\Profiles\fz89lp0l.default
FF - Ext: [Belgium eID 1.0.18 ] - extension - belgiumeid@eid.belgium.be visible: True active: True
FF - Ext: [Lyrics Say 1.132 ] - extension - {f8b7c7c7-4ef7-4ab2-8e68-0aae4045cd46} visible: True active: False
FF - Ext: [Default 31.0 ] - theme - {972ce4c6-7e08-4474-a285-3208198ce6fd} visible: True active: True
FF - Ext: [Fast Start 4.3.0 ] - extension - faststartff@gmail.com visible: True active: False
FF - Ext: [Fast Start 4.3.0 ] - extension - faststartff@gmail.com visible: False active: False
FF - Ext: [pagerankclientkoeniglichch 1004.99.453 ] - extension - pagerank-client@koeniglich.ch visible: True active: True
FF - Ext: [Avira Browser Safety 1.3.1 ] - extension - abs@avira.com visible: True active: True
FF - Ext: [MyStart Toolbar 5.4 ] - extension - {607b689f-7600-45e4-b8e5-887f72dab15c} visible: True active: False
FF - Ext: [HostSecurePlugin 5.31.6 ] - extension - 9654538aa6124877979b03b4d4117045@jetpack visible: True active: False
FF - Ext: [videos MediaPlay-Air 0.95.80 ] - extension - 5c8764929678437cbd90994a5a82@ac863d978ade40948f4c7f15bb3c4.com visible: True active: True

FF - PlugIn: [Adobe® Flash® Player 15.0.0.223 Plugin] - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll

FF - prefs.js: user_pref("browser.search.defaultengine", "Ask Search");
FF - prefs.js: user_pref("browser.search.defaultenginename", "Bing ");
FF - prefs.js: user_pref("browser.startup.homepage", "hxxp://www.msn.com/nl-be/?pc=U207&ocid=U207DHP|hxxp://www.trovi.com/?gd=&ctid=CT3324332&octid=EB_ORIGINAL_CTID&ISID=MDFE6B482-F1E4-4FD0-89D0-02479BB58F78&SearchSource=55&CUI=&UM=6&UP=SP2F0D5959-658F-4AD5-850C-7C456828025E&SSPV=");
FF - prefs.js: user_pref("keyword.URL", "hxxp://www.bing.com/search?FORM=U207DF&PC=U207&q=");

==================== Google Chrome =============================================

GC - Prefpath: C:\Users\rita\AppData\Local\Google\Chrome\User Data\Default\Preferences

GC - Profile Name: Standaardprofiel
GC - Homepage: 
GC - Default Search Provider: 

= Known Disabled Extensions =



==================== Windows Host File =========================================


==================== BHO =======================================================

BHO - [Bing Bar Helper] - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} @ Default = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO - [HostSecurePlugin] - {2B0183D6-3C22-4F0B-F62F-58AF52F66606} @ Default = C:\Program Files (x86)\HostSecurePlugin\bho32.dll
BHO - [Java(tm) Plug-In SSV Helper] - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} @ Default = C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO - [Skype Click to Call for Internet Explorer] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} @ Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO - [MyStart Toolbar] - {ccb24e92-62c4-4c53-95d2-65f9eed476bc} @ Default = C:\Program Files (x86)\mystarttb\mystartDx.dll
BHO - [Java(tm) Plug-In 2 SSV Helper] - {DBC80044-A445-435b-BC74-9C25C1C588A9} @ Default = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO x64 - [Bing Bar Helper] - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} @ Default = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
BHO x64 - [HostSecurePlugin] - {2B0183D6-3C22-4F0B-F62F-58AF52F66606} @ Default = C:\Program Files\HostSecurePlugin\bho64.dll
BHO x64 - [Skype Click to Call for Internet Explorer] - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} @ Default = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

==================== Auto Start Programs =======================================

ASP01 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
ASP01 - HKLM\..\Run @ avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
ASP01 - HKLM\..\Run @ Avira Systray = C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
ASP01 - HKLM\..\Run @ ConvertAd = C:\Users\rita\AppData\Local\ConvertAd\ConvertAd.exe
ASP01 - HKLM\..\Run @ CrashMon = "C:\Program Files (x86)\Universal Updater\CrashMon.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
ASP01 - HKLM\..\Run @ HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
ASP01 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP01 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
ASP01 - HKLM\..\Run @ Salus = C:\Program Files (x86)\Salus\Salus.exe
ASP01 - HKLM\..\Run @ Salus CrashMon = "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "http://log.data-url.com/salus/crash"
ASP01 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
ASP01 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ASP04 - HKCU\..\Run @ AviraSpeedup = "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
ASP04 - HKCU\..\Run @ Facebook Update = "C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
ASP04 - HKCU\..\Run @ HP Officejet 4620 series (NET) = "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH38P140FY05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
ASP04 - HKCU\..\Run @ NokiaSuite.exe = C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
ASP04 - HKCU\..\Run @ Price-Horse = C:\Users\rita\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
ASP04 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
ASP04 - HKCU\..\Run @ Yahoo! Search = C:\Users\rita\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
ASP01 x64 - HKLM\..\Run @ APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
ASP01 x64 - HKLM\..\Run @ avgnt = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
ASP01 x64 - HKLM\..\Run @ Avira Systray = C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
ASP01 x64 - HKLM\..\Run @ ConvertAd = C:\Users\rita\AppData\Local\ConvertAd\ConvertAd.exe
ASP01 x64 - HKLM\..\Run @ CrashMon = "C:\Program Files (x86)\Universal Updater\CrashMon.exe" "UniversalUpdater" "http://log.data-url.com/crash/"
ASP01 x64 - HKLM\..\Run @ HP Software Update = C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
ASP01 x64 - HKLM\..\Run @ iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
ASP01 x64 - HKLM\..\Run @ QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
ASP01 x64 - HKLM\..\Run @ Salus = C:\Program Files (x86)\Salus\Salus.exe
ASP01 x64 - HKLM\..\Run @ Salus CrashMon = "C:\Program Files (x86)\Salus\CrashMon.exe" "Salus.exe" "http://log.data-url.com/salus/crash"
ASP01 x64 - HKLM\..\Run @ StartCCC = "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
ASP01 x64 - HKLM\..\Run @ SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
ASP04 x64 - HKCU\..\Run @ AviraSpeedup = "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
ASP04 x64 - HKCU\..\Run @ Facebook Update = "C:\Users\rita\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
ASP04 x64 - HKCU\..\Run @ HP Officejet 4620 series (NET) = "C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "TH38P140FY05S1:NW" -scfn "HP Officejet 4620 series (NET)" -AutoStart 1
ASP04 x64 - HKCU\..\Run @ NokiaSuite.exe = C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
ASP04 x64 - HKCU\..\Run @ Price-Horse = C:\Users\rita\AppData\Local\pricehorse\pricehorse\1.3.13.12\pricehorse.exe
ASP04 x64 - HKCU\..\Run @ Skype = "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
ASP04 x64 - HKCU\..\Run @ Yahoo! Search = C:\Users\rita\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
ASP - Startup - C:\Users\rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
ASP - Startup - C:\Users\rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ASP - Startup - C:\Users\rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HostSecurePlugin.lnk
ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BrytonBridge2.lnk
ASP - CommonStartup - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini



==================== Extra Items IE ============================================

EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 - App Ext - HKCU\..\Approved Extensions @ {1DAD3AF3-EF2F-4F64-AC4B-11789189FCB6} = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EI04 - App Ext - HKCU\..\Approved Extensions @ {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} = shdocvw.dll
EI04 - App Ext - HKCU\..\Approved Extensions @ {EEC0F710-38B5-4ABA-99BF-EC87564A4E13} = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
EI04 - App Ext - HKCU\..\Approved Extensions @ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} = C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCELERATED_GRAPHICS @ Text = Accelerated graphics
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\ACCESSIBILITY @ Text = Accessibility
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\BROWSE @ Text = Browsing
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\CRYPTO @ Text = Security
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\HTTP @ Text = HTTP settings
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\INTERNATIONAL @ Text = International
EI03 x64 - Adv Opt - HKLM\..\AdvancedOptions\MULTIMEDIA @ Text = Multimedia
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {11111111-1111-1111-1111-110611171199} = 
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {1DAD3AF3-EF2F-4F64-AC4B-11789189FCB6} = C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {4D2D3B0F-69BE-477A-90F5-FDDB05357975} = 
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {98889811-442D-49DD-99D7-DC866BE87DBC} = 
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {BDEADE7F-C265-11D0-BCED-00A0C90AB50F} = 
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {EEC0F710-38B5-4ABA-99BF-EC87564A4E13} = "C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll"
EI04 x64 - App Ext - HKCU\..\Approved Extensions @ {FF059E31-CC5A-4E2E-BF3B-96E929D65503} = 

==================== Internet Default Prefix ===================================

IDP00 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://
IDP00 x64 - Default - HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix @ Default = http://
IDP01 x64 - WWW - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes @ WWW = http://

==================== Default Settings IE - DSIE ================================

DSIE - ieuinit.inf: START_PAGE= "http://go.microsoft.com/fwlink/p/?LinkId
DSIE - ieuinit.inf: SEARCH_PAGE_URL= "http://go.microsoft.com/fwlink/?LinkId

==================== Protocol Hijackers - PH ===================================

PH00 - Handler:skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} @  =  Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll #  MD5 [c89f814492178585da89f452ce19b720]
PH00 x64 - Handler:skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} @  =  Unknown # C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll #  MD5 [b15862b3db1f5396fd3cb27ed584b681]

==================== Automatic Started DLL's (AS) ==============================

AS00 -  @ AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll
AS00 x64 -  @ AppInit_DLLs = C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll

==================== ShellServiceObjectDelayLoad - SSODL =======================

SSODL - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @  = 
SSODL x64 - WebCheck = {E6FB5E20-DE35-11CF-9C87-00AA005127ED} @  = 

==================== Extra items - EXT (Torpig/ConduitSearch) ==================

EXT01 - HKCU\SOFTWARE\AppDataLow\Software\AppDataLow
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Crossrider
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Lyriwow
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\mystarttb
EXT01 - HKCU\SOFTWARE\AppDataLow\Software\videos MediaPlay-Air
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
EXT02 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\AppDataLow
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Crossrider
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\JavaSoft
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Lyriwow
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\Microsoft
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\mystarttb
EXT01 x64 - HKCU\SOFTWARE\AppDataLow\Software\videos MediaPlay-Air
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\FileSystem @ {217FC9C0-3AEA-1069-A2DB-08002B30309D}= C:\WINDOWS\system32\shell32.dll
EXT02 x64 - HKCR\Directory\shellex\CopyHookHandlers\Sharing @ {40dd6e20-7c17-11ce-a804-00aa003ca9f6}= C:\WINDOWS\system32\ntshrui.dll

==================== DRIVERS and SERVICES ======================================

*** Win32OwnProcess *** 

SERV - R2 - [AMD External Events Utility] - AMD External Events Utility - c:\windows\system32\atiesrxx.exe
SERV - R2 - [AMD FUEL Service] - AMD FUEL Service - c:\program files\ati technologies\ati.ace\fuel\fuel.service.exe
SERV - R2 - [AntiVirSchedulerService] - Avira Scheduler - c:\program files (x86)\avira\antivir desktop\sched.exe
SERV - R2 - [AntiVirService] - Avira Real-Time Protection - c:\program files (x86)\avira\antivir desktop\avguard.exe
SERV - R2 - [Apple Mobile Device] - Apple Mobile Device - c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe
SERV - R2 - [Avira.OE.ServiceHost] - Avira Service Host - c:\program files (x86)\avira\my avira\avira.oe.servicehost.exe
SERV - R2 - [BBService] - Bryton Bridge Service - c:\program files (x86)\brytonbridge2\bbservice.exe
SERV - R2 - [Bonjour Service] - Bonjour-service - c:\program files\bonjour\mdnsresponder.exe
SERV - R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
SERV - R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
SERV - R2 - [CltMngSvc] - Search Protect Service - c:\program files (x86)\searchprotect\main\bin\cltmngsvc.exe
SERV - R2 - [CxAudMsg] - Conexant Audio Message Service - c:\windows\system32\cxaudmsg64.exe
SERV - R2 - [DsiWMIService] - Dritek WMI Service - c:\program files (x86)\launch manager\dsiwmis.exe
SERV - R2 - [FastPlayerUpdaterService] - FastPlayer Updater Service - c:\program files (x86)\fastplayer\fastplayerupdaterservice.exe
SERV - R2 - [GamesAppIntegrationService] - GamesAppIntegrationService - c:\program files (x86)\wildtangent games\app\gamesappintegrationservice.exe
SERV - R2 - [IconMan_R] - IconMan_R - c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe
SERV - R2 - [NAUpdate] - Nero Update - c:\program files (x86)\nero\update\nasvc.exe
SERV - R2 - [RfButtonDriverService] - Dritek RF Button Command Service - c:\windows\rfbtnsvc64.exe
SERV - R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
SERV - R2 - [ZAtheros Wlan Agent] - ZAtheros Wlan Agent - c:\program files (x86)\qualcomm atheros\ath_wlanagent.exe
SERV - R3 - [ePowerSvc] - ePower Service - c:\program files\packard bell\packard bell power management\epowersvc.exe
SERV - S2 - [globalUpdate] - globalUpdate Update Service (globalUpdate) - c:\program files (x86)\globalupdate\update\googleupdate.exe
SERV - S2 - [gupdate] - Google Update-service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
SERV - S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
SERV - S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
SERV - S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
SERV - S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
SERV - S3 - [DeviceFastLaneService] - Device Fast-lane Service - c:\program files\packard bell\packard bell device fast-lane\devicefastlanesvc.exe
SERV - S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
SERV - S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
SERV - S3 - [GamesAppService] - GamesAppService - c:\program files (x86)\wildtangent games\app\gamesappservice.exe
SERV - S3 - [globalUpdatem] - globalUpdate Update Service (globalUpdatem) - c:\program files (x86)\globalupdate\update\googleupdate.exe
SERV - S3 - [gupdatem] - Google Update-service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
SERV - S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
SERV - S3 - [iPod Service] - iPod-service - c:\program files\ipod\bin\ipodservice.exe
SERV - S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
SERV - S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
SERV - S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
SERV - S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
SERV - S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
SERV - S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
SERV - S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
SERV - S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
SERV - S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
SERV - S3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
SERV - S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
SERV - S3 - [WdNisSvc] - Windows Defender Network Inspection Service - c:\program files\windows defender\nissrv.exe
SERV - S3 - [WinDefend] - Windows Defender Service - c:\program files\windows defender\msmpeng.exe
SERV - S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
SERV - S3 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
SERV - S4 - [AntiVirWebService] - Avira Web Protection - c:\program files (x86)\avira\antivir desktop\avwebg7.exe

*** Win32ShareProcess *** 

SERV - R2 - [SamSs] - Security Accounts Manager - c:\windows\system32\lsass.exe
SERV - R3 - [KeyIso] - CNG Key Isolation - c:\windows\system32\lsass.exe
SERV - R3 - [VaultSvc] - Credential Manager - c:\windows\system32\lsass.exe
SERV - S3 - [EFS] - Encrypting File System (EFS) - c:\windows\system32\lsass.exe
SERV - S3 - [Netlogon] - Netlogon - c:\windows\system32\lsass.exe
SERV - S4 - [NetTcpPortSharing] - Net.Tcp Port Sharing Service - c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe

*** Others ***

SERV - R2 - [Spooler] - Print Spooler - c:\windows\system32\spoolsv.exe
SERV - R3 - [ServiceLayer] - ServiceLayer - c:\program files (x86)\pc connectivity solution\servicelayer.exe
SERV - S3 - [UI0Detect] - Interactive Services Detection - c:\windows\system32\ui0detect.exe

*** File System Driver *** 

DRV - R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys
DRV - R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys
DRV - R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys
DRV - R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys
DRV - R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys
DRV - R2 - [srv] - Server SMB 1.xxx Driver - C:\WINDOWS\system32\Drivers\srv.sys
DRV - R3 - [srv2] - Server SMB 2.xxx Driver - C:\WINDOWS\system32\Drivers\srv2.sys

*** Kernel Driver *** 

DRV - R0 - [ACPI] - Microsoft ACPI-stuurprogramma - C:\WINDOWS\system32\Drivers\ACPI.sys
DRV - R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys
DRV - R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys
DRV - R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys
DRV - R0 - [disk] - Stuurprogramma voor schijfstations - C:\WINDOWS\system32\Drivers\disk.sys
DRV - R0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys
DRV - R0 - [fvevol] - BitLocker Drive Encryption Filter Driver - C:\WINDOWS\system32\Drivers\fvevol.sys
DRV - R0 - [intelpep] - Stuurprogramma voor Intel(R) Power Engine-invoegtoepassing  - C:\WINDOWS\system32\Drivers\intelpep.sys
DRV - R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys
DRV - R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys
DRV - R0 - [mountmgr] - Mount Point Manager - C:\WINDOWS\system32\Drivers\mountmgr.sys
DRV - R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys
DRV - R0 - [NDIS] - NDIS System Driver - C:\WINDOWS\system32\Drivers\NDIS.sys
DRV - R0 - [partmgr] - Partition Manager - C:\WINDOWS\system32\Drivers\partmgr.sys
DRV - R0 - [pci] - PCI Bus-stuurprogramma - C:\WINDOWS\system32\Drivers\pci.sys
DRV - R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys
DRV - R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys
DRV - R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys
DRV - R0 - [spaceport] - Stuurprogramma voor opslagruimten - C:\WINDOWS\system32\Drivers\spaceport.sys
DRV - R0 - [storahci] - Microsoft Standaard SATA AHCI-stuurprogramma - C:\WINDOWS\system32\Drivers\storahci.sys
DRV - R0 - [Tcpip] - Stuurprogramma voor TCP/IP-protocol - C:\WINDOWS\system32\Drivers\Tcpip.sys
DRV - R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator - C:\WINDOWS\system32\Drivers\vdrvroot.sys
DRV - R0 - [volmgr] - Stuurprogramma voor Volumebeheer - C:\WINDOWS\system32\Drivers\volmgr.sys
DRV - R0 - [volmgrx] - Dynamic Volume Manager - C:\WINDOWS\system32\Drivers\volmgrx.sys
DRV - R0 - [volsnap] - Opslagvolumes - C:\WINDOWS\system32\Drivers\volsnap.sys
DRV - R0 - [Wdf01000] - Kernel Mode Driver Frameworks service - C:\WINDOWS\system32\Drivers\Wdf01000.sys
DRV - R0 - [WFPLWFS] - Microsoft Windows Filtering Platform - C:\WINDOWS\system32\Drivers\WFPLWFS.sys
DRV - R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys
DRV - R1 - [Beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys
DRV - R1 - [tdx] - Stuurprogramma voor ondersteuning van NetIO Legacy TDI - C:\WINDOWS\system32\Drivers\tdx.sys
DRV - R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys
DRV - S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys
DRV - S3 - [atapi] - IDE-kanaal - C:\WINDOWS\system32\Drivers\atapi.sys

==================== SvcHost - White Listed ====================================

All Ok

WOW - All Ok

==================== SigCheck x86 Fast =========================================

Fast Scan All ok

==================== SigCheck x64 Fast =========================================

Fast Scan All ok

==================== Job tasks =================================================

There are no .job files found. 

==================== End scanning at di 18 nov 2014 09:56 (2 Min 34 Sec ) ======