~ Verslag van ZHPDiag v2015.1.15.6 - Nicolas Coolman  (15/01/2015)
~ Gelanceerd door Pieter (24/03/2015 18:33:31)
~ Facebook : https://www.facebook.com/nicolascoolman1
~ Het adres van de webforum : http://forum.nicolascoolman.fr
~ Vertaald door de gebruiker
~ Staat van de versie : Neue Version verfügbar
~  Lijst wit : Ingeschakeld door het programma
~ Tot misbruik van bevoegdheden : OK
~ Gebruikersaccountbeheer (UAC) : Deactivate by user


---\\ Internet-browsers
MSIE: Internet Explorer v9.0.8112.16421

---\\ Windows productinformatie
~ Langage: Néerlandais
Windows Vista (TM) Home Premium, 32-bit Service Pack 2 (Build 6002)
Windows Server License Manager Script : OK
Windows Automatic Updates : OK

---\\ Software om het systeem te beveiligen
Microsoft Security Client v4.7.0205.0

---\\ Systeem optimalisatie software

---\\ Delen van software PeerToPeer

---\\ Software die extra aandacht behoeft
Adobe Flash Player 9 Plugin
Adobe Reader 9.1

---\\ Informatie over het systeem
~ Processor: x86 Family 6 Model 15 Stepping 11, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3061 MB (39% free)
System Restore: Désactivé (Disabled)
System drive C: has 181 GB (80%) free of 225 GB

---\\ Verbinding met het systeem-modus
~ Computer Name: PC_VAN_PIETER
~ User Name: Pieter
~ All Users Names: Pieter, Gast, ASPNET, Administrator, 
~ Unselected Option: None
Logged in as Administrator

---\\ Omgevingsvariabelen
~ System Unit : C:\
~ %AppZHP% : C:\Users\Pieter\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Pieter\AppData\Roaming\
~ %Desktop% : C:\Users\Pieter\Desktop\
~ %Favorites% : C:\Users\Pieter\Favorites\
~ %LocalAppData% : C:\Users\Pieter\AppData\Local\
~ %StartMenu% : C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Overzicht vaste en verwisselbare stations
C: Hard drive, Flash drive, Thumb drive (Free 181 Go of 225 Go)
D: CD-ROM drive (Not Inserted)



---\\ Staat van het Windows Beveiligingscentrum
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 42 Legitimates Filtered in 00mn 00s



---\\ Zoeken naar bepaalde algemene bestanden
[MD5.D07D4C3038F3578FFCE1C0237F2A1253] - (.Microsoft Corporation - Windows Verkenner.) (.10/04/2009 - 23:27:38.) -- C:\Windows\Explorer.exe [2926592]
[MD5.101BA3EA053480BB5D957EF37C06B5ED] - (.Microsoft Corporation - Windows Toepassing Opstarten.) (.18/01/2008 - 23:33:38.) -- C:\Windows\System32\Wininit.exe [96768]
[MD5.6293D025E82071B9424877E30B6AC1C8] - (.Microsoft Corporation - Internetuitbreidingen voor Win32.) (.22/03/2015 - 16:54:43.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.898E7C06A350D4A1A64A9EA264D55452] - (.Microsoft Corporation - Toepassing Windows-aanmelden.) (.10/04/2009 - 23:28:14.) -- C:\Windows\System32\Winlogon.exe [314368]
[MD5.A201207363AA900ABF1A388468688570] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.10/04/2009 - 21:47:04.) -- C:\Windows\system32\Drivers\AFD.sys [273920]
[MD5.1F05B78AB91C9075565A9D8A4B880BC4] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.10/04/2009 - 23:32:28.) -- C:\Windows\system32\Drivers\atapi.sys [19944]
[MD5.7ADD03E75BEB9E6DD102C3081D29840A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.18/01/2008 - 21:28:04.) -- C:\Windows\system32\Drivers\Cdfs.sys [70144]
[MD5.6B4BFFB9BECD728097024276430DB314] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.10/04/2009 - 21:39:18.) -- C:\Windows\system32\Drivers\Cdrom.sys [67072]
[MD5.218D8AE46C88E82014F5D73D0236D9B2] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.10/04/2009 - 21:14:14.) -- C:\Windows\system32\Drivers\DfsC.sys [75264]
[MD5.062452B7FFD68C8C042A6261FE8DFF4A] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.10/04/2009 - 21:42:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [561152]
[MD5.22D56C8184586B7A1F6FA60BE5F5A2BD] - (.Microsoft Corporation - i8042-poortstuurprogramma.) (.18/01/2008 - 21:49:20.) -- C:\Windows\system32\Drivers\i8042prt.sys [54784]
[MD5.8793643A67B42CEC66490B2A0CF92D68] - (.Microsoft Corporation - IP Network Address Translator.) (.18/01/2008 - 21:56:30.) -- C:\Windows\system32\Drivers\IpNat.sys [100864]
[MD5.454341E652BDF5E01B0F2140232B073E] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.23/02/2010 - 12:10:13.) -- C:\Windows\system32\Drivers\MRxSmb.sys [106496]
[MD5.ECD64230A59CBD93C85F1CD1CAB9F3F6] - (.Microsoft Corporation - MBT Transport driver.) (.10/04/2009 - 21:45:38.) -- C:\Windows\system32\Drivers\netBT.sys [185856]
[MD5.6A4A98CEE84CF9E99564510DDA4BAA47] - (.Microsoft Corporation - NT-bestandssysteemstuurprogramma.) (.10/04/2009 - 23:32:50.) -- C:\Windows\system32\Drivers\ntfs.sys [1083880]
[MD5.0FA9B5055484649D63C303FE404E5F4D] - (.Microsoft Corporation - Stuurprogramma voor parallelle poort.) (.2/11/2006 - 9:51:30.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.A214ADBAF4CB47DD2728859EF31F26B0] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.18/01/2008 - 21:56:36.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [76288]
[MD5.E8BD98D46F2ED77132BA927FCCB47D8B] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.2/11/2006 - 10:03:00.) -- C:\Windows\system32\Drivers\rdpdr.sys [242688]
[MD5.7B75299A4D201D6A6533603D6914AB04] - (.Microsoft Corporation - SMB Transport driver.) (.10/04/2009 - 21:45:24.) -- C:\Windows\system32\Drivers\smb.sys [66560]
[MD5.76B06EB8A01FC8624D699E7045303E54] - (.Microsoft Corporation - TDI Translation Driver.) (.10/04/2009 - 21:45:58.) -- C:\Windows\system32\Drivers\tdx.sys [72192]
[MD5.147281C01FCB1DF9252DE2A10D5E7093] - (.Microsoft Corporation - Volume Shadow Copy-stuurprogramma.) (.10/04/2009 - 23:32:56.) -- C:\Windows\system32\Drivers\volsnap.sys [226280]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Status van de verborgen bestanden (verborgen/totaal)
~ Mes images (My Pictures) : 1/1119
~ Mes musiques (My Musics) : 1/112
~ Mes Videos (My Videos) : 1/4
~ Mes Favoris (My Favorites) : 1/37
~ Mes Documents (My Documents) : 5/50
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/25
~ Hidden Files:  Scanned in 00mn 00s



---\\ Gestarte processen
[MD5.8C6BC84B3513BE42EC204FEE5FB29446] - (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe   [894512] [PID.3156]
[MD5.9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F] - (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe   [30192] [PID.3176]
[MD5.E26642C193B81F2AA06D6013D4E07D03] - (...) -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe   [102400] [PID.3188]
[MD5.F371C6DF9A810EF2E6E4FA60ACBB5C33] - (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe   [174872] [PID.3220]
[MD5.2F0F0E6AA6F5874E13E792996077138B] - (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.exe   [1603152] [PID.3264]
[MD5.4B555106290BD117334E9A08761C035A] - (...) -- ystem32\rundll32.exe   [0] [PID.3332]
[MD5.B1D8669CD13163585CA133332EDD60E3] - (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe   [1120568] [PID.3380]
[MD5.BF08674925F151BD4537B89A493E3E0C] - (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehtray.exe   [125952] [PID.3388]
[MD5.85A0661690A6E39C8E5CB876775D4ECE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   [17709160] [PID.3396]
[MD5.0F4195B9B348DE5CF9B822F81704B20E] - (.Microsoft Corporation - Media Center Media Status Aggregator Servic.) -- C:\Windows\ehome\ehmsas.exe   [37376] [PID.1812]
[MD5.99CA5EBAC887277CC340F2271AF61D10] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe   [757968] [PID.2228]
[MD5.6080A176D09435FC8E6E800996656E18] - (.Microsoft Corporation - Console IME.) -- C:\Windows\system32\conime.exe   [69120] [PID.896]
[MD5.E8B0A9ECB76AAA0C3519E16F34A49858] - (.Microsoft Corporation - Windows SQM-consolidatie.) -- C:\Windows\System32\wsqmcons.exe   [192000] [PID.4612]
[MD5.AFDF3BDDF90824B727A272A2715D34FB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [8154624] [PID.5684]
[MD5.F26F7A5B18C717E57E3B6B306ABEC00B] - (.Microsoft Corporation - Antimalware Service Executable.) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe   [22184] [PID.964]
[MD5.862BB4CBC05D80C5B45BE430E5EF872F] - (.Microsoft Corporation - Microsoft Software Licensing Service.) -- C:\Windows\system32\SLsvc.exe   [3408896] [PID.1320]
[MD5.42B9D6E7B18F7AD09CF47323E592D421] - (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe   [88648] [PID.2016]  =>Adware.Allin1Convert
[MD5.AE38A12F79A4980DDB88F36514F8A1DA] - (.Intel Corporation - RAID Monitor.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe   [355096] [PID.284]
[MD5.C3162AC1B592CEB43ABE2F972A7222D3] - (.No owner - RichVideo Module.) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe   [266343] [PID.492]
[MD5.388AE59FE75F1B959DFA0900923C61BB] - (.Skype Technologies S.A. - Skype C2C Service.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe   [3064000] [PID.1512]
[MD5.FBD6B3BB2A40478DF5434A073D571CAE] - (.Microsoft Corporation - Uitvoerbaar bestand voor het berekenen van.) -- C:\Windows\system32\RacAgent.exe   [20480] [PID.5712]
~ Processes Running:  Scanned in 00mn 01s



---\\ Mozilla Firefox, Plugins, start, zoeken, extensies (P2, M0, M1, M2, M3)
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\prefs.js
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\askcom.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\bingp.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\MyStart Search.xml  =>Spyware.VMNToolbar
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\SearchquWebSearch.xml  =>PUP.Datamngr
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\SearchResults.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\Search_Results.xml  =>PUP.SearchResults
M3 - MFPP: Plugins - [Pieter] -- C:\Program Files\Mozilla FireFox\searchplugins\Ask.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchquWebSearch.xml  =>PUP.Datamngr
M3 - MFPP: Plugins - [Pieter] -- C:\Program Files\Mozilla FireFox\searchplugins\SearchResults.xml
M3 - MFPP: Plugins - [Pieter] -- C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml  =>PUP.SearchResults
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\8hffxtbr@Allin1Convert_8h.com] [] Allin1Convert v5.79.3.25578 (..)  =>Adware.Allin1Convert
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\toolbar@ask.com] [] LimeWire Toolbar v3.6.9.135 (..)
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\{3ad798d0-4642-4c55-bc14-cfe7dd19e0d1}] [] ToggleDU Toolbar v2.7.2.0 (..)
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\{584EC1BF-2DA0-3EB5-FE6A-BEFD1FA560EF}(84)] [] New tab v5.0.0.10781 (..)
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\{ad708c09-d51b-45b3-9d28-4eba2681febf}] [] Download Energy Toolbar v2.7.1.3 (..)
M2 - MFEP: prefs.js [Pieter - cuuovgxb.default\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}] [] PHPNukeEN Toolbar v2.7.2.0 (..)
P2 - FPN:Firefox Plugin Navigator . (...) -- C:\Program Files\Mozilla Firefox\Plugins\NPSWF32.dll
P2 - FPN: [HKLM] [@Allin1Convert_8h.com/Plugin] - (.Mindspark - Mindspark Toolbar Platform Plugin Stub for 32-bit Windows.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\NP8hStub.dll  =>Adware.Allin1Convert
~ Firefox Browser: 31 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, start, zoeken, URLSearchHook, Phishing (R0, R1, R3, R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.devoetbalkenner.be
~ IE Browser: 10 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, proxybeheer (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Analyse van lijnen F0, F1, F2, F3 - IniFiles, Autoloading programma's
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys:  Scanned in 00mn 00s



---\\ Hosts-bestand omleiding (O1)
~ Le fichier hôte est sain (The hosts file is clean) (20)
~ Hosts File:  Scanned in 00mn 00s



---\\ Browser Helper-objecten vanuit browser (O2)
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} . (.No owner - dtx Dynamic Link Library.) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll  =>PUP.Datamngr
O2 - BHO: (no name) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} Orphan sleutel
~ BHO: 16 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer werkbalken (O3)
O3 - Toolbar: Searchqu Toolbar - [HKLM]{99079a25-328f-4bd4-be04-00955acaa0a7} . (.No owner - dtx Dynamic Link Library.) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll  =>PUP.Datamngr
O3 - Toolbar: Search-Results Toolbar - [HKLM]{503e067f-2914-4edd-8432-2d6c52635e23} . (...) -- C:\Program Files\SEARCH~2\Datamngr\SRTOOL~1\searchresultsDx.dll  =>PUP.Datamngr
~ Toolbar:  Scanned in 00mn 00s



---\\ Andere Verwijzigingen gebruikers (O4)
O4 - GS\QuickLaunch [Pieter]: iMesh.lnk . (...)  -- C:\Program Files\iMesh Applications\iMesh\iMesh.exe (.not file.)  =>PUP.iMesh
O4 - GS\Desktop [Pieter]: Youtube.lnk . (...)  -- C:\Users\Pieter\AppData\Local\Torch\Application\torch.exe (.not file.)
~ Global Startup: 2 Legitimates Filtered in 00mn 02s



---\\ Toepassingen gestart door register &amp; bestand (O4)
O4 - HKLM\..\Run: [Windows Defender] . (.Microsoft Corporation - Windows Defender User Interface.) -- C:\Program Files\Windows Defender\MSASCui.exe 
O4 - HKLM\..\Run: [JMB36X IDE Setup] . (...) -- C:\Windows\RaidTool\xInsIDE.exe 
O4 - HKLM\..\Run: [SynTPEnh] . (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 
O4 - HKLM\..\Run: [RoxWatchTray] . (.Sonic Solutions - RoxMMTrayApp Module.) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe   =>.Sonic Solutions
O4 - HKLM\..\Run: [Google Desktop Search] . (.Google - Google Desktop.) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe 
O4 - HKLM\..\Run: [MSPService] . (...) -- C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe 
O4 - HKLM\..\Run: [toolbar_eula_launcher] . (...) -- C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe 
O4 - HKLM\..\Run: [IAAnotif] . (.Intel Corporation - Event Monitor User Notification Tool.) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe 
O4 - HKLM\..\Run: [CanonSolutionMenu] . (.CANON INC. - CNSLMAIN.) -- C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe 
O4 - HKLM\..\Run: [CanonMyPrinter] . (.CANON INC. - Canon My Printer.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe 
O4 - HKLM\..\Run: [DATAMNGR] C:\Program Files\SEARCH~2\Datamngr\DATAMN~2.exe (.not file.)   =>PUP.Datamngr
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] . (.Adobe Systems Incorporated - Adobe Acrobat SpeedLauncher.) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe 
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- c:\Program Files\Microsoft Security Client\msseces.exe 
O4 - HKLM\..\Run: [Allin1Convert EPM Support] . (.Mindspark Interactive Network, Inc. - Toolbar Software.) -- C:\Program Files\Allin1Convert_8h\bar\1.bin\8hmedint.exe   =>Adware.Allin1Convert
O4 - HKLM\..\Run: [NvSvc] . (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 156.6.) -- C:\Windows\system32\nvsvc.dll 
O4 - HKLM\..\Run: [NvCplDaemon] . (.NVIDIA Corporation - NVIDIA Display Properties Extension.) -- C:\Windows\system32\NvCpl.dll   =>.NVIDIA Corporation
O4 - HKLM\..\Run: [NvMediaCenter] . (.NVIDIA Corporation - NVIDIA Media Center Library.) -- C:\Windows\system32\NvMcTray.dll 
O4 - HKCU\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe 
O4 - HKCU\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKCU\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Sidebar.) -- C:\Program Files\Windows Sidebar\Sidebar.exe 
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter 
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe 
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] . (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe 
O4 - HKUS\S-1-5-21-2449446116-3773795481-2933146510-1002\..\Run: [SmpcSys] . (.Packard Bell BV - SmpSys.exe.) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe 
O4 - HKUS\S-1-5-21-2449446116-3773795481-2933146510-1002\..\Run: [ehTray.exe] . (.Microsoft Corporation - Media Center Tray Applet.) -- C:\Windows\ehome\ehTray.exe 
O4 - HKUS\S-1-5-21-2449446116-3773795481-2933146510-1002\..\Run: [Skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exe   =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2449446116-3773795481-2933146510-1002\..\Run: [WMPNSCFG] . (.Microsoft Corporation - Toepassing voor configuratie van Windows Me.) -- C:\Program Files\Windows Media Player\WMPNSCFG.exe   =>.Microsoft Corporation
~ Application:  Scanned in 00mn 00s



---\\ Knoppen op de werkbalk "belangrijkste instrumenten" Internet Explorer (O9)
O9 - Extra button: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- C:\Program Files\Skype\Toolbars\Internet Explorer\icon.ico
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons:  Scanned in 00mn 00s



---\\ Domeinadres van de DNS (O17) wijzigen
O17 - HKLM\System\CCS\Services\Tcpip\..\{6185A70E-B4B9-434F-BE50-344CF8431239}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD0A0A96-9B6F-4A30-9390-4A28EC9A7AA5}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6185A70E-B4B9-434F-BE50-344CF8431239}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD0A0A96-9B6F-4A30-9390-4A28EC9A7AA5}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{6185A70E-B4B9-434F-BE50-344CF8431239}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{DD0A0A96-9B6F-4A30-9390-4A28EC9A7AA5}: DhcpNameServer = 195.130.130.1 195.130.131.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.130.1 195.130.131.1
~ Domain:  Scanned in 00mn 00s



---\\ Aanvullend Protocol (O18)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML-viewer.) -- C:\Windows\system32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ AppInit_DLLs waarde en subsleutels Winlogon Notify (autorun) (O20)
O20 - AppInit_DLLs: . (.Google - Google Desktop.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll
~ AppInit DLL:  Scanned in 00mn 00s



---\\ Registersleutel autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Shell Browserbibliotheek met gebruikersinte.) -- C:\Windows\System32\browseui.dll
~ STS/SSO:  Scanned in 00mn 00s



---\\ Lijst van niet-Microsoft NT services die niet uitgeschakeld zijn (O23)
O23 - Service: Allin1ConvertService (Allin1Convert_8hService) . (.COMPANYVERS_NAME - PRODUCTVERS_TITLE.) - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe  =>Adware.Allin1Convert
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) . (...) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (.not file.)
~ Services: 6 Legitimates Filtered in 00mn 15s



---\\ Opsommen van Active Desktop &amp; MHTML Editor (O24)
O24 - Desktop General: BackupWallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\AFBEELDINGEN\007 (2).JPG
O24 - Desktop General: WallPaper - .(...) - C:\Users\Public\Pictures\Sample Pictures\AFBEELDINGEN\007 (2).JPG
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s



---\\ Sleutel Session Manager (Manager\appcertdlls, KnownDLLs)  (O36)
O36 - AppCertDlls: (x64) . (...) -- c:\program files\music app\datamngr\x64\apcrtldr.dll (Not file)  =>PUP.Datamngr
~ Keys:  Scanned in 00mn 00s



---\\ Taken die zijn gepland in de automatische modus (O39)
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Recovery DVD Creator   [342]
O39 - APT:  - (..) -- C:\Windows\Tasks\Uitgebreide garantie.job   [342]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Uitgebreide garantie   [342]
~ Scheduled Task: 5 Legitimates Filtered in 00mn 04s



---\\ Geïnstalleerde software (O42)
O42 - Logiciel: TVTUNER - (...) [HKLM] -- TVTUNER
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- iMesh  =>PUP.iMesh
O42 - Logiciel: iMesh - (.iMesh Inc..) [HKLM] -- {8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}  =>PUP.iMesh
~ Logic: 29 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Allin1Convert_8h]  =>Adware.Allin1Convert
[HKCU\Software\IncrediMail]
[HKCU\Software\USBest]
[HKCU\Software\iMesh]  =>PUP.iMesh
[HKLM\Software\Allin1Convert_8h]  =>Adware.Allin1Convert
[HKLM\Software\Bandoo]  =>Adware.Bandoo
[HKLM\Software\SearchquMediabarTb]  =>PUP.Datamngr
[HKLM\Software\iMeshSRTB]  =>PUP.iMesh
~ Key Software: 209 Legitimates Filtered in 00mn 01s



---\\ 'Inhoud van mappen programma's, ProgramFiles, ProgramData, AppData (O43)
O43 - CFD: 7/03/2014 - 15:31:50 - [] ----D C:\Program Files\Allin1Convert_8h  =>Adware.Allin1Convert
O43 - CFD: 14/12/2010 - 19:25:40 - [] ----D C:\Program Files\Ask.com
O43 - CFD: 21/03/2015 - 15:39:04 - [] ----D C:\Program Files\Bandoo  =>Adware.Bandoo
O43 - CFD: 21/03/2015 - 15:38:36 - [] ----D C:\Program Files\Charlie II
O43 - CFD: 13/12/2010 - 20:20:49 - [] ----D C:\Program Files\ConduitEngine  =>Toolbar.Conduit
O43 - CFD: 13/12/2010 - 20:20:10 - [] ----D C:\Program Files\Download_Energy
O43 - CFD: 14/12/2010 - 19:25:39 - [] ----D C:\Program Files\LimeWire
O43 - CFD: 13/12/2010 - 20:20:12 - [] ----D C:\Program Files\LimeWire Music
O43 - CFD: 11/11/2013 - 13:56:41 - [] ----D C:\Program Files\Search Results Toolbar  =>PUP.SearchResults
O43 - CFD: 30/03/2012 - 18:39:53 - [] ----D C:\Program Files\Searchqu Toolbar  =>PUP.Datamngr
O43 - CFD: 2/10/2013 - 18:56:05 - [0] ----D C:\ProgramData\BitGuard  =>PUP.BitGuard
O43 - CFD: 30/03/2012 - 18:39:28 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 2/10/2013 - 18:56:04 - [0] ----D C:\ProgramData\Browser Manager
O43 - CFD: 2/10/2013 - 18:56:05 - [0] ----D C:\ProgramData\BrowserProtect  =>Hijacker.Eazel
O43 - CFD: 18/07/2009 - 17:18:52 - [] ----D C:\ProgramData\IM
O43 - CFD: 6/05/2013 - 18:56:53 - [] ----D C:\ProgramData\iMesh  =>PUP.iMesh
O43 - CFD: 18/07/2009 - 16:48:21 - [] ----D C:\ProgramData\IncrediMail
O43 - CFD: 13/12/2010 - 20:19:57 - [] ----D C:\ProgramData\LimeWire Music
O43 - CFD: 30/06/2013 - 18:44:04 - [0] ----D C:\ProgramData\TorchCrashHandler
O43 - CFD: 6/05/2013 - 19:00:36 - [] --H-D C:\ProgramData\{3298FFE1-C957-4EA9-942B-CEF808ACF7DF}
O43 - CFD: 25/06/2010 - 20:38:39 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Charlie II
O43 - CFD: 26/01/2008 - 13:43:15 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD-Writer
O43 - CFD: 26/01/2008 - 13:44:41 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Home Entertainment
O43 - CFD: 6/05/2013 - 18:57:01 - [] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh  =>PUP.iMesh
O43 - CFD: 2/11/2006 - 13:37:34 - [] R-H-D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
O43 - CFD: 12/06/2010 - 20:23:45 - [0] ----D C:\Users\Pieter\AppData\Roaming\Bandoo  =>Adware.Bandoo
O43 - CFD: 14/12/2010 - 19:43:29 - [] ----D C:\Users\Pieter\AppData\Roaming\LimeWire
O43 - CFD: 13/12/2010 - 20:19:57 - [] ----D C:\Users\Pieter\AppData\Roaming\LimeWire Music
O43 - CFD: 11/07/2014 - 15:18:49 - [] ----D C:\Users\Pieter\AppData\Roaming\Music Toolbar  =>Adware.Bandoo
O43 - CFD: 6/05/2013 - 19:00:26 - [] ----D C:\Users\Pieter\AppData\Roaming\TFP
O43 - CFD: 12/03/2014 - 21:09:05 - [] ----D C:\Users\Pieter\AppData\Local\Allin1Convert_8h  =>Adware.Allin1Convert
O43 - CFD: 14/12/2010 - 19:34:11 - [] ----D C:\Users\Pieter\AppData\Local\AskToolbar
O43 - CFD: 18/02/2015 - 12:57:48 - [] ----D C:\Users\Pieter\AppData\Local\IAC
O43 - CFD: 18/07/2009 - 17:53:07 - [] ----D C:\Users\Pieter\AppData\Local\IM
O43 - CFD: 6/05/2013 - 19:03:49 - [] ----D C:\Users\Pieter\AppData\Local\iMesh  =>PUP.iMesh
O43 - CFD: 14/12/2010 - 19:24:13 - [0] ----D C:\Users\Pieter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LimeWire
~ Program Folder: 202 Legitimates Filtered in 00mn 01s



---\\ Meest recente bestanden gewijzigd of gemaakt op Windows en System32 (O44)
O44 - LFC:[MD5.47F22CAD4A16BB40153555D631546B94] - 21/03/2015 - 16:07:55 ---A- . (...) -- C:\Windows\System32\tcpmon.ini   [60124]
O44 - LFC:[MD5.628FBD4EF5BD0082C473AB1291F5A46E] - 21/03/2015 - 16:08:45 ---A- . (...) -- C:\Windows\System32\winrm.vbs   [195122]
O44 - LFC:[MD5.4599D028A0CA8B54555CF72345940B45] - 21/03/2015 - 16:09:01 ---A- . (...) -- C:\Windows\System32\gatherWiredInfo.vbs   [12198]
O44 - LFC:[MD5.97AED7FC6C2B38F34CA1A3C10D2F5A60] - 21/03/2015 - 16:09:07 ---A- . (...) -- C:\Windows\System32\fsmgmt.msc   [144909]
O44 - LFC:[MD5.31F784A968D3A483E18559B7580A3518] - 21/03/2015 - 17:01:25 ---A- . (...) -- C:\Windows\SPInstall.etl   [196608]
O44 - LFC:[MD5.86C92352C5DC529D18E5E42C98FE3941] - 21/03/2015 - 18:01:53 ---A- . (...) -- C:\Windows\DtcInstall.log   [3840]
O44 - LFC:[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - 21/03/2015 - 18:04:07 R-HA- . (...) -- C:\Windows\WindowsShell.Manifest   [749]
O44 - LFC:[MD5.75DFEB04C0C978810720283C1B5CD7B1] - 22/03/2015 - 15:06:38 ---A- . (...) -- C:\Windows\System32\systemsf.ebd   [130008]
O44 - LFC:[MD5.6F7C27002EA0F9496070A1150C977DEC] - 22/03/2015 - 15:06:48 ---A- . (...) -- C:\Windows\System32\spcinstrumentation.man   [9239]
O44 - LFC:[MD5.BCDBB5CEA1E8AEA0FA353691EB003728] - 22/03/2015 - 15:06:50 ---A- . (...) -- C:\Windows\System32\slmgr.vbs   [92918]
O44 - LFC:[MD5.E9E66706083BFE4B0070EE0A5E8D42DB] - 22/03/2015 - 15:06:58 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchema.bin   [107612]
O44 - LFC:[MD5.D07E5384D2B4E71F7D49C9F334D69284] - 22/03/2015 - 15:06:58 ---A- . (...) -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin   [18904]
O44 - LFC:[MD5.A3EB38D309C5682BBA0E23732C5D4AF2] - 22/03/2015 - 15:07:25 ---A- . (...) -- C:\Windows\System32\WFP.TMF   [208966]
O44 - LFC:[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - 22/03/2015 - 15:07:34 ---A- . (...) -- C:\Windows\System32\korwbrkr.lex   [11967524]
O44 - LFC:[MD5.52CB0185C73E1BA86CC7F726F22523C3] - 22/03/2015 - 15:08:13 ---A- . (...) -- C:\Windows\System32\msjetoledb40.dll   [368640]
O44 - LFC:[MD5.4DF0D81B2B19B87DBFF241619DCDDC31] - 22/03/2015 - 15:09:15 ---A- . (...) -- C:\Windows\System32\dot3.tmf   [442788]
O44 - LFC:[MD5.358A03A7A47F0AD71E84306AC635A626] - 22/03/2015 - 15:09:22 ---A- . (.No owner - Verificatieprogramma Enhanced Storage.) -- C:\Windows\System32\EhStorAuthn.dll   [117248]
O44 - LFC:[MD5.AD4C3968CE1DB3A3A4632E1CDECA9555] - 22/03/2015 - 15:09:28 ---A- . (...) -- C:\Windows\System32\eaphost.tmf   [344698]
O44 - LFC:[MD5.4C58B5E71FEEFD18BB7F537343C7219A] - 22/03/2015 - 15:10:08 ---A- . (...) -- C:\Windows\System32\RacUREx.xml   [153]
O44 - LFC:[MD5.07400BC21119204892795F015052CDF4] - 22/03/2015 - 15:10:09 ---A- . (...) -- C:\Windows\System32\RacUR.xml   [9212]
O44 - LFC:[MD5.16D06DC26B8BD160AD81EE271D9577D8] - 22/03/2015 - 15:10:17 ---A- . (...) -- C:\Windows\System32\onex.tmf   [392170]
O44 - LFC:[MD5.4B333D3CC96AE66BD754329FD2989EE2] - 22/03/2015 - 16:54:37 ---A- . (...) -- C:\Windows\System32\ieuinit.inf   [72822]
O44 - LFC:[MD5.ECD81B99477AB4A93D7838EB40B870D0] - 22/03/2015 - 16:55:02 ---A- . (...) -- C:\Windows\System32\icrav03.rat   [8798]
O44 - LFC:[MD5.6D21D0A95286DCD09E354B612F592EB7] - 22/03/2015 - 16:55:02 ---A- . (...) -- C:\Windows\System32\ticrf.rat   [1988]
O44 - LFC:[MD5.B33A32A920DFB05C308FB42F15D5C98E] - 22/03/2015 - 16:56:55 ---A- . (...) -- C:\Windows\IE9_main.log   [14235]
~ Files: 1469 Legitimates Filtered in 00mn 54s



---\\ Laatste bestanden die zijn gemaakt in Windows Prefetcher (O45)
O45 - LFCP:[MD5.DBC2C1B7E19ABD2C5E93713D55DAB8AD] - 29/11/2011 - 19:11:52 ---A- - C:\Windows\Prefetch\BANDOO.EXE-2DAE60A7.pf  =>Adware.Bandoo
O45 - LFCP:[MD5.AC01B93E37DCA55E14542EFE86E20CF6] - 20/07/2014 - 20:03:16 ---A- - C:\Windows\Prefetch\BANDOOUI.EXE-E1BBBFEA.pf  =>Adware.Bandoo
O45 - LFCP:[MD5.77D1140472EA9C6C5D6645D5F670F094] - 25/06/2011 - 14:38:37 ---A- - C:\Windows\Prefetch\BANDOOV6[1].EXE-1806775C.pf  =>Adware.Bandoo
O45 - LFCP:[MD5.297ED0424F13725274EC5575511AE908] - 25/06/2011 - 14:39:33 ---A- - C:\Windows\Prefetch\BANDOOV6[1].EXE-4C4D631D.pf  =>Adware.Bandoo
O45 - LFCP:[MD5.5C2D5B3F38A071CC62115C23DAC65F06] - 21/03/2011 - 19:39:11 ---A- - C:\Windows\Prefetch\BANDOOV6[1].EXE-4FA12D1B.pf  =>Adware.Bandoo
O45 - LFCP:[MD5.FE750E6EAA6AD134BDE34DC0055F9D96] - 10/09/2010 - 17:53:53 ---A- - C:\Windows\Prefetch\BANDOOV6[2].EXE-B5139E58.pf  =>Adware.Bandoo
~ Prefetcher: 6 Legitimates Filtered in 00mn 00s



---\\ Image File Execution Options (IFEO) (O50))
O50 - IFEO:Image File Execution Options - bitguard.exe - tasklist.exe  =>PUP.BitGuard
O50 - IFEO:Image File Execution Options - bprotect.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - bpsvc.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - browserdefender.exe - tasklist.exe  =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browserprotect.exe - tasklist.exe  =>Hijacker.Eazel
O50 - IFEO:Image File Execution Options - browsersafeguard.exe - tasklist.exe  =>PUP.BrowserSafeguard
O50 - IFEO:Image File Execution Options - dprotectsvc.exe - tasklist.exe  =>Trojan.Staser
O50 - IFEO:Image File Execution Options - jumpflip - tasklist.exe  =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - protectedsearch.exe - tasklist.exe  =>Spyware.ProtectedSearch
O50 - IFEO:Image File Execution Options - searchinstaller.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - searchprotection.exe - tasklist.exe  =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchprotector.exe - tasklist.exe  =>PUP.SearchProtect
O50 - IFEO:Image File Execution Options - searchsettings.exe - tasklist.exe  =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - searchsettings64.exe - tasklist.exe  =>Adware.SearchSettings
O50 - IFEO:Image File Execution Options - snapdo.exe - tasklist.exe  =>Hijacker.SmartBar
O50 - IFEO:Image File Execution Options - stinst32.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - stinst64.exe - tasklist.exe
O50 - IFEO:Image File Execution Options - umbrella.exe - tasklist.exe  =>Adware.IMBooster
O50 - IFEO:Image File Execution Options - utiljumpflip.exe - tasklist.exe  =>PUP.JumpFlip
O50 - IFEO:Image File Execution Options - volaro - tasklist.exe  =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - vonteera - tasklist.exe  =>Trojan.Vonteera
O50 - IFEO:Image File Execution Options - websteroids.exe - tasklist.exe  =>PUP.TubeDimmer
O50 - IFEO:Image File Execution Options - websteroidsservice.exe - tasklist.exe  =>PUP.TubeDimmer
~ IFEO:  Scanned in 00mn 00s



---\\ Registersleutel Shell MountPoints2 (MPSK) (O51)
O51 - MPSK:{65edfd67-e67e-11de-b986-00030d000001}\AutoRun\command. (...) -- F:\laucher.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Opsomming van het register sleutels PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Overzicht van de drivers (SDL) (O58)
O58 - SDL:2/11/2006 - 10:51:34 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [316520]
O58 - SDL:2/11/2006 - 10:50:07 ---A- . (.Integrated Technology Express, Inc. - ITE IT8211 ATA/ATAPI SCSI miniport.) -- C:\Windows\System32\Drivers\iteatapi.sys   [35944]
O58 - SDL:8/01/2007 - 13:38:30 ---A- . (.Windows (R) Codename Longhorn DDK provider - SMSC Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\itecir.sys   [46592]
O58 - SDL:2/11/2006 - 10:50:09 ---A- . (.Integrated Technology Express, Inc. - ITE IT8212 ATA RAID SCSI miniport.) -- C:\Windows\System32\Drivers\iteraid.sys   [35944]
O58 - SDL:28/04/2003 - 10:31:18 ---A- . (.OEM - OX16C95x Serial Device Driver.) -- C:\Windows\System32\Drivers\OXSER.SYS   [51169]
O58 - SDL:24/02/2007 - 14:42:22 ---A- . (.REDC - RICOH SD Driver.) -- C:\Windows\System32\Drivers\rimmptsk.sys   [39936]
O58 - SDL:23/01/2007 - 16:40:20 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimsptsk.sys   [42496]
O58 - SDL:2/11/2006 - 10:51:25 ---A- . (.ULi Electronics Inc. - ULi SATA Controller Driver.) -- C:\Windows\System32\Drivers\uliahci.sys   [235112]
O58 - SDL:2/11/2006 - 10:50:35 ---A- . (.Promise Technology, Inc. - Promise Ultra/Sata Series Driver for Win2003.) -- C:\Windows\System32\Drivers\ulsata.sys   [98408]
O58 - SDL:2/11/2006 - 10:50:45 ---A- . (.Promise Technology, Inc. - Promise SATAII150 Series Windows Drivers.) -- C:\Windows\System32\Drivers\ulsata2.sys   [115816]
O58 - SDL:2/11/2006 - 8:09:42 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:2/11/2006 - 8:09:45 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:2/11/2006 - 8:09:41 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:2/11/2006 - 8:09:44 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:2/11/2006 - 8:09:29 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:2/11/2006 - 8:09:35 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:2/11/2006 - 8:09:38 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:2/11/2006 - 8:09:40 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:2/11/2006 - 8:09:31 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:2/11/2006 - 8:09:20 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:2/11/2006 - 8:09:23 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:2/11/2006 - 8:09:24 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:2/11/2006 - 8:09:26 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:2/11/2006 - 8:09:22 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 91 Legitimates Filtered in 00mn 01s



---\\ Meest recente bestanden gewijzigd of gemaakt (gebruiker) (O61)
O61 - LFC: 22/03/2015 - 18:36:09 ---A- . (...) -- C:\Users\Pieter\AppData\Local\Microsoft\Windows\1043\StructuredQuerySchema.bin   [202460]
O61 - LFC: 22/03/2015 - 18:38:14 ---A- . (...) -- C:\Users\Pieter\Downloads\RSIT.exe   [1107968]
~ 272 Fichiers temporaires (Temporary files)
~ 67 Fichiers cookies (Cookies files)
~ Files: 5 Legitimates Filtered in 02mn 05s



---\\ Lijst van cleaning tools (CLAB) (O63)
O63 - Logiciel: ZHPDiag 2015 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
O63 - Logiciel: RSIT - (.random/random.)
~ ADS:  Scanned in 00mn 00s



---\\ Bestandsassociaties mogelijk aangepast (O67)
O67 - Shell Spawning: <.html> <FirefoxHTML>[HKLM\..\open\Command] (...) -- C:\Program Files\MOZILL~1\FIREFOX.exe
O67 - Shell Spawning: <.html> <TorchHTML.XWT7UGZMV35XF7WTEKNPQNRJZ4>[HKCU\..\open\Command] (...) -- C:\Users\Pieter\AppData\Local\Torch\Application\torch.exe
O67 - Shell Spawning: <.com> <>[HKU\..\open\Command] (.Not Key.)
O67 - Shell Spawning: <.exe> <>[HKU\..\open\Command] (.Not Key.)
~ FASS Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Startmenu Internet (SMI) (O68)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O68 - StartMenuInternet: <Torch> <>[HKLM\..\Shell\open\Command] (.Not Key.)
O68 - StartMenuInternet: <Torch.XWT7UGZMV35XF7WTEKNPQNRJZ4> <Torch>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Pieter\AppData\Local\Torch\Application\torch.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Zoek "infecties in internetbrowsers (SBI) (O69)
O69 - SBI: C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\searchplugins\askcom.xml
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {70D46D94-BF1E-45ED-B567-48701376298E} - (Google Desktop) - http://127.0.0.1:4664/search&s=RMRivaVQgoyZfp6GBeEubREfdpc?q={searchTerms}
O69 - SBI: SearchScopes [HKCU] {80c554b9-c7f8-4a21-9471-06d606da78a2} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {8A96AF9E-4074-43b7-BEA3-87217BDA74C8} - (Search Results) - http://dts.search-results.com  =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKCU] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} - (Search Results) - http://dts.search-results.com  =>PUP.SearchResults
O69 - SBI: SearchScopes [HKCU] {acbd5593-e5ee-4c15-b48f-1823ce819dec} [DefaultScope] - (My Web Search) - http://search.mywebsearch.com  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKCU] {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} - (Ask Web Search) - http://search.tb.ask.com
O69 - SBI: SearchScopes [HKCU] {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} - (MyStart Search) - http://mystart.incredimail.com  =>Spyware.VMNToolbar
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {80c554b9-c7f8-4a21-9471-06d606da78a2} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} - (Search Results) - http://dts.search-results.com  =>PUP.SearchResults
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {acbd5593-e5ee-4c15-b48f-1823ce819dec} - (My Web Search) - http://search.mywebsearch.com  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} - (Ask Web Search) - http://search.tb.ask.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (@ieframe.dll,-12512) - http://search.live.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {80c554b9-c7f8-4a21-9471-06d606da78a2} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} - (Ask.com) - http://dts.search.ask.com
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101} - (Search Results) - http://dts.search-results.com  =>PUP.SearchResults
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {acbd5593-e5ee-4c15-b48f-1823ce819dec} - (My Web Search) - http://search.mywebsearch.com  =>Adware.MyWebSearch
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8} - (Ask Web Search) - http://search.tb.ask.com
~ Keys:  Scanned in 00mn 00s



---\\ Bepaalde zoekopdracht in de hoofdmap van het systeem (SPRF) (O84)
[MD5.3556D434A7220F1DA2B3596A41EF1EE8] [SPRF][24/07/2014] (...) -- C:\Users\Pieter\AppData\Roaming\nvModes.dat   [27430]
~ Files: 4 Legitimates Filtered in 00mn 00s



---\\ Microsoft Installer-bestanden (WIS) (NTFS) (O93)
[MD5.90D6FA5BCB1D052E1F1263A5595DDA4E] [WIS][6/05/2013] (.iMesh Inc. - iMesh.) -- C:\Windows\Installer\245a82.msi   [322560]  =>PUP.iMesh
~ WIS: 1 Legitimates Filtered in 00mn 04s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}] (Allin1Convert_8h HTML Menu)  =>Adware.Allin1Convert
[HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] (Searchqu Toolbar)  =>PUP.Datamngr
[HKCR\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}] (BandooCore Class)  =>Adware.Bandoo
[HKCR\CLSID\{e4ef697f-434b-4dc7-a464-4412462206db}] (Allin1Convert_8h HTML)  =>Adware.Allin1Convert
[HKCR\CLSID\{f99ddd9a-07d0-47ab-86f1-193533dd2c60}] (Allin1Convert Third Party Installer)  =>Adware.Allin1Convert
~ BCK: 5222 Legitimates Filtered in 00mn 30s



---\\ Algemene toestand van niet-Microsoft services (GSR) (SR = Running, SS = gestopt)
SS - | Auto 10/07/1658 0 |  (CLTNetCnService) . (...) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
SS - | Demand 2/09/2010 30192 |  (GoogleDesktopManager-051210-111108) . (.Google.) - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
SS - | Demand 22/10/2004 73728 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
SS - | Demand 13/04/2007 101528 |  (IJPLMSVC) . (...) - C:\Program Files\Canon\IJPLM\IJPLMSVC.exe
SS - | Demand 11/01/2007 887544 |  (RoxMediaDB9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
SS - | Auto 11/01/2007 166648 |  (RoxWatch9) . (.Sonic Solutions.) - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
SS - | Auto 7/02/2013 161384 |  (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exe
SS - | Demand 26/04/2007 52080 |  (Start BT in service) . (...) - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
SS - | Demand 14/09/2006 73728 |  (stllssvr) . (.MicroVision Development, Inc..) - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
SS - | Auto 18/01/2008 21504 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 7/03/2014 88648 |  (Allin1Convert_8hService) . (.COMPANYVERS_NAME.) - C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe  =>Adware.Allin1Convert
SR - | Auto 21/03/2007 355096 |  (IAANTMON) . (.Intel Corporation.) - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
SR - | Auto 30/01/2015 22184 |  (MsMpSvc) . (.Microsoft Corporation.) - c:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 6/03/2007 266343 |  (RichVideo) . (...) - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
SR - | Auto 2/10/2012 3064000 |  (Skype C2C Service) . (.Skype Technologies S.A..) - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
SR - | Auto 18/01/2008 21504 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 34s



---\\ Onderzoek gelijktijdige op de Master Boot Record (MBR) (O80)
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Run by Pieter at 24/03/2015 18:39:26
device: opened successfully
user: MBR read successfully
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 
C:\Windows\system32\DRIVERS\iaStor.sys Intel Corporation Intel Matrix Storage Manager driver
1 ntkrnlpa!IofCallDriver[0x81E55962] >> \Device\Harddisk0\DR0[0x8696D968]
kernel: MBR read successfully
user & kernel MBR OK 
~ MBR: 14 Legitimates Filtered in 00mn 02s



---\\ Onderzoek de Master Boot Record op Infecties (MBRCheck) (O80)
Written by ad13, http://ad13.geekstog
Run by Pieter at 24/03/2015 18:39:28
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR:  Scanned in 00mn 04s



---\\ Extra scan (O88)
Database Version : 13008 - (15/01/2015)
Clés trouvées (Keys found) : 78
Valeurs trouvées (Values found) : 2
Dossiers trouvés  (Folders found) : 32
Fichiers trouvés  (Files found) : 12

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>PUP.Datamngr^
[HKLM\SYSTEM\CurrentControlSet\Services\Allin1Convert_8hService]   =>Adware.Allin1Convert^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\iMesh]   =>PUP.iMesh^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8FB495A1-4A3F-4C1D-BD27-3F3AB2E66763}]   =>PUP.iMesh^
[HKLM\Software\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{1301a8a5-3dfb-4731-a162-b357d00c9644}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]   =>Adware.MyWebSearch
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]   =>Adware.MyWebSearch
[HKLM\Software\Classes\AppID\{1fc41815-fa4c-4f8b-b143-2c045c8ea2fc}]   =>PUP.Kiwee
[HKLM\Software\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}]   =>PUP.iMesh
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624f4-c5dd-4e1d-bdd0-1e9c9b7799cc}]   =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]   =>PUP.iMesh
[HKLM\Software\Classes\Interface\{477f210a-2a86-4666-9c4b-1189634d2c84}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}]   =>PUP.iMesh
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}]   =>Toolbar.Agent
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]   =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8a96af9e-4074-43b7-bea3-87217bda74c8}]   =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9c8a3ca5-889e-4554-beec-ec0876e4e96a}]   =>Adware.Bandoo
[HKLM\Software\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}]   =>PUP.iMesh
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\{A7DDCBDE-5C86-415c-8A37-763AE183E7E4}]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}]   =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}]   =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{bb76a90b-2b4c-4378-8506-9a2b6e16943c}]   =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}]   =>Adware.Bandoo
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}]   =>Adware.IncrediBar
[HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f9189560-573a-4fde-b055-ae7b0f4cf080}]   =>Adware.Bandoo
[HKLM\Software\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}]   =>Adware.Bandoo
[HKLM\Software\Classes\Interface\{ff871e51-2655-4d06-aed5-745962a96b32}]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\bandoocore.exe]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\DiscoveryHelper.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\DNSBHO.dll]   =>Adware.Bandoo
[HKLM\Software\Classes\AppID\iMesh.exe]   =>PUP.iMesh
[HKLM\Software\Classes\AppID\IMTrProgress.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\IMWeb.DLL]   =>PUP.BearShare
[HKLM\Software\Classes\AppID\WMHelper.DLL]   =>PUP.BearShare
[HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Imesh]   =>PUP.iMesh
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery]   =>PUP.iMesh
[HKLM\Software\Classes\DiscoveryHelper.iMesh6Discovery.1]   =>PUP.iMesh
[HKLM\Software\Classes\DnsBHO.BHO]   =>Adware.Bandoo
[HKLM\Software\Classes\DnsBHO.BHO.1]   =>Adware.Bandoo
[HKLM\Software\Classes\imweb.imwebcontrol]   =>PUP.iMesh
[HKLM\Software\Bandoo]   =>Adware.Bandoo
[HKCU\Software\DataMngr]   =>Adware.Bandoo
[HKLM\Software\DataMngr]   =>Adware.Bandoo
[HKCU\Software\DataMngr_Toolbar]   =>Toolbar.Agent
[HKLM\Software\FunWebProducts]   =>Adware.MyWebSearch
[HKCU\Software\iMesh]   =>PUP.iMesh
[HKLM\Software\iMesh]   =>PUP.iMesh
[HKLM\Software\SearchquMediabarTb]   =>Adware.Bandoo
[HKCU\Software\AppDataLow\Software\searchqutoolbar]   =>Adware.Bandoo
[HKLM\Software\iMeshSRTB]   =>PUP.iMesh
[HKLM\Software\Classes\CLSID\{950F80EF-32C2-47DD-9C35-9576E21EE66E}]   =>PUP.Datamngr
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Allin1Convert_8hbar Uninstall Firefox]   =>Adware.Allin1Convert
[HKCU\Software\Allin1Convert_8h]   =>Adware.Allin1Convert
[HKCU\Software\AppDataLow\Software\Allin1Convert_8h]   =>Adware.Allin1Convert
[HKLM\Software\Allin1Convert_8h]   =>Adware.Allin1Convert
[HKLM\Software\Classes\BandooCore.BandooCore]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.BandooCore.1]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.ResourcesMngr]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.ResourcesMngr.1]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.SettingsMngr]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.SettingsMngr.1]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.StatisticMngr]   =>Adware.Bandoo
[HKLM\Software\Classes\BandooCore.StatisticMngr.1]   =>Adware.Bandoo
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}]   =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}]   =>Adware.Bandoo^
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{99079a25-328f-4bd4-be04-00955acaa0a7}   =>PUP.Datamngr^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DATAMNGR   =>PUP.Datamngr^
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\extensions\8hffxtbr@Allin1Convert_8h.com   =>Adware.Allin1Convert^
C:\Program Files\Allin1Convert_8h   =>Adware.Allin1Convert^
C:\Program Files\Bandoo   =>Adware.Bandoo^
C:\Program Files\ConduitEngine   =>Toolbar.Conduit^
C:\Program Files\Search Results Toolbar   =>PUP.SearchResults^
C:\Program Files\Searchqu Toolbar   =>PUP.Datamngr^
C:\ProgramData\BitGuard   =>PUP.BitGuard^
C:\ProgramData\BrowserProtect   =>Hijacker.Eazel^
C:\ProgramData\iMesh   =>PUP.iMesh^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMesh   =>PUP.iMesh^
C:\Users\Pieter\AppData\Roaming\Bandoo   =>Adware.Bandoo^
C:\Users\Pieter\AppData\Roaming\Music Toolbar   =>Adware.Bandoo^
C:\Users\Pieter\AppData\Local\Allin1Convert_8h   =>Adware.Allin1Convert^
C:\Users\Pieter\AppData\Local\iMesh   =>PUP.iMesh^
C:\Program Files\Ask.com   =>Toolbar.AskBar
C:\Program Files\Download_Energy   =>Toolbar.Conduit
C:\Program Files\FunWebProducts   =>Adware.MyWebSearch
C:\Program Files\iMesh Applications   =>PUP.iMesh
C:\Program Files\Windows Searchqu Toolbar   =>Adware.Bandoo
C:\ProgramData\Browser Manager   =>PUP.Babylon
C:\Users\Pieter\AppData\Local\AskToolbar   =>Toolbar.AskTBar
C:\Users\Pieter\AppData\LocalLow\AskToolbar   =>Toolbar.AskTBar
C:\Users\Pieter\AppData\LocalLow\Bandoo   =>Adware.Bandoo
C:\Users\Pieter\AppData\LocalLow\searchresultstb   =>Toolbar.Agent
C:\Users\Pieter\AppData\LocalLow\Conduit   =>Toolbar.Conduit
C:\Users\Pieter\AppData\LocalLow\ConduitEngine   =>Toolbar.Conduit
C:\Users\Pieter\AppData\LocalLow\Download_Energy   =>Toolbar.Conduit
C:\Users\Pieter\AppData\LocalLow\searchquband   =>Adware.Bandoo
C:\Users\Pieter\AppData\LocalLow\searchqutb   =>Adware.Bandoo
C:\Users\Pieter\AppData\LocalLow\searchqutoolbar   =>Adware.Bandoo
C:\Users\Pieter\AppData\LocalLow\Allin1Convert_8h   =>Adware.Allin1Convert
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\Extensions\toolbar@ask.com   =>Toolbar.AskTBar
C:\Program Files\Mozilla Firefox\searchplugins\SearchquWebSearch.xml   =>Adware.Bandoo
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml   =>Toolbar.Agent
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\SearchPlugins\MyStart Search.xml   =>Spyware.VMNToolbar
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\SearchPlugins\SearchquWebSearch.xml   =>Adware.Bandoo
C:\Users\Pieter\AppData\Roaming\Mozilla\Firefox\Profiles\cuuovgxb.default\SearchPlugins\SearchResults.xml   =>Toolbar.Agent
C:\Program Files\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe   =>Adware.Allin1Convert^
C:\Windows\Installer\245a82.msi   =>PUP.iMesh^
[HKCR\CLSID\{7EB7381C-FB01-47FC-9C42-ED64122C1B92}] (Allin1Convert_8h HTML Menu)   =>Adware.Allin1Convert^
[HKCR\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}] (Searchqu Toolbar)   =>PUP.Datamngr^
[HKCR\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}] (BandooCore Class)   =>Adware.Bandoo^
[HKCR\CLSID\{e4ef697f-434b-4dc7-a464-4412462206db}] (Allin1Convert_8h HTML)   =>Adware.Allin1Convert^
[HKCR\CLSID\{f99ddd9a-07d0-47ab-86f1-193533dd2c60}] (Allin1Convert Third Party Installer)   =>Adware.Allin1Convert^
~ Additionnel Scan: 194975 Items scanned in 01mn 03s



---\\ Additional information about modules
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/  =>.Internet Explorer, proxybeheer (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/  =>.Browser Helper-objecten vanuit browser (O2)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/  =>.Internet Explorer werkbalken (O3)
~ http://nicolascoolman.fr/o4-applications-demarrees-par-le-registre/  =>.Toepassingen gestart door register &amp; bestand (O4)
~ http://nicolascoolman.fr/o50-image-file-execution-options-zhpdiag/  =>.Image File Execution Options (IFEO) (O50))
~ http://nicolascoolman.fr/o51-mountpoints2-shell-key-mpsk/  =>.Registersleutel Shell MountPoints2 (MPSK) (O51)
~ AMI: 6 Legitimates Filtered in 00mn 00s



---\\ Samenvatting van detecties gevonden op uw werkstation
http://nicolascoolman.fr/adware-allin1convert  =>Adware.Allin1Convert
http://nicolascoolman.fr/spyware-vmntoolbar  =>Spyware.VMNToolbar
http://nicolascoolman.fr/pup-datamngr  =>PUP.Datamngr
http://nicolascoolman.fr/pup-searchresults  =>PUP.SearchResults
http://nicolascoolman.fr/pup-imesh  =>PUP.iMesh
http://nicolascoolman.fr/adware-bandoo  =>Adware.Bandoo
http://nicolascoolman.fr/toolbar-conduit  =>Toolbar.Conduit
http://nicolascoolman.fr/pup-bitguard  =>PUP.BitGuard
http://nicolascoolman.fr/hijacker-eazel  =>Hijacker.Eazel
http://nicolascoolman.fr/pup-browsersafeguard  =>PUP.BrowserSafeguard
http://nicolascoolman.fr/trojan-staser  =>Trojan.Staser
http://nicolascoolman.fr/pup-jumpflip  =>PUP.JumpFlip
http://nicolascoolman.fr/spyware-protectedsearch  =>Spyware.ProtectedSearch
http://nicolascoolman.fr/pup-searchprotect  =>PUP.SearchProtect
http://nicolascoolman.fr/adware-searchsettings  =>Adware.SearchSettings
http://nicolascoolman.fr/hijacker-smartbar  =>Hijacker.SmartBar
http://nicolascoolman.fr/adware-imbooster  =>Adware.IMBooster
http://nicolascoolman.fr/trojan-vonteera  =>Trojan.Vonteera
http://nicolascoolman.fr/pup-tubedimmer  =>PUP.TubeDimmer
http://nicolascoolman.fr/adware-mywebsearch  =>Adware.MyWebSearch
http://nicolascoolman.fr/pup-kiwee  =>PUP.Kiwee
http://www.nicolascoolman.fr/blog/  =>Toolbar.Agent
http://nicolascoolman.fr/adware-incredibar  =>Adware.IncrediBar
http://nicolascoolman.fr/pup-bearshare  =>PUP.BearShare
http://www.nicolascoolman.fr/blog/  =>Toolbar.AskBar
http://nicolascoolman.fr/pup-babylon  =>PUP.Babylon
http://www.nicolascoolman.fr/blog/  =>Toolbar.AskTBar
~ MSI: 27 link(s) detected in 00mn 00s



~ 2253 Legitimates filtered by white list
End of the scan (794 lines in 07mn 04s)(0)