Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Rootkit


  • This topic is locked This topic is locked
2 replies to this topic

#1 mikeje

mikeje

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:28 PM

Posted 24 November 2016 - 05:32 AM

Hello, I'm pretty sure I'm infected, but I have need for a tool to actually fix the rootkit. I tried many programs like, tdsskiller, roguekiller, malwarebytes, esetonlinescanner. Except for roguekiller none of the programs are able to detect anything at all. Is anyone able to give me more information after a look into the log files , which I will provide after my message ?
 
Symptons are critical :
 
Application Hangs, 
system crashes,
slow loadingscreen when logging in.
If I run a full gmer scan i get a BSOD ( pwlyrpow.sys ). But halfway it already detects the rootkit as you can see below in the log from a canceled scan.
In safemode it doesn't detect a thing both with gmer and roguekiller , but on normal boot it finds a rootkit.
 
Probably infected multiple computers on my network. I really need urgent help.
 
GMER LOG ( INTERRUPTED CAUSE OTHERWISE BSOD ) :
 
GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-11-24 11:19:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EMT0 232,89GB
Running: hxw5rr27.exe; Driver: C:\Users\ICTSTA~1\AppData\Local\Temp\pwlyrpow.sys
 
 
---- System - GMER 2.2 ----
 
SSDT   A383589C                                ZwCreateKey
SSDT   A3835554                                ZwCreateMutant
SSDT   A382809C                                ZwCreateProcess
SSDT   88DF82AC                                ZwCreateProcessEx
SSDT   A383541C                                ZwCreateSymbolicLinkObject
SSDT   A3835614                                ZwCreateThread
SSDT   A38355D4                                ZwCreateThreadEx
SSDT   88DBB2A4                                ZwCreateUserProcess
SSDT   A383539C                                ZwDebugActiveProcess
SSDT   A383581C                                ZwDeleteKey
SSDT   A383575C                                ZwDeleteValueKey
SSDT   A38353DC                                ZwDuplicateObject
SSDT   A3835594                                ZwLoadDriver
SSDT   A3828A0C                                ZwOpenProcess
SSDT   A383571C                                ZwOpenSection
SSDT   A38358DC                                ZwOpenThread
SSDT   A38357DC                                ZwRenameKey
SSDT   A383579C                                ZwRestoreKey
SSDT   A3835514                                ZwSetSystemInformation
SSDT   A383585C                                ZwSetValueKey
SSDT   A38359A4                                ZwTerminateProcess
SSDT   A3835964                                ZwTerminateThread
SSDT   A3835654                                ZwWriteVirtualMemory
 
---- Kernel code sections - GMER 2.2 ----
 
.text  ntkrnlpa.exe!ZwReplaceKey + 1525        8328BB75 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2  832C5C12 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11BF     832CD0C4 4 Bytes  [9C, 58, 83, A3]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF     832CD0D4 4 Bytes  [54, 55, 83, A3]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11E3     832CD0E8 8 Bytes  [9C, 80, 82, A3, AC, 82, DF, ...] {PUSHF ; ADD BYTE [EDX-0x207d535d], 0x88}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11FF     832CD104 12 Bytes  [1C, 54, 83, A3, 14, 56, 83, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 121B     832CD120 4 Bytes  [A4, B2, DB, 88]
.text  ...                                     
 
---- EOF - GMER 2.2 ----
 
 
 
ROGUEKILLER LOG
 

RogueKiller V12.8.2.0 [Nov 21 2016] (Free) door Adlice Software 
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com
 
Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestart in : Normale mode
Gebruiker : ictstage [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Datum : 11/24/2016 09:31:39 (Duration : 00:40:11)
 
¤¤¤ Processen : 1 ¤¤¤
[Suspicious.Path|VT.Unknown] DiskSpaceReport.exe(5976) -- C:\Users\ICT Stage\AppData\Local\Apps\2.0\CEGAZL28.9KW\RBBTDHD1.9GB\disk..tion_313ead9e3b4e0c7d_0001.0000_d0a270ab82505986\DiskSpaceReport.exe[-] -> Gevonden
 
¤¤¤ Register : 3 ¤¤¤
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Gevonden
[Suspicious.Path] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\87f1d5 | Name : C:\Users\stefan\AppData\Local\Temp\FEE9.tmp [x] -> Gevonden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gevonden
 
¤¤¤ Taken : 0 ¤¤¤
 
¤¤¤ Bestanden : 10 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\Daphne\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\Public\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Host-bestand : 0 ¤¤¤
 
¤¤¤ Antirootkit : 23 (Driver: Geladen) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88dfe634
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88dfe2ec
[SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffffa383f224
[SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffffa384205c
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88dfe26c
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88dfe3ac
[SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88dfe36c
[SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffffa380946c
[SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88dfe1ec
[SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88dfe5b4
[SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88dfe4f4
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88dfe22c
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88dfe32c
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88dfe734
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88dfe4b4
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88dfe674
[SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88dfe574
[SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88dfe534
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88dfe2ac
[SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88dfe5f4
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88dfe6f4
[SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88dfe6b4
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88dfe3ec
 
¤¤¤ Web Browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250G +++++
--- User ---
[MBR] 9dea2cce5d397c40364d87474a7f5c03
[BSP] e08755fbcb097102347ebf10a8e176d6 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 13067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26763264 | Size: 225404 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 


Meanwhile did some more tests, didn't remove anything yet. FARBAR RECOVERY SCAN TOOL ADDITION.TXT
 
Extra scanresultaten van Farbar Recovery Scan Tool (x86) Versie: 23-11-2016
Gestart door ictstage (24-11-2016 13:24:47)
Gestart vanaf C:\Users\ICT Stage\Desktop
Microsoft Windows 7 Professional  Service Pack 1 (X86) (2011-09-20 13:33:05)
Boot Modus: Normal
==========================================================
 
 
==================== Accounts: =============================
 
admin (S-1-5-21-2911390432-3959762160-1774584255-1003 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-2911390432-3959762160-1774584255-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2911390432-3959762160-1774584255-501 - Limited - Disabled)
locaal (S-1-5-21-2911390432-3959762160-1774584255-1000 - Administrator - Enabled) => C:\Users\locaal
 
==================== Security Center ========================
 
(Als een item is opgenomen in de fixlist, zal het worden verwijderd.)
 
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C}
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Geïnstalleerde programma's ======================
 
(Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.)
 
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC - Nederlands (HKLM\...\{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Content Viewer (HKLM\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe InDesign CS5.5 (HKLM\...\{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated)
Adobe PDF IFilter 6.0 (HKLM\...\Adobe PDF IFilter 6.0) (Version: 6.0 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.)
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version:  - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version:  - )
Citrix Access Gateway Plug-in (HKLM\...\{334CC4CD-AD62-42F2-966D-B61F47441959}) (Version: 10.0.71.6 - Citrix Systems, Inc.)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.)
Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - CutePDF.com)
CVE-2012-4969 (HKLM\...\{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version:  - )
Dell Data Protection | Access (HKLM\...\{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.001 - Dell Inc.)
Dell Data Protection | Access (Version: 02.01.01.001 - Wave Systems Corp) Hidden
Dell Data Protection | Access | Drivers (HKLM\...\{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.)
Dell Data Protection | Access | Middleware (HKLM\...\{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.)
Dell Edoc Viewer (HKLM\...\{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc)
DellAccess (Version: 01.00.00.108 - Wave Systems Corp.) Hidden
Device IP Configuration Utility 5.0.2 (HKLM\...\Device IP Configuration Utility) (Version: 5.0.2 - Schneider Electric)
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
DiskSpaceReport - 1  (HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\434613980a53d512) (Version: 1.0.0.25 - Microsoft)
EMBASSY Security Center (Version: 04.02.00.173 - Wave Systems Corp.) Hidden
FileZilla Client 3.18.0 (HKLM\...\FileZilla Client) (Version: 3.18.0 - Tim Kosse)
Folder Size 2.4.0.0 (HKLM\...\{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.4.0.0 - MindGems, Inc.)
Folder Size for Windows (HKLM\...\{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.5 - Brio)
Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden
GPL Ghostscript 8.71 (HKLM\...\GPL Ghostscript 8.71) (Version:  - )
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.1 (HKLM\...\PROSetDX) (Version: 15.7.176.1 - Dell)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Java 8 Update 65 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
JavaFX 2.1.0 (HKLM\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Logitech Options (HKLM\...\LogiOptions) (Version:  - Logitech)
Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visio Viewer 2010 (HKLM\...\{95140000-0052-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nmap 5.61-Spiceworks (HKLM\...\Spiceworks-Nmap) (Version:  - )
Norton Security (HKLM\...\NS) (Version: 22.8.0.50 - Symantec Corporation)
Notepad++ (HKLM\...\Notepad++) (Version: 6.8.3 - Notepad++ Team)
NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden
Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden
Open Broadcaster Software (HKLM\...\Open Broadcaster Software) (Version:  - )
PC-CCID (Version: 2.0.0 - Gemalto) Hidden
PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden
Preboot Manager (Version: 03.02.00.096 - Wave Systems Corp.) Hidden
Private Information Manager (Version: 07.00.00.047 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version:  - )
RogueKiller versie 12.8.2.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.2.0 - Adlice Software)
Roxio Creator Audio (HKLM\...\{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio)
Roxio Creator Copy (HKLM\...\{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio)
Roxio Creator Data (HKLM\...\{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio)
Roxio Creator DE (HKLM\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio)
Roxio Creator Starter (HKLM\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Tools (HKLM\...\{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio)
Roxio Express Labeler (HKLM\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio)
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
SE-DesktopConstructor 1.3.1.20 (HKLM\...\{491A580E-C3A0-4CA5-BD27-738CDDD123E6}_is1) (Version:  - SE-SOFT.COM)
Setup (HKLM\...\{5B5D00AF-E2F7-4565-9A00-18F9EC8F78FD}) (Version: 1.0.0 - Default Company Name)
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.)
Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Spiceworks Desktop (HKLM\...\Spiceworks) (Version: 7.4.0115 - Spiceworks, Inc.)
SPOE-Overig-Setup (HKLM\...\{95499BF4-41C2-4A61-A9D7-68019AF03F43}) (Version: 1.0.0 - Microsoft)
Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD) (Version: 10.0.60724 - Microsoft Corporation)
TabletPick (HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\32d09f09bd82ccfd) (Version: 1.0.0.35 - TabletPick)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.63017 - TeamViewer)
Trend Micro OfficeScan Client (HKLM\...\OfficeScanNT) (Version: 10.6.5162 - Trend Micro)
Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version:  - Microsoft)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version:  - Microsoft)
Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version:  - Microsoft)
Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden
VMware Horizon Client (HKLM\...\{0C279027-FB2D-4A83-B3A3-DEF6DCF5F181}) (Version: 3.5.0.29526 - VMware, Inc.)
Wave Infrastructure Installer (Version: 07.03.17.0010 - Wave Systems Corp) Hidden
Wave Support Software Installer (Version: 05.12.00.036 - Wave Systems Corp) Hidden
Windows-stuurprogrammapakket - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6) (HKLM\...\9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.)
WinPcap 4.1.2-Spiceworks (HKLM\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.31 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
WinZip 20.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C24104}) (Version: 20.5.12118 - WinZip Computing, S.L. )
Zebra Font Downloader (HKLM\...\Zebra Font Downloader_is1) (Version:  - Zebra Technologies Corporation)
ZebraNet Bridge 1_3_3 (HKLM\...\{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies)
 
==================== Aangepaste CLSID (gefilterd): ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.30.3\psuser.dll => Geen bestand
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1123561945-1202660629-839522115-4762_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
 
==================== Geplande Taken (gefilterd) =============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
Task: {13877234-AC41-4A79-9A83-812F33E2B05D} - System32\Tasks\Shutdown => shutdown [Argument = -s]
Task: {209B601E-9D24-46E7-B8E8-A3E543CDD54F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1123561945-1202660629-839522115-4762
Task: {31857EDF-4C37-43D1-A5BA-8A947855FBCC} - System32\Tasks\schrijfopruiming => Cleanmgr [Argument = /sagerun:N]
Task: {3E559B4D-677D-4EE5-B598-DD5E14C24FAB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {4A57EB25-9420-4945-AE5A-D5B92355897A} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {654174A3-B3B9-4976-98EC-A96C5A4A7691} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-06-06] (Adobe Systems Incorporated)
Task: {66421E0C-C27D-4D7A-BDB1-5D4E834E6E14} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA => C:\Users\ICT Stage\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {73CD046D-54E8-4ECE-A202-386B94605D81} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {928E82DE-B811-4A97-AC77-6FB1B6BADBF6} - System32\Tasks\AdobeAAMUpdater-1.0-SH-setup => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
Task: {A5CEDEBB-1599-4428-8B54-FB934255AD33} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.8.0.50\WSCStub.exe [2016-09-23] (Symantec Corporation)
Task: {A8638D74-CD25-4A87-911D-5937FF666A6D} - System32\Tasks\{8C868504-1F4A-491A-8D53-184D77DC36A5} => pcalua.exe -a "C:\Users\stefan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L1KU59L2\setup.exe" -d C:\Users\stefan\Desktop
Task: {A9C953EC-151A-4DA7-8F92-51E2EBDAD104} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files\Norton Security\Engine\22.8.0.50\SymErr.exe [2016-09-23] (Symantec Corporation)
Task: {B7ECDF27-8442-4D04-8FCC-A7E60BAE1BF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {BFDE8F5A-612A-4892-9040-DE03924399E2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-09-13] (Google Inc.)
Task: {C5481614-065F-4B21-894B-DB82953E3B74} - System32\Tasks\{724ECF2C-DA16-4B86-88C7-EBAEEED9CC3C} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.18.85.111/nl/abandoninstall?page=tsProgressBar
Task: {D047B796-75D4-43B0-93DB-18F4C6D252AE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core => C:\Users\ICT Stage\AppData\Local\Google\Update\GoogleUpdate.exe [2016-05-11] (Google Inc.)
Task: {E4ABB7FB-1350-469B-8BB4-8DE7A24AFBAC} - System32\Tasks\AdobeAAMUpdater-1.0-SH-stefan => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated)
 
(Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job => C:\Users\ICT Stage\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job => C:\Users\ICT Stage\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Snelkoppelingen =============================
 
(De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.)
 
ShortcutWithArgument: C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q-Base.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://185.10.96.14/~4eye02/intranet_qbase/
ShortcutWithArgument: C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\Public\Desktop\Q-Base.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://185.10.96.14/~4eye02/intranet_qbase/
 
==================== Geladen Modules (gefilterd) ==============
 
2016-06-20 10:11 - 2012-09-12 14:32 - 00088688 _____ () C:\Windows\System32\cpwmon2k.dll
2016-06-22 15:18 - 2012-08-31 14:01 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2011-09-22 10:04 - 2005-01-06 17:33 - 00116224 _____ () C:\Windows\System32\redmonnt.dll
2016-06-22 15:19 - 2012-08-31 14:01 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2016-05-27 13:23 - 2016-05-27 13:23 - 00048816 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files\common files\roxio shared\dllshared\SQLite352.dll
2016-11-15 09:28 - 2016-11-08 21:29 - 01819240 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libglesv2.dll
2016-11-15 09:28 - 2016-11-08 21:29 - 00093288 _____ () C:\Program Files\Google\Chrome\Application\54.0.2840.99\libegl.dll
 
==================== Alternate Data Streams (gefilterd) =========
 
(Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.)
 
AlternateDataStreams: C:\Users\Daphne\Desktop\nietverwijderen.bat:SummaryInformation [43]
AlternateDataStreams: C:\Users\Daphne\Desktop\nietverwijderen.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Daphne\Documents\ingelogdVPN.bat:SummaryInformation [43]
AlternateDataStreams: C:\Users\Daphne\Documents\ingelogdVPN.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\DaphneB\Desktop\nietverwijderen.bat:SummaryInformation [43]
AlternateDataStreams: C:\Users\DaphneB\Desktop\nietverwijderen.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
 
==================== Veilige Modus (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De "AlternateShell" waarde wordt hersteld.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\52598719.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\52598719.sys => ""="Driver"
 
==================== Bestandskoppeling (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.)
 
 
==================== Internet Explorer vertrouwde/beperkte toegang ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.)
 
IE trusted site: HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\feyenoordfanshop.nl -> hxxps://www.feyenoordfanshop.nl
IE trusted site: HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\s-h.nl -> hxxps://vpn.s-h.nl
IE trusted site: HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\snh-test02 -> hxxps://snh-test02
IE trusted site: HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\speakap.com -> hxxps://s-h.speakap.com
 
==================== Hosts Inhoud: ===============================
 
(Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.)
 
2009-07-14 03:04 - 2016-11-24 11:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Andere gebieden ============================
 
(Momenteel is er geen automatische fix voor dit onderdeel.)
 
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\Control Panel\Desktop\\Wallpaper -> C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.3 - 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is ingeschakeld.
 
==================== MSCONFIG/TASK MANAGER Uitgeschakelde items ==
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: FolderSize => 2
MSCONFIG\Services: ftnlsv3hv => 2
MSCONFIG\Services: ftscanmgr => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HP LaserJet Service => 2
MSCONFIG\Services: HPSIService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: nsverctl => 2
MSCONFIG\Services: ntrtscan => 2
MSCONFIG\Services: RoxMediaDB12OEM => 3
MSCONFIG\Services: RoxWatch12 => 2
MSCONFIG\Services: SecureStorageService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: tcsd_win32.exe => 2
MSCONFIG\Services: TdmService => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: TMBMServer => 3
MSCONFIG\Services: tmlisten => 2
MSCONFIG\Services: TmProxy => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VMUSBArbService => 2
MSCONFIG\Services: vmware-view-usbd => 2
MSCONFIG\Services: vmwsprrdpwks => 2
MSCONFIG\Services: Wave Authentication Manager Service => 2
MSCONFIG\Services: wsnm => 2
 
==================== Firewall regels (gefilterd) ===============
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
FirewallRules: [{2483018D-F868-47EF-8D01-283BCC55D07B}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{384FEBB9-C55B-498E-B6DF-051C4C458AFA}C:\windows\system32\searchprotocolhost.exe] => (Allow) C:\windows\system32\searchprotocolhost.exe
FirewallRules: [UDP Query User{0494F180-58AA-45B8-8682-765B0436EE77}C:\windows\system32\searchprotocolhost.exe] => (Allow) C:\windows\system32\searchprotocolhost.exe
FirewallRules: [{7DA43790-D303-43D5-9C2B-48D3258FD1C7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{884C7C72-8C4B-45D9-B6FE-228F372B17B4}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe
FirewallRules: [{25303693-FA83-4735-931B-6D2C335ABC25}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [{9AB2251D-F82A-4B20-9DB0-CED60958F2B2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsload.exe
FirewallRules: [TCP Query User{98460542-899A-4F7C-9249-AFA0EB3A15F5}C:\program files\schneider electric\device ip utility 5.0.2\jre\bin\javaw.exe] => (Allow) C:\program files\schneider electric\device ip utility 5.0.2\jre\bin\javaw.exe
FirewallRules: [UDP Query User{5A7DF2E2-0996-4631-8755-F1C8469A734C}C:\program files\schneider electric\device ip utility 5.0.2\jre\bin\javaw.exe] => (Allow) C:\program files\schneider electric\device ip utility 5.0.2\jre\bin\javaw.exe
FirewallRules: [TCP Query User{D3D9D8FF-7D38-489B-AE79-FC4B559F33CB}C:\program files\spiceworks\httpd\bin\spiceworks-httpd.exe] => (Allow) C:\program files\spiceworks\httpd\bin\spiceworks-httpd.exe
FirewallRules: [UDP Query User{B491073B-0B78-47F6-B5C7-1D7614A1C425}C:\program files\spiceworks\httpd\bin\spiceworks-httpd.exe] => (Allow) C:\program files\spiceworks\httpd\bin\spiceworks-httpd.exe
FirewallRules: [TCP Query User{69FF34DA-E342-4FAF-8610-9ADFAF1430A4}C:\program files\spiceworks\bin\spiceworks.exe] => (Allow) C:\program files\spiceworks\bin\spiceworks.exe
FirewallRules: [UDP Query User{E8213879-C9A6-44FB-86FD-D238303E2836}C:\program files\spiceworks\bin\spiceworks.exe] => (Allow) C:\program files\spiceworks\bin\spiceworks.exe
FirewallRules: [TCP Query User{886546CC-5498-4A98-AD09-E16412D3AEF3}C:\program files\spiceworks\bin\spiceworks-finder.exe] => (Allow) C:\program files\spiceworks\bin\spiceworks-finder.exe
FirewallRules: [UDP Query User{6D0B25EE-6244-4E9C-A2BE-DA34CE78D364}C:\program files\spiceworks\bin\spiceworks-finder.exe] => (Allow) C:\program files\spiceworks\bin\spiceworks-finder.exe
FirewallRules: [{E6E7E17B-4CFC-4EC3-B457-F44E90FD54B8}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{257470CE-AC31-4A1F-981F-BD22F3C0D381}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{193326A3-8E97-4842-852F-4FF818C92BA2}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{BD25DBFB-377D-4C09-B5EA-068D061A5BBA}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{A418E083-8E08-4B88-A38B-95E370832C19}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{DBD12ED8-BFA4-46F4-A3FD-FCFFFC7CB811}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{E368F35A-41F4-46F3-85A0-6424F362B0CF}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{9CF3BB64-906A-4F4C-92C6-C2351FB5DB30}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{A44020B6-4B72-45B1-B986-1697AD6A392C}] => (Allow) C:\Program Files\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{716E29C6-AC0B-4616-8B3E-F556DD31EC22}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D0E149A0-8699-48F0-BFDB-B11DE6AE121F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{3A1D197A-D4C2-4EA8-AAF3-248A19E1679C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{F9308BFE-3F61-4A76-8E57-AAA30C85A89C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{CD06F1DE-4DA7-4698-A877-A56BADFC1E72}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{3FD41496-D29F-4436-9A15-C49D28A93E31}C:\program files\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Block) C:\program files\zebralink\zebranet bridge\jre\bin\javaw.exe
FirewallRules: [UDP Query User{F49E3EE4-FF98-4507-B01C-67C64CBAB812}C:\program files\zebralink\zebranet bridge\jre\bin\javaw.exe] => (Block) C:\program files\zebralink\zebranet bridge\jre\bin\javaw.exe
FirewallRules: [{061A5BB3-86FC-4BF6-84F3-483C07AE1186}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{992ADF0D-C7BF-47B0-9C89-F138A448AFB8}] => (Allow) LPort=41398
 
==================== Herstelpunten =========================
 
AANDACHT: Systeemherstel is uitgeschakeld
 
==================== Defecte Apparaatbeheer Apparaten =============
 
Name: qutmipc
Description: qutmipc
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: qutmipc
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Eventlog fouten: =========================
 
Applicatiefouten:
==================
Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens.
 
Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD.
 
Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD.
 
Error: (11/24/2016 12:39:20 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/24/2016 12:34:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/24/2016 12:33:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: SH)
Description: De serverkopie van uw zwervend profiel kan niet worden gevonden. U wordt uw lokale profiel aangemeld. Wijzigingen in het profiel zullen niet naar de server worden gekopieerd wanneer u zich afmeldt. Deze fout wordt mogelijk veroorzaakt door netwerkproblemen of onvoldoende beveiligingsrechten. 
 
 DETAIL - Een apparaat dat op het systeem is aangesloten, werkt niet.
 
Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens.
 
Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD.
 
Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD.
 
Error: (11/24/2016 10:50:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
Systeemfouten:
=============
Error: (11/24/2016 12:37:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: De volgende opstartstuurprogramma's zijn niet geladen: 
qutmipc
 
Error: (11/24/2016 12:37:28 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: Het groepsbeleid is niet verwerkt door een gebrek aan netwerkconnectiviteit met een domeincontroller. Dit kan een tijdelijke situatie zijn. Er wordt een bericht weergegeven wanneer er verbinding is gemaakt met de domeincontroller en het groepsbeleid is verwerkt. Als er na enkele uren nog geen bericht is weergegeven, neemt u contact op met de beheerder.
 
Error: (11/24/2016 12:37:27 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: Deze computer kan geen beveiligde sessie met een domeincontroller in domein
SH starten om de volgende reden(en): 
Er zijn momenteel geen aanmeldingsservers beschikbaar om de aanmeldingsaanvraag te verwerken.
 
 
Dit leidt mogelijk tot verificatieproblemen. Controleer of deze computer met
het netwerk is verbonden. Raadpleeg de domeinadministrator wanneer het probleem
blijft bestaan.
 
 
 
Extra informatie
 
Als deze computer een domeincontroller voor het opgegeven domein is, start
deze de beveiligde sessie met de emulator van de primaire domeincontroller
in het betreffende domein. Als dit niet het geval is, start deze computer
de beveiligde sessie met een willekeurige domeincontroller in het opgegeven
domein.
 
Error: (11/24/2016 12:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: 
Afhankelijkheidsservice of -groep kan niet worden gestart.
 
 
==================== Geheugen info =========================== 
 
Processor: Intel® Core™ i3-2100 CPU @ 3.10GHz
Percentage geheugen in gebruik: 75%
Totaal fysiek RAM-geheugen: 2004.93 MB
Beschikbaar fysiek RAM-geheugen: 497.07 MB
Totaal Virtueel geheugen: 4009.87 MB
Beschikbaar Virtual geheugen: 1586.86 MB
 
==================== Schijven ================================
 
Drive c: (OS) (Fixed) (Total:220.12 GB) (Free:160.2 GB) NTFS
 
==================== MBR & Partitietabel ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 2F5E9A70)
Partition 1: (Active) - (Size=12.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=220.1 GB) - (Type=07 NTFS)
 
==================== Eind van Addition.txt ============================
 
FRST.TXT
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 23-11-2016
Gestart door ictstage (Beheerder) op ICT-PC05 (24-11-2016 13:24:11)
Gestart vanaf C:\Users\ICT Stage\Desktop
Geladen Profielen: ictstage (Beschikbare Profielen: Receptie & gast1 & Gast2 & Gast3 & install & testuser & nicolien & gast5 & ictstage & Administrator & DaphneB & locaal & admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1254008 2015-09-01] (Logitech, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [65472 2015-06-16] ()
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [Spiceworks] => C:\Program Files\Spiceworks\bin\spicetray_silent.exe [67824 2015-05-26] ()
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKLM\...\Providers\87f1d5: C:\Users\stefan\AppData\Local\Temp\FEE9.tmp
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-27]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-melder.lnk [2016-07-27]
ShortcutTarget: Update-melder.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-27]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2015-01-19] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2015-01-19] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-01-19] ()
Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall - Snelkoppeling.lnk [2010-10-26]
ShortcutTarget: AutoInstall - Snelkoppeling.lnk -> Z:\AutoInstall.bat (Geen bestand)
Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2012-08-22] ()
Startup: C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()
Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2014-05-27] ()
Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2014-05-27] ()
Startup: C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-07-13] ()
Startup: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()
Startup: C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-11-11] ()
Startup: C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2011-03-07] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-06-05] ()
GroupPolicy: Restrictie ? <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\..\Interfaces\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: [NameServer] 192.168.1.3,192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {903B5915-700A-40EF-BC55-9F1F9C391925} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} hxxps://vpn.s-h.nl/SWTSC.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: w0k9f6ir.default
FF ProfilePath: C:\Users\ICT Stage\AppData\Roaming\Mozilla\Firefox\Profiles\w0k9f6ir.default [2016-11-24]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [niet getekend]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2016-06-06] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin: @Citrix.com/npagee,version=10.0.71.6 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2012-10-14] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Geen bestand]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/GoogleTalkPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/O1DPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=3 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=9 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Google Slides) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-13]
CHR Extension: (Google Docs) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-13]
CHR Extension: (Google Drive) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-13]
CHR Extension: (YouTube) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13]
CHR Extension: (Google Sheets) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-13]
CHR Extension: (Google Docs Offline) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-13]
CHR Extension: (Gmail) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [Bestand niet getekend]
S4 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [177600 2015-06-16] ()
S4 ftscanmgr; C:\Program Files\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
S4 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Bestand niet getekend]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend]
S4 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation)
S4 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Bestand niet getekend]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-24] (Symantec Corporation)
S4 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156784 2012-10-14] (Citrix Systems, Inc)
S4 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2324760 2013-12-10] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
S4 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S4 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S4 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Bestand niet getekend]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend]
S4 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [Bestand niet getekend]
S4 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S4 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S4 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S4 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [725696 2015-07-30] (VMware, Inc.)
S4 vmware-view-usbd; C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.)
S4 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [Bestand niet getekend]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wsnm; C:\Program Files\VMware\VMware Horizon View Client\wsnm\wsnm.exe [489176 2015-08-19] (VMware, Inc.)
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys [1334008 2016-09-23] (Symantec Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189272 2011-10-18] (Citrix Systems, Inc.)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys [137456 2016-09-23] (Symantec Corporation)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [42096 2012-10-14] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [107608 2011-02-07] (Citrix Systems, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2016-11-23] (Symantec Corporation)
U3 EraserUtilDrv11521; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [124144 2016-04-28] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [44664 2015-07-30] (VMware, Inc.)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys [768728 2016-09-23] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2012-05-03] (CACE Technologies, Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
R1 SRTSP; C:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS [634096 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS [43248 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS [1291992 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [87792 2016-11-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS [229616 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS [423640 2016-09-23] (Symantec Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-06-18] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-24] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [Bestand niet getekend]
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\ICTSTA~1\AppData\Local\Temp\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVEX15.SYS [X]
S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitim
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitim
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitim
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legitim
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\atikmdag.sys 1FDC2B137008627BD11195706231EEF6
C:\Windows\System32\DRIVERS\atikmpag.sys 5FF6ADC3DE4FFF320FFB1DD53850602F
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152
C:\Windows\system32\drivers\arc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitim
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legitim
C:\Windows\System32\drivers\AtihdW73.sys 9E65DC266E8289116790599DD7D69087
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legitim
C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys 83D09A74DBAB1042A7662586E33708A4
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitim
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitim
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitim
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitim
C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys 88BB79D535B0D628C1529658BECBFFD1
C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys 88CDEF7E48A5D91BEA57E9A18426709E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitim
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legitim
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitim
C:\Windows\System32\drivers\csc.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ctxusbm.sys 4E08A98DBA0B1249C2EB4B191978A9A4
C:\Windows\System32\DRIVERS\ctxva51.sys F5EA74EB5F45905A2C734D35FCAF2C43
C:\Windows\System32\Drivers\dfsc.sys 0C1B2CC3733A4A5B8D6258E7B26EAD1A
C:\Windows\System32\drivers\discache.sys ==> MD5 is legitim
C:\Windows\System32\drivers\disk.sys ==> MD5 is legitim
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\DRIVERS\dnelwf.sys 58DA12F5B68A58398D9BCEC7BF795CD4
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\System32\DRIVERS\e1c6232.sys 94AD8BAE670E55BF646796B56BAC53A4
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legitim
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys EBF632D1E27E6F9B06D9680714935B75
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitim
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys E74C7892EE59BB1C5790C4E717019F0F
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legitim
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legitim
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitim
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitim
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitimB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hcmon.sys F4AEF841F4D20ABC62E85E9113346DCD
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitim
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitim
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitim
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitim
C:\Windows\System32\drivers\iaStor.sys F4037A3FEDB92DD97C95F320766EA5C9
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys F0EE3DF9DEE9AA3CECBB1FBD05397155
C:\Windows\System32\DRIVERS\igdkmd32.sys 721A8D48B2DC8C1C58C61CB948491EA8
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\RTDVHDA.sys 55DA507FF4762D38427C19DBFDF56763
C:\Windows\System32\DRIVERS\IntcDAud.sys 5576AD2F0039D2BCCCA3567FC0BF981C
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitim
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legitim
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\ksecdd.sys E58CFE0F44B9775603BA70813D48D66A
C:\Windows\System32\Drivers\ksecpkg.sys 50D1D9B3C24E783B6A8451158215AA55
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legitim
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\HECI.sys D86AC00883B9C98B570E7643AAF8E554
C:\Windows\System32\drivers\modem.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606
C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 1D5CC65FECC628397CB72F87DD6A78F3
C:\Windows\System32\DRIVERS\mrxsmb10.sys D405E63A7FEED75B40ACE03E57B44AB5
C:\Windows\System32\DRIVERS\mrxsmb20.sys E688B7D9B5422F23102E1920E19473E9
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitim
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitim
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\mup.sys E7EB93F16956C1BE56CB9B865802F696
C:\Windows\System32\Drivers\mvusbews.sys BA574D2ECDDE374AE2BDFAC0BDA8AAD0
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295
C:\Windows\System32\drivers\npf.sys B48DC6ABCD3AEFF8618350CCBDC6B09A
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legitim
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitim
C:\Windows\system32\drivers\parport.sys ==> MD5 is legitim
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\PBADRV.sys 4088C1ECD1F54281A92FA663B0FDC36F
C:\Windows\System32\drivers\pci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitim
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legitim
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\processr.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitim
C:\Windows\System32\pwdrvio.sys FB92B393B2ABE017FE4CF1661C755000
C:\Windows\system32\pwdspio.sys B515D22F4F216CE471317432AD364AD2
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rdbss.sys B15D1178AD7AA2D4F32E88B68C7E2DA2
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legitim
C:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS 423903085E55FD24A0F49195160EE612
C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS A7476418495A5CF97F691EA4F3986B85
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitim
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitim
C:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS 91AA67FD9704A8E953376DD140683507
C:\Windows\system32\Drivers\SYMEVENT.SYS E111BABE2BCA0F9CD3E45606EB63944F
C:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS 1B6EC6B91DAB7971530D61D4F2BFB22F
C:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS 9EF7544FE71F8025FB1A5A1FCFF8D333
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitim
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\tmactmon.sys 7B8E49D03ECE5CAC523C8D56DB61C845
C:\Windows\System32\DRIVERS\tmcomm.sys 4C6D311E0B13C4F469F717DB4AB4D0E7
C:\Windows\System32\DRIVERS\tmevtmgr.sys 8BE895EC50E6F0B6167671405581B414
C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 97A567392A48211BD2FD37807702D911
C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys F6E50E46697F232F667C426C936A4047
C:\Windows\System32\DRIVERS\tmtdi.sys E70EB577845B05DB02779A150E4A92E7
C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7
C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitim
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitim
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 5620619CE693AADF8767CDA00F940BEE
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys 3735F2A99C5EA762D869748333C83CE8
C:\Windows\System32\DRIVERS\usbhub.sys 7DE31B21FA92EE427C058C44CEB7859B
C:\Windows\system32\drivers\usbohci.sys E83AF87457337D459F48139FAC8A1994
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitim
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 876A815194383359F9F22833D4057138
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vga.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitim
C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 994354C06FC4C23912728C22D0B86356
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\wd.sys ==> MD5 is legitim
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitim
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Drie Maanden Gemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-11-24 13:24 - 2016-11-24 13:24 - 00050315 _____ C:\Users\ICT Stage\Desktop\FRST.txt
2016-11-24 13:23 - 2016-11-24 13:24 - 00000000 ____D C:\FRST
2016-11-24 13:22 - 2016-11-24 13:22 - 01761280 _____ (Farbar) C:\Users\ICT Stage\Desktop\FRST.exe
2016-11-24 12:51 - 2016-11-24 12:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-11-24 12:51 - 2016-11-24 12:51 - 00087792 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2016-11-24 12:51 - 2016-11-24 12:51 - 00008234 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2016-11-24 12:51 - 2016-11-24 12:51 - 00002300 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Windows\system32\Drivers\NS
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Program Files\Norton Security
2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\ProgramData\Norton
2016-11-24 12:50 - 2016-11-24 12:50 - 01101088 _____ (Symantec Corporation) C:\Users\ICT Stage\Desktop\NSDeluxeDownloader.exe
2016-11-24 12:50 - 2016-11-24 12:50 - 00001242 _____ C:\Users\ICT Stage\Desktop\Norton Installation Files.lnk
2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Program Files\NortonInstaller
2016-11-24 12:37 - 2016-11-24 12:39 - 00673932 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.37.53_log.txt
2016-11-24 12:36 - 2016-11-24 12:37 - 00004556 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.36.56_log.txt
2016-11-24 12:20 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-24 12:18 - 2016-11-24 12:30 - 00000000 ____D C:\Users\ICT Stage\Desktop\mbar
2016-11-24 12:18 - 2016-11-24 12:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ICT Stage\Desktop\mbar-1.09.3.1001.exe
2016-11-24 11:59 - 2016-11-24 12:07 - 00000000 ____D C:\Users\ICT Stage\Desktop\TMRBLog
2016-11-24 11:59 - 2016-11-24 11:59 - 09950232 _____ (Trend Micro Inc.) C:\Users\ICT Stage\Desktop\RootkitBusterV5.0-1129x32.exe
2016-11-24 11:59 - 2016-11-24 11:59 - 00000000 ____D C:\Users\ICT Stage\Desktop\log
2016-11-24 11:13 - 2016-11-24 11:13 - 00004394 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_11.13.25_log.txt
2016-11-24 11:12 - 2016-11-24 11:12 - 00017867 _____ C:\ComboFix.txt
2016-11-24 11:01 - 2016-11-24 11:12 - 00000000 ____D C:\Qoobox
2016-11-24 11:01 - 2016-11-24 11:11 - 00000000 ____D C:\Windows\erdnt
2016-11-24 11:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-24 11:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-24 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-24 10:34 - 2016-11-24 10:34 - 547207105 _____ C:\Windows\MEMORY.DMP
2016-11-24 10:34 - 2016-11-24 10:34 - 00149600 _____ C:\Windows\Minidump\112416-3400-01.dmp
2016-11-24 10:29 - 2016-11-24 09:30 - 00380928 _____ C:\Users\ICT Stage\Desktop\hxw5rr27.exe
2016-11-24 10:26 - 2016-11-24 10:28 - 00699686 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.26.38_log.txt
2016-11-24 10:21 - 2016-11-24 10:22 - 00004560 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.21.57_log.txt
2016-11-24 10:18 - 2016-11-24 10:18 - 00010796 _____ C:\Users\ICT Stage\Desktop\rogue.txt
2016-11-24 09:31 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-24 09:31 - 2016-11-24 09:31 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-24 09:31 - 2016-11-24 09:31 - 00001003 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-24 08:33 - 2016-11-24 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\ESET
2016-11-22 15:06 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\urenlijst
2016-11-22 15:04 - 2016-11-22 15:04 - 00000000 ____D C:\Users\ICT Stage\Desktop\paktafel project
2016-11-22 15:02 - 2016-11-22 16:23 - 00000000 ____D C:\Users\ICT Stage\Desktop\plattegronden sensoren
2016-11-22 12:57 - 2016-11-22 12:57 - 03855248 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-22 12:55 - 2016-11-22 12:55 - 00147928 _____ C:\Users\ICT Stage\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-22 12:44 - 2016-11-22 12:44 - 00000000 ____D C:\$360Section
2016-11-22 12:37 - 2016-11-22 12:44 - 00000000 ____D C:\ProgramData\360Quarant
2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-11-22 12:34 - 2016-11-23 08:31 - 00000000 ____D C:\Program Files\360
2016-11-22 12:34 - 2016-11-22 14:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Sun
2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\LocalLow\Sun
2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\ICAClient
2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Citrix
2016-11-21 09:51 - 2016-11-21 09:51 - 00006696 ____N C:\bootsqm.dat
2016-11-14 16:37 - 2016-11-22 12:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\CrashDumps
2016-11-09 11:59 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell testjes
2016-11-07 12:27 - 2016-11-01 10:07 - 00000122 _____ C:\Users\ICT Stage\Desktop\qbase+speakapp.bat
2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\yWorks
2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor
2016-11-01 16:58 - 2016-11-01 16:58 - 00000000 ____D C:\Users\ICT Stage\.oracle_jre_usage
2016-10-26 09:18 - 2016-11-23 15:46 - 00039424 _____ C:\Users\ICT Stage\Desktop\Toneroverzichtv3.xls
2016-10-24 14:22 - 2016-11-14 09:41 - 00000097 _____ C:\Users\ICT Stage\Desktop\momentele bezigheden.txt
2016-10-24 12:05 - 2012-08-21 15:59 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2016-10-24 12:05 - 2012-08-21 15:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-24 12:05 - 2012-08-21 15:29 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2016-10-24 12:05 - 2012-08-21 15:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-24 12:05 - 2012-08-21 15:20 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2016-10-24 12:05 - 2012-08-21 15:18 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll
2016-10-24 12:05 - 2012-08-21 15:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2016-10-24 12:05 - 2012-08-21 15:08 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2016-10-24 12:05 - 2012-08-21 15:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe
2016-10-24 12:05 - 2012-08-21 14:56 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2016-10-24 12:05 - 2012-08-21 14:54 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2016-10-24 12:05 - 2012-08-21 14:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll
2016-10-24 12:05 - 2012-08-21 14:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2016-10-24 12:05 - 2012-08-21 14:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll
2016-10-24 12:05 - 2012-08-21 14:34 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll
2016-10-24 12:05 - 2012-08-21 14:33 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2016-10-24 12:05 - 2012-08-21 14:32 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-10-24 12:05 - 2012-08-21 14:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2016-10-24 12:05 - 2012-08-21 14:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2016-10-24 12:05 - 2012-08-21 14:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2016-10-24 12:05 - 2012-08-21 14:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2016-10-24 12:05 - 2012-08-21 14:03 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-24 12:05 - 2012-08-21 14:02 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-24 12:05 - 2012-08-21 14:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-24 12:05 - 2012-08-21 14:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2016-10-24 12:05 - 2012-08-21 13:56 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll
2016-10-24 12:05 - 2012-08-21 13:52 - 02039296 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-24 12:05 - 2012-08-21 13:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll
2016-10-24 12:05 - 2012-08-21 13:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-24 12:05 - 2012-08-21 13:30 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2016-10-24 12:05 - 2012-08-21 12:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-24 12:05 - 2012-07-23 19:16 - 00204105 _____ C:\Windows\system32\winrm.vbs
2016-10-24 12:05 - 2012-07-23 19:16 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2016-10-24 12:05 - 2012-07-23 19:16 - 00004148 _____ C:\Windows\system32\psmodulediscoveryprovider.mof
2016-10-17 08:54 - 2016-10-20 11:09 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell tests en handige dingen
2016-10-13 15:54 - 2016-10-13 15:55 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Skype
2016-10-12 14:41 - 2016-10-12 14:41 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Microsoft_Corporation
2016-10-12 14:24 - 2016-10-12 14:24 - 00001005 _____ C:\Users\ICT Stage\Desktop\ICT Stage - Snelkoppeling.lnk
2016-10-12 14:15 - 2016-11-03 14:55 - 00000000 ____D C:\Users\ICT Stage\Desktop\scriptjes
2016-10-12 10:43 - 2016-10-12 10:43 - 00001899 _____ C:\Users\ICT Stage\Desktop\Windows PowerShell.lnk
2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZebraLink
2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Program Files\ZebraLink
2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\nicolien_vpn
2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\locaal
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\testuser\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Receptie\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\nicolien_vpn\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\locaal\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\install\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\ICT Stage\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast5\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast3\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast2\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast1\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\DaphneB\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Administrator\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\administrator.SH\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\admin\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Technologies
2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\ProgramData\Font Downloader
2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\Program Files\Zebra Technologies
2016-10-03 11:50 - 2012-10-25 07:46 - 00108544 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMU.dll
2016-10-03 11:50 - 2012-10-25 07:46 - 00107008 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMS.dll
2016-10-03 11:47 - 2016-10-03 11:47 - 00000000 ____D C:\ZD267718
2016-09-19 12:01 - 2016-09-19 12:01 - 00000000 _____ C:\Users\ICT Stage\Desktop\periodieke beoordeling week 7 en 12 +reflectie.txt
2016-09-19 10:13 - 2016-09-19 10:13 - 00001724 _____ C:\Users\ICT Stage\Desktop\Remote Desktop Connection.lnk
2016-09-13 08:21 - 2016-11-24 12:37 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 08:21 - 2016-11-24 12:26 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 08:21 - 2016-11-15 09:28 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 08:21 - 2016-11-15 09:28 - 00002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-12 07:56 - 2016-11-24 12:36 - 01257296 _____ C:\Windows\ntbtlog.txt
2016-09-06 14:47 - 2016-11-22 15:34 - 00000000 ____D C:\Users\ICT Stage\Desktop\Stage school documenten
2016-09-05 11:39 - 2016-09-05 11:39 - 00001183 _____ C:\Users\ICT Stage\Desktop\Microsoft Office Outlook.lnk
2016-09-05 08:39 - 2016-11-01 14:10 - 00000000 ____D C:\Users\ICT Stage\Desktop\S&H - IT vaak nodig
 
==================== Drie Maanden Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-11-24 13:06 - 2016-05-12 13:56 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job
2016-11-24 12:56 - 2016-07-27 15:31 - 00000000 ____D C:\Program Files\WinZip
2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:43 - 2010-11-21 00:57 - 00889294 _____ C:\Windows\system32\perfh013.dat
2016-11-24 12:43 - 2010-11-21 00:57 - 00200702 _____ C:\Windows\system32\perfc013.dat
2016-11-24 12:43 - 2010-11-20 22:01 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-24 12:37 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage
2016-11-24 12:37 - 2011-09-22 08:35 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-11-24 12:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-24 12:32 - 2015-12-08 11:49 - 00000160 ___SH C:\Users\ICT Stage\ntuser.ini
2016-11-24 12:20 - 2015-05-28 13:25 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-24 12:18 - 2015-05-28 13:24 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-24 11:12 - 2016-02-15 09:03 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Apps\2.0
2016-11-24 11:12 - 2013-07-29 16:02 - 00000000 ____D C:\Users\Jeroen
2016-11-24 11:11 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-11-24 10:34 - 2012-10-30 10:13 - 00000000 ____D C:\Windows\Minidump
2016-11-24 10:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-24 09:06 - 2016-05-12 13:56 - 00001028 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job
2016-11-24 08:26 - 2016-02-15 09:04 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Deployment
2016-11-23 16:57 - 2016-03-03 13:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Notepad++
2016-11-22 12:59 - 2011-09-22 08:36 - 00003796 __RSH C:\ProgramData\ntuser.pol
2016-11-22 12:44 - 2015-12-08 11:53 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\TeamViewer
2016-11-22 12:44 - 2015-11-30 10:06 - 00000000 ____D C:\$WINDOWS.~BT
2016-11-22 12:44 - 2011-09-16 22:14 - 00000000 ____D C:\ProgramData\Temp
2016-11-22 12:44 - 2011-02-14 16:03 - 00000000 ____D C:\Windows\panther
2016-11-22 12:44 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-22 11:17 - 2016-03-10 16:27 - 00002238 ____H C:\Users\ICT Stage\Documents\Default.rdp
2016-11-21 10:22 - 2016-02-15 10:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Adobe
2016-11-21 10:22 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Adobe
2016-11-21 09:26 - 2015-10-06 14:09 - 00000000 ____D C:\Windows\pss
2016-11-21 08:24 - 2011-09-22 08:57 - 00009030 _____ C:\Windows\cfgall.ini
2016-11-07 09:00 - 2016-02-16 12:29 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Google
2016-11-07 08:52 - 2015-10-06 15:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 15:44 - 2015-12-31 13:06 - 00001189 _____ C:\Users\ICT Stage\Desktop\Handig_WD - Snelkoppeling.lnk
2016-10-28 02:22 - 2011-09-22 08:48 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 15:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-10-26 09:08 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-25 11:02 - 2012-04-02 08:42 - 00000000 ____D C:\FBase
 
==================== Bestanden in de root van sommige mappen =======
 
2016-03-31 09:56 - 2016-03-31 09:56 - 0007602 _____ () C:\Users\ICT Stage\AppData\Local\Resmon.ResmonCfg
2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag
 
Bestanden om te verplaatsen of verwijderen:
====================
C:\Users\Receptie\Firefox Setup Stub 25.0.1.exe
C:\Users\Receptie\ljP1000_P1500-HB-pnp-win32-en.exe
 
 
Sommige bestanden in TEMP:
====================
C:\Users\ICT Stage\AppData\Local\Temp\catchme.dll
C:\Users\ICT Stage\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
==================== BCD ================================
 
Windows-opstartbeheer
---------------------
id                      {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  nl-NL
inherit                 {globalsettings}
default                 {current}
resumeobject            {b831c149-afc7-11e6-8a55-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows-opstartlaadprogramma
----------------------------
id                      {87cde4fa-e0e5-11e0-aee8-180373b7c387}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  nl-NL
inherit                 {bootloadersettings}
recoverysequence        {87cde4fb-e0e5-11e0-aee8-180373b7c387}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {87cde4f9-e0e5-11e0-aee8-180373b7c387}
nx                      OptIn
 
Windows-opstartlaadprogramma
----------------------------
id                      {87cde4fb-e0e5-11e0-aee8-180373b7c387}
 
Windows-opstartlaadprogramma
----------------------------
id                      {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (hersteld) 
locale                  nl-NL
recoverysequence        {87cde4fb-e0e5-11e0-aee8-180373b7c387}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b831c149-afc7-11e6-8a55-806e6f6e6963}
 
Windows-opstartlaadprogramma
----------------------------
id                      {946682e1-b012-11e6-997b-80882100ed35}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (hersteld) 
locale                  
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}
systemroot              \windows
winpe                   Yes
 
Hervatten uit sluimerstand
--------------------------
id                      {87cde4f9-e0e5-11e0-aee8-180373b7c387}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  nl-NL
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Hervatten uit sluimerstand
--------------------------
id                      {b831c149-afc7-11e6-8a55-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (hersteld) 
locale                  nl-NL
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows-geheugentest
--------------------
id                      {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  nl-NL
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS-instellingen
----------------
id                      {emssettings}
bootems                 Yes
 
Debugger-instellingen
---------------------
id                      {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM-defecten
------------
id                      {badmemory}
 
Globale instellingen
--------------------
id                      {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Instellingen voor opstartlaadprogramma
--------------------------------------
id                      {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor-instellingen
-------------------
id                      {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Instellingen voor hervattingslaadprogramma
------------------------------------------
id                      {resumeloadersettings}
inherit                 {globalsettings}
 
Apparaatopties
--------------
id                      {87cde4fc-e0e5-11e0-aee8-180373b7c387}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Apparaatopties
--------------
id                      {946682e2-b012-11e6-997b-80882100ed35}
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\windowsre\boot.sdi
 
 
 
LastRegBack: 2016-11-14 13:59
 
==================== Eind van FRST.txt ============================  
 
HIJACKTHIS LOG
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 15:17:06, on 24-11-2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18163)
 
 
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\WinZip\WZUpdateNotifier.exe
C:\Program Files\WinZip\FAHWindow32.exe
C:\Program Files\WinZip\WzPreloader.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\ICT Stage\Desktop\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IMSS] "C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [LogiOptions] C:\Program Files\Logitech\LogiOptions\LogiOptions.exe /noui
O4 - HKLM\..\Run: [VMware Netlink 3 HV Install Utility] C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Spiceworks] C:\Program Files\Spiceworks\bin\spicetray_silent.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: FAH.lnk = C:\Program Files\WinZip\FAHConsole.exe
O4 - Global Startup: Update-melder.lnk = C:\Program Files\WinZip\WZUpdateNotifier.exe
O4 - Global Startup: WinZip Preloader.lnk = C:\Program Files\WinZip\WzPreloader.exe
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.selectvracht.nl (HKLM)
O15 - Trusted Zone: http://*.snh-dbs (HKLM)
O15 - Trusted IP range: http://185.10.96.14
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O16 - DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} (SWTSC Control) - https://vpn.s-h.nl/SWTSC.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SH.lokaal
O17 - HKLM\Software\..\Telephony: DomainName = SH.lokaal
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SH.lokaal
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SH.lokaal
O17 - HKLM\System\CS2\Services\Tcpip\..\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
 
--
End of file - 9515 bytes

Edited by hamluis, 24 November 2016 - 12:24 PM.
Merged posts - Hamluis.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 29 November 2016 - 05:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/632993 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 PM

Posted 04 December 2016 - 05:40 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users