Jump to content

mikeje

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Hello, first of all much thanks for trying to help out. Is there a reason why some tools flags this for suspicious or even dangerous? : SSDT A383589C ZwCreateKey SSDT A3835554 ZwCreateMutant SSDT A382809C ZwCreateProcess SSDT 88DF82AC ZwCreateProcessEx SSDT A383541C ZwCreateSymbolicLinkObject SSDT A3835614 ZwCreateThread SSDT A38355D4 ZwCreateThreadEx SSDT 88DBB2A4 ZwCreateUserProcess SSDT A383539C ZwDebugActiveProcess SSDT A383581C ZwDeleteKey SSDT A383575C ZwDeleteValueKey SSDT A38353DC ZwDuplicateObject SSDT A3835594 ZwLoadDriver SSDT A3828A0C ZwOpenProcess SSDT A383571C ZwOpenSection SSDT A38358DC ZwOpenThread SSDT A38357DC ZwRenameKey SSDT A383579C ZwRestoreKey SSDT A3835514 ZwSetSystemInformation SSDT A383585C ZwSetValueKey SSDT A38359A4 ZwTerminateProcess SSDT A3835964 ZwTerminateThread SSDT A3835654 ZwWriteVirtualMemory Here is the logg of Farbar Recovery Scan Tool. ==================== Eind van Addition.txt ============================ FRST.TXT Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 23-11-2016Gestart door ictstage (Beheerder) op ICT-PC05 (24-11-2016 13:24:11)Gestart vanaf C:\Users\ICT Stage\DesktopGeladen Profielen: ictstage (Beschikbare Profielen: Receptie & gast1 & Gast2 & Gast3 & install & testuser & nicolien & gast5 & ictstage & Administrator & DaphneB & locaal & admin & Administrator)Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Taal: Nederlands (Nederland)Internet Explorer Versie 11 (Standaardbrowser: Chrome)Boot Modus: NormalHandleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processen (gefilterd) ================= (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe(Microsoft Corporation) C:\Windows\System32\mobsync.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Register (gefilterd) ==================== (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1254008 2015-09-01] (Logitech, Inc.)HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [65472 2015-06-16] ()HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)HKLM\...\Run: [Spiceworks] => C:\Program Files\Spiceworks\bin\spicetray_silent.exe [67824 2015-05-26] ()HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)HKLM\...\Providers\87f1d5: C:\Users\stefan\AppData\Local\Temp\FEE9.tmpShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-27]ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-melder.lnk [2016-07-27]ShortcutTarget: Update-melder.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-27]ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2015-01-19] ()Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2015-01-19] ()Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-01-19] ()Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall - Snelkoppeling.lnk [2010-10-26]ShortcutTarget: AutoInstall - Snelkoppeling.lnk -> Z:\AutoInstall.bat (Geen bestand)Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2012-08-22] ()Startup: C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2014-05-27] ()Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2014-05-27] ()Startup: C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-07-13] ()Startup: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()Startup: C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-11-11] ()Startup: C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2011-03-07] ()Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-06-05] ()GroupPolicy: Restrictie ? <======= AANDACHT ==================== Internet (gefilterd) ==================== (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip\..\Interfaces\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: [NameServer] 192.168.1.3,192.168.1.1 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHTHKU\S-1-5-21-1123561945-1202660629-839522115-4762\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHTHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhomeHKU\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchSearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSESearchScopes: HKLM -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBoxSearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {903B5915-700A-40EF-BC55-9F1F9C391925} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms}BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cabDPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} hxxps://vpn.s-h.nl/SWTSC.cabDPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cabFilter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) FireFox:========FF DefaultProfile: w0k9f6ir.defaultFF ProfilePath: C:\Users\ICT Stage\AppData\Roaming\Mozilla\Firefox\Profiles\w0k9f6ir.default [2016-11-24]FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtensionFF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [niet getekend]FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddonFF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-24]FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2016-06-06] ()FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)FF Plugin: @Citrix.com/npagee,version=10.0.71.6 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2012-10-14] (Citrix Systems, Inc.)FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Geen bestand]FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/GoogleTalkPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/O1DPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=3 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=9 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: =======CHR Profile: C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]CHR Extension: (Google Slides) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-13]CHR Extension: (Google Docs) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-13]CHR Extension: (Google Drive) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-13]CHR Extension: (YouTube) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13]CHR Extension: (Google Sheets) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-13]CHR Extension: (Google Docs Offline) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13]CHR Extension: (Chrome Web Store Payments) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-13]CHR Extension: (Gmail) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-13]CHR Extension: (Chrome Media Router) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-24]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (gefilterd) ==================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [Bestand niet getekend]S4 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [177600 2015-06-16] ()S4 ftscanmgr; C:\Program Files\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()S4 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Bestand niet getekend]S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend]S4 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation)S4 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Bestand niet getekend]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)R2 NS; C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-24] (Symantec Corporation)S4 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156784 2012-10-14] (Citrix Systems, Inc)S4 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2324760 2013-12-10] (Trend Micro Inc.)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]S4 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)S4 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)S4 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Bestand niet getekend]S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend]S4 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [Bestand niet getekend]S4 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)S4 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)S4 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)S4 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [725696 2015-07-30] (VMware, Inc.)S4 vmware-view-usbd; C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.)S4 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [Bestand niet getekend]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)S4 wsnm; C:\Program Files\VMware\VMware Horizon View Client\wsnm\wsnm.exe [489176 2015-08-19] (VMware, Inc.) ===================== Drivers (gefilterd) ====================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys [1334008 2016-09-23] (Symantec Corporation)R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189272 2011-10-18] (Citrix Systems, Inc.)R1 ccSet_NS; C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys [137456 2016-09-23] (Symantec Corporation)R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [42096 2012-10-14] (Citrix Systems, Inc.)R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [107608 2011-02-07] (Citrix Systems, Inc.)R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2016-11-23] (Symantec Corporation)U3 EraserUtilDrv11521; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [124144 2016-04-28] (Symantec Corporation)R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [44664 2015-07-30] (VMware, Inc.)R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys [768728 2016-09-23] (Symantec Corporation)R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2012-05-03] (CACE Technologies, Inc.)R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()R1 SRTSP; C:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS [634096 2016-09-23] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS [43248 2016-09-23] (Symantec Corporation)R0 SymEFASI; C:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS [1291992 2016-09-23] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [87792 2016-11-24] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS [229616 2016-09-23] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS [423640 2016-09-23] (Symantec Corporation)R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.)R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.)R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-06-18] (Trend Micro Inc.)U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-24] ()S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [Bestand niet getekend]R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.)S3 catchme; \??\C:\Users\ICTSTA~1\AppData\Local\Temp\catchme.sys [X]S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVENG.SYS [X]S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVEX15.SYS [X]S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitimC:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitimC:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitimC:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitimC:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitimC:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitimC:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitimC:\Windows\system32\drivers\djsvs.sys ==> MD5 is legitimC:\Windows\system32\drivers\aliide.sys ==> MD5 is legitimC:\Windows\system32\drivers\amdagp.sys ==> MD5 is legitimC:\Windows\system32\drivers\amdide.sys ==> MD5 is legitimC:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\atikmdag.sys 1FDC2B137008627BD11195706231EEF6C:\Windows\System32\DRIVERS\atikmpag.sys 5FF6ADC3DE4FFF320FFB1DD53850602FC:\Windows\system32\drivers\amdppm.sys ==> MD5 is legitimC:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FCC:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitimC:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152C:\Windows\system32\drivers\arc.sys ==> MD5 is legitimC:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitimC:\Windows\system32\drivers\atapi.sys ==> MD5 is legitimC:\Windows\System32\drivers\AtihdW73.sys 9E65DC266E8289116790599DD7D69087C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legitimC:\Windows\system32\Drivers\Beep.sys ==> MD5 is legitimC:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys 83D09A74DBAB1042A7662586E33708A4C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitimC:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitimC:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4BC:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitimC:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitimC:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitimC:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitimC:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitimC:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys 88BB79D535B0D628C1529658BECBFFD1C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys 88CDEF7E48A5D91BEA57E9A18426709EC:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitimC:\Windows\system32\drivers\circlass.sys ==> MD5 is legitimC:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legitimC:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitimC:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitimC:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitimC:\Windows\System32\drivers\csc.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\ctxusbm.sys 4E08A98DBA0B1249C2EB4B191978A9A4C:\Windows\System32\DRIVERS\ctxva51.sys F5EA74EB5F45905A2C734D35FCAF2C43C:\Windows\System32\Drivers\dfsc.sys 0C1B2CC3733A4A5B8D6258E7B26EAD1AC:\Windows\System32\drivers\discache.sys ==> MD5 is legitimC:\Windows\System32\drivers\disk.sys ==> MD5 is legitimC:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9EC:\Windows\System32\DRIVERS\dnelwf.sys 58DA12F5B68A58398D9BCEC7BF795CD4C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08BC:\Windows\System32\DRIVERS\e1c6232.sys 94AD8BAE670E55BF646796B56BAC53A4C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legitimC:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys EBF632D1E27E6F9B06D9680714935B75C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitimC:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys E74C7892EE59BB1C5790C4E717019F0FC:\Windows\system32\drivers\errdev.sys ==> MD5 is legitimC:\Windows\system32\Drivers\exfat.sys ==> MD5 is legitimC:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legitimC:\Windows\system32\drivers\fdc.sys ==> MD5 is legitimC:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitimC:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitimC:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitimBC:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitimC:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitimC:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDBC:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitimC:\Windows\system32\drivers\hcmon.sys F4AEF841F4D20ABC62E85E9113346DCDC:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitimC:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitimC:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitimC:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitimC:\Windows\system32\drivers\hidir.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitimC:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitimC:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitimC:\Windows\System32\drivers\iaStor.sys F4037A3FEDB92DD97C95F320766EA5C9C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76EC:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys F0EE3DF9DEE9AA3CECBB1FBD05397155C:\Windows\System32\DRIVERS\igdkmd32.sys 721A8D48B2DC8C1C58C61CB948491EA8C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitimC:\Windows\System32\drivers\RTDVHDA.sys 55DA507FF4762D38427C19DBFDF56763C:\Windows\System32\DRIVERS\IntcDAud.sys 5576AD2F0039D2BCCCA3567FC0BF981CC:\Windows\system32\drivers\intelide.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitimC:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitimC:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitimC:\Windows\System32\drivers\irenum.sys ==> MD5 is legitimC:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitimC:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitimC:\Windows\System32\Drivers\ksecdd.sys E58CFE0F44B9775603BA70813D48D66AC:\Windows\System32\Drivers\ksecpkg.sys 50D1D9B3C24E783B6A8451158215AA55C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitimC:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitimC:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitimC:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitimC:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitimC:\Windows\system32\drivers\luafv.sys ==> MD5 is legitimC:\Windows\system32\drivers\megasas.sys ==> MD5 is legitimC:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\HECI.sys D86AC00883B9C98B570E7643AAF8E554C:\Windows\System32\drivers\modem.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitimC:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitimC:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitimC:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252C:\Windows\System32\DRIVERS\mrxsmb.sys 1D5CC65FECC628397CB72F87DD6A78F3C:\Windows\System32\DRIVERS\mrxsmb10.sys D405E63A7FEED75B40ACE03E57B44AB5C:\Windows\System32\DRIVERS\mrxsmb20.sys E688B7D9B5422F23102E1920E19473E9C:\Windows\system32\drivers\msahci.sys ==> MD5 is legitimC:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitimC:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legitimC:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitimC:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitimC:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitimC:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitimC:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitimC:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitimC:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitimC:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitimC:\Windows\System32\Drivers\mup.sys E7EB93F16956C1BE56CB9B865802F696C:\Windows\System32\Drivers\mvusbews.sys BA574D2ECDDE374AE2BDFAC0BDA8AAD0C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitimC:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitimC:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitimC:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295C:\Windows\System32\drivers\npf.sys B48DC6ABCD3AEFF8618350CCBDC6B09AC:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legitimC:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitimC:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEACC:\Windows\system32\Drivers\Null.sys ==> MD5 is legitimC:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitimC:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitimC:\Windows\system32\drivers\parport.sys ==> MD5 is legitimC:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9BC:\Windows\system32\drivers\parvdm.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\PBADRV.sys 4088C1ECD1F54281A92FA663B0FDC36FC:\Windows\System32\drivers\pci.sys ==> MD5 is legitimC:\Windows\system32\drivers\pciide.sys ==> MD5 is legitimC:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitimC:\Windows\System32\drivers\pcw.sys ==> MD5 is legitimC:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43FC:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitimC:\Windows\system32\drivers\processr.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitimC:\Windows\System32\pwdrvio.sys FB92B393B2ABE017FE4CF1661C755000C:\Windows\system32\pwdspio.sys B515D22F4F216CE471317432AD364AD2C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8EC:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitimC:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitimC:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\rdbss.sys B15D1178AD7AA2D4F32E88B68C7E2DA2C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitimC:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitimC:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitimC:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitimC:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitimC:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitimC:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitimC:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitimC:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitimC:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitimC:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitimC:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitimC:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitimC:\Windows\system32\drivers\sisagp.sys ==> MD5 is legitimC:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitimC:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitimC:\Windows\system32\Drivers\spldr.sys ==> MD5 is legitimC:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS 423903085E55FD24A0F49195160EE612C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS A7476418495A5CF97F691EA4F3986B85C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71ABC:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABCC:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitimC:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitimC:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitimC:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS 91AA67FD9704A8E953376DD140683507C:\Windows\system32\Drivers\SYMEVENT.SYS E111BABE2BCA0F9CD3E45606EB63944FC:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS 1B6EC6B91DAB7971530D61D4F2BFB22FC:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS 9EF7544FE71F8025FB1A5A1FCFF8D333C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6BC:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6BC:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3BC:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitimC:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\tmactmon.sys 7B8E49D03ECE5CAC523C8D56DB61C845C:\Windows\System32\DRIVERS\tmcomm.sys 4C6D311E0B13C4F469F717DB4AB4D0E7C:\Windows\System32\DRIVERS\tmevtmgr.sys 8BE895EC50E6F0B6167671405581B414C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 97A567392A48211BD2FD37807702D911C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys F6E50E46697F232F667C426C936A4047C:\Windows\System32\DRIVERS\tmtdi.sys E70EB577845B05DB02779A150E4A92E7C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitimC:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitimC:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitimC:\Windows\system32\drivers\umpass.sys ==> MD5 is legitimC:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AFC:\Windows\System32\DRIVERS\usbccgp.sys 5620619CE693AADF8767CDA00F940BEEC:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041C:\Windows\system32\drivers\usbehci.sys 3735F2A99C5EA762D869748333C83CE8C:\Windows\System32\DRIVERS\usbhub.sys 7DE31B21FA92EE427C058C44CEB7859BC:\Windows\system32\drivers\usbohci.sys E83AF87457337D459F48139FAC8A1994C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitimC:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896AC:\Windows\system32\drivers\usbuhci.sys 876A815194383359F9F22833D4057138C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitimC:\Windows\System32\drivers\vga.sys ==> MD5 is legitimC:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitimC:\Windows\system32\drivers\viaagp.sys ==> MD5 is legitimC:\Windows\system32\drivers\viac7.sys ==> MD5 is legitimC:\Windows\system32\drivers\viaide.sys ==> MD5 is legitimC:\Windows\system32\drivers\vmbus.sys ==> MD5 is legitimC:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitimC:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitimC:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitimC:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitimC:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 994354C06FC4C23912728C22D0B86356C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitimC:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legitimC:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitimC:\Windows\system32\drivers\wd.sys ==> MD5 is legitimC:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitimC:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitimC:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitimC:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF ==================== NetSvcs (gefilterd) =================== (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) ==================== Drie Maanden Gemaakt bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-11-24 13:24 - 2016-11-24 13:24 - 00050315 _____ C:\Users\ICT Stage\Desktop\FRST.txt2016-11-24 13:23 - 2016-11-24 13:24 - 00000000 ____D C:\FRST2016-11-24 13:22 - 2016-11-24 13:22 - 01761280 _____ (Farbar) C:\Users\ICT Stage\Desktop\FRST.exe2016-11-24 12:51 - 2016-11-24 12:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared2016-11-24 12:51 - 2016-11-24 12:51 - 00087792 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS2016-11-24 12:51 - 2016-11-24 12:51 - 00008234 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT2016-11-24 12:51 - 2016-11-24 12:51 - 00002300 _____ C:\Users\Public\Desktop\Norton Security.lnk2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Windows\system32\Drivers\NS2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Program Files\Norton Security2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\ProgramData\Norton2016-11-24 12:50 - 2016-11-24 12:50 - 01101088 _____ (Symantec Corporation) C:\Users\ICT Stage\Desktop\NSDeluxeDownloader.exe2016-11-24 12:50 - 2016-11-24 12:50 - 00001242 _____ C:\Users\ICT Stage\Desktop\Norton Installation Files.lnk2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Users\Public\Downloads\Norton2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Program Files\NortonInstaller2016-11-24 12:37 - 2016-11-24 12:39 - 00673932 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.37.53_log.txt2016-11-24 12:36 - 2016-11-24 12:37 - 00004556 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.36.56_log.txt2016-11-24 12:20 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)2016-11-24 12:18 - 2016-11-24 12:30 - 00000000 ____D C:\Users\ICT Stage\Desktop\mbar2016-11-24 12:18 - 2016-11-24 12:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ICT Stage\Desktop\mbar-1.09.3.1001.exe2016-11-24 11:59 - 2016-11-24 12:07 - 00000000 ____D C:\Users\ICT Stage\Desktop\TMRBLog2016-11-24 11:59 - 2016-11-24 11:59 - 09950232 _____ (Trend Micro Inc.) C:\Users\ICT Stage\Desktop\RootkitBusterV5.0-1129x32.exe2016-11-24 11:59 - 2016-11-24 11:59 - 00000000 ____D C:\Users\ICT Stage\Desktop\log2016-11-24 11:13 - 2016-11-24 11:13 - 00004394 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_11.13.25_log.txt2016-11-24 11:12 - 2016-11-24 11:12 - 00017867 _____ C:\ComboFix.txt2016-11-24 11:01 - 2016-11-24 11:12 - 00000000 ____D C:\Qoobox2016-11-24 11:01 - 2016-11-24 11:11 - 00000000 ____D C:\Windows\erdnt2016-11-24 11:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe2016-11-24 11:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe2016-11-24 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe2016-11-24 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe2016-11-24 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe2016-11-24 11:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe2016-11-24 11:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe2016-11-24 11:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe2016-11-24 10:34 - 2016-11-24 10:34 - 547207105 _____ C:\Windows\MEMORY.DMP2016-11-24 10:34 - 2016-11-24 10:34 - 00149600 _____ C:\Windows\Minidump\112416-3400-01.dmp2016-11-24 10:29 - 2016-11-24 09:30 - 00380928 _____ C:\Users\ICT Stage\Desktop\hxw5rr27.exe2016-11-24 10:26 - 2016-11-24 10:28 - 00699686 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.26.38_log.txt2016-11-24 10:21 - 2016-11-24 10:22 - 00004560 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.21.57_log.txt2016-11-24 10:18 - 2016-11-24 10:18 - 00010796 _____ C:\Users\ICT Stage\Desktop\rogue.txt2016-11-24 09:31 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\RogueKiller2016-11-24 09:31 - 2016-11-24 09:31 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys2016-11-24 09:31 - 2016-11-24 09:31 - 00001003 _____ C:\Users\Public\Desktop\RogueKiller.lnk2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\Program Files\RogueKiller2016-11-24 08:33 - 2016-11-24 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\ESET2016-11-22 15:06 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\urenlijst2016-11-22 15:04 - 2016-11-22 15:04 - 00000000 ____D C:\Users\ICT Stage\Desktop\paktafel project2016-11-22 15:02 - 2016-11-22 16:23 - 00000000 ____D C:\Users\ICT Stage\Desktop\plattegronden sensoren2016-11-22 12:57 - 2016-11-22 12:57 - 03855248 _____ C:\Windows\system32\FNTCACHE.DAT2016-11-22 12:55 - 2016-11-22 12:55 - 00147928 _____ C:\Users\ICT Stage\AppData\Local\GDIPFONTCACHEV1.DAT2016-11-22 12:44 - 2016-11-22 12:44 - 00000000 ____D C:\$360Section2016-11-22 12:37 - 2016-11-22 12:44 - 00000000 ____D C:\ProgramData\360Quarant2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Windows\Tasks\360Disabled2016-11-22 12:34 - 2016-11-23 08:31 - 00000000 ____D C:\Program Files\3602016-11-22 12:34 - 2016-11-22 14:38 - 00000000 ____D C:\Program Files\Common Files\AV2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Sun2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\LocalLow\Sun2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\ICAClient2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Citrix2016-11-21 09:51 - 2016-11-21 09:51 - 00006696 ____N C:\bootsqm.dat2016-11-14 16:37 - 2016-11-22 12:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\CrashDumps2016-11-09 11:59 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell testjes2016-11-07 12:27 - 2016-11-01 10:07 - 00000122 _____ C:\Users\ICT Stage\Desktop\qbase+speakapp.bat2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\yWorks2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor2016-11-01 16:58 - 2016-11-01 16:58 - 00000000 ____D C:\Users\ICT Stage\.oracle_jre_usage2016-10-26 09:18 - 2016-11-23 15:46 - 00039424 _____ C:\Users\ICT Stage\Desktop\Toneroverzichtv3.xls2016-10-24 14:22 - 2016-11-14 09:41 - 00000097 _____ C:\Users\ICT Stage\Desktop\momentele bezigheden.txt2016-10-24 12:05 - 2012-08-21 15:59 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll2016-10-24 12:05 - 2012-08-21 15:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll2016-10-24 12:05 - 2012-08-21 15:29 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll2016-10-24 12:05 - 2012-08-21 15:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll2016-10-24 12:05 - 2012-08-21 15:20 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll2016-10-24 12:05 - 2012-08-21 15:18 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll2016-10-24 12:05 - 2012-08-21 15:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll2016-10-24 12:05 - 2012-08-21 15:08 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll2016-10-24 12:05 - 2012-08-21 15:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe2016-10-24 12:05 - 2012-08-21 14:56 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe2016-10-24 12:05 - 2012-08-21 14:54 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll2016-10-24 12:05 - 2012-08-21 14:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll2016-10-24 12:05 - 2012-08-21 14:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll2016-10-24 12:05 - 2012-08-21 14:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll2016-10-24 12:05 - 2012-08-21 14:34 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll2016-10-24 12:05 - 2012-08-21 14:33 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll2016-10-24 12:05 - 2012-08-21 14:32 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll2016-10-24 12:05 - 2012-08-21 14:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll2016-10-24 12:05 - 2012-08-21 14:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll2016-10-24 12:05 - 2012-08-21 14:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe2016-10-24 12:05 - 2012-08-21 14:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe2016-10-24 12:05 - 2012-08-21 14:03 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe2016-10-24 12:05 - 2012-08-21 14:02 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll2016-10-24 12:05 - 2012-08-21 14:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll2016-10-24 12:05 - 2012-08-21 14:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll2016-10-24 12:05 - 2012-08-21 13:56 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll2016-10-24 12:05 - 2012-08-21 13:52 - 02039296 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll2016-10-24 12:05 - 2012-08-21 13:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll2016-10-24 12:05 - 2012-08-21 13:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe2016-10-24 12:05 - 2012-08-21 13:30 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll2016-10-24 12:05 - 2012-08-21 12:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll2016-10-24 12:05 - 2012-07-23 19:16 - 00204105 _____ C:\Windows\system32\winrm.vbs2016-10-24 12:05 - 2012-07-23 19:16 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml2016-10-24 12:05 - 2012-07-23 19:16 - 00004148 _____ C:\Windows\system32\psmodulediscoveryprovider.mof2016-10-17 08:54 - 2016-10-20 11:09 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell tests en handige dingen2016-10-13 15:54 - 2016-10-13 15:55 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Skype2016-10-12 14:41 - 2016-10-12 14:41 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Microsoft_Corporation2016-10-12 14:24 - 2016-10-12 14:24 - 00001005 _____ C:\Users\ICT Stage\Desktop\ICT Stage - Snelkoppeling.lnk2016-10-12 14:15 - 2016-11-03 14:55 - 00000000 ____D C:\Users\ICT Stage\Desktop\scriptjes2016-10-12 10:43 - 2016-10-12 10:43 - 00001899 _____ C:\Users\ICT Stage\Desktop\Windows PowerShell.lnk2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZebraLink2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Program Files\ZebraLink2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\nicolien_vpn2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\locaal2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\testuser\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Receptie\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\nicolien_vpn\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\locaal\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\install\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\ICT Stage\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast5\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast3\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast2\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast1\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\DaphneB\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Administrator\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\administrator.SH\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\admin\Desktop\Zebra Font Downloader.lnk2016-10-03 11:51 - 2016-10-03 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Technologies2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\ProgramData\Font Downloader2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\Program Files\Zebra Technologies2016-10-03 11:50 - 2012-10-25 07:46 - 00108544 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMU.dll2016-10-03 11:50 - 2012-10-25 07:46 - 00107008 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMS.dll2016-10-03 11:47 - 2016-10-03 11:47 - 00000000 ____D C:\ZD2677182016-09-19 12:01 - 2016-09-19 12:01 - 00000000 _____ C:\Users\ICT Stage\Desktop\periodieke beoordeling week 7 en 12 +reflectie.txt2016-09-19 10:13 - 2016-09-19 10:13 - 00001724 _____ C:\Users\ICT Stage\Desktop\Remote Desktop Connection.lnk2016-09-13 08:21 - 2016-11-24 12:37 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2016-09-13 08:21 - 2016-11-24 12:26 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2016-09-13 08:21 - 2016-11-15 09:28 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk2016-09-13 08:21 - 2016-11-15 09:28 - 00002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk2016-09-12 07:56 - 2016-11-24 12:36 - 01257296 _____ C:\Windows\ntbtlog.txt2016-09-06 14:47 - 2016-11-22 15:34 - 00000000 ____D C:\Users\ICT Stage\Desktop\Stage school documenten2016-09-05 11:39 - 2016-09-05 11:39 - 00001183 _____ C:\Users\ICT Stage\Desktop\Microsoft Office Outlook.lnk2016-09-05 08:39 - 2016-11-01 14:10 - 00000000 ____D C:\Users\ICT Stage\Desktop\S&H - IT vaak nodig ==================== Drie Maanden Gewijzigd bestanden en mappen ======== (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-11-24 13:06 - 2016-05-12 13:56 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job2016-11-24 12:56 - 2016-07-27 15:31 - 00000000 ____D C:\Program Files\WinZip2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02016-11-24 12:43 - 2010-11-21 00:57 - 00889294 _____ C:\Windows\system32\perfh013.dat2016-11-24 12:43 - 2010-11-21 00:57 - 00200702 _____ C:\Windows\system32\perfc013.dat2016-11-24 12:43 - 2010-11-20 22:01 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI2016-11-24 12:37 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage2016-11-24 12:37 - 2011-09-22 08:35 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl2016-11-24 12:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2016-11-24 12:32 - 2015-12-08 11:49 - 00000160 ___SH C:\Users\ICT Stage\ntuser.ini2016-11-24 12:20 - 2015-05-28 13:25 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2016-11-24 12:18 - 2015-05-28 13:24 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys2016-11-24 11:12 - 2016-02-15 09:03 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Apps\2.02016-11-24 11:12 - 2013-07-29 16:02 - 00000000 ____D C:\Users\Jeroen2016-11-24 11:11 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini2016-11-24 10:34 - 2012-10-30 10:13 - 00000000 ____D C:\Windows\Minidump2016-11-24 10:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf2016-11-24 09:06 - 2016-05-12 13:56 - 00001028 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job2016-11-24 08:26 - 2016-02-15 09:04 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Deployment2016-11-23 16:57 - 2016-03-03 13:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Notepad++2016-11-22 12:59 - 2011-09-22 08:36 - 00003796 __RSH C:\ProgramData\ntuser.pol2016-11-22 12:44 - 2015-12-08 11:53 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\TeamViewer2016-11-22 12:44 - 2015-11-30 10:06 - 00000000 ____D C:\$WINDOWS.~BT2016-11-22 12:44 - 2011-09-16 22:14 - 00000000 ____D C:\ProgramData\Temp2016-11-22 12:44 - 2011-02-14 16:03 - 00000000 ____D C:\Windows\panther2016-11-22 12:44 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Downloaded Program Files2016-11-22 11:17 - 2016-03-10 16:27 - 00002238 ____H C:\Users\ICT Stage\Documents\Default.rdp2016-11-21 10:22 - 2016-02-15 10:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Adobe2016-11-21 10:22 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Adobe2016-11-21 09:26 - 2015-10-06 14:09 - 00000000 ____D C:\Windows\pss2016-11-21 08:24 - 2011-09-22 08:57 - 00009030 _____ C:\Windows\cfgall.ini2016-11-07 09:00 - 2016-02-16 12:29 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Google2016-11-07 08:52 - 2015-10-06 15:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk2016-11-03 15:44 - 2015-12-31 13:06 - 00001189 _____ C:\Users\ICT Stage\Desktop\Handig_WD - Snelkoppeling.lnk2016-10-28 02:22 - 2011-09-22 08:48 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2016-10-27 15:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache2016-10-26 09:08 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy2016-10-25 11:02 - 2012-04-02 08:42 - 00000000 ____D C:\FBase ==================== Bestanden in de root van sommige mappen ======= 2016-03-31 09:56 - 2016-03-31 09:56 - 0007602 _____ () C:\Users\ICT Stage\AppData\Local\Resmon.ResmonCfg2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag Bestanden om te verplaatsen of verwijderen:====================C:\Users\Receptie\Firefox Setup Stub 25.0.1.exeC:\Users\Receptie\ljP1000_P1500-HB-pnp-win32-en.exe Sommige bestanden in TEMP:====================C:\Users\ICT Stage\AppData\Local\Temp\catchme.dllC:\Users\ICT Stage\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap ====================== (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:\Windows\explorer.exe => Bestand is getekendC:\Windows\system32\winlogon.exe => Bestand is getekendC:\Windows\system32\wininit.exe => Bestand is getekendC:\Windows\system32\svchost.exe => Bestand is getekendC:\Windows\system32\services.exe => Bestand is getekendC:\Windows\system32\User32.dll => Bestand is getekendC:\Windows\system32\userinit.exe => Bestand is getekendC:\Windows\system32\rpcss.dll => Bestand is getekendC:\Windows\system32\dnsapi.dll => Bestand is getekendC:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend ==================== BCD ================================ Windows-opstartbeheer---------------------id {bootmgr}device partition=\Device\HarddiskVolume1path \bootmgrdescription Windows Boot Managerlocale nl-NLinherit {globalsettings}default {current}resumeobject {b831c149-afc7-11e6-8a55-806e6f6e6963}displayorder {current}toolsdisplayorder {memdiag}timeout 30 Windows-opstartlaadprogramma----------------------------id {87cde4fa-e0e5-11e0-aee8-180373b7c387}device unknownpath \Windows\system32\winload.exedescription Windows 7locale nl-NLinherit {bootloadersettings}recoverysequence {87cde4fb-e0e5-11e0-aee8-180373b7c387}recoveryenabled Yesosdevice unknownsystemroot \Windowsresumeobject {87cde4f9-e0e5-11e0-aee8-180373b7c387}nx OptIn Windows-opstartlaadprogramma----------------------------id {87cde4fb-e0e5-11e0-aee8-180373b7c387} Windows-opstartlaadprogramma----------------------------id {current}device partition=C:path \Windows\system32\winload.exedescription Windows 7 Professional (hersteld) locale nl-NLrecoverysequence {87cde4fb-e0e5-11e0-aee8-180373b7c387}recoveryenabled Yesosdevice partition=C:systemroot \Windowsresumeobject {b831c149-afc7-11e6-8a55-806e6f6e6963} Windows-opstartlaadprogramma----------------------------id {946682e1-b012-11e6-997b-80882100ed35}device ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}path \windows\system32\winload.exedescription Windows Recovery Environment (hersteld) locale osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}systemroot \windowswinpe Yes Hervatten uit sluimerstand--------------------------id {87cde4f9-e0e5-11e0-aee8-180373b7c387}device unknownpath \Windows\system32\winresume.exedescription Windows Resume Applicationlocale nl-NLinherit {resumeloadersettings}filedevice unknownfilepath \hiberfil.syspae Yesdebugoptionenabled No Hervatten uit sluimerstand--------------------------id {b831c149-afc7-11e6-8a55-806e6f6e6963}device partition=C:path \Windows\system32\winresume.exedescription Windows 7 Professional (hersteld) locale nl-NLinherit {resumeloadersettings}filedevice partition=C:filepath \hiberfil.syspae Yesdebugoptionenabled No Windows-geheugentest--------------------id {memdiag}device partition=\Device\HarddiskVolume1path \boot\memtest.exedescription Windows Memory Diagnosticlocale nl-NLinherit {globalsettings}badmemoryaccess Yes EMS-instellingen----------------id {emssettings}bootems Yes Debugger-instellingen---------------------id {dbgsettings}debugtype Serialdebugport 1baudrate 115200 RAM-defecten------------id {badmemory} Globale instellingen--------------------id {globalsettings}inherit {dbgsettings} {emssettings} {badmemory} Instellingen voor opstartlaadprogramma--------------------------------------id {bootloadersettings}inherit {globalsettings} {hypervisorsettings} Hypervisor-instellingen-------------------id {hypervisorsettings}hypervisordebugtype Serialhypervisordebugport 1hypervisorbaudrate 115200 Instellingen voor hervattingslaadprogramma------------------------------------------id {resumeloadersettings}inherit {globalsettings} Apparaatopties--------------id {87cde4fc-e0e5-11e0-aee8-180373b7c387}description Ramdisk Optionsramdisksdidevice unknownramdisksdipath \Recovery\WindowsRE\boot.sdi Apparaatopties--------------id {946682e2-b012-11e6-997b-80882100ed35}ramdisksdidevice partition=\Device\HarddiskVolume1ramdisksdipath \Recovery\windowsre\boot.sdi LastRegBack: 2016-11-14 13:59 ==================== Eind van FRST.txt ============================ Thank you so much !
  2. Hello, I'm pretty sure I'm infected, but I have need for a tool to actually fix the rootkit. I tried many programs like, tdsskiller, roguekiller, malwarebytes, esetonlinescanner. Except for roguekiller none of the programs are able to detect anything at all. Is anyone able to give me more information after a look into the log files , which I will provide after my message ? Symptons are critical : Application Hangs, system crashes, slow loadingscreen when logging in. If I run a full gmer scan i get a BSOD ( pwlyrpow.sys ). But halfway it already detects the rootkit as you can see below in the log from a canceled scan. In safemode it doesn't detect a thing both with gmer and roguekiller , but on normal boot it finds a rootkit. Probably infected multiple computers on my network. I really need urgent help. GMER LOG ( INTERRUPTED CAUSE OTHERWISE BSOD ) : GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-24 11:19:25 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EMT0 232,89GB Running: hxw5rr27.exe; Driver: C:\Users\ICTSTA~1\AppData\Local\Temp\pwlyrpow.sys ---- System - GMER 2.2 ---- SSDT A383589C ZwCreateKey SSDT A3835554 ZwCreateMutant SSDT A382809C ZwCreateProcess SSDT 88DF82AC ZwCreateProcessEx SSDT A383541C ZwCreateSymbolicLinkObject SSDT A3835614 ZwCreateThread SSDT A38355D4 ZwCreateThreadEx SSDT 88DBB2A4 ZwCreateUserProcess SSDT A383539C ZwDebugActiveProcess SSDT A383581C ZwDeleteKey SSDT A383575C ZwDeleteValueKey SSDT A38353DC ZwDuplicateObject SSDT A3835594 ZwLoadDriver SSDT A3828A0C ZwOpenProcess SSDT A383571C ZwOpenSection SSDT A38358DC ZwOpenThread SSDT A38357DC ZwRenameKey SSDT A383579C ZwRestoreKey SSDT A3835514 ZwSetSystemInformation SSDT A383585C ZwSetValueKey SSDT A38359A4 ZwTerminateProcess SSDT A3835964 ZwTerminateThread SSDT A3835654 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 8328BB75 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C5C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 832CD0C4 4 Bytes [9C, 58, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 832CD0D4 4 Bytes [54, 55, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 832CD0E8 8 Bytes [9C, 80, 82, A3, AC, 82, DF, ...] {PUSHF ; ADD BYTE [EDX-0x207d535d], 0x88} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 832CD104 12 Bytes [1C, 54, 83, A3, 14, 56, 83, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 832CD120 4 Bytes [A4, B2, DB, 88] .text ... ---- EOF - GMER 2.2 ---- ROGUEKILLER LOG RogueKiller V12.8.2.0 [Nov 21 2016] (Free) door Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Gestart in : Normale mode Gebruiker : ictstage [Administrator] Started from : C:\Program Files\RogueKiller\RogueKiller.exe Mode : Scan -- Datum : 11/24/2016 09:31:39 (Duration : 00:40:11) ¤¤¤ Processen : 1 ¤¤¤ [Suspicious.Path|VT.Unknown] DiskSpaceReport.exe(5976) -- C:\Users\ICT Stage\AppData\Local\Apps\2.0\CEGAZL28.9KW\RBBTDHD1.9GB\disk..tion_313ead9e3b4e0c7d_0001.0000_d0a270ab82505986\DiskSpaceReport.exe[-] -> Gevonden ¤¤¤ Register : 3 ¤¤¤ [PUM.SearchPage] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Gevonden [Suspicious.Path] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\87f1d5 | Name : C:\Users\stefan\AppData\Local\Temp\FEE9.tmp [x] -> Gevonden [PUM.StartMenu] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Gevonden ¤¤¤ Taken : 0 ¤¤¤ ¤¤¤ Bestanden : 10 ¤¤¤ [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden [Hj.Shortcut][Bestand] C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:\Users\Daphne\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:\Users\Public\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Host-bestand : 0 ¤¤¤ ¤¤¤ Antirootkit : 23 (Driver: Geladen) ¤¤¤ [SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88dfe634 [SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88dfe2ec [SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffffa383f224 [SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffffa384205c [SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88dfe26c [SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88dfe3ac [SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88dfe36c [SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffffa380946c [SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88dfe1ec [SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88dfe5b4 [SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88dfe4f4 [SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88dfe22c [SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88dfe32c [SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88dfe734 [SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88dfe4b4 [SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88dfe674 [SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88dfe574 [SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88dfe534 [SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88dfe2ac [SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88dfe5f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88dfe6f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88dfe6b4 [SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88dfe3ec ¤¤¤ Web Browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250G +++++ --- User --- [MBR] 9dea2cce5d397c40364d87474a7f5c03 [BSP] e08755fbcb097102347ebf10a8e176d6 : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 13067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26763264 | Size: 225404 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.