Jump to content

HELP: Rootkit infection


mikeje
 Share

Recommended Posts

Hello, I'm pretty sure I'm infected, but I have need for a tool to actually fix the rootkit. I tried many programs like, tdsskiller, roguekiller, malwarebytes, esetonlinescanner. Except for roguekiller none of the programs are able to detect anything at all. Is anyone able to give me more information after a look into the log files , which I will provide after my message ?

 

Symptons are critical :

 

Application Hangs, 

system crashes,

slow loadingscreen when logging in.

If I run a full gmer scan i get a BSOD ( pwlyrpow.sys ). But halfway it already detects the rootkit as you can see below in the log from a canceled scan.

In safemode it doesn't detect a thing both with gmer and roguekiller , but on normal boot it finds a rootkit.

 

Probably infected multiple computers on my network. I really need urgent help.

 

GMER LOG ( INTERRUPTED CAUSE OTHERWISE BSOD ) :

 

GMER 2.2.19882 - http://www.gmer.net
Rootkit scan 2016-11-24 11:19:25
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Samsung_ rev.EMT0 232,89GB
Running: hxw5rr27.exe; Driver: C:\Users\ICTSTA~1\AppData\Local\Temp\pwlyrpow.sys
 
 
---- System - GMER 2.2 ----
 
SSDT   A383589C                                ZwCreateKey
SSDT   A3835554                                ZwCreateMutant
SSDT   A382809C                                ZwCreateProcess
SSDT   88DF82AC                                ZwCreateProcessEx
SSDT   A383541C                                ZwCreateSymbolicLinkObject
SSDT   A3835614                                ZwCreateThread
SSDT   A38355D4                                ZwCreateThreadEx
SSDT   88DBB2A4                                ZwCreateUserProcess
SSDT   A383539C                                ZwDebugActiveProcess
SSDT   A383581C                                ZwDeleteKey
SSDT   A383575C                                ZwDeleteValueKey
SSDT   A38353DC                                ZwDuplicateObject
SSDT   A3835594                                ZwLoadDriver
SSDT   A3828A0C                                ZwOpenProcess
SSDT   A383571C                                ZwOpenSection
SSDT   A38358DC                                ZwOpenThread
SSDT   A38357DC                                ZwRenameKey
SSDT   A383579C                                ZwRestoreKey
SSDT   A3835514                                ZwSetSystemInformation
SSDT   A383585C                                ZwSetValueKey
SSDT   A38359A4                                ZwTerminateProcess
SSDT   A3835964                                ZwTerminateThread
SSDT   A3835654                                ZwWriteVirtualMemory
 
---- Kernel code sections - GMER 2.2 ----
 
.text  ntkrnlpa.exe!ZwReplaceKey + 1525        8328BB75 1 Byte  [06]
.text  ntkrnlpa.exe!KiDispatchInterrupt + 5A2  832C5C12 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11BF     832CD0C4 4 Bytes  [9C, 58, 83, A3]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11CF     832CD0D4 4 Bytes  [54, 55, 83, A3]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11E3     832CD0E8 8 Bytes  [9C, 80, 82, A3, AC, 82, DF, ...] {PUSHF ; ADD BYTE [EDX-0x207d535d], 0x88}
.text  ntkrnlpa.exe!KeRemoveQueueEx + 11FF     832CD104 12 Bytes  [1C, 54, 83, A3, 14, 56, 83, ...]
.text  ntkrnlpa.exe!KeRemoveQueueEx + 121B     832CD120 4 Bytes  [A4, B2, DB, 88]
.text  ...                                     
 
---- EOF - GMER 2.2 ----
 
 
 
ROGUEKILLER LOG
 
RogueKiller V12.8.2.0 [Nov 21 2016] (Free) door Adlice Software 
 
Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Gestart in : Normale mode
Gebruiker : ictstage [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Scan -- Datum : 11/24/2016 09:31:39 (Duration : 00:40:11)
 
¤¤¤ Processen : 1 ¤¤¤
[Suspicious.Path|VT.Unknown] DiskSpaceReport.exe(5976) -- C:\Users\ICT Stage\AppData\Local\Apps\2.0\CEGAZL28.9KW\RBBTDHD1.9GB\disk..tion_313ead9e3b4e0c7d_0001.0000_d0a270ab82505986\DiskSpaceReport.exe[-] -> Gevonden
 
¤¤¤ Register : 3 ¤¤¤
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Gevonden
[Suspicious.Path] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\87f1d5 | Name : C:\Users\stefan\AppData\Local\Temp\FEE9.tmp [x] -> Gevonden
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gevonden
 
¤¤¤ Taken : 0 ¤¤¤
 
¤¤¤ Bestanden : 10 ¤¤¤
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\ICT Stage\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\Daphne\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
[Hj.Shortcut][Bestand] C:\Users\Public\Desktop\Q-Base.lnk [LNK@] C:\PROGRA~1\INTERN~1\iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Host-bestand : 0 ¤¤¤
 
¤¤¤ Antirootkit : 23 (Driver: Geladen) ¤¤¤
[SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88dfe634
[SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88dfe2ec
[SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffffa383f224
[SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffffa384205c
[SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88dfe26c
[SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88dfe3ac
[SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88dfe36c
[SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffffa380946c
[SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88dfe1ec
[SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88dfe5b4
[SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88dfe4f4
[SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88dfe22c
[SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88dfe32c
[SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88dfe734
[SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88dfe4b4
[SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88dfe674
[SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88dfe574
[SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88dfe534
[SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88dfe2ac
[SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88dfe5f4
[SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88dfe6f4
[SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88dfe6b4
[SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88dfe3ec
 
¤¤¤ Web Browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 850 EVO 250G +++++
--- User ---
[MBR] 9dea2cce5d397c40364d87474a7f5c03
[BSP] e08755fbcb097102347ebf10a8e176d6 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 13067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26763264 | Size: 225404 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
Link to post
Share on other sites

Hello mikeje and welcome to Malwarebytes,

GMER does not show any rootkit, all you see is its own executable and driver... run the following and post the two produced logs:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.

Thank you,

Kevin

 

Link to post
Share on other sites

Hello, first of all much thanks for trying to help out. 

Is there a reason why some tools flags this for suspicious or even dangerous? : 

SSDT   A383589C                                ZwCreateKey
SSDT   A3835554                                ZwCreateMutant
SSDT   A382809C                                ZwCreateProcess
SSDT   88DF82AC                                ZwCreateProcessEx
SSDT   A383541C                                ZwCreateSymbolicLinkObject
SSDT   A3835614                                ZwCreateThread
SSDT   A38355D4                                ZwCreateThreadEx
SSDT   88DBB2A4                                ZwCreateUserProcess
SSDT   A383539C                                ZwDebugActiveProcess
SSDT   A383581C                                ZwDeleteKey
SSDT   A383575C                                ZwDeleteValueKey
SSDT   A38353DC                                ZwDuplicateObject
SSDT   A3835594                                ZwLoadDriver
SSDT   A3828A0C                                ZwOpenProcess
SSDT   A383571C                                ZwOpenSection
SSDT   A38358DC                                ZwOpenThread
SSDT   A38357DC                                ZwRenameKey
SSDT   A383579C                                ZwRestoreKey
SSDT   A3835514                                ZwSetSystemInformation
SSDT   A383585C                                ZwSetValueKey
SSDT   A38359A4                                ZwTerminateProcess
SSDT   A3835964                                ZwTerminateThread
SSDT   A3835654                                ZwWriteVirtualMemory

Here is the logg of Farbar Recovery Scan Tool.

 

==================== Eind van Addition.txt ============================
 
FRST.TXT
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 23-11-2016
Gestart door ictstage (Beheerder) op ICT-PC05 (24-11-2016 13:24:11)
Gestart vanaf C:\Users\ICT Stage\Desktop
Geladen Profielen: ictstage (Beschikbare Profielen: Receptie & gast1 & Gast2 & Gast3 & install & testuser & nicolien & gast5 & ictstage & Administrator & DaphneB & locaal & admin & Administrator)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\3.42.7\LogiOptionsMgr.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
() C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
(Symantec Corporation) C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Register (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [OfficeScanNT Monitor] => C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1254008 2015-09-01] (Logitech, Inc.)
HKLM\...\Run: [VMware Netlink 3 HV Install Utility] => C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnliu.exe [65472 2015-06-16] ()
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM\...\Run: [Spiceworks] => C:\Program Files\Spiceworks\bin\spicetray_silent.exe [67824 2015-05-26] ()
HKLM\...\Run: [RoxWatchTray] => C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [FreePDF Assistant] => C:\Program Files\FreePDF_XP\fpassist.exe [385024 2009-09-05] (shbox.de)
HKLM\...\Run: [Desktop Disc Tool] => C:\Program Files\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll [2010-09-15] (UPEK Inc.)
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6564776 2015-10-19] (Piriform Ltd)
HKLM\...\Providers\87f1d5: C:\Users\stefan\AppData\Local\Temp\FEE9.tmp
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.8.0.50\buShell.dll [2016-09-23] (Symantec Corporation)
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-07-27]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update-melder.lnk [2016-07-27]
ShortcutTarget: Update-melder.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-07-27]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2015-01-19] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2015-01-19] ()
Startup: C:\Users\gast1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-01-19] ()
Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall - Snelkoppeling.lnk [2010-10-26]
ShortcutTarget: AutoInstall - Snelkoppeling.lnk -> Z:\AutoInstall.bat (Geen bestand)
Startup: C:\Users\gast2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Klantencontactenregistratie.appref-ms [2012-08-22] ()
Startup: C:\Users\gast3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-04-02] ()
Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OrdersVrijgeven.appref-ms [2014-05-27] ()
Startup: C:\Users\gast5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2014-05-27] ()
Startup: C:\Users\Jorian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-07-13] ()
Startup: C:\Users\Maureen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()
Startup: C:\Users\Pmstage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-11-11] ()
Startup: C:\Users\Receptie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2011-03-07] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoInstall.bat [2015-06-05] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AvayaRealTime.application [2015-03-26] ()
Startup: C:\Users\Vanessa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SPOE - Telling.appref-ms [2015-06-05] ()
GroupPolicy: Restrictie ? <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\..\Interfaces\{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: [NameServer] 192.168.1.3,192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1123561945-1202660629-839522115-4762\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKLM -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = 
SearchScopes: HKU\S-1-5-21-1123561945-1202660629-839522115-4762 -> {903B5915-700A-40EF-BC55-9F1F9C391925} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-22] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.8.0.50\coIEPlg.dll [2016-09-23] (Symantec Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} hxxps://vpn.s-h.nl/SWTSC.cab
DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.)
 
FireFox:
========
FF DefaultProfile: w0k9f6ir.default
FF ProfilePath: C:\Users\ICT Stage\AppData\Roaming\Mozilla\Firefox\Profiles\w0k9f6ir.default [2016-11-24]
FF HKLM\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [niet getekend]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon
FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon [2016-11-24]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_232.dll [2016-06-06] ()
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2014-07-28] (CANON INC.)
FF Plugin: @Citrix.com/npagee,version=10.0.71.6 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2012-10-14] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [Geen bestand]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-09-13] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/GoogleTalkPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/O1DPlugin -> C:\Users\ICT Stage\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=3 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=9 -> C:\Users\ICT Stage\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CCMSDK.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\confmgr.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\ctxmui.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icafile.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\icalogon.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npicaN.dll [2011-08-11] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011-08-10] (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\ICT Stage\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR Profile: C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default [2016-11-24]
CHR Extension: (Google Slides) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-13]
CHR Extension: (Google Docs) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-13]
CHR Extension: (Google Drive) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-13]
CHR Extension: (YouTube) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13]
CHR Extension: (Google Sheets) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-13]
CHR Extension: (Google Docs Offline) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-13]
CHR Extension: (Gmail) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\ICT Stage\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files\Norton Security\Engine\22.8.0.50\Exts\Chrome.crx [2016-11-24]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S4 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [116224 2010-04-06] (Brio) [Bestand niet getekend]
S4 ftnlsv3hv; C:\Program Files\Common Files\VMware\DeviceRedirectionCommon\ftnlsv.exe [177600 2015-06-16] ()
S4 ftscanmgr; C:\Program Files\VMware\ScannerRedirection\ftscanmgr.exe [6363792 2015-07-31] ()
S4 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [Bestand niet getekend]
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend]
S4 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation)
S4 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [Bestand niet getekend]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
R2 NS; C:\Program Files\Norton Security\Engine\22.8.0.50\NS.exe [289080 2016-09-24] (Symantec Corporation)
S4 nsverctl; C:\Program Files\Citrix\Secure Access Client\nsverctl.exe [156784 2012-10-14] (Citrix Systems, Inc)
S4 ntrtscan; C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe [2324760 2013-12-10] (Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Bestand niet getekend]
S4 RoxMediaDB12OEM; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions)
S4 RoxWatch12; C:\Program Files\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions)
S4 SecureStorageService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.)
S4 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Bestand niet getekend]
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend]
S4 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] () [Bestand niet getekend]
S4 TdmService; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe [2605424 2011-05-27] (Wave Systems Corp.)
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH)
S4 TMBMServer; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.)
S4 tmlisten; C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.)
S4 TmProxy; C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe [689176 2013-07-01] (Trend Micro Inc.)
S4 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [725696 2015-07-30] (VMware, Inc.)
S4 vmware-view-usbd; C:\Program Files\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.)
S4 vmwsprrdpwks; C:\Program Files\Common Files\VMware\SerialPortRedirection\Client\vmwsprrdpwks.exe [261776 2015-05-08] (VMware)
S4 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [Bestand niet getekend]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S4 wsnm; C:\Program Files\VMware\VMware Horizon View Client\wsnm\wsnm.exe [489176 2015-08-19] (VMware, Inc.)
 
===================== Drivers (gefilterd) ======================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
R1 BHDrvx86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys [1334008 2016-09-23] (Symantec Corporation)
R2 cag; C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys [189272 2011-10-18] (Citrix Systems, Inc.)
R1 ccSet_NS; C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys [137456 2016-09-23] (Symantec Corporation)
R3 ctxva51; C:\Windows\System32\DRIVERS\ctxva51.sys [42096 2012-10-14] (Citrix Systems, Inc.)
R1 DNE; C:\Windows\System32\DRIVERS\dnelwf.sys [107608 2011-02-07] (Citrix Systems, Inc.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-10-28] (Intel Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [388824 2016-11-23] (Symantec Corporation)
U3 EraserUtilDrv11521; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [124144 2016-04-28] (Symantec Corporation)
R2 hcmon; C:\Windows\system32\drivers\hcmon.sys [44664 2015-07-30] (VMware, Inc.)
R1 IDSVix86; C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys [768728 2016-09-23] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35088 2012-05-03] (CACE Technologies, Inc.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2010-07-21] (Dell Inc)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [17160 2015-03-05] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13064 2015-03-05] ()
R1 SRTSP; C:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS [634096 2016-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS [43248 2016-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS [1291992 2016-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [87792 2016-11-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS [229616 2016-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS [423640 2016-09-23] (Symantec Corporation)
R2 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [75600 2013-08-29] (Trend Micro Inc.)
R2 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [263072 2013-09-02] (Trend Micro Inc.)
R2 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.)
R2 TmFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.)
R2 TmPreFilter; C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [90712 2013-06-18] (Trend Micro Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-11-24] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [42496 2011-08-02] (Apple, Inc.) [Bestand niet getekend]
R2 VSApiNt; C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.)
S3 catchme; \??\C:\Users\ICTSTA~1\AppData\Local\Temp\catchme.sys [X]
S3 NAVENG; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVENG.SYS [X]
S3 NAVEX15; \??\C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\NAVEX15.SYS [X]
S1 qutmipc; \??\C:\Windows\system32\drivers\qutmipc.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legitim
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legitim
C:\Windows\system32\drivers\afd.sys 93B49FA857F7036A4EFF32371F6E7391
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legitim
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legitim
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\atikmdag.sys 1FDC2B137008627BD11195706231EEF6
C:\Windows\System32\DRIVERS\atikmpag.sys 5FF6ADC3DE4FFF320FFB1DD53850602F
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legitim
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152
C:\Windows\system32\drivers\arc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legitim
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legitim
C:\Windows\System32\drivers\AtihdW73.sys 9E65DC266E8289116790599DD7D69087
C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legitim
C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\BASHDefs\20160826.008\BHDrvx86.sys 83D09A74DBAB1042A7662586E33708A4
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legitim
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legitim
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legitim
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legitim
C:\Program Files\Common Files\Deterministic Networks\Common Files\cag.sys 88BB79D535B0D628C1529658BECBFFD1
C:\Windows\system32\drivers\NS\1608000.032\ccSetx86.sys 88CDEF7E48A5D91BEA57E9A18426709E
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legitim
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legitim
C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\cng.sys 780FFC005741C9316576086155E55F56
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legitim
C:\Windows\System32\drivers\csc.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ctxusbm.sys 4E08A98DBA0B1249C2EB4B191978A9A4
C:\Windows\System32\DRIVERS\ctxva51.sys F5EA74EB5F45905A2C734D35FCAF2C43
C:\Windows\System32\Drivers\dfsc.sys 0C1B2CC3733A4A5B8D6258E7B26EAD1A
C:\Windows\System32\drivers\discache.sys ==> MD5 is legitim
C:\Windows\System32\drivers\disk.sys ==> MD5 is legitim
C:\Windows\system32\drivers\dmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E
C:\Windows\System32\DRIVERS\dnelwf.sys 58DA12F5B68A58398D9BCEC7BF795CD4
C:\Windows\system32\drivers\drmkaud.sys A3F684B866A7D89AE396276CE7AFD416
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\System32\DRIVERS\e1c6232.sys 94AD8BAE670E55BF646796B56BAC53A4
C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legitim
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys EBF632D1E27E6F9B06D9680714935B75
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legitim
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys E74C7892EE59BB1C5790C4E717019F0F
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legitim
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legitim
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legitim
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legitim
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitimB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hcmon.sys F4AEF841F4D20ABC62E85E9113346DCD
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legitim
C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legitim
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legitim
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legitim
C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legitim
C:\Windows\System32\drivers\iaStor.sys F4037A3FEDB92DD97C95F320766EA5C9
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Program Files\Norton Security\NortonData\22.8.0.50\Definitions\IPSDefs\20160916.102\IDSVix86.sys F0EE3DF9DEE9AA3CECBB1FBD05397155
C:\Windows\System32\DRIVERS\igdkmd32.sys 721A8D48B2DC8C1C58C61CB948491EA8
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\RTDVHDA.sys 55DA507FF4762D38427C19DBFDF56763
C:\Windows\System32\DRIVERS\IntcDAud.sys 5576AD2F0039D2BCCCA3567FC0BF981C
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legitim
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legitim
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\ksecdd.sys E58CFE0F44B9775603BA70813D48D66A
C:\Windows\System32\Drivers\ksecpkg.sys 50D1D9B3C24E783B6A8451158215AA55
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legitim
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legitim
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\HECI.sys D86AC00883B9C98B570E7643AAF8E554
C:\Windows\System32\drivers\modem.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mountmgr.sys BAD9C0366134BA181514E9263C8CE606
C:\Windows\System32\DRIVERS\MpFilter.sys F112DA773EC3E9D3CDE9221ED300E033
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legitim
C:\Windows\system32\drivers\mrxdav.sys 03F899F521D2AAED1C55008F734DF252
C:\Windows\System32\DRIVERS\mrxsmb.sys 1D5CC65FECC628397CB72F87DD6A78F3
C:\Windows\System32\DRIVERS\mrxsmb10.sys D405E63A7FEED75B40ACE03E57B44AB5
C:\Windows\System32\DRIVERS\mrxsmb20.sys E688B7D9B5422F23102E1920E19473E9
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legitim
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legitim
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legitim
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\mup.sys E7EB93F16956C1BE56CB9B865802F696
C:\Windows\System32\Drivers\mvusbews.sys BA574D2ECDDE374AE2BDFAC0BDA8AAD0
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legitim
C:\Windows\System32\drivers\ndis.sys 9804FB2E46077F2977552347DFCA7E05
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legitim
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295
C:\Windows\System32\drivers\npf.sys B48DC6ABCD3AEFF8618350CCBDC6B09A
C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legitim
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\system32\Drivers\Null.sys ==> MD5 is legitim
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legitim
C:\Windows\system32\drivers\parport.sys ==> MD5 is legitim
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\PBADRV.sys 4088C1ECD1F54281A92FA663B0FDC36F
C:\Windows\System32\drivers\pci.sys ==> MD5 is legitim
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legitim
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legitim
C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\processr.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legitim
C:\Windows\System32\pwdrvio.sys FB92B393B2ABE017FE4CF1661C755000
C:\Windows\system32\pwdspio.sys B515D22F4F216CE471317432AD364AD2
C:\Windows\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legitim
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rdbss.sys B15D1178AD7AA2D4F32E88B68C7E2DA2
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legitim
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legitim
C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legitim
C:\Windows\system32\drivers\NS\1608000.032\SRTSP.SYS 423903085E55FD24A0F49195160EE612
C:\Windows\system32\drivers\NS\1608000.032\SRTSPX.SYS A7476418495A5CF97F691EA4F3986B85
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legitim
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legitim
C:\Windows\System32\drivers\NS\1608000.032\SYMEFASI.SYS 91AA67FD9704A8E953376DD140683507
C:\Windows\system32\Drivers\SYMEVENT.SYS E111BABE2BCA0F9CD3E45606EB63944F
C:\Windows\system32\drivers\NS\1608000.032\Ironx86.SYS 1B6EC6B91DAB7971530D61D4F2BFB22F
C:\Windows\system32\drivers\NS\1608000.032\SYMNETS.SYS 9EF7544FE71F8025FB1A5A1FCFF8D333
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legitim
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys BB8817D0508DD5EA69C770C8DEF5AB67
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\tmactmon.sys 7B8E49D03ECE5CAC523C8D56DB61C845
C:\Windows\System32\DRIVERS\tmcomm.sys 4C6D311E0B13C4F469F717DB4AB4D0E7
C:\Windows\System32\DRIVERS\tmevtmgr.sys 8BE895EC50E6F0B6167671405581B414
C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys 97A567392A48211BD2FD37807702D911
C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys F6E50E46697F232F667C426C936A4047
C:\Windows\System32\DRIVERS\tmtdi.sys E70EB577845B05DB02779A150E4A92E7
C:\Windows\System32\drivers\TrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7
C:\Windows\System32\DRIVERS\tssecsrv.sys B89F89A2308E9569A1022A50F78C5506
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legitim
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legitim
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legitim
C:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 5620619CE693AADF8767CDA00F940BEE
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys 3735F2A99C5EA762D869748333C83CE8
C:\Windows\System32\DRIVERS\usbhub.sys 7DE31B21FA92EE427C058C44CEB7859B
C:\Windows\system32\drivers\usbohci.sys E83AF87457337D459F48139FAC8A1994
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legitim
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 876A815194383359F9F22833D4057138
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vga.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viac7.sys ==> MD5 is legitim
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legitim
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legitim
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legitim
C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys 994354C06FC4C23912728C22D0B86356
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legitim
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legitim
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legitim
C:\Windows\system32\drivers\wd.sys ==> MD5 is legitim
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legitim
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legitim
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legitim
C:\Windows\System32\DRIVERS\WSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Drie Maanden Gemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-11-24 13:24 - 2016-11-24 13:24 - 00050315 _____ C:\Users\ICT Stage\Desktop\FRST.txt
2016-11-24 13:23 - 2016-11-24 13:24 - 00000000 ____D C:\FRST
2016-11-24 13:22 - 2016-11-24 13:22 - 01761280 _____ (Farbar) C:\Users\ICT Stage\Desktop\FRST.exe
2016-11-24 12:51 - 2016-11-24 12:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-11-24 12:51 - 2016-11-24 12:51 - 00087792 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2016-11-24 12:51 - 2016-11-24 12:51 - 00008234 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2016-11-24 12:51 - 2016-11-24 12:51 - 00002300 _____ C:\Users\Public\Desktop\Norton Security.lnk
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Windows\system32\Drivers\NS
2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:\Program Files\Norton Security
2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:\ProgramData\Norton
2016-11-24 12:50 - 2016-11-24 12:50 - 01101088 _____ (Symantec Corporation) C:\Users\ICT Stage\Desktop\NSDeluxeDownloader.exe
2016-11-24 12:50 - 2016-11-24 12:50 - 00001242 _____ C:\Users\ICT Stage\Desktop\Norton Installation Files.lnk
2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:\Program Files\NortonInstaller
2016-11-24 12:37 - 2016-11-24 12:39 - 00673932 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.37.53_log.txt
2016-11-24 12:36 - 2016-11-24 12:37 - 00004556 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_12.36.56_log.txt
2016-11-24 12:20 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-11-24 12:18 - 2016-11-24 12:30 - 00000000 ____D C:\Users\ICT Stage\Desktop\mbar
2016-11-24 12:18 - 2016-11-24 12:18 - 16563352 _____ (Malwarebytes Corp.) C:\Users\ICT Stage\Desktop\mbar-1.09.3.1001.exe
2016-11-24 11:59 - 2016-11-24 12:07 - 00000000 ____D C:\Users\ICT Stage\Desktop\TMRBLog
2016-11-24 11:59 - 2016-11-24 11:59 - 09950232 _____ (Trend Micro Inc.) C:\Users\ICT Stage\Desktop\RootkitBusterV5.0-1129x32.exe
2016-11-24 11:59 - 2016-11-24 11:59 - 00000000 ____D C:\Users\ICT Stage\Desktop\log
2016-11-24 11:13 - 2016-11-24 11:13 - 00004394 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_11.13.25_log.txt
2016-11-24 11:12 - 2016-11-24 11:12 - 00017867 _____ C:\ComboFix.txt
2016-11-24 11:01 - 2016-11-24 11:12 - 00000000 ____D C:\Qoobox
2016-11-24 11:01 - 2016-11-24 11:11 - 00000000 ____D C:\Windows\erdnt
2016-11-24 11:01 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-11-24 11:01 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-11-24 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-11-24 11:01 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-11-24 10:34 - 2016-11-24 10:34 - 547207105 _____ C:\Windows\MEMORY.DMP
2016-11-24 10:34 - 2016-11-24 10:34 - 00149600 _____ C:\Windows\Minidump\112416-3400-01.dmp
2016-11-24 10:29 - 2016-11-24 09:30 - 00380928 _____ C:\Users\ICT Stage\Desktop\hxw5rr27.exe
2016-11-24 10:26 - 2016-11-24 10:28 - 00699686 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.26.38_log.txt
2016-11-24 10:21 - 2016-11-24 10:22 - 00004560 _____ C:\TDSSKiller.3.1.0.12_24.11.2016_10.21.57_log.txt
2016-11-24 10:18 - 2016-11-24 10:18 - 00010796 _____ C:\Users\ICT Stage\Desktop\rogue.txt
2016-11-24 09:31 - 2016-11-24 12:30 - 00000000 ____D C:\ProgramData\RogueKiller
2016-11-24 09:31 - 2016-11-24 09:31 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-11-24 09:31 - 2016-11-24 09:31 - 00001003 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:\Program Files\RogueKiller
2016-11-24 08:33 - 2016-11-24 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\ESET
2016-11-22 15:06 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\urenlijst
2016-11-22 15:04 - 2016-11-22 15:04 - 00000000 ____D C:\Users\ICT Stage\Desktop\paktafel project
2016-11-22 15:02 - 2016-11-22 16:23 - 00000000 ____D C:\Users\ICT Stage\Desktop\plattegronden sensoren
2016-11-22 12:57 - 2016-11-22 12:57 - 03855248 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-22 12:55 - 2016-11-22 12:55 - 00147928 _____ C:\Users\ICT Stage\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-22 12:44 - 2016-11-22 12:44 - 00000000 ____D C:\$360Section
2016-11-22 12:37 - 2016-11-22 12:44 - 00000000 ____D C:\ProgramData\360Quarant
2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:\Windows\Tasks\360Disabled
2016-11-22 12:34 - 2016-11-23 08:31 - 00000000 ____D C:\Program Files\360
2016-11-22 12:34 - 2016-11-22 14:38 - 00000000 ____D C:\Program Files\Common Files\AV
2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Sun
2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:\Users\ICT Stage\AppData\LocalLow\Sun
2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\ICAClient
2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Citrix
2016-11-21 09:51 - 2016-11-21 09:51 - 00006696 ____N C:\bootsqm.dat
2016-11-14 16:37 - 2016-11-22 12:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\CrashDumps
2016-11-09 11:59 - 2016-11-22 15:06 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell testjes
2016-11-07 12:27 - 2016-11-01 10:07 - 00000122 _____ C:\Users\ICT Stage\Desktop\qbase+speakapp.bat
2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\yWorks
2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\yEd Graph Editor
2016-11-01 16:58 - 2016-11-01 16:58 - 00000000 ____D C:\Users\ICT Stage\.oracle_jre_usage
2016-10-26 09:18 - 2016-11-23 15:46 - 00039424 _____ C:\Users\ICT Stage\Desktop\Toneroverzichtv3.xls
2016-10-24 14:22 - 2016-11-14 09:41 - 00000097 _____ C:\Users\ICT Stage\Desktop\momentele bezigheden.txt
2016-10-24 12:05 - 2012-08-21 15:59 - 00001536 _____ (Microsoft Corporation) C:\Windows\system32\winrsmgr.dll
2016-10-24 12:05 - 2012-08-21 15:56 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WsmRes.dll
2016-10-24 12:05 - 2012-08-21 15:29 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\winrssrv.dll
2016-10-24 12:05 - 2012-08-21 15:28 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-10-24 12:05 - 2012-08-21 15:20 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\ncobjapi.dll
2016-10-24 12:05 - 2012-08-21 15:18 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\mi.dll
2016-10-24 12:05 - 2012-08-21 15:14 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2016-10-24 12:05 - 2012-08-21 15:08 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\wevtfwd.dll
2016-10-24 12:05 - 2012-08-21 15:01 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\Register-CimProvider.exe
2016-10-24 12:05 - 2012-08-21 14:56 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2016-10-24 12:05 - 2012-08-21 14:54 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2016-10-24 12:05 - 2012-08-21 14:44 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\prvdmofcomp.dll
2016-10-24 12:05 - 2012-08-21 14:43 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\wmitomi.dll
2016-10-24 12:05 - 2012-08-21 14:36 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\wmidcom.dll
2016-10-24 12:05 - 2012-08-21 14:34 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wbemcomn2.dll
2016-10-24 12:05 - 2012-08-21 14:33 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2016-10-24 12:05 - 2012-08-21 14:32 - 00021504 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-10-24 12:05 - 2012-08-21 14:29 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\framedynos.dll
2016-10-24 12:05 - 2012-08-21 14:27 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\framedyn.dll
2016-10-24 12:05 - 2012-08-21 14:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winrshost.exe
2016-10-24 12:05 - 2012-08-21 14:04 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\winrs.exe
2016-10-24 12:05 - 2012-08-21 14:03 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-10-24 12:05 - 2012-08-21 14:02 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-10-24 12:05 - 2012-08-21 14:02 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-10-24 12:05 - 2012-08-21 14:02 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\winrscmd.dll
2016-10-24 12:05 - 2012-08-21 13:56 - 00526848 _____ (Microsoft Corporation) C:\Windows\system32\WsmGCDeps.dll
2016-10-24 12:05 - 2012-08-21 13:52 - 02039296 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-10-24 12:05 - 2012-08-21 13:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\PSModuleDiscoveryProvider.dll
2016-10-24 12:05 - 2012-08-21 13:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-10-24 12:05 - 2012-08-21 13:30 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2016-10-24 12:05 - 2012-08-21 12:26 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-10-24 12:05 - 2012-07-23 19:16 - 00204105 _____ C:\Windows\system32\winrm.vbs
2016-10-24 12:05 - 2012-07-23 19:16 - 00004675 _____ C:\Windows\system32\wsmanconfig_schema.xml
2016-10-24 12:05 - 2012-07-23 19:16 - 00004148 _____ C:\Windows\system32\psmodulediscoveryprovider.mof
2016-10-17 08:54 - 2016-10-20 11:09 - 00000000 ____D C:\Users\ICT Stage\Desktop\Powershell tests en handige dingen
2016-10-13 15:54 - 2016-10-13 15:55 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Skype
2016-10-12 14:41 - 2016-10-12 14:41 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Microsoft_Corporation
2016-10-12 14:24 - 2016-10-12 14:24 - 00001005 _____ C:\Users\ICT Stage\Desktop\ICT Stage - Snelkoppeling.lnk
2016-10-12 14:15 - 2016-11-03 14:55 - 00000000 ____D C:\Users\ICT Stage\Desktop\scriptjes
2016-10-12 10:43 - 2016-10-12 10:43 - 00001899 _____ C:\Users\ICT Stage\Desktop\Windows PowerShell.lnk
2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZebraLink
2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:\Program Files\ZebraLink
2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\nicolien_vpn
2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:\Users\locaal
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\testuser\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Receptie\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\nicolien_vpn\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\locaal\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\install\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\ICT Stage\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast5\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast3\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast2\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\gast1\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\DaphneB\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\Administrator\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\administrator.SH\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:\Users\admin\Desktop\Zebra Font Downloader.lnk
2016-10-03 11:51 - 2016-10-03 11:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zebra Technologies
2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\ProgramData\Font Downloader
2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:\Program Files\Zebra Technologies
2016-10-03 11:50 - 2012-10-25 07:46 - 00108544 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMU.dll
2016-10-03 11:50 - 2012-10-25 07:46 - 00107008 _____ (Euro Plus d.o.o.) C:\Windows\system32\zdnPMS.dll
2016-10-03 11:47 - 2016-10-03 11:47 - 00000000 ____D C:\ZD267718
2016-09-19 12:01 - 2016-09-19 12:01 - 00000000 _____ C:\Users\ICT Stage\Desktop\periodieke beoordeling week 7 en 12 +reflectie.txt
2016-09-19 10:13 - 2016-09-19 10:13 - 00001724 _____ C:\Users\ICT Stage\Desktop\Remote Desktop Connection.lnk
2016-09-13 08:21 - 2016-11-24 12:37 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-13 08:21 - 2016-11-24 12:26 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-13 08:21 - 2016-11-15 09:28 - 00002163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-13 08:21 - 2016-11-15 09:28 - 00002151 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-12 07:56 - 2016-11-24 12:36 - 01257296 _____ C:\Windows\ntbtlog.txt
2016-09-06 14:47 - 2016-11-22 15:34 - 00000000 ____D C:\Users\ICT Stage\Desktop\Stage school documenten
2016-09-05 11:39 - 2016-09-05 11:39 - 00001183 _____ C:\Users\ICT Stage\Desktop\Microsoft Office Outlook.lnk
2016-09-05 08:39 - 2016-11-01 14:10 - 00000000 ____D C:\Users\ICT Stage\Desktop\S&H - IT vaak nodig
 
==================== Drie Maanden Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2016-11-24 13:06 - 2016-05-12 13:56 - 00001080 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job
2016-11-24 12:56 - 2016-07-27 15:31 - 00000000 ____D C:\Program Files\WinZip
2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-24 12:43 - 2010-11-21 00:57 - 00889294 _____ C:\Windows\system32\perfh013.dat
2016-11-24 12:43 - 2010-11-21 00:57 - 00200702 _____ C:\Windows\system32\perfc013.dat
2016-11-24 12:43 - 2010-11-20 22:01 - 00006648 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-24 12:37 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage
2016-11-24 12:37 - 2011-09-22 08:35 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2016-11-24 12:37 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-24 12:32 - 2015-12-08 11:49 - 00000160 ___SH C:\Users\ICT Stage\ntuser.ini
2016-11-24 12:20 - 2015-05-28 13:25 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-24 12:18 - 2015-05-28 13:24 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-24 11:12 - 2016-02-15 09:03 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Apps\2.0
2016-11-24 11:12 - 2013-07-29 16:02 - 00000000 ____D C:\Users\Jeroen
2016-11-24 11:11 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2016-11-24 10:34 - 2012-10-30 10:13 - 00000000 ____D C:\Windows\Minidump
2016-11-24 10:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf
2016-11-24 09:06 - 2016-05-12 13:56 - 00001028 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job
2016-11-24 08:26 - 2016-02-15 09:04 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Deployment
2016-11-23 16:57 - 2016-03-03 13:57 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Notepad++
2016-11-22 12:59 - 2011-09-22 08:36 - 00003796 __RSH C:\ProgramData\ntuser.pol
2016-11-22 12:44 - 2015-12-08 11:53 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\TeamViewer
2016-11-22 12:44 - 2015-11-30 10:06 - 00000000 ____D C:\$WINDOWS.~BT
2016-11-22 12:44 - 2011-09-16 22:14 - 00000000 ____D C:\ProgramData\Temp
2016-11-22 12:44 - 2011-02-14 16:03 - 00000000 ____D C:\Windows\panther
2016-11-22 12:44 - 2009-07-14 05:52 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-11-22 11:17 - 2016-03-10 16:27 - 00002238 ____H C:\Users\ICT Stage\Documents\Default.rdp
2016-11-21 10:22 - 2016-02-15 10:48 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Adobe
2016-11-21 10:22 - 2015-12-08 11:49 - 00000000 ____D C:\Users\ICT Stage\AppData\Roaming\Adobe
2016-11-21 09:26 - 2015-10-06 14:09 - 00000000 ____D C:\Windows\pss
2016-11-21 08:24 - 2011-09-22 08:57 - 00009030 _____ C:\Windows\cfgall.ini
2016-11-07 09:00 - 2016-02-16 12:29 - 00000000 ____D C:\Users\ICT Stage\AppData\Local\Google
2016-11-07 08:52 - 2015-10-06 15:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-11-03 15:44 - 2015-12-31 13:06 - 00001189 _____ C:\Users\ICT Stage\Desktop\Handig_WD - Snelkoppeling.lnk
2016-10-28 02:22 - 2011-09-22 08:48 - 00407720 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-27 15:17 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2016-10-26 09:08 - 2009-07-14 03:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-10-25 11:02 - 2012-04-02 08:42 - 00000000 ____D C:\FBase
 
==================== Bestanden in de root van sommige mappen =======
 
2016-03-31 09:56 - 2016-03-31 09:56 - 0007602 _____ () C:\Users\ICT Stage\AppData\Local\Resmon.ResmonCfg
2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:\ProgramData\regid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag
 
Bestanden om te verplaatsen of verwijderen:
====================
C:\Users\Receptie\Firefox Setup Stub 25.0.1.exe
C:\Users\Receptie\ljP1000_P1500-HB-pnp-win32-en.exe
 
 
Sommige bestanden in TEMP:
====================
C:\Users\ICT Stage\AppData\Local\Temp\catchme.dll
C:\Users\ICT Stage\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap ======================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\Windows\explorer.exe => Bestand is getekend
C:\Windows\system32\winlogon.exe => Bestand is getekend
C:\Windows\system32\wininit.exe => Bestand is getekend
C:\Windows\system32\svchost.exe => Bestand is getekend
C:\Windows\system32\services.exe => Bestand is getekend
C:\Windows\system32\User32.dll => Bestand is getekend
C:\Windows\system32\userinit.exe => Bestand is getekend
C:\Windows\system32\rpcss.dll => Bestand is getekend
C:\Windows\system32\dnsapi.dll => Bestand is getekend
C:\Windows\system32\Drivers\volsnap.sys => Bestand is getekend
 
==================== BCD ================================
 
Windows-opstartbeheer
---------------------
id                      {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  nl-NL
inherit                 {globalsettings}
default                 {current}
resumeobject            {b831c149-afc7-11e6-8a55-806e6f6e6963}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows-opstartlaadprogramma
----------------------------
id                      {87cde4fa-e0e5-11e0-aee8-180373b7c387}
device                  unknown
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  nl-NL
inherit                 {bootloadersettings}
recoverysequence        {87cde4fb-e0e5-11e0-aee8-180373b7c387}
recoveryenabled         Yes
osdevice                unknown
systemroot              \Windows
resumeobject            {87cde4f9-e0e5-11e0-aee8-180373b7c387}
nx                      OptIn
 
Windows-opstartlaadprogramma
----------------------------
id                      {87cde4fb-e0e5-11e0-aee8-180373b7c387}
 
Windows-opstartlaadprogramma
----------------------------
id                      {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Professional (hersteld) 
locale                  nl-NL
recoverysequence        {87cde4fb-e0e5-11e0-aee8-180373b7c387}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {b831c149-afc7-11e6-8a55-806e6f6e6963}
 
Windows-opstartlaadprogramma
----------------------------
id                      {946682e1-b012-11e6-997b-80882100ed35}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (hersteld) 
locale                  
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\windowsre\Winre.wim,{946682e2-b012-11e6-997b-80882100ed35}
systemroot              \windows
winpe                   Yes
 
Hervatten uit sluimerstand
--------------------------
id                      {87cde4f9-e0e5-11e0-aee8-180373b7c387}
device                  unknown
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  nl-NL
inherit                 {resumeloadersettings}
filedevice              unknown
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Hervatten uit sluimerstand
--------------------------
id                      {b831c149-afc7-11e6-8a55-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Professional (hersteld) 
locale                  nl-NL
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No
 
Windows-geheugentest
--------------------
id                      {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  nl-NL
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS-instellingen
----------------
id                      {emssettings}
bootems                 Yes
 
Debugger-instellingen
---------------------
id                      {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM-defecten
------------
id                      {badmemory}
 
Globale instellingen
--------------------
id                      {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Instellingen voor opstartlaadprogramma
--------------------------------------
id                      {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor-instellingen
-------------------
id                      {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Instellingen voor hervattingslaadprogramma
------------------------------------------
id                      {resumeloadersettings}
inherit                 {globalsettings}
 
Apparaatopties
--------------
id                      {87cde4fc-e0e5-11e0-aee8-180373b7c387}
description             Ramdisk Options
ramdisksdidevice        unknown
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Apparaatopties
--------------
id                      {946682e2-b012-11e6-997b-80882100ed35}
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\windowsre\boot.sdi
 
 
 
LastRegBack: 2016-11-14 13:59
 
==================== Eind van FRST.txt ============================  
 

 

 

Thank you so much !

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.