GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Permalink
Join GitHub todaySign up
Find file Copy path
Cannot retrieve contributors at this time
My operating system is Windows 7 32bit. I installed RedMon1.7, Ghostscript 8.71 and GSview 4.9; installations were successful.I went to Add New Local Printer in Windows Devices and Printers, clicked on Create A New Port, and selected Redirected Port from the Type of Port list. Clicked Next and in the Add New Port window I named RPT1: and clicked OK but it says Specified port cannot be added. Operation could not be completed (error 0x00000001)
I tried giving different names to the port, RPT2:, RPT4:, VPport: etc but all gave same result. Disabled Windows Firewall and tried but it continues to give same error, Disabled the Antivirus (Avira) but no change.
What can be preventing windows 7 from adding redirected port?
BTW I was following instructions in this tutorial in order to create a postscript printer.
Appreciate any ideas or suggestions. Thanks
ZeroneZerone
33633 gold badges99 silver badges2323 bronze badges
8 Answers
Run cmd.exe as Administrator and then run:
from the elevated cmd.
f3lixf3lix
24.5k1010 gold badges5858 silver badges7979 bronze badges
Go to your Start Menu,Type Print,Right-Click 'Print Management',Select 'Run as administrator',
In Print Management; Expand 'Print Servers' and Select 'Ports'.
Right-Click in the 'Ports' pane (on the right hand side) and Select 'Add Port..'.
I'd also recommend configuring a Port from Print Management, as opposed to trying to do it in a Printers Properties. ;)
bu11etpr00fbu11etpr00f
Adam Reed describes a workaround in his blog:http://borntoidentify.blogspot.com/2010/09/configuring-virtual-printer-using.htmlNot very comfortable, but works for me ..
EDIT: This link appears broken, but here's the content:https://web.archive.org/web/20120628120209/http://borntoidentify.blogspot.com/2010/09/configuring-virtual-printer-using.html
The gist is that under Win7, you need to run explorer with elevated rights. This can be done using another browser, or, as mentioned in the comments on the original post:
Be very careful when running explorer as an administrator.
user462776user462776
You need to enable Admin mode OR log with the Admin account!
This is cause by the new Vista/Win 7 security system.
TensorTensor
Try reseting the firewall (Windows 7)(be warned tho, the firewall will reset to the default setting)*go to Control Panel*go to Windows Firewall*on the left choice pick 'Restore Defaults'
It works for me, i hope it works for you.
Maya Dewi FortunaMaya Dewi Fortuna
F3lix's rundll32 method works but after you've created the port you most probably would need to configure its settings. Elsewhere in the net there are instructions to open Port management as Administrator, but in Windows 7 Home that seems to be very much impossible. One can only view the virtual port settings. The only workaround I found is to edit registry directly with the Registry editor at
(Replace your port name in the end.)
The Spooky 2 software and manual are updated as necessary. Sistemas mamede pdf download.
looploop
It seams to be tricky. In my case it only works, after creating an new User account with the name 'admin' / group ' Administratoren' (de).Before with my real Nickname User 'Nick.' / group 'Administratoren' (de) it dosent work´.Takes several hours to discover ..
David
11.6k1414 gold badges4242 silver badges5757 bronze badges
user3262859user3262859
Accepted solution did not work for me..I found an other command line that worked well (I'm on windows 10):
It opens the print management in administrator mode, and I was able to create the port with no problems.
EradashEradash
protected by Communityâ¦Apr 28 '18 at 18:06
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead? Not the answer you're looking for? Browse other questions tagged windows-7postscriptghostscriptprintersredmon or ask your own question.Hello, I'm pretty sure I'm infected, but I have need for a tool to actually fix the rootkit. I tried many programs like, tdsskiller, roguekiller, malwarebytes, esetonlinescanner. Except for roguekiller none of the programs are able to detect anything at all. Is anyone able to give me more information after a look into the log files , which I will provide after my message ?Symptons are critical : Application Hangs, system crashes, slow loadingscreen when logging in. If I run a full gmer scan i get a BSOD ( pwlyrpow.sys ). But halfway it already detects the rootkit as you can see below in the log from a canceled scan. In safemode it doesn't detect a thing both with gmer and roguekiller , but on normal boot it finds a rootkit. Probably infected multiple computers on my network. I really need urgent help. GMER LOG ( INTERRUPTED CAUSE OTHERWISE BSOD ) : GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-24 11:19:25 Windows 6.1.7601 Service Pack 1 DeviceHarddisk0DR0 -> DeviceIdeIAAStorageDevice-1 Samsung_ rev.EMT0 232,89GB Running: hxw5rr27.exe; Driver: C:UsersICTSTA~1AppDataLocalTemppwlyrpow.sys ---- System - GMER 2.2 ---- SSDT A383589C ZwCreateKey SSDT A3835554 ZwCreateMutant SSDT A382809C ZwCreateProcess SSDT 88DF82AC ZwCreateProcessEx SSDT A383541C ZwCreateSymbolicLinkObject SSDT A3835614 ZwCreateThread SSDT A38355D4 ZwCreateThreadEx SSDT 88DBB2A4 ZwCreateUserProcess SSDT A383539C ZwDebugActiveProcess SSDT A383581C ZwDeleteKey SSDT A383575C ZwDeleteValueKey SSDT A3835594 ZwLoadDriver SSDT A3828A0C ZwOpenProcess SSDT A383571C ZwOpenSection SSDT A38358DC ZwOpenThread SSDT A38357DC ZwRenameKey SSDT A383579C ZwRestoreKey SSDT A3835514 ZwSetSystemInformation SSDT A383585C ZwSetValueKey SSDT A38359A4 ZwTerminateProcess SSDT A3835964 ZwTerminateThread SSDT A3835654 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.2 ---- .text ntkrnlpa.exe!ZwReplaceKey + 1525 8328BB75 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C5C12 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ..] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11BF 832CD0C4 4 Bytes [9C, 58, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 832CD0D4 4 Bytes [54, 55, 83, A3] .text ntkrnlpa.exe!KeRemoveQueueEx + 11E3 832CD0E8 8 Bytes [9C, 80, 82, A3, AC, 82, DF, ..] {PUSHF ; ADD BYTE [EDX-0x207d535d], 0x88} .text ntkrnlpa.exe!KeRemoveQueueEx + 11FF 832CD104 12 Bytes [1C, 54, 83, A3, 14, 56, 83, ..] .text ntkrnlpa.exe!KeRemoveQueueEx + 121B 832CD120 4 Bytes [A4, B2, DB, 88] .text .. ---- EOF - GMER 2.2 ---- ROGUEKILLER LOG RogueKiller V12.8.2.0 [Nov 21 2016] (Free) door Adlice Software mail : http://www.adlice.com/contact/ Bing Redirection VirusFeedback : http://forum.adlice.comWebsite : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Gestart in : Normale mode Gebruiker : ictstage [Administrator] Started from : C:Program FilesRogueKillerRogueKiller.exe Mode : Scan -- Datum : 11/24/2016 09:31:39 (Duration : 00:40:11) ¤¤¤ Processen : 1 ¤¤¤ [Suspicious.Path|VT.Unknown] DiskSpaceReport.exe(5976) -- C:UsersICT StageAppDataLocalApps2.0CEGAZL28.9KWRBBTDHD1.9GBdisk.tion_313ead9e3b4e0c7d_0001.0000_d0a270ab82505986DiskSpaceReport.exe[-] -> Gevonden ¤¤¤ Register : 3 ¤¤¤ [PUM.SearchPage] HKEY_USERSS-1-5-21-1123561945-1202660629-839522115-4762SoftwareMicrosoftInternet ExplorerMain | Search Bar : Preserve -> Gevonden [Suspicious.Path] HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlPrintProviders87f1d5 | Name : C:UsersstefanAppDataLocalTempFEE9.tmp [x] -> Gevonden [PUM.StartMenu] HKEY_USERSS-1-5-21-1123561945-1202660629-839522115-4762SoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced | Start_ShowMyGames : 0 -> Gevonden ¤¤¤ Taken : 0 ¤¤¤ ¤¤¤ Bestanden : 10 ¤¤¤ [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:Usersgast3AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:UsersJorianAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:UsersMaureenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:UsersPmstageAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:UsersReceptieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Suspicious.Path|Suspicious.Startup|VT.Unknown][Bestand] C:UsersVanessaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat -> Gevonden [Hj.Shortcut][Bestand] C:UsersICT StageAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarQ-Base.lnk [LNK@] C:PROGRA~1INTERN~1iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:UsersDaphneDesktopQ-Base.lnk [LNK@] C:PROGRA~1INTERN~1iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden [Hj.Shortcut][Bestand] C:UsersPublicDesktopQ-Base.lnk [LNK@] C:PROGRA~1INTERN~1iexplore.exe http://185.10.96.14/~4eye02/intranet_qbase/ -> Gevonden ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Host-bestand : 0 ¤¤¤ ¤¤¤ Antirootkit : 23 (Driver: Geladen) ¤¤¤ [SSDT:Addr(Hook.SSDT)] ZwCreateKey[70] : Unknown @ 0xffffffff88dfe634 [SSDT:Addr(Hook.SSDT)] ZwCreateMutant[74] : Unknown @ 0xffffffff88dfe2ec [SSDT:Addr(Hook.SSDT)] ZwCreateProcess[79] : Unknown @ 0xffffffffa383f224 [SSDT:Addr(Hook.SSDT)] ZwCreateProcessEx[80] : Unknown @ 0xffffffffa384205c [SSDT:Addr(Hook.SSDT)] ZwCreateSymbolicLinkObject[86] : Unknown @ 0xffffffff88dfe26c [SSDT:Addr(Hook.SSDT)] ZwCreateThread[87] : Unknown @ 0xffffffff88dfe3ac [SSDT:Addr(Hook.SSDT)] ZwCreateThreadEx[88] : Unknown @ 0xffffffff88dfe36c [SSDT:Addr(Hook.SSDT)] ZwCreateUserProcess[93] : Unknown @ 0xffffffffa380946c [SSDT:Addr(Hook.SSDT)] ZwDebugActiveProcess[96] : Unknown @ 0xffffffff88dfe1ec [SSDT:Addr(Hook.SSDT)] ZwDeleteKey[103] : Unknown @ 0xffffffff88dfe5b4 [SSDT:Addr(Hook.SSDT)] ZwDeleteValueKey[106] : Unknown @ 0xffffffff88dfe4f4 [SSDT:Addr(Hook.SSDT)] ZwDuplicateObject[111] : Unknown @ 0xffffffff88dfe22c [SSDT:Addr(Hook.SSDT)] ZwLoadDriver[155] : Unknown @ 0xffffffff88dfe32c [SSDT:Addr(Hook.SSDT)] ZwOpenProcess[190] : Unknown @ 0xffffffff88dfe734 [SSDT:Addr(Hook.SSDT)] ZwOpenSection[194] : Unknown @ 0xffffffff88dfe4b4 [SSDT:Addr(Hook.SSDT)] ZwOpenThread[198] : Unknown @ 0xffffffff88dfe674 [SSDT:Addr(Hook.SSDT)] ZwRenameKey[290] : Unknown @ 0xffffffff88dfe574 [SSDT:Addr(Hook.SSDT)] ZwRestoreKey[302] : Unknown @ 0xffffffff88dfe534 [SSDT:Addr(Hook.SSDT)] ZwSetSystemInformation[350] : Unknown @ 0xffffffff88dfe2ac [SSDT:Addr(Hook.SSDT)] ZwSetValueKey[358] : Unknown @ 0xffffffff88dfe5f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateProcess[370] : Unknown @ 0xffffffff88dfe6f4 [SSDT:Addr(Hook.SSDT)] ZwTerminateThread[371] : Unknown @ 0xffffffff88dfe6b4 [SSDT:Addr(Hook.SSDT)] ZwWriteVirtualMemory[399] : Unknown @ 0xffffffff88dfe3ec ¤¤¤ Web Browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: Samsung SSD 850 EVO 250G +++++ --- User --- [MBR] 9dea2cce5d397c40364d87474a7f5c03 [BSP] e08755fbcb097102347ebf10a8e176d6 : Windows XP|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 13067 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 26763264 | Size: 225404 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 .. OK User = LL2 .. OK Meanwhile did some more tests, didn't remove anything yet. FARBAR RECOVERY SCAN TOOL ADDITION.TXT Extra scanresultaten van Farbar Recovery Scan Tool (x86) Versie: 23-11-2016 Gestart door ictstage (24-11-2016 13:24:47) Gestart vanaf C:UsersICT StageDesktop Microsoft Windows 7 Professional Service Pack 1 (X86) (2011-09-20 13:33:05) Boot Modus: Normal Accounts: admin (S-1-5-21-2911390432-3959762160-1774584255-1003 - Administrator - Enabled) => C:Usersadmin Administrator (S-1-5-21-2911390432-3959762160-1774584255-500 - Administrator - Enabled) => C:UsersAdministrator Gast (S-1-5-21-2911390432-3959762160-1774584255-501 - Limited - Disabled) locaal (S-1-5-21-2911390432-3959762160-1774584255-1000 - Administrator - Enabled) => C:Userslocaal Security Center (Als een item is opgenomen in de fixlist, zal het worden verwijderd.) AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {5D349EF8-873B-C657-917F-F1D93E101A7C} AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {E6557F1C-A101-C9D9-ABCF-CAAB459750C1} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} Geïnstalleerde programma's (Alleen de adware-programma's met 'verborgen' vlag zou kunnen worden toegevoegd aan de fixlist om ze zichtbaar te maken. De adware-programma's moeten handmatig gedeinstallerd worden.) 32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM..7-Zip) (Version: - ) Adobe Acrobat Reader DC - Nederlands (HKLM..{AC76BA86-7AD7-1043-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Adobe AIR (HKLM..Adobe AIR) (Version: 3.0.0.4080 - Adobe Systems Incorporated) Adobe Community Help (HKLM..chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM..com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM..com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM..Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated) Adobe Flash Player 20 ActiveX (HKLM..Adobe Flash Player ActiveX) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe InDesign CS5.5 (HKLM..{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated) Adobe PDF IFilter 6.0 (HKLM..Adobe PDF IFilter 6.0) (Version: 6.0 - Adobe Systems, Inc.) AMD Catalyst Install Manager (HKLM..{0BD03BF6-3A66-EC7F-5155-28A8D6C69409}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) BioAPI Framework (Version: 1.0.2 - Dell Inc.) Hidden Canon Easy-PhotoPrint EX (HKLM..Easy-PhotoPrint EX) (Version: 4.5.0 - Canon Inc.) Canon MP640 series MP Drivers (HKLM..{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - Canon Inc.) CCleaner (HKLM..CCleaner) (Version: 5.11 - Piriform) CD-LabelPrint (HKLM..MediaNavigation.CDLabelPrint) (Version: - ) Citrix Access Gateway Plug-in (HKLM..{334CC4CD-AD62-42F2-966D-B61F47441959}) (Version: 10.0.71.6 - Citrix Systems, Inc.) Citrix Receiver (HKLM..CitrixOnlinePluginPackWeb) (Version: 13.0.0.6685 - Citrix Systems, Inc.) Custom (Version: 01.00.00.000 - Wave Systems Corp.) Hidden CutePDF Writer 3.0 (HKLM..CutePDF Writer Installation) (Version: 3.0 - CutePDF.com) CVE-2012-4969 (HKLM..{777afb2a-98e5-4f14-b455-378a925cae15}.sdb) (Version: - ) Dell Data Protection | Access (HKLM..{A7D91856-258D-4C87-8041-B170851CE432}) (Version: 2.1.00001.001 - Dell Inc.) Dell Data Protection | Access (Version: 02.01.01.001 - Wave Systems Corp) Hidden Dell Data Protection | Access | Drivers (HKLM..{4E4E65EE-C456-45AC-B5AD-C62C3A325BD0}) (Version: 2.01.018 - Dell Inc.) Dell Data Protection | Access | Middleware (HKLM..{841CBDD5-4BB5-403E-AEE3-2FADC3890BE8}) (Version: 2.01.010 - Dell Inc.) Dell Edoc Viewer (HKLM..{3138EAD3-700B-4A10-B617-B3F8096EE30D}) (Version: 1.0.0 - Dell Inc) DellAccess (Version: 01.00.00.108 - Wave Systems Corp.) Hidden Device IP Configuration Utility 5.0.2 (HKLM..Device IP Configuration Utility) (Version: 5.0.2 - Schneider Electric) DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden DiskSpaceReport - 1 (HKUS-1-5-21-1123561945-1202660629-839522115-4762..434613980a53d512) (Version: 1.0.0.25 - Microsoft) EMBASSY Security Center (Version: 04.02.00.173 - Wave Systems Corp.) Hidden FileZilla Client 3.18.0 (HKLM..FileZilla Client) (Version: 3.18.0 - Tim Kosse) Folder Size 2.4.0.0 (HKLM..{2DFA85ED-588F-4CE3-A175-29E52C3804A8}_is1) (Version: 2.4.0.0 - MindGems, Inc.) Folder Size for Windows (HKLM..{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}) (Version: 2.5 - Brio) Gemalto (Version: 01.01.01.0000 - Wave Systems Corp) Hidden Google Chrome (HKLM..Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Talk Plugin (HKLM..{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (Version: 1.3.31.5 - Google Inc.) Hidden GPL Ghostscript 8.71 (HKLM..GPL Ghostscript 8.71) (Version: - ) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM..HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden Intel® Control Center (HKLM..{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Identity Protection Technology 1.1.2.0 (HKLM..{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation) Intel® Management Engine Components (HKLM..{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel® Network Connections 15.7.176.1 (HKLM..PROSetDX) (Version: 15.7.176.1 - Dell) Intel® Processor Graphics (HKLM..{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2418 - Intel Corporation) Intel® Rapid Storage Technology (HKLM..{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation) Java 8 Update 65 (HKLM..{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation) JavaFX 2.1.0 (HKLM..{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation) Logitech Options (HKLM..LogiOptions) (Version: - Logitech) Malwarebytes Anti-Malware versie 2.2.1.1043 (HKLM..Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.2 (HKLM..{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM..{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM..{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional Plus 2007 (HKLM..PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Security Essentials (HKLM..Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM..{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visio Viewer 2010 (HKLM..{95140000-0052-0413-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM..{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM..{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM..{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM..{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM..{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM..Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.60724 - Microsoft Corporation) MiniTool Partition Wizard Free 9.1 (HKLM..{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.) MSXML 4.0 SP2 (KB954430) (HKLM..{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM..{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nmap 5.61-Spiceworks (HKLM..Spiceworks-Nmap) (Version: - ) Norton Security (HKLM..NS) (Version: 22.8.0.50 - Symantec Corporation) Notepad++ (HKLM..Notepad++) (Version: 6.8.3 - Notepad++ Team) NTRU TCG Software Stack (Version: 2.1.36 - Security Innovation, Inc.) Hidden Online Plug-in (Version: 13.0.0.6685 - Citrix Systems, Inc.) Hidden Open Broadcaster Software (HKLM..Open Broadcaster Software) (Version: - ) PC-CCID (Version: 2.0.0 - Gemalto) Hidden PhotoShowExpress (Version: 2.0.063 - Sonic Solutions) Hidden Preboot Manager (Version: 03.02.00.096 - Wave Systems Corp.) Hidden Private Information Manager (Version: 07.00.00.047 - Wave Systems Corp.) Hidden Realtek High Definition Audio Driver (HKLM..{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5883 - Realtek Semiconductor Corp.) RedMon - Redirection Port Monitor (HKLM..Redirection Port Monitor) (Version: - ) RogueKiller versie 12.8.2.0 (HKLM..8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.2.0 - Adlice Software) Roxio Creator Audio (HKLM..{83FFCFC7-88C6-41c6-8752-958A45325C82}) (Version: 3.3.0 - Roxio) Roxio Creator Copy (HKLM..{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}) (Version: 3.3.0 - Roxio) Roxio Creator Data (HKLM..{0D397393-9B50-4c52-84D5-77E344289F87}) (Version: 3.3.0 - Roxio) Roxio Creator DE (HKLM..{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.3.0 - Roxio) Roxio Creator Starter (HKLM..{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio) Roxio Creator Tools (HKLM..{0394CDC8-FABD-4ed8-B104-03393876DFDF}) (Version: 3.3.0 - Roxio) Roxio Express Labeler (HKLM..{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 2.1.0 - Roxio) Roxio Update Manager (HKLM..{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Roxio) RTC Client API v1.2 (HKLM..{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft) SE-DesktopConstructor 1.3.1.20 (HKLM..{491A580E-C3A0-4CA5-BD27-738CDDD123E6}_is1) (Version: - SE-SOFT.COM) Setup (HKLM..{5B5D00AF-E2F7-4565-9A00-18F9EC8F78FD}) (Version: 1.0.0 - Default Company Name) Skype⢠7.18 (HKLM..{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.109 - Skype Technologies S.A.) Sonic Activation Module (Version: 1.0 - Sonic Solutions) Hidden Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden SPBA 5.9 (Version: 5.9.4.6686 - UPEK Inc.) Hidden Speccy (HKLM..Speccy) (Version: 1.28 - Piriform) Spiceworks Desktop (HKLM..Spiceworks) (Version: 7.4.0115 - Spiceworks, Inc.) SPOE-Overig-Setup (HKLM..{95499BF4-41C2-4A61-A9D7-68019AF03F43}) (Version: 1.0.0 - Microsoft) Taalpakket voor Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - NLD (HKLM..Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - NLD) (Version: 10.0.60724 - Microsoft Corporation) TabletPick (HKUS-1-5-21-1123561945-1202660629-839522115-4762..32d09f09bd82ccfd) (Version: 1.0.0.35 - TabletPick) TeamViewer 11 (HKLM..TeamViewer) (Version: 11.0.63017 - TeamViewer) Trend Micro OfficeScan Client (HKLM..OfficeScanNT) (Version: 10.6.5162 - Trend Micro) Trusted Drive Manager (Version: 4.1.1.312 - Wave Systems Corp.) Hidden Update for 2007 Microsoft Office System (KB967642) (HKLM..{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update voor Microsoft Office Excel 2007 Help (KB963678) (HKLM..{90120000-0016-0413-0000-0000000FF1CE}_PROPLUS_{5CF7002F-6F49-4482-9564-5614FBE560FA}) (Version: - Microsoft) Update voor Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM..{90120000-0018-0413-0000-0000000FF1CE}_PROPLUS_{15D84E79-1ED7-42C5-B2FD-745C3FBDDDC5}) (Version: - Microsoft) Update voor Microsoft Office Word 2007 Help (KB963665) (HKLM..{90120000-001B-0413-0000-0000000FF1CE}_PROPLUS_{A66AE6A1-8D8C-4102-BC18-38CBDE40F809}) (Version: - Microsoft) Upek Touchchip Fingerprint Reader (Version: 1.2.004 - Dell Inc.) Hidden VMware Horizon Client (HKLM..{0C279027-FB2D-4A83-B3A3-DEF6DCF5F181}) (Version: 3.5.0.29526 - VMware, Inc.) Wave Infrastructure Installer (Version: 07.03.17.0010 - Wave Systems Corp) Hidden Wave Support Software Installer (Version: 05.12.00.036 - Wave Systems Corp) Hidden Windows-stuurprogrammapakket - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) (HKLM..9512AA21B791B05A54E27065C45BBC417AB282DF) (Version: 09/11/2009 1.0.1.6 - Dell Inc.) WinPcap 4.1.2-Spiceworks (HKLM..WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 5.31 (32-bit) (HKLM..WinRAR archiver) (Version: 5.31.0 - win.rar GmbH) WinZip 20.5 (HKLM..{CD95F661-A5C4-44F5-A6AA-ECDD91C24104}) (Version: 20.5.12118 - WinZip Computing, S.L. ) Zebra Font Downloader (HKLM..Zebra Font Downloader_is1) (Version: - Zebra Technologies Corporation) ZebraNet Bridge 1_3_3 (HKLM..{67A1CB41-3DCA-4872-9485-FFEDFF25C95C}) (Version: 1.3.302 - Zebra Technologies) Aangepaste CLSID (gefilterd): (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{022105BD-948A-40C9-AB42-A3300DDF097F}localserver32 -> C:UsersICT StageAppDataLocalGoogleUpdateGoogleUpdate.exe (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{22181302-A8A6-4F84-A541-E5CBFC70CC43}localserver32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{2F0E2680-9FF5-43C0-B76E-114A56E93598}localserver32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{39125640-8D80-11DC-A2FE-C5C455D89593}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleGoogle Talk Plugingoogletalkax.dll (Google) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{51F9E8EF-59D7-475B-A106-C7EA6F30C119}localserver32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.30.3psuser.dll => Geen bestand CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5psuser.dll (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{AB9F4455-E591-4132-A386-0B91EAEDB96C}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleGoogle Talk Plugino1dax.dll (Google) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{C442AC41-9200-4770-8CC0-7CDB4F245C55}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}InprocServer32 -> C:Program FilesWinZipadxloader.dll () CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{E67BE843-BBBE-4484-95FB-05271AE86750}localserver32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKUS-1-5-21-1123561945-1202660629-839522115-4762_ClassesCLSID{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}InprocServer32 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5psuser.dll (Google Inc.) Geplande Taken (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Task: {13877234-AC41-4A79-9A83-812F33E2B05D} - System32TasksShutdown => shutdown [Argument = -s] Task: {209B601E-9D24-46E7-B8E8-A3E543CDD54F} - System32TasksGamesUpdateCheck_S-1-5-21-1123561945-1202660629-839522115-4762 Task: {31857EDF-4C37-43D1-A5BA-8A947855FBCC} - System32Tasksschrijfopruiming => Cleanmgr [Argument = /sagerun:N] Task: {3E559B4D-677D-4EE5-B598-DD5E14C24FAB} - System32TasksCCleanerSkipUAC => C:Program FilesCCleanerCCleaner.exe [2015-10-19] (Piriform Ltd) Task: {4A57EB25-9420-4945-AE5A-D5B92355897A} - System32TasksNorton SecurityNorton Error Processor => C:Program FilesNorton SecurityEngine22.8.0.50SymErr.exe [2016-09-23] (Symantec Corporation) Task: {654174A3-B3B9-4976-98EC-A96C5A4A7691} - System32TasksAdobe Flash Player Updater => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe [2016-06-06] (Adobe Systems Incorporated) Task: {66421E0C-C27D-4D7A-BDB1-5D4E834E6E14} - System32TasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA => C:UsersICT StageAppDataLocalGoogleUpdateGoogleUpdate.exe [2016-05-11] (Google Inc.) Task: {73CD046D-54E8-4ECE-A202-386B94605D81} - System32TasksAdobe Acrobat Update Task => C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated) Task: {928E82DE-B811-4A97-AC77-6FB1B6BADBF6} - System32TasksAdobeAAMUpdater-1.0-SH-setup => C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {A5CEDEBB-1599-4428-8B54-FB934255AD33} - System32TasksNorton WSC Integration => C:Program FilesNorton SecurityEngine22.8.0.50WSCStub.exe [2016-09-23] (Symantec Corporation) Task: {A8638D74-CD25-4A87-911D-5937FF666A6D} - System32Tasks{8C868504-1F4A-491A-8D53-184D77DC36A5} => pcalua.exe -a 'C:UsersstefanAppDataLocalMicrosoftWindowsTemporary Internet FilesContent.IE5L1KU59L2setup.exe' -d C:UsersstefanDesktop Task: {A9C953EC-151A-4DA7-8F92-51E2EBDAD104} - System32TasksNorton SecurityNorton Error Analyzer => C:Program FilesNorton SecurityEngine22.8.0.50SymErr.exe [2016-09-23] (Symantec Corporation) Task: {B7ECDF27-8442-4D04-8FCC-A7E60BAE1BF8} - System32TasksGoogleUpdateTaskMachineUA => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {BFDE8F5A-612A-4892-9040-DE03924399E2} - System32TasksGoogleUpdateTaskMachineCore => C:Program FilesGoogleUpdateGoogleUpdate.exe [2016-09-13] (Google Inc.) Task: {C5481614-065F-4B21-894B-DB82953E3B74} - System32Tasks{724ECF2C-DA16-4B86-88C7-EBAEEED9CC3C} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.18.85.111/nl/abandoninstall?page=tsProgressBar Task: {D047B796-75D4-43B0-93DB-18F4C6D252AE} - System32TasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core => C:UsersICT StageAppDataLocalGoogleUpdateGoogleUpdate.exe [2016-05-11] (Google Inc.) Task: {E4ABB7FB-1350-469B-8BB4-8DE7A24AFBAC} - System32TasksAdobeAAMUpdater-1.0-SH-stefan => C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) (Als een item is opgenomen in de fixlist, de taak (job) bestand wordt verplaatst. Het bestand dat wordt uitgevoerd door de taak zal niet worden verplaatst.) Task: C:WindowsTasksAdobe Flash Player Updater.job => C:Windowssystem32MacromedFlashFlashPlayerUpdateService.exe Task: C:WindowsTasksGoogleUpdateTaskMachineCore.job => C:Program FilesGoogleUpdateGoogleUpdate.exe Task: C:WindowsTasksGoogleUpdateTaskMachineUA.job => C:Program FilesGoogleUpdateGoogleUpdate.exe Task: C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job => C:UsersICT StageAppDataLocalGoogleUpdateGoogleUpdate.exe Task: C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job => C:UsersICT StageAppDataLocalGoogleUpdateGoogleUpdate.exe Snelkoppelingen (De items kunnen worden opgenomen in de fixlist.txt om hersteld of verwijderd te worden.) ShortcutWithArgument: C:UsersICT StageAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedTaskBarQ-Base.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://185.10.96.14/~4eye02/intranet_qbase/ ShortcutWithArgument: C:UsersICT StageAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts9501e18d7c2ab92eGoogle Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) -> --profile-directory='Profile 2' ShortcutWithArgument: C:UsersICT StageAppDataRoamingMicrosoftInternet ExplorerQuick LaunchUser PinnedImplicitAppShortcuts69639df789022856Google Chrome.lnk -> C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) -> --profile-directory='Profile 1' ShortcutWithArgument: C:UsersPublicDesktopQ-Base.lnk -> C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) -> hxxp://185.10.96.14/~4eye02/intranet_qbase/ Geladen Modules (gefilterd) 2016-06-20 10:11 - 2012-09-12 14:32 - 00088688 _____ () C:WindowsSystem32cpwmon2k.dll 2016-06-22 15:18 - 2012-08-31 14:01 - 00151552 _____ () C:WindowsSystem32HP1100LM.DLL 2011-09-22 10:04 - 2005-01-06 17:33 - 00116224 _____ () C:WindowsSystem32redmonnt.dll 2016-06-22 15:19 - 2012-08-31 14:01 - 00069632 _____ () C:Windowssystem32spoolPRTPROCSW32X86HP1100PP.DLL 2016-05-27 13:23 - 2016-05-27 13:23 - 00048816 _____ () C:Program FilesFileZilla FTP Clientfzshellext.dll 2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:Program FilesRoxioOEMRoxio BurnRoxioBurnLauncher.exe 2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:program filescommon filesroxio shareddllsharedSQLite352.dll 2016-11-15 09:28 - 2016-11-08 21:29 - 01819240 _____ () C:Program FilesGoogleChromeApplication54.0.2840.99libglesv2.dll 2016-11-15 09:28 - 2016-11-08 21:29 - 00093288 _____ () C:Program FilesGoogleChromeApplication54.0.2840.99libegl.dll Alternate Data Streams (gefilterd) (Als een item is opgenomen in de fixlist, alleen de ADS wordt verwijderd.) AlternateDataStreams: C:UsersDaphneDesktopnietverwijderen.bat:SummaryInformation [43] AlternateDataStreams: C:UsersDaphneDesktopnietverwijderen.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:UsersDaphneDocumentsingelogdVPN.bat:SummaryInformation [43] AlternateDataStreams: C:UsersDaphneDocumentsingelogdVPN.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] AlternateDataStreams: C:UsersDaphneBDesktopnietverwijderen.bat:SummaryInformation [43] AlternateDataStreams: C:UsersDaphneBDesktopnietverwijderen.bat:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0] Veilige Modus (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. De 'AlternateShell' waarde wordt hersteld.) HKLMSYSTEMCurrentControlSetControlSafeBootMinimal52598719.sys => '='Driver' HKLMSYSTEMCurrentControlSetControlSafeBootNetwork52598719.sys => '='Driver' Bestandskoppeling (gefilterd) (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd.) Internet Explorer vertrouwde/beperkte toegang (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd.) IE trusted site: HKUS-1-5-21-1123561945-1202660629-839522115-4762..feyenoordfanshop.nl -> hxxps://www.feyenoordfanshop.nl IE trusted site: HKUS-1-5-21-1123561945-1202660629-839522115-4762..s-h.nl -> hxxps://vpn.s-h.nl IE trusted site: HKUS-1-5-21-1123561945-1202660629-839522115-4762..snh-test02 -> hxxps://snh-test02 IE trusted site: HKUS-1-5-21-1123561945-1202660629-839522115-4762..speakap.com -> hxxps://s-h.speakap.com Hosts Inhoud: (Als nodig Hosts: opdracht kan worden opgenomen in de fixlist om Hosts te resetten.) 2009-07-14 03:04 - 2016-11-24 11:11 - 00000027 ____A C:Windowssystem32Driversetchosts 127.0.0.1 localhost Andere gebieden (Momenteel is er geen automatische fix voor dit onderdeel.) HKUS-1-5-21-1123561945-1202660629-839522115-4762Control PanelDesktopWallpaper -> C:UsersICT StageAppDataRoamingMicrosoftWindowsThemesTranscodedWallpaper.jpg DNS Servers: 192.168.1.3 - 192.168.1.1 HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is ingeschakeld. MSCONFIG/TASK MANAGER Uitgeschakelde items MSCONFIGServices: AdobeARMservice => 2 MSCONFIGServices: AdobeFlashPlayerUpdateSvc => 3 MSCONFIGServices: AMD External Events Utility => 2 MSCONFIGServices: FolderSize => 2 MSCONFIGServices: ftnlsv3hv => 2 MSCONFIGServices: ftscanmgr => 2 MSCONFIGServices: gupdate => 2 MSCONFIGServices: gupdatem => 3 MSCONFIGServices: HP LaserJet Service => 2 MSCONFIGServices: HPSIService => 2 MSCONFIGServices: IAStorDataMgrSvc => 2 MSCONFIGServices: IDriverT => 3 MSCONFIGServices: Intel® PROSet Monitoring Service => 2 MSCONFIGServices: jhi_service => 2 MSCONFIGServices: LMS => 2 MSCONFIGServices: nsverctl => 2 MSCONFIGServices: ntrtscan => 2 MSCONFIGServices: RoxMediaDB12OEM => 3 MSCONFIGServices: RoxWatch12 => 2 MSCONFIGServices: SecureStorageService => 3 MSCONFIGServices: SkypeUpdate => 2 MSCONFIGServices: stllssvr => 3 MSCONFIGServices: SwitchBoard => 3 MSCONFIGServices: tcsd_win32.exe => 2 MSCONFIGServices: TdmService => 2 MSCONFIGServices: TeamViewer => 2 MSCONFIGServices: TMBMServer => 3 MSCONFIGServices: tmlisten => 2 MSCONFIGServices: TmProxy => 3 MSCONFIGServices: UNS => 2 Redmon Redirection Port Monitor Virus ProtectionMSCONFIGServices: VMUSBArbService => 2 MSCONFIGServices: vmware-view-usbd => 2 MSCONFIGServices: vmwsprrdpwks => 2 MSCONFIGServices: Wave Authentication Manager Service => 2 MSCONFIGServices: wsnm => 2 Firewall regels (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) FirewallRules: [{2483018D-F868-47EF-8D01-283BCC55D07B}] => (Allow) C:WindowsMicrosoft.NETFrameworkv4.0.30319SMSvcHost.exe FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%system32sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%system32sppsvc.exe FirewallRules: [TCP Query User{384FEBB9-C55B-498E-B6DF-051C4C458AFA}C:windowssystem32searchprotocolhost.exe] => (Allow) C:windowssystem32searchprotocolhost.exe FirewallRules: [UDP Query User{0494F180-58AA-45B8-8682-765B0436EE77}C:windowssystem32searchprotocolhost.exe] => (Allow) C:windowssystem32searchprotocolhost.exe FirewallRules: [{7DA43790-D303-43D5-9C2B-48D3258FD1C7}] => (Allow) C:Program FilesCitrixSecure Access Clientnsepa.exe FirewallRules: [{884C7C72-8C4B-45D9-B6FE-228F372B17B4}] => (Allow) C:Program FilesCitrixSecure Access Clientnsepa.exe FirewallRules: [{25303693-FA83-4735-931B-6D2C335ABC25}] => (Allow) C:Program FilesCitrixSecure Access Clientnsload.exe FirewallRules: [{9AB2251D-F82A-4B20-9DB0-CED60958F2B2}] => (Allow) C:Program FilesCitrixSecure Access Clientnsload.exe FirewallRules: [TCP Query User{98460542-899A-4F7C-9249-AFA0EB3A15F5}C:program filesschneider electricdevice ip utility 5.0.2jrebinjavaw.exe] => (Allow) C:program filesschneider electricdevice ip utility 5.0.2jrebinjavaw.exe FirewallRules: [UDP Query User{5A7DF2E2-0996-4631-8755-F1C8469A734C}C:program filesschneider electricdevice ip utility 5.0.2jrebinjavaw.exe] => (Allow) C:program filesschneider electricdevice ip utility 5.0.2jrebinjavaw.exe FirewallRules: [TCP Query User{D3D9D8FF-7D38-489B-AE79-FC4B559F33CB}C:program filesspiceworkshttpdbinspiceworks-httpd.exe] => (Allow) C:program filesspiceworkshttpdbinspiceworks-httpd.exe FirewallRules: [UDP Query User{B491073B-0B78-47F6-B5C7-1D7614A1C425}C:program filesspiceworkshttpdbinspiceworks-httpd.exe] => (Allow) C:program filesspiceworkshttpdbinspiceworks-httpd.exe FirewallRules: [TCP Query User{69FF34DA-E342-4FAF-8610-9ADFAF1430A4}C:program filesspiceworksbinspiceworks.exe] => (Allow) C:program filesspiceworksbinspiceworks.exe FirewallRules: [UDP Query User{E8213879-C9A6-44FB-86FD-D238303E2836}C:program filesspiceworksbinspiceworks.exe] => (Allow) C:program filesspiceworksbinspiceworks.exe FirewallRules: [TCP Query User{886546CC-5498-4A98-AD09-E16412D3AEF3}C:program filesspiceworksbinspiceworks-finder.exe] => (Allow) C:program filesspiceworksbinspiceworks-finder.exe FirewallRules: [UDP Query User{6D0B25EE-6244-4E9C-A2BE-DA34CE78D364}C:program filesspiceworksbinspiceworks-finder.exe] => (Allow) C:program filesspiceworksbinspiceworks-finder.exe FirewallRules: [{E6E7E17B-4CFC-4EC3-B457-F44E90FD54B8}] => (Allow) C:Program FilesSkypePhoneSkype.exe FirewallRules: [{257470CE-AC31-4A1F-981F-BD22F3C0D381}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-remotemks.exe FirewallRules: [{193326A3-8E97-4842-852F-4FF818C92BA2}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-remotemks.exe FirewallRules: [{BD25DBFB-377D-4C09-B5EA-068D061A5BBA}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-remotemks.exe FirewallRules: [{A418E083-8E08-4B88-A38B-95E370832C19}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-remotemks.exe FirewallRules: [{DBD12ED8-BFA4-46F4-A3FD-FCFFFC7CB811}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-view.exe FirewallRules: [{E368F35A-41F4-46F3-85A0-6424F362B0CF}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-view.exe FirewallRules: [{9CF3BB64-906A-4F4C-92C6-C2351FB5DB30}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-view.exe FirewallRules: [{A44020B6-4B72-45B1-B986-1697AD6A392C}] => (Allow) C:Program FilesVMwareVMware Horizon View Clientvmware-view.exe FirewallRules: [{716E29C6-AC0B-4616-8B3E-F556DD31EC22}] => (Allow) C:Program FilesMozilla Firefoxfirefox.exe FirewallRules: [{D0E149A0-8699-48F0-BFDB-B11DE6AE121F}] => (Allow) C:Program FilesTeamViewerTeamViewer.exe FirewallRules: [{3A1D197A-D4C2-4EA8-AAF3-248A19E1679C}] => (Allow) C:Program FilesTeamViewerTeamViewer.exe FirewallRules: [{F9308BFE-3F61-4A76-8E57-AAA30C85A89C}] => (Allow) C:Program FilesTeamViewerTeamViewer_Service.exe FirewallRules: [{CD06F1DE-4DA7-4698-A877-A56BADFC1E72}] => (Allow) C:Program FilesTeamViewerTeamViewer_Service.exe FirewallRules: [TCP Query User{3FD41496-D29F-4436-9A15-C49D28A93E31}C:program fileszebralinkzebranet bridgejrebinjavaw.exe] => (Block) C:program fileszebralinkzebranet bridgejrebinjavaw.exe FirewallRules: [UDP Query User{F49E3EE4-FF98-4507-B01C-67C64CBAB812}C:program fileszebralinkzebranet bridgejrebinjavaw.exe] => (Block) C:program fileszebralinkzebranet bridgejrebinjavaw.exe FirewallRules: [{061A5BB3-86FC-4BF6-84F3-483C07AE1186}] => (Allow) C:Program FilesGoogleChromeApplicationchrome.exe FirewallRules: [{992ADF0D-C7BF-47B0-9C89-F138A448AFB8}] => (Allow) LPort=41398 Herstelpunten AANDACHT: Systeemherstel is uitgeschakeld Defecte Apparaatbeheer Apparaten Name: qutmipc Description: qutmipc Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: qutmipc Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Eventlog fouten: Applicatiefouten: Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error: (11/24/2016 12:43:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error: (11/24/2016 12:39:20 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99' could not be reactivated in namespace '//./root/CIMV2' because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/24/2016 12:34:56 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99' could not be reactivated in namespace '//./root/CIMV2' because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Error: (11/24/2016 12:33:05 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1521) (User: SH) Description: De serverkopie van uw zwervend profiel kan niet worden gevonden. U wordt uw lokale profiel aangemeld. Wijzigingen in het profiel zullen niet naar de server worden gekopieerd wanneer u zich afmeldt. Deze fout wordt mogelijk veroorzaakt door netwerkproblemen of onvoldoende beveiligingsrechten. DETAIL - Een apparaat dat op het systeem is aangesloten, werkt niet. Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY) Description: Het verwijderen van de tekenreeksen van prestatiemeteritems voor de WmiApRpl-service (WmiApRpl) is mislukt. De foutcode is de eerste DWORD in de sectie Gegevens. Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error: (11/24/2016 10:54:29 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY) Description: De prestatietekenreeksen in de waarde van de registersleutel Performance worden beschadigd bij het verwerken van de Performance extension counter provider. De waarde van BaseIndex in de registersleutel Performance is de eerste DWORD in de gegevenssectie, de waarde van LastCounter de tweede DWORD en de waarde van LastHelp de derde DWORD. Error: (11/24/2016 10:50:05 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY) Description: Event filter with query 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA 'Win32_Processor' AND TargetInstance.LoadPercentage > 99' could not be reactivated in namespace '//./root/CIMV2' because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected. Systeemfouten: Error: (11/24/2016 12:37:33 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: De volgende opstartstuurprogramma's zijn niet geladen: qutmipc Error: (11/24/2016 12:37:28 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: Het groepsbeleid is niet verwerkt door een gebrek aan netwerkconnectiviteit met een domeincontroller. Dit kan een tijdelijke situatie zijn. Er wordt een bericht weergegeven wanneer er verbinding is gemaakt met de domeincontroller en het groepsbeleid is verwerkt. Als er na enkele uren nog geen bericht is weergegeven, neemt u contact op met de beheerder. Error: (11/24/2016 12:37:27 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: Deze computer kan geen beveiligde sessie met een domeincontroller in domein SH starten om de volgende reden(en): Er zijn momenteel geen aanmeldingsservers beschikbaar om de aanmeldingsaanvraag te verwerken. Dit leidt mogelijk tot verificatieproblemen. Controleer of deze computer met het netwerk is verbonden. Raadpleeg de domeinadministrator wanneer het probleem blijft bestaan. Extra informatie Als deze computer een domeincontroller voor het opgegeven domein is, start deze de beveiligde sessie met de emulator van de primaire domeincontroller in het betreffende domein. Als dit niet het geval is, start deze computer de beveiligde sessie met een willekeurige domeincontroller in het opgegeven domein. Error: (11/24/2016 12:35:09 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Error: (11/24/2016 12:33:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: De Network List Service-service is afhankelijk van de Network Location Awareness-service, die vanwege de volgende fout niet kan worden gestart: Afhankelijkheidsservice of -groep kan niet worden gestart. Geheugen info Processor: Intel® Core⢠i3-2100 CPU @ 3.10GHz Percentage geheugen in gebruik: 75% Totaal fysiek RAM-geheugen: 2004.93 MB Beschikbaar fysiek RAM-geheugen: 497.07 MB Totaal Virtueel geheugen: 4009.87 MB Beschikbaar Virtual geheugen: 1586.86 MB Schijven Drive c: (OS) (Fixed) (Total:220.12 GB) (Free:160.2 GB) NTFS MBR & Partitietabel Disk: 0 (MBR Code: Windows XP) (Size: 232.9 GB) (Disk ID: 2F5E9A70) Partition 1: (Active) - (Size=12.8 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=220.1 GB) - (Type=07 NTFS) Eind van Addition.txt FRST.TXT Scanresultaten van Farbar Recovery Scan Tool (FRST) (x86) Versie: 23-11-2016 Gestart door ictstage (Beheerder) op ICT-PC05 (24-11-2016 13:24:11) Gestart vanaf C:UsersICT StageDesktop Geladen Profielen: ictstage (Beschikbare Profielen: Receptie & gast1 & Gast2 & Gast3 & install & testuser & nicolien & gast5 & ictstage & Administrator & DaphneB & locaal & admin & Administrator) Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) Taal: Nederlands (Nederland) Internet Explorer Versie 11 (Standaardbrowser: Chrome) Boot Modus: Normal Handleiding voor Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ Processen (gefilterd) (Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.) (Microsoft Corporation) C:Program FilesMicrosoft Security ClientMsMpEng.exe (Microsoft Corporation) C:Program FilesCommon Filesmicrosoft sharedVS7Debugmdm.exe (UPEK Inc.) C:Program FilesCommon FilesSPBAupeksvr.exe (Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe (Microsoft Corporation) C:Program FilesInternet Exploreriexplore.exe (Realtek Semiconductor Corp.) C:Program FilesRealtekAudioHDARtDCpl.exe (Intel Corporation) C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe (Wave Systems Corp.) C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmNotify.exe (Microsoft Corporation) C:Program FilesMicrosoft Security Clientmsseces.exe (Logitech, Inc.) C:Program FilesLogitechLogiOptionsLogiOptions.exe (Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejusched.exe (Logitech, Inc.) C:ProgramDataLogishrdLogiOptionsSoftware3.42.7LogiOptionsMgr.exe (shbox.de) C:Program FilesFreePDF_XPfpassist.exe () C:Program FilesRoxioOEMRoxio BurnRoxioBurnLauncher.exe (Citrix Systems, Inc.) C:Program FilesCitrixICA Clientconcentr.exe (WinZip Computing, S.L.) C:Program FilesWinZipWZUpdateNotifier.exe (WinZip Computing, S.L.) C:Program FilesWinZipFAHWindow32.exe (WinZip Computing, S.L.) C:Program FilesWinZipWzPreloader.exe (Citrix Systems, Inc.) C:Program FilesCitrixICA ClientReceiverReceiver.exe (Citrix Systems, Inc.) C:Program FilesCitrixICA Clientwfcrun32.exe (Microsoft Corporation) C:WindowsSystem32mobsync.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Oracle Corporation) C:Program FilesCommon FilesJavaJava Updatejucheck.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Symantec Corporation) C:Program FilesNorton SecurityEngine22.8.0.50NS.exe (Symantec Corporation) C:Program FilesNorton SecurityEngine22.8.0.50NS.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe (Google Inc.) C:Program FilesGoogleChromeApplicationchrome.exe Register (gefilterd) (Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.) HKLM..Run: [RtHDVCpl] => C:Program FilesRealtekAudioHDARtDCpl.exe [2697832 2010-10-04] (Realtek Semiconductor Corp.) HKLM..Run: [IAStorIcon] => C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe [283160 2010-11-05] (Intel Corporation) HKLM..Run: [IMSS] => C:Program FilesIntelIntel® Management Engine ComponentsIMSSPIconStartup.exe [112152 2011-01-17] (Intel Corporation) HKLM..Run: [TdmNotify] => C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmNotify.exe [214384 2011-05-27] (Wave Systems Corp.) HKLM..Run: [OfficeScanNT Monitor] => C:Program FilesTrend MicroOfficeScan Clientpccntmon.exe [1533720 2013-11-20] (Trend Micro Inc.) HKLM..Run: [MSC] => c:Program FilesMicrosoft Security Clientmsseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM..Run: [LogiOptions] => C:Program FilesLogitechLogiOptionsLogiOptions.exe [1254008 2015-09-01] (Logitech, Inc.) HKLM..Run: [VMware Netlink 3 HV Install Utility] => C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnliu.exe [65472 2015-06-16] () HKLM..Run: [HPUsageTrackingLEDM] => C:Program FilesHPHP UT LEDMbinhppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM..Run: [SwitchBoard] => C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM..Run: [SunJavaUpdateSched] => C:Program FilesCommon FilesJavaJava Updatejusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM..Run: [Spiceworks] => C:Program FilesSpiceworksbinspicetray_silent.exe [67824 2015-05-26] () HKLM..Run: [RoxWatchTray] => C:Program FilesCommon FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions) HKLM..Run: [ISUSScheduler] => C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [81920 2004-07-27] (InstallShield Software Corporation) HKLM..Run: [FreePDF Assistant] => C:Program FilesFreePDF_XPfpassist.exe [385024 2009-09-05] (shbox.de) HKLM..Run: [Desktop Disc Tool] => C:Program FilesRoxioOEMRoxio BurnRoxioBurnLauncher.exe [514544 2010-11-17] () HKLM..Run: [ConnectionCenter] => C:Program FilesCitrixICA Clientconcentr.exe [358336 2011-08-11] (Citrix Systems, Inc.) HKLM..Run: [AdobeCS5.5ServiceManager] => C:Program FilesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM..Run: [AdobeAAMUpdater-1.0] => C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM..Run: [Adobe ARM] => C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe [1156824 2016-09-16] (Adobe Systems Incorporated) WinlogonNotifyspba: C:Program FilesCommon FilesSPBAhomefus2.dll [2010-09-15] (UPEK Inc.) HKUS-1-5-21-1123561945-1202660629-839522115-4762..Run: [CCleaner Monitoring] => C:Program FilesCCleanerCCleaner.exe [6564776 2015-10-19] (Piriform Ltd) HKLM..Providers87f1d5: C:UsersstefanAppDataLocalTempFEE9.tmp ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:Program FilesNorton SecurityEngine22.8.0.50buShell.dll [2016-09-23] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:Program FilesNorton SecurityEngine22.8.0.50buShell.dll [2016-09-23] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:Program FilesNorton SecurityEngine22.8.0.50buShell.dll [2016-09-23] (Symantec Corporation) ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -> {30D3C2AF-9709-4D05-9CF4-13335F3C1E4A} => C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.) ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -> {CF08DA3E-C97D-4891-A66B-E39B28DD270F} => C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmIconOverlay.dll [2011-05-27] (Wave Systems Corp.) Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupFAH.lnk [2016-07-27] ShortcutTarget: FAH.lnk -> C:Program FilesWinZipFAHConsole.exe (WinZip Computing, S.L.) Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupUpdate-melder.lnk [2016-07-27] ShortcutTarget: Update-melder.lnk -> C:Program FilesWinZipWZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:ProgramDataMicrosoftWindowsStart MenuProgramsStartupWinZip Preloader.lnk [2016-07-27] ShortcutTarget: WinZip Preloader.lnk -> C:Program FilesWinZipWzPreloader.exe (WinZip Computing, S.L.) Startup: C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-04-02] () Startup: C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAvayaRealTime.application [2015-03-26] () Startup: C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupKlantencontactenregistratie.appref-ms [2015-01-19] () Startup: C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOrdersVrijgeven.appref-ms [2015-01-19] () Startup: C:Usersgast1AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSPOE - Telling.appref-ms [2015-01-19] () Startup: C:Usersgast2AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall - Snelkoppeling.lnk [2010-10-26] ShortcutTarget: AutoInstall - Snelkoppeling.lnk -> Z:AutoInstall.bat (Geen bestand) Startup: C:Usersgast2AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupKlantencontactenregistratie.appref-ms [2012-08-22] () Startup: C:Usersgast3AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-04-02] () Startup: C:Usersgast5AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupOrdersVrijgeven.appref-ms [2014-05-27] () Startup: C:Usersgast5AppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSPOE - Telling.appref-ms [2014-05-27] () Startup: C:UsersJorianAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-07-13] () Startup: C:UsersMaureenAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-06-05] () Startup: C:UsersPmstageAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-11-11] () Startup: C:UsersReceptieAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2011-03-07] () Startup: C:UsersVanessaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAutoInstall.bat [2015-06-05] () Startup: C:UsersVanessaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupAvayaRealTime.application [2015-03-26] () Startup: C:UsersVanessaAppDataRoamingMicrosoftWindowsStart MenuProgramsStartupSPOE - Telling.appref-ms [2015-06-05] () GroupPolicy: Restrictie ? < AANDACHT Internet (gefilterd) (Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.) Tcpip.Interfaces{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: [NameServer] 192.168.1.3,192.168.1.1 Internet Explorer: HKLMSOFTWAREPoliciesMicrosoftInternet Explorer: Restrictie < AANDACHT HKUS-1-5-21-1123561945-1202660629-839522115-4762SOFTWAREPoliciesMicrosoftInternet Explorer: Restrictie < AANDACHT HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739 HKU.DEFAULTSoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU.DEFAULTSoftwareMicrosoftInternet ExplorerMain,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKUS-1-5-21-1123561945-1202660629-839522115-4762SoftwareMicrosoftInternet ExplorerMain,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE SearchScopes: HKLM -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox SearchScopes: HKUS-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKUS-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKUS-1-5-21-1123561945-1202660629-839522115-4762 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKUS-1-5-21-1123561945-1202660629-839522115-4762 -> {7DA1F881-6ADB-4A18-91C7-2235D4E6C639} URL = SearchScopes: HKUS-1-5-21-1123561945-1202660629-839522115-4762 -> {903B5915-700A-40EF-BC55-9F1F9C391925} URL = hxxp://www.google.nl/search?hl=nl&q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:Program FilesNorton SecurityEngine22.8.0.50coIEPlg.dll [2016-09-23] (Symantec Corporation) BHO: Java⢠Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:Program FilesJavajre1.8.0_65binssv.dll [2015-10-22] (Oracle Corporation) BHO: Java⢠Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:Program FilesJavajre1.8.0_65binjp2ssv.dll [2015-10-22] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:Program FilesNorton SecurityEngine22.8.0.50coIEPlg.dll [2016-09-23] (Symantec Corporation) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} hxxps://vpn.s-h.nl/SWTSC.cab DPF: {CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll [2011-08-11] (Citrix Systems, Inc.) FireFox: FF DefaultProfile: w0k9f6ir.default FF ProfilePath: C:UsersICT StageAppDataRoamingMozillaFirefoxProfilesw0k9f6ir.default [2016-11-24] FF HKLM..FirefoxExtensions: [[email protected]] - C:Program FilesHewlett-PackardSmartPrintQPExtension FF Extension: (SmartPrintButton) - C:Program FilesHewlett-PackardSmartPrintQPExtension [2011-01-26] [niet getekend] FF HKLM..FirefoxExtensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NS_22.8.0.50coFFAddon FF Extension: (Norton Security Toolbar) - C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NS_22.8.0.50coFFAddon [2016-11-24] FF Plugin: @adobe.com/FlashPlayer -> C:Windowssystem32MacromedFlashNPSWF32_18_0_0_232.dll [2016-06-06] () FF Plugin: @canon.com/EPPEX -> C:Program FilesCanonEasy-PhotoPrint EXNPEZFFPI.DLL [2014-07-28] (CANON INC.) FF Plugin: @Citrix.com/npagee,version=10.0.71.6 -> C:Program FilesCitrixSecure Access Clientnpagee.dll [2012-10-14] (Citrix Systems, Inc.) FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:Program FilesJavajre1.8.0_65bindtpluginnpDeployJava1.dll [2015-10-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:Program FilesJavajre1.8.0_65binplugin2npjp2.dll [2015-10-22] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:Program FilesMicrosoft Silverlight5.1.41212.0npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:Program FilesWindows LivePhoto GalleryNPWLPG.dll [Geen bestand] FF Plugin: @tools.google.com/Google Update;version=3 -> C:Program FilesGoogleUpdate1.3.31.5npGoogleUpdate3.dll [2016-09-13] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:Program FilesGoogleUpdate1.3.31.5npGoogleUpdate3.dll [2016-09-13] (Google Inc.) FF Plugin: Adobe Reader -> C:Program FilesAdobeAcrobat Reader DCReaderAIRnppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKUS-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/GoogleTalkPlugin -> C:UsersICT StageAppDataRoamingMozillapluginsnpgoogletalk.dll [2015-12-08] (Google) FF Plugin HKUS-1-5-21-1123561945-1202660629-839522115-4762: @talk.google.com/O1DPlugin -> C:UsersICT StageAppDataRoamingMozillapluginsnpo1d.dll [2015-12-08] (Google) FF Plugin HKUS-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=3 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin HKUS-1-5-21-1123561945-1202660629-839522115-4762: @tools.google.com/Google Update;version=9 -> C:UsersICT StageAppDataLocalGoogleUpdate1.3.31.5npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsCCMSDK.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsCgpCore.dll [2011-08-10] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsconfmgr.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsctxlogging.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsctxmui.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsicafile.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsicalogon.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsnpicaN.dll [2011-08-11] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsNPOFF12.DLL [2006-10-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsnppdf32.dll [2016-06-30] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginssslsdk_b.dll [2011-08-10] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:Program Filesmozilla firefoxpluginsTcpPServ.dll [2011-08-10] (Citrix Systems, Inc.) FF Plugin ProgramFiles/Appdata: C:UsersICT StageAppDataRoamingmozillapluginsnpgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:UsersICT StageAppDataRoamingmozillapluginsnpo1d.dll [2015-12-08] (Google) Chrome: CHR Profile: C:UsersICT StageAppDataLocalGoogleChromeUser DataDefault [2016-11-24] CHR Extension: (Google Slides) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsaapocclcgogkmnckokdopfmhonfmgoek [2016-09-13] CHR Extension: (Google Docs) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsaohghmighlieiainnegkcijnfilokake [2016-09-13] CHR Extension: (Google Drive) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsapdfllckaahabafndbhieahigkjlhalf [2016-09-13] CHR Extension: (YouTube) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsblpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-13] CHR Extension: (Google Sheets) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsfelcaaldnbdncclmgdcncolpebgiejap [2016-09-13] CHR Extension: (Google Docs Offline) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-13] CHR Extension: (Chrome Web Store Payments) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionsnmmhkkegccagdldgiimedpiccmgmieda [2016-09-13] CHR Extension: (Gmail) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionspjkljhegncpnkpknbcohdijeoejaedia [2016-09-13] CHR Extension: (Chrome Media Router) - C:UsersICT StageAppDataLocalGoogleChromeUser DataDefaultExtensionspkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-26] CHR HKLM..ChromeExtension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:Program FilesNorton SecurityEngine22.8.0.50ExtsChrome.crx [2016-11-24] CHR HKLM..ChromeExtension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx Services (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) S4 FolderSize; C:Program FilesFolderSizeFolderSizeSvc.exe [116224 2010-04-06] (Brio) [Bestand niet getekend] S4 ftnlsv3hv; C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnlsv.exe [177600 2015-06-16] () S4 ftscanmgr; C:Program FilesVMwareScannerRedirectionftscanmgr.exe [6363792 2015-07-31] () S4 HP LaserJet Service; C:Program FilesHPHPLaserJetServiceHPLaserJetService.exe [136704 2009-06-24] (HP) [Bestand niet getekend] S4 IDriverT; C:Program FilesCommon FilesInstallShieldDriver1150Intel 32IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Bestand niet getekend] S4 Intel® PROSet Monitoring Service; C:Windowssystem32IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation) S4 jhi_service; C:Program FilesIntelServicesIPTjhi_service.exe [212944 2011-02-24] (Intel Corporation) R2 MDM; C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe [335872 2006-10-26] (Microsoft Corporation) [Bestand niet getekend] R2 MsMpSvc; c:Program FilesMicrosoft Security ClientMsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) R2 Net Driver HPZ12; C:Windowssystem32HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] S3 NisSrv; c:Program FilesMicrosoft Security ClientNisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 NS; C:Program FilesNorton SecurityEngine22.8.0.50NS.exe [289080 2016-09-24] (Symantec Corporation) S4 nsverctl; C:Program FilesCitrixSecure Access Clientnsverctl.exe [156784 2012-10-14] (Citrix Systems, Inc) S4 ntrtscan; C:Program FilesTrend MicroOfficeScan Clientntrtscan.exe [2324760 2013-12-10] (Trend Micro Inc.) R2 Pml Driver HPZ12; C:Windowssystem32HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [Bestand niet getekend] S4 RoxMediaDB12OEM; C:Program FilesCommon FilesRoxio SharedOEM12.0SharedCOMRoxMediaDB12OEM.exe [1116656 2010-11-25] (Sonic Solutions) S4 RoxWatch12; C:Program FilesCommon FilesRoxio SharedOEM12.0SharedCOMRoxWatch12OEM.exe [219632 2010-11-25] (Sonic Solutions) S4 SecureStorageService; C:Program FilesDellDell Data ProtectionAccessAdvancedWaveSecure Storage ManagerSecureStorageService.exe [1508232 2011-05-24] (Wave Systems Corp.) S4 stllssvr; C:Program FilesCommon FilesSureThing Sharedstllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [Bestand niet getekend] S4 SwitchBoard; C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [Bestand niet getekend] S4 tcsd_win32.exe; C:Program FilesNTRU CryptosystemsNTRU TCG Software Stackbintcsd_win32.exe [1633280 2011-02-17] () [Bestand niet getekend] S4 TdmService; C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmService.exe [2605424 2011-05-27] (Wave Systems Corp.) S4 TeamViewer; C:Program FilesTeamViewerTeamViewer_Service.exe [7183632 2016-07-18] (TeamViewer GmbH) S4 TMBMServer; C:Program FilesTrend MicroBMTMBMSRV.exe [345112 2013-10-23] (Trend Micro Inc.) S4 tmlisten; C:Program FilesTrend MicroOfficeScan Clienttmlisten.exe [2260128 2013-11-16] (Trend Micro Inc.) S4 TmProxy; C:Program FilesTrend MicroOfficeScan ClientTmProxy.exe [689176 2013-07-01] (Trend Micro Inc.) S4 VMUSBArbService; C:Program FilesCommon FilesVMwareUSBvmware-usbarbitrator.exe [725696 2015-07-30] (VMware, Inc.) S4 vmware-view-usbd; C:Program FilesVMwareVMware Horizon View Clientbinvmware-view-usbd.exe [1156824 2015-07-31] (VMware, Inc.) S4 vmwsprrdpwks; C:Program FilesCommon FilesVMwareSerialPortRedirectionClientvmwsprrdpwks.exe [261776 2015-05-08] (VMware) S4 Wave Authentication Manager Service; C:Program FilesDellDell Data ProtectionAccessAdvancedWaveAuthentication ManagerWaveAMService.exe [1131520 2011-07-01] (Wave Systems Corp.) [Bestand niet getekend] S3 WinDefend; C:Program FilesWindows Defendermpsvc.dll [680960 2013-05-27] (Microsoft Corporation) S4 wsnm; C:Program FilesVMwareVMware Horizon View Clientwsnmwsnm.exe [489176 2015-08-19] (VMware, Inc.) Drivers (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) R1 BHDrvx86; C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsBASHDefs20160826.008BHDrvx86.sys [1334008 2016-09-23] (Symantec Corporation) R2 cag; C:Program FilesCommon FilesDeterministic NetworksCommon Filescag.sys [189272 2011-10-18] (Citrix Systems, Inc.) R1 ccSet_NS; C:Windowssystem32driversNS1608000.032ccSetx86.sys [137456 2016-09-23] (Symantec Corporation) R3 ctxva51; C:WindowsSystem32DRIVERSctxva51.sys [42096 2012-10-14] (Citrix Systems, Inc.) R1 DNE; C:WindowsSystem32DRIVERSdnelwf.sys [107608 2011-02-07] (Citrix Systems, Inc.) R3 e1cexpress; C:WindowsSystem32DRIVERSe1c6232.sys [238760 2010-10-28] (Intel Corporation) R1 eeCtrl; C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys [388824 2016-11-23] (Symantec Corporation) U3 EraserUtilDrv11521; C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrv11521.sys [124144 2016-04-28] (Symantec Corporation) R2 hcmon; C:Windowssystem32drivershcmon.sys [44664 2015-07-30] (VMware, Inc.) R1 IDSVix86; C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsIPSDefs20160916.102IDSVix86.sys [768728 2016-09-23] (Symantec Corporation) R3 IntcAzAudAddService; C:WindowsSystem32driversRTDVHDA.sys [2749416 2010-10-04] (Realtek Semiconductor Corp.) R3 MEI; C:WindowsSystem32DRIVERSHECI.sys [41088 2010-10-20] (Intel Corporation) R0 MpFilter; C:WindowsSystem32DRIVERSMpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R2 npf; C:WindowsSystem32driversnpf.sys [35088 2012-05-03] (CACE Technologies, Inc.) R0 PBADRV; C:WindowsSystem32DRIVERSPBADRV.sys [26608 2010-07-21] (Dell Inc) R0 pwdrvio; C:WindowsSystem32pwdrvio.sys [17160 2015-03-05] () S3 pwdspio; C:Windowssystem32pwdspio.sys [13064 2015-03-05] () R1 SRTSP; C:Windowssystem32driversNS1608000.032SRTSP.SYS [634096 2016-09-23] (Symantec Corporation) R1 SRTSPX; C:Windowssystem32driversNS1608000.032SRTSPX.SYS [43248 2016-09-23] (Symantec Corporation) R0 SymEFASI; C:WindowsSystem32driversNS1608000.032SYMEFASI.SYS [1291992 2016-09-23] (Symantec Corporation) R3 SymEvent; C:Windowssystem32DriversSYMEVENT.SYS [87792 2016-11-24] (Symantec Corporation) R1 SymIRON; C:Windowssystem32driversNS1608000.032Ironx86.SYS [229616 2016-09-23] (Symantec Corporation) R1 SymNetS; C:Windowssystem32driversNS1608000.032SYMNETS.SYS [423640 2016-09-23] (Symantec Corporation) R2 tmactmon; C:WindowsSystem32DRIVERStmactmon.sys [75600 2013-08-29] (Trend Micro Inc.) R2 tmcomm; C:WindowsSystem32DRIVERStmcomm.sys [263072 2013-09-02] (Trend Micro Inc.) R2 tmevtmgr; C:WindowsSystem32DRIVERStmevtmgr.sys [62704 2013-08-29] (Trend Micro Inc.) R2 TmFilter; C:Program FilesTrend MicroOfficeScan ClientTmXPFlt.sys [294152 2015-07-02] (Trend Micro Inc.) R2 TmPreFilter; C:Program FilesTrend MicroOfficeScan ClientTmPreFlt.sys [38152 2015-07-02] (Trend Micro Inc.) R1 tmtdi; C:WindowsSystem32DRIVERStmtdi.sys [90712 2013-06-18] (Trend Micro Inc.) U3 TrueSight; C:WindowsSystem32driversTrueSight.sys [24688 2016-11-24] () S3 USBAAPL; C:WindowsSystem32Driversusbaapl.sys [42496 2011-08-02] (Apple, Inc.) [Bestand niet getekend] R2 VSApiNt; C:Program FilesTrend MicroOfficeScan ClientVSApiNt.sys [1608744 2015-07-02] (Trend Micro Inc.) S3 catchme; ??C:UsersICTSTA~1AppDataLocalTempcatchme.sys [X] S3 NAVENG; ??C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsSDSDefs20160915.023NAVENG.SYS [X] S3 NAVEX15; ??C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsSDSDefs20160915.023NAVEX15.SYS [X] S1 qutmipc; ??C:Windowssystem32driversqutmipc.sys [X] Drivers MD5 C:Windowssystem32drivers1394ohci.sys > MD5 is legitim C:WindowsSystem32driversACPI.sys > MD5 is legitim C:Windowssystem32driversacpipmi.sys > MD5 is legitim C:Windowssystem32driversadp94xx.sys > MD5 is legitim C:Windowssystem32driversadpahci.sys > MD5 is legitim C:Windowssystem32driversadpu320.sys > MD5 is legitim C:Windowssystem32driversafd.sys 93B49FA857F7036A4EFF32371F6E7391 C:Windowssystem32driversagp440.sys > MD5 is legitim C:Windowssystem32driversdjsvs.sys > MD5 is legitim C:Windowssystem32driversaliide.sys > MD5 is legitim C:Windowssystem32driversamdagp.sys > MD5 is legitim C:Windowssystem32driversamdide.sys > MD5 is legitim C:Windowssystem32driversamdk8.sys > MD5 is legitim C:WindowsSystem32DRIVERSatikmdag.sys 1FDC2B137008627BD11195706231EEF6 C:WindowsSystem32DRIVERSatikmpag.sys 5FF6ADC3DE4FFF320FFB1DD53850602F C:Windowssystem32driversamdppm.sys > MD5 is legitim C:Windowssystem32driversamdsata.sys D320BF87125326F996D4904FE24300FC C:Windowssystem32driversamdsbs.sys > MD5 is legitim C:WindowsSystem32driversamdxata.sys 46387FB17B086D16DEA267D5BE23A2F2 C:Windowssystem32driversappid.sys FE4F2ADE5DBB3B888E9EB0A1FBA1F152 C:Windowssystem32driversarc.sys > MD5 is legitim C:Windowssystem32driversarcsas.sys > MD5 is legitim C:WindowsSystem32DRIVERSasyncmac.sys > MD5 is legitim C:Windowssystem32driversatapi.sys > MD5 is legitim C:WindowsSystem32driversAtihdW73.sys 9E65DC266E8289116790599DD7D69087 C:Windowssystem32driversbxvbdx.sys > MD5 is legitim C:WindowsSystem32DRIVERSb57nd60x.sys > MD5 is legitim C:Windowssystem32DriversBeep.sys > MD5 is legitim C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsBASHDefs20160826.008BHDrvx86.sys 83D09A74DBAB1042A7662586E33708A4 C:WindowsSystem32DRIVERSblbdrive.sys > MD5 is legitim C:WindowsSystem32DRIVERSbowser.sys > MD5 is legitim C:Windowssystem32driversBrFiltLo.sys > MD5 is legitim C:Windowssystem32driversBrFiltUp.sys > MD5 is legitim C:WindowsSystem32DRIVERSbridge.sys 77361D72A04F18809D0EFB6CCEB74D4B C:WindowsSystem32DriversBrserid.sys > MD5 is legitim C:WindowsSystem32DriversBrSerWdm.sys > MD5 is legitim C:WindowsSystem32DriversBrUsbMdm.sys > MD5 is legitim C:WindowsSystem32DriversBrUsbSer.sys > MD5 is legitim C:Windowssystem32driversbthmodem.sys > MD5 is legitim C:Program FilesCommon FilesDeterministic NetworksCommon Filescag.sys 88BB79D535B0D628C1529658BECBFFD1 C:Windowssystem32driversNS1608000.032ccSetx86.sys 88CDEF7E48A5D91BEA57E9A18426709E C:WindowsSystem32DRIVERScdfs.sys > MD5 is legitim C:WindowsSystem32DRIVERScdrom.sys > MD5 is legitim C:Windowssystem32driverscirclass.sys > MD5 is legitim C:WindowsSystem32CLFS.sys 33A60554882FDF59CDA3E1806370BBA1 C:Windowssystem32driversCmBatt.sys > MD5 is legitim C:Windowssystem32driverscmdide.sys > MD5 is legitim C:WindowsSystem32Driverscng.sys 780FFC005741C9316576086155E55F56 C:Windowssystem32driverscompbatt.sys > MD5 is legitim C:WindowsSystem32DRIVERSCompositeBus.sys > MD5 is legitim C:Windowssystem32driverscrcdisk.sys > MD5 is legitim C:WindowsSystem32driverscsc.sys > MD5 is legitim C:WindowsSystem32DRIVERSctxusbm.sys 4E08A98DBA0B1249C2EB4B191978A9A4 C:WindowsSystem32DRIVERSctxva51.sys F5EA74EB5F45905A2C734D35FCAF2C43 C:WindowsSystem32Driversdfsc.sys 0C1B2CC3733A4A5B8D6258E7B26EAD1A C:WindowsSystem32driversdiscache.sys > MD5 is legitim C:WindowsSystem32driversdisk.sys > MD5 is legitim C:Windowssystem32driversdmvsc.sys 2A958EF85DB1B61FFCA65044FA4BCE9E C:WindowsSystem32DRIVERSdnelwf.sys 58DA12F5B68A58398D9BCEC7BF795CD4 C:Windowssystem32driversdrmkaud.sys A3F684B866A7D89AE396276CE7AFD416 C:WindowsSystem32driversdxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B C:WindowsSystem32DRIVERSe1c6232.sys 94AD8BAE670E55BF646796B56BAC53A4 C:Windowssystem32driversevbdx.sys > MD5 is legitim C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys EBF632D1E27E6F9B06D9680714935B75 C:Windowssystem32driverselxstor.sys > MD5 is legitim C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilDrv11521.sys E74C7892EE59BB1C5790C4E717019F0F C:Windowssystem32driverserrdev.sys > MD5 is legitim C:Windowssystem32Driversexfat.sys > MD5 is legitim C:Windowssystem32Driversfastfat.sys > MD5 is legitim C:Windowssystem32driversfdc.sys > MD5 is legitim C:WindowsSystem32driversfileinfo.sys > MD5 is legitim C:WindowsSystem32driversfiletrace.sys > MD5 is legitim C:Windowssystem32driversflpydisk.sys > MD5 is legitimB C:WindowsSystem32driversfltmgr.sys > MD5 is legitim C:WindowsSystem32driversFsDepends.sys > MD5 is legitim C:Windowssystem32DriversFs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05 C:WindowsSystem32DRIVERSfvevol.sys E306A24D9694C724FA2491278BF50FDB C:Windowssystem32driversgagp30kx.sys > MD5 is legitim C:Windowssystem32drivershcmon.sys F4AEF841F4D20ABC62E85E9113346DCD C:Windowssystem32drivershcw85cir.sys > MD5 is legitim C:WindowsSystem32driversHdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972 C:WindowsSystem32DRIVERSHDAudBus.sys > MD5 is legitim C:Windowssystem32driversHidBatt.sys > MD5 is legitim C:Windowssystem32drivershidbth.sys > MD5 is legitim C:Windowssystem32drivershidir.sys > MD5 is legitim C:WindowsSystem32DRIVERShidusb.sys > MD5 is legitim C:Windowssystem32driversHpSAMD.sys > MD5 is legitim C:WindowsSystem32driversHTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9 C:WindowsSystem32drivershwpolicy.sys > MD5 is legitim C:WindowsSystem32DRIVERSi8042prt.sys > MD5 is legitim C:WindowsSystem32driversiaStor.sys F4037A3FEDB92DD97C95F320766EA5C9 C:Windowssystem32driversiaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E C:Program FilesNorton SecurityNortonData22.8.0.50DefinitionsIPSDefs20160916.102IDSVix86.sys F0EE3DF9DEE9AA3CECBB1FBD05397155 C:WindowsSystem32DRIVERSigdkmd32.sys 721A8D48B2DC8C1C58C61CB948491EA8 C:Windowssystem32driversiirsp.sys > MD5 is legitim C:WindowsSystem32driversRTDVHDA.sys 55DA507FF4762D38427C19DBFDF56763 C:WindowsSystem32DRIVERSIntcDAud.sys 5576AD2F0039D2BCCCA3567FC0BF981C C:Windowssystem32driversintelide.sys > MD5 is legitim C:WindowsSystem32DRIVERSintelppm.sys > MD5 is legitim C:WindowsSystem32DRIVERSipfltdrv.sys > MD5 is legitim C:Windowssystem32driversIPMIDrv.sys > MD5 is legitim C:WindowsSystem32driversipnat.sys > MD5 is legitim C:WindowsSystem32driversirenum.sys > MD5 is legitim C:Windowssystem32driversisapnp.sys > MD5 is legitim C:Windowssystem32driversmsiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9 C:WindowsSystem32DRIVERSkbdclass.sys > MD5 is legitim C:WindowsSystem32DRIVERSkbdhid.sys > MD5 is legitim C:WindowsSystem32Driversksecdd.sys E58CFE0F44B9775603BA70813D48D66A C:WindowsSystem32Driversksecpkg.sys 50D1D9B3C24E783B6A8451158215AA55 C:WindowsSystem32DRIVERSlltdio.sys > MD5 is legitim C:Windowssystem32driverslsi_fc.sys > MD5 is legitim C:Windowssystem32driverslsi_sas.sys > MD5 is legitim C:Windowssystem32driverslsi_sas2.sys > MD5 is legitim C:Windowssystem32driverslsi_scsi.sys > MD5 is legitim C:Windowssystem32driversluafv.sys > MD5 is legitim C:Windowssystem32driversmegasas.sys > MD5 is legitim C:Windowssystem32driversMegaSR.sys > MD5 is legitim C:WindowsSystem32DRIVERSHECI.sys D86AC00883B9C98B570E7643AAF8E554 C:WindowsSystem32driversmodem.sys > MD5 is legitim C:WindowsSystem32DRIVERSmonitor.sys > MD5 is legitim C:WindowsSystem32DRIVERSmouclass.sys > MD5 is legitim C:WindowsSystem32DRIVERSmouhid.sys > MD5 is legitim C:WindowsSystem32driversmountmgr.sys BAD9C0366134BA181514E9263C8CE606 C:WindowsSystem32DRIVERSMpFilter.sys F112DA773EC3E9D3CDE9221ED300E033 C:Windowssystem32driversmpio.sys > MD5 is legitim C:WindowsSystem32driversmpsdrv.sys > MD5 is legitim C:Windowssystem32driversmrxdav.sys 03F899F521D2AAED1C55008F734DF252 C:WindowsSystem32DRIVERSmrxsmb.sys 1D5CC65FECC628397CB72F87DD6A78F3 C:WindowsSystem32DRIVERSmrxsmb10.sys D405E63A7FEED75B40ACE03E57B44AB5 C:WindowsSystem32DRIVERSmrxsmb20.sys E688B7D9B5422F23102E1920E19473E9 C:Windowssystem32driversmsahci.sys > MD5 is legitim C:Windowssystem32driversmsdsm.sys > MD5 is legitim C:Windowssystem32DriversMsfs.sys > MD5 is legitim C:WindowsSystem32driversmshidkmdf.sys > MD5 is legitim C:WindowsSystem32driversmsisadrv.sys > MD5 is legitim C:WindowsSystem32driversMSKSSRV.sys > MD5 is legitim C:WindowsSystem32driversMSPCLOCK.sys > MD5 is legitim C:WindowsSystem32driversMSPQM.sys > MD5 is legitim C:Windowssystem32DriversMsRPC.sys > MD5 is legitim C:WindowsSystem32DRIVERSmssmbios.sys > MD5 is legitim C:WindowsSystem32driversMSTEE.sys > MD5 is legitim C:Windowssystem32driversMTConfig.sys > MD5 is legitim C:WindowsSystem32Driversmup.sys E7EB93F16956C1BE56CB9B865802F696 C:WindowsSystem32Driversmvusbews.sys BA574D2ECDDE374AE2BDFAC0BDA8AAD0 C:WindowsSystem32DRIVERSnwifi.sys > MD5 is legitim C:WindowsSystem32driversndis.sys 9804FB2E46077F2977552347DFCA7E05 C:WindowsSystem32DRIVERSndiscap.sys > MD5 is legitim C:WindowsSystem32DRIVERSndistapi.sys > MD5 is legitim C:WindowsSystem32DRIVERSndisuio.sys > MD5 is legitim C:WindowsSystem32DRIVERSndiswan.sys > MD5 is legitim C:Windowssystem32DriversNDProxy.sys > MD5 is legitim C:WindowsSystem32DRIVERSnetbios.sys > MD5 is legitim C:WindowsSystem32DRIVERSnetbt.sys > MD5 is legitim C:Windowssystem32driversnfrd960.sys > MD5 is legitim C:WindowsSystem32DRIVERSNisDrvWFP.sys 780FF28BCD8470C5FDDEEF69982AA295 C:WindowsSystem32driversnpf.sys B48DC6ABCD3AEFF8618350CCBDC6B09A C:Windowssystem32DriversNpfs.sys > MD5 is legitim C:WindowsSystem32driversnsiproxy.sys > MD5 is legitim C:Windowssystem32DriversNtfs.sys C8DFF8D07755A66C7A4A738930F0FEAC C:Windowssystem32DriversNull.sys > MD5 is legitim C:Windowssystem32driversnvraid.sys B3E25EE28883877076E0E1FF877D02E0 C:Windowssystem32driversnvstor.sys 4380E59A170D88C4F1022EFF6719A8A4 C:Windowssystem32driversnv_agp.sys > MD5 is legitim C:Windowssystem32driversohci1394.sys > MD5 is legitim C:Windowssystem32driversparport.sys > MD5 is legitim C:WindowsSystem32driverspartmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B C:Windowssystem32driversparvdm.sys > MD5 is legitim C:WindowsSystem32DRIVERSPBADRV.sys 4088C1ECD1F54281A92FA663B0FDC36F C:WindowsSystem32driverspci.sys > MD5 is legitim C:Windowssystem32driverspciide.sys > MD5 is legitim C:Windowssystem32driverspcmcia.sys > MD5 is legitim C:WindowsSystem32driverspcw.sys > MD5 is legitim C:WindowsSystem32driverspeauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F C:WindowsSystem32DRIVERSraspptp.sys > MD5 is legitim C:Windowssystem32driversprocessr.sys > MD5 is legitim C:WindowsSystem32DRIVERSpacer.sys > MD5 is legitim C:WindowsSystem32pwdrvio.sys FB92B393B2ABE017FE4CF1661C755000 C:Windowssystem32pwdspio.sys B515D22F4F216CE471317432AD364AD2 C:WindowsSystem32DriversPxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:Windowssystem32driversql2300.sys > MD5 is legitim C:Windowssystem32driversql40xx.sys > MD5 is legitim C:Windowssystem32driversqwavedrv.sys > MD5 is legitim C:WindowsSystem32DRIVERSrasacd.sys > MD5 is legitim C:WindowsSystem32DRIVERSAgileVpn.sys > MD5 is legitim C:WindowsSystem32DRIVERSrasl2tp.sys > MD5 is legitim C:WindowsSystem32DRIVERSraspppoe.sys > MD5 is legitim C:WindowsSystem32DRIVERSrassstp.sys > MD5 is legitim C:WindowsSystem32DRIVERSrdbss.sys B15D1178AD7AA2D4F32E88B68C7E2DA2 C:WindowsSystem32DRIVERSrdpbus.sys > MD5 is legitim C:WindowsSystem32DRIVERSRDPCDD.sys > MD5 is legitim C:WindowsSystem32driversrdpdr.sys > MD5 is legitim C:WindowsSystem32driversrdpencdd.sys > MD5 is legitim C:WindowsSystem32driversrdprefmp.sys > MD5 is legitim C:WindowsSystem32driversrdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6 C:Windowssystem32DriversRDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693 C:WindowsSystem32driversrdyboost.sys > MD5 is legitim C:WindowsSystem32DRIVERSrspndr.sys > MD5 is legitim C:Windowssystem32driversvms3cap.sys > MD5 is legitim C:Windowssystem32driverssbp2port.sys > MD5 is legitim C:WindowsSystem32DRIVERSscfilter.sys > MD5 is legitim C:Windowssystem32Driverssecdrv.sys > MD5 is legitim C:WindowsSystem32DRIVERSserenum.sys > MD5 is legitim C:WindowsSystem32DRIVERSserial.sys > MD5 is legitim C:Windowssystem32driverssermouse.sys > MD5 is legitim C:Windowssystem32driverssffdisk.sys > MD5 is legitim C:Windowssystem32driverssffp_mmc.sys > MD5 is legitim C:Windowssystem32driverssffp_sd.sys > MD5 is legitim C:Windowssystem32driverssfloppy.sys > MD5 is legitim C:Windowssystem32driverssisagp.sys > MD5 is legitim C:Windowssystem32driversSiSRaid2.sys > MD5 is legitim C:Windowssystem32driverssisraid4.sys > MD5 is legitim C:WindowsSystem32DRIVERSsmb.sys > MD5 is legitim C:Windowssystem32Driversspldr.sys > MD5 is legitim C:Windowssystem32driversNS1608000.032SRTSP.SYS 423903085E55FD24A0F49195160EE612 C:Windowssystem32driversNS1608000.032SRTSPX.SYS A7476418495A5CF97F691EA4F3986B85 C:WindowsSystem32DRIVERSsrv.sys E4C2764065D66EA1D2D3EBC28FE99C46 C:WindowsSystem32DRIVERSsrv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB C:WindowsSystem32DRIVERSsrvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC C:Windowssystem32driversstexstor.sys > MD5 is legitim C:WindowsSystem32driversvmstorfl.sys > MD5 is legitim C:Windowssystem32driversstorvsc.sys > MD5 is legitim C:WindowsSystem32DRIVERSswenum.sys > MD5 is legitim C:WindowsSystem32driversNS1608000.032SYMEFASI.SYS 91AA67FD9704A8E953376DD140683507 C:Windowssystem32DriversSYMEVENT.SYS E111BABE2BCA0F9CD3E45606EB63944F C:Windowssystem32driversNS1608000.032Ironx86.SYS 1B6EC6B91DAB7971530D61D4F2BFB22F C:Windowssystem32driversNS1608000.032SYMNETS.SYS 9EF7544FE71F8025FB1A5A1FCFF8D333 C:WindowsSystem32driverstcpip.sys 5579DD18546999F5D0EC39D018726C6B C:WindowsSystem32DRIVERStcpip.sys 5579DD18546999F5D0EC39D018726C6B C:WindowsSystem32driverstcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B C:WindowsSystem32driverstdpipe.sys > MD5 is legitim C:WindowsSystem32driverstdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8 C:WindowsSystem32DRIVERStdx.sys BB8817D0508DD5EA69C770C8DEF5AB67 C:WindowsSystem32DRIVERStermdd.sys > MD5 is legitim C:WindowsSystem32DRIVERStmactmon.sys 7B8E49D03ECE5CAC523C8D56DB61C845 C:WindowsSystem32DRIVERStmcomm.sys 4C6D311E0B13C4F469F717DB4AB4D0E7 C:WindowsSystem32DRIVERStmevtmgr.sys 8BE895EC50E6F0B6167671405581B414 C:Program FilesTrend MicroOfficeScan ClientTmXPFlt.sys 97A567392A48211BD2FD37807702D911 C:Program FilesTrend MicroOfficeScan ClientTmPreFlt.sys F6E50E46697F232F667C426C936A4047 C:WindowsSystem32DRIVERStmtdi.sys E70EB577845B05DB02779A150E4A92E7 C:WindowsSystem32driversTrueSight.sys 0C997B061E3C66BD9E927C1288EB1CC7 C:WindowsSystem32DRIVERStssecsrv.sys B89F89A2308E9569A1022A50F78C5506 C:WindowsSystem32driverstsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463 C:Windowssystem32driversTsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282 C:WindowsSystem32DRIVERStunnel.sys > MD5 is legitim C:Windowssystem32driversuagp35.sys > MD5 is legitim C:WindowsSystem32DRIVERSudfs.sys > MD5 is legitim C:Windowssystem32driversuliagpkx.sys > MD5 is legitim C:WindowsSystem32DRIVERSumbus.sys > MD5 is legitim C:Windowssystem32driversumpass.sys > MD5 is legitim C:WindowsSystem32Driversusbaapl.sys 83CAFCB53201BBAC04D822F32438E244 C:WindowsSystem32driversusbaudio.sys A1977C315BF5691DA99235AA4A6907AF C:WindowsSystem32DRIVERSusbccgp.sys 5620619CE693AADF8767CDA00F940BEE C:Windowssystem32driversusbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041 C:Windowssystem32driversusbehci.sys 3735F2A99C5EA762D869748333C83CE8 C:WindowsSystem32DRIVERSusbhub.sys 7DE31B21FA92EE427C058C44CEB7859B C:Windowssystem32driversusbohci.sys E83AF87457337D459F48139FAC8A1994 C:WindowsSystem32DRIVERSusbprint.sys > MD5 is legitim C:Windowssystem32driversusbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036 C:WindowsSystem32DRIVERSUSBSTOR.SYS F991AB9CC6B908DB552166768176896A C:Windowssystem32driversusbuhci.sys 876A815194383359F9F22833D4057138 C:WindowsSystem32driversvdrvroot.sys > MD5 is legitim C:WindowsSystem32DRIVERSvgapnp.sys > MD5 is legitim C:WindowsSystem32driversvga.sys > MD5 is legitim C:Windowssystem32driversvhdmp.sys > MD5 is legitim C:Windowssystem32driversviaagp.sys > MD5 is legitim C:Windowssystem32driversviac7.sys > MD5 is legitim C:Windowssystem32driversviaide.sys > MD5 is legitim C:Windowssystem32driversvmbus.sys > MD5 is legitim C:Windowssystem32driversVMBusHID.sys > MD5 is legitim C:WindowsSystem32driversvolmgr.sys > MD5 is legitim C:WindowsSystem32driversvolmgrx.sys > MD5 is legitim C:WindowsSystem32driversvolsnap.sys > MD5 is legitim C:Program FilesTrend MicroOfficeScan ClientVSApiNt.sys 994354C06FC4C23912728C22D0B86356 C:Windowssystem32driversvsmraid.sys > MD5 is legitim C:WindowsSystem32driversvwifibus.sys > MD5 is legitim C:Windowssystem32driverswacompen.sys > MD5 is legitim C:WindowsSystem32DRIVERSwanarp.sys > MD5 is legitim C:WindowsSystem32DRIVERSwanarp.sys > MD5 is legitim C:Windowssystem32driverswd.sys > MD5 is legitim C:WindowsSystem32driversWdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645 C:WindowsSystem32DRIVERSwfplwf.sys > MD5 is legitim C:WindowsSystem32driverswimmount.sys > MD5 is legitim C:WindowsSystem32DRIVERSWinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708 C:Windowssystem32driverswmiacpi.sys > MD5 is legitim C:Windowssystem32driversws2ifsl.sys > MD5 is legitim C:WindowsSystem32DRIVERSWSDPrint.sys 553F6CCD7C58EB98D4A8FBDAF283D7A9 C:WindowsSystem32driversWudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070 C:WindowsSystem32DRIVERSWUDFRd.sys 867C301E8B790040AE9CF6486E8041DF NetSvcs (gefilterd) (Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.) Drie Maanden Gemaakt bestanden en mappen (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-11-24 13:24 - 2016-11-24 13:24 - 00050315 _____ C:UsersICT StageDesktopFRST.txt 2016-11-24 13:23 - 2016-11-24 13:24 - 00000000 ____D C:FRST 2016-11-24 13:22 - 2016-11-24 13:22 - 01761280 _____ (Farbar) C:UsersICT StageDesktopFRST.exe 2016-11-24 12:51 - 2016-11-24 12:55 - 00000000 ____D C:Program FilesCommon FilesSymantec Shared 2016-11-24 12:51 - 2016-11-24 12:51 - 00087792 _____ (Symantec Corporation) C:Windowssystem32DriversSYMEVENT.SYS 2016-11-24 12:51 - 2016-11-24 12:51 - 00008234 _____ C:Windowssystem32DriversSYMEVENT.CAT 2016-11-24 12:51 - 2016-11-24 12:51 - 00002300 _____ C:UsersPublicDesktopNorton Security.lnk 2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ___RD C:ProgramDataMicrosoftWindowsStart MenuProgramsNorton Security 2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:Windowssystem32DriversNS 2016-11-24 12:51 - 2016-11-24 12:51 - 00000000 ____D C:Program FilesNorton Security 2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:UsersICT StageAppDataRoamingMicrosoftWindowsStart MenuProgramsNorton 2016-11-24 12:50 - 2016-11-24 12:54 - 00000000 ____D C:ProgramDataNorton 2016-11-24 12:50 - 2016-11-24 12:50 - 01101088 _____ (Symantec Corporation) C:UsersICT StageDesktopNSDeluxeDownloader.exe 2016-11-24 12:50 - 2016-11-24 12:50 - 00001242 _____ C:UsersICT StageDesktopNorton Installation Files.lnk 2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:UsersPublicDownloadsNorton 2016-11-24 12:50 - 2016-11-24 12:50 - 00000000 ____D C:Program FilesNortonInstaller 2016-11-24 12:37 - 2016-11-24 12:39 - 00673932 _____ C:TDSSKiller.3.1.0.12_24.11.2016_12.37.53_log.txt 2016-11-24 12:36 - 2016-11-24 12:37 - 00004556 _____ C:TDSSKiller.3.1.0.12_24.11.2016_12.36.56_log.txt 2016-11-24 12:20 - 2016-11-24 12:30 - 00000000 ____D C:ProgramDataMalwarebytes' Anti-Malware (portable) 2016-11-24 12:18 - 2016-11-24 12:30 - 00000000 ____D C:UsersICT StageDesktopmbar 2016-11-24 12:18 - 2016-11-24 12:18 - 16563352 _____ (Malwarebytes Corp.) C:UsersICT StageDesktopmbar-1.09.3.1001.exe 2016-11-24 11:59 - 2016-11-24 12:07 - 00000000 ____D C:UsersICT StageDesktopTMRBLog 2016-11-24 11:59 - 2016-11-24 11:59 - 09950232 _____ (Trend Micro Inc.) C:UsersICT StageDesktopRootkitBusterV5.0-1129x32.exe 2016-11-24 11:59 - 2016-11-24 11:59 - 00000000 ____D C:UsersICT StageDesktoplog 2016-11-24 11:13 - 2016-11-24 11:13 - 00004394 _____ C:TDSSKiller.3.1.0.12_24.11.2016_11.13.25_log.txt 2016-11-24 11:12 - 2016-11-24 11:12 - 00017867 _____ C:ComboFix.txt 2016-11-24 11:01 - 2016-11-24 11:12 - 00000000 ____D C:Qoobox 2016-11-24 11:01 - 2016-11-24 11:11 - 00000000 ____D C:Windowserdnt 2016-11-24 11:01 - 2011-06-26 07:45 - 00256000 _____ C:WindowsPEV.exe 2016-11-24 11:01 - 2010-11-07 18:20 - 00208896 _____ C:WindowsMBR.exe 2016-11-24 11:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:WindowsNIRCMD.exe 2016-11-24 11:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:WindowsSWREG.exe 2016-11-24 11:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:WindowsSWSC.exe 2016-11-24 11:01 - 2000-08-31 01:00 - 00098816 _____ C:Windowssed.exe 2016-11-24 11:01 - 2000-08-31 01:00 - 00080412 _____ C:Windowsgrep.exe 2016-11-24 11:01 - 2000-08-31 01:00 - 00068096 _____ C:Windowszip.exe 2016-11-24 10:34 - 2016-11-24 10:34 - 547207105 _____ C:WindowsMEMORY.DMP 2016-11-24 10:34 - 2016-11-24 10:34 - 00149600 _____ C:WindowsMinidump112416-3400-01.dmp 2016-11-24 10:29 - 2016-11-24 09:30 - 00380928 _____ C:UsersICT StageDesktophxw5rr27.exe 2016-11-24 10:26 - 2016-11-24 10:28 - 00699686 _____ C:TDSSKiller.3.1.0.12_24.11.2016_10.26.38_log.txt 2016-11-24 10:21 - 2016-11-24 10:22 - 00004560 _____ C:TDSSKiller.3.1.0.12_24.11.2016_10.21.57_log.txt 2016-11-24 10:18 - 2016-11-24 10:18 - 00010796 _____ C:UsersICT StageDesktoprogue.txt 2016-11-24 09:31 - 2016-11-24 12:30 - 00000000 ____D C:ProgramDataRogueKiller 2016-11-24 09:31 - 2016-11-24 09:31 - 00024688 _____ C:Windowssystem32DriversTrueSight.sys 2016-11-24 09:31 - 2016-11-24 09:31 - 00001003 _____ C:UsersPublicDesktopRogueKiller.lnk 2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsRogueKiller 2016-11-24 09:31 - 2016-11-24 09:31 - 00000000 ____D C:Program FilesRogueKiller 2016-11-24 08:33 - 2016-11-24 10:22 - 00000000 ____D C:UsersICT StageAppDataLocalESET 2016-11-22 15:06 - 2016-11-22 15:06 - 00000000 ____D C:UsersICT StageDesktopurenlijst 2016-11-22 15:04 - 2016-11-22 15:04 - 00000000 ____D C:UsersICT StageDesktoppaktafel project 2016-11-22 15:02 - 2016-11-22 16:23 - 00000000 ____D C:UsersICT StageDesktopplattegronden sensoren 2016-11-22 12:57 - 2016-11-22 12:57 - 03855248 _____ C:Windowssystem32FNTCACHE.DAT 2016-11-22 12:55 - 2016-11-22 12:55 - 00147928 _____ C:UsersICT StageAppDataLocalGDIPFONTCACHEV1.DAT 2016-11-22 12:44 - 2016-11-22 12:44 - 00000000 ____D C:$360Section 2016-11-22 12:37 - 2016-11-22 12:44 - 00000000 ____D C:ProgramData360Quarant 2016-11-22 12:35 - 2016-11-22 12:35 - 00000000 ____D C:WindowsTasks360Disabled 2016-11-22 12:34 - 2016-11-23 08:31 - 00000000 ____D C:Program Files360 2016-11-22 12:34 - 2016-11-22 14:38 - 00000000 ____D C:Program FilesCommon FilesAV 2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:UsersICT StageAppDataRoamingSun 2016-11-21 12:35 - 2016-11-21 12:35 - 00000000 ____D C:UsersICT StageAppDataLocalLowSun 2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:UsersICT StageAppDataRoamingICAClient 2016-11-21 10:22 - 2016-11-21 10:22 - 00000000 ____D C:UsersICT StageAppDataLocalCitrix 2016-11-21 09:51 - 2016-11-21 09:51 - 00006696 ____N C:bootsqm.dat 2016-11-14 16:37 - 2016-11-22 12:48 - 00000000 ____D C:UsersICT StageAppDataLocalCrashDumps 2016-11-09 11:59 - 2016-11-22 15:06 - 00000000 ____D C:UsersICT StageDesktopPowershell testjes 2016-11-07 12:27 - 2016-11-01 10:07 - 00000122 _____ C:UsersICT StageDesktopqbase+speakapp.bat 2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:UsersICT StageAppDataRoamingyWorks 2016-11-01 16:59 - 2016-11-01 16:59 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsyEd Graph Editor 2016-11-01 16:58 - 2016-11-01 16:58 - 00000000 ____D C:UsersICT Stage.oracle_jre_usage 2016-10-26 09:18 - 2016-11-23 15:46 - 00039424 _____ C:UsersICT StageDesktopToneroverzichtv3.xls 2016-10-24 14:22 - 2016-11-14 09:41 - 00000097 _____ C:UsersICT StageDesktopmomentele bezigheden.txt 2016-10-24 12:05 - 2012-08-21 15:59 - 00001536 _____ (Microsoft Corporation) C:Windowssystem32winrsmgr.dll 2016-10-24 12:05 - 2012-08-21 15:56 - 00060416 _____ (Microsoft Corporation) C:Windowssystem32WsmRes.dll 2016-10-24 12:05 - 2012-08-21 15:29 - 00009728 _____ (Microsoft Corporation) C:Windowssystem32winrssrv.dll 2016-10-24 12:05 - 2012-08-21 15:28 - 00010240 _____ (Microsoft Corporation) C:Windowssystem32wsmplpxy.dll 2016-10-24 12:05 - 2012-08-21 15:20 - 00046080 _____ (Microsoft Corporation) C:Windowssystem32ncobjapi.dll 2016-10-24 12:05 - 2012-08-21 15:18 - 00089088 _____ (Microsoft Corporation) C:Windowssystem32mi.dll 2016-10-24 12:05 - 2012-08-21 15:14 - 00061440 _____ (Microsoft Corporation) C:Windowssystem32wecapi.dll 2016-10-24 12:05 - 2012-08-21 15:08 - 00083456 _____ (Microsoft Corporation) C:Windowssystem32wevtfwd.dll 2016-10-24 12:05 - 2012-08-21 15:01 - 00012800 _____ (Microsoft Corporation) C:Windowssystem32Register-CimProvider.exe 2016-10-24 12:05 - 2012-08-21 14:56 - 00078336 _____ (Microsoft Corporation) C:Windowssystem32wecutil.exe 2016-10-24 12:05 - 2012-08-21 14:54 - 00155648 _____ (Microsoft Corporation) C:Windowssystem32wecsvc.dll 2016-10-24 12:05 - 2012-08-21 14:44 - 00059904 _____ (Microsoft Corporation) C:Windowssystem32prvdmofcomp.dll 2016-10-24 12:05 - 2012-08-21 14:43 - 00154112 _____ (Microsoft Corporation) C:Windowssystem32wmitomi.dll 2016-10-24 12:05 - 2012-08-21 14:36 - 00124416 _____ (Microsoft Corporation) C:Windowssystem32wmidcom.dll 2016-10-24 12:05 - 2012-08-21 14:34 - 00382464 _____ (Microsoft Corporation) C:Windowssystem32wbemcomn2.dll 2016-10-24 12:05 - 2012-08-21 14:33 - 00172544 _____ (Microsoft Corporation) C:Windowssystem32miutils.dll 2016-10-24 12:05 - 2012-08-21 14:32 - 00021504 _____ (Microsoft Corporation) C:Windowssystem32WsmAgent.dll 2016-10-24 12:05 - 2012-08-21 14:29 - 00192512 _____ (Microsoft Corporation) C:Windowssystem32framedynos.dll 2016-10-24 12:05 - 2012-08-21 14:27 - 00189952 _____ (Microsoft Corporation) C:Windowssystem32framedyn.dll 2016-10-24 12:05 - 2012-08-21 14:13 - 00020480 _____ (Microsoft Corporation) C:Windowssystem32winrshost.exe 2016-10-24 12:05 - 2012-08-21 14:04 - 00039936 _____ (Microsoft Corporation) C:Windowssystem32winrs.exe 2016-10-24 12:05 - 2012-08-21 14:03 - 00035840 _____ (Microsoft Corporation) C:Windowssystem32wsmprovhost.exe 2016-10-24 12:05 - 2012-08-21 14:02 - 00227328 _____ (Microsoft Corporation) C:Windowssystem32WsmWmiPl.dll 2016-10-24 12:05 - 2012-08-21 14:02 - 00138752 _____ (Microsoft Corporation) C:Windowssystem32WsmAuto.dll 2016-10-24 12:05 - 2012-08-21 14:02 - 00092160 _____ (Microsoft Corporation) C:Windowssystem32winrscmd.dll 2016-10-24 12:05 - 2012-08-21 13:56 - 00526848 _____ (Microsoft Corporation) C:Windowssystem32WsmGCDeps.dll 2016-10-24 12:05 - 2012-08-21 13:52 - 02039296 _____ (Microsoft Corporation) C:Windowssystem32WsmSvc.dll 2016-10-24 12:05 - 2012-08-21 13:50 - 00036352 _____ (Microsoft Corporation) C:Windowssystem32PSModuleDiscoveryProvider.dll 2016-10-24 12:05 - 2012-08-21 13:50 - 00030208 _____ (Microsoft Corporation) C:Windowssystem32WSManHTTPConfig.exe 2016-10-24 12:05 - 2012-08-21 13:30 - 00042496 _____ (Microsoft Corporation) C:Windowssystem32pwrshplugin.dll 2016-10-24 12:05 - 2012-08-21 12:26 - 00056832 _____ (Microsoft Corporation) C:Windowssystem32WSManMigrationPlugin.dll 2016-10-24 12:05 - 2012-07-23 19:16 - 00204105 _____ C:Windowssystem32winrm.vbs 2016-10-24 12:05 - 2012-07-23 19:16 - 00004675 _____ C:Windowssystem32wsmanconfig_schema.xml 2016-10-24 12:05 - 2012-07-23 19:16 - 00004148 _____ C:Windowssystem32psmodulediscoveryprovider.mof 2016-10-17 08:54 - 2016-10-20 11:09 - 00000000 ____D C:UsersICT StageDesktopPowershell tests en handige dingen 2016-10-13 15:54 - 2016-10-13 15:55 - 00000000 ____D C:UsersICT StageAppDataRoamingSkype 2016-10-12 14:41 - 2016-10-12 14:41 - 00000000 ____D C:UsersICT StageAppDataLocalMicrosoft_Corporation 2016-10-12 14:24 - 2016-10-12 14:24 - 00001005 _____ C:UsersICT StageDesktopICT Stage - Snelkoppeling.lnk 2016-10-12 14:15 - 2016-11-03 14:55 - 00000000 ____D C:UsersICT StageDesktopscriptjes 2016-10-12 10:43 - 2016-10-12 10:43 - 00001899 _____ C:UsersICT StageDesktopWindows PowerShell.lnk 2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:UsersICT StageAppDataRoamingMicrosoftWindowsStart MenuProgramsZebraLink 2016-10-03 11:57 - 2016-10-03 11:57 - 00000000 ____D C:Program FilesZebraLink 2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:Usersnicolien_vpn 2016-10-03 11:51 - 2016-11-24 11:12 - 00000000 ____D C:Userslocaal 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UserstestuserDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersReceptieDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersnicolien_vpnDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UserslocaalDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersinstallDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersICT StageDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersgast5DesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersgast3DesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersgast2DesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersgast1DesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersDaphneBDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersAdministratorDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:Usersadministrator.SHDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00001452 _____ C:UsersadminDesktopZebra Font Downloader.lnk 2016-10-03 11:51 - 2016-10-03 11:51 - 00000000 ____D C:ProgramDataMicrosoftWindowsStart MenuProgramsZebra Technologies 2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:ProgramDataFont Downloader 2016-10-03 11:50 - 2016-10-03 11:50 - 00000000 ____D C:Program FilesZebra Technologies 2016-10-03 11:50 - 2012-10-25 07:46 - 00108544 _____ (Euro Plus d.o.o.) C:Windowssystem32zdnPMU.dll 2016-10-03 11:50 - 2012-10-25 07:46 - 00107008 _____ (Euro Plus d.o.o.) C:Windowssystem32zdnPMS.dll 2016-10-03 11:47 - 2016-10-03 11:47 - 00000000 ____D C:ZD267718 2016-09-19 12:01 - 2016-09-19 12:01 - 00000000 _____ C:UsersICT StageDesktopperiodieke beoordeling week 7 en 12 +reflectie.txt 2016-09-19 10:13 - 2016-09-19 10:13 - 00001724 _____ C:UsersICT StageDesktopRemote Desktop Connection.lnk 2016-09-13 08:21 - 2016-11-24 12:37 - 00001044 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job 2016-09-13 08:21 - 2016-11-24 12:26 - 00001048 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job 2016-09-13 08:21 - 2016-11-15 09:28 - 00002163 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsGoogle Chrome.lnk 2016-09-13 08:21 - 2016-11-15 09:28 - 00002151 _____ C:UsersPublicDesktopGoogle Chrome.lnk 2016-09-12 07:56 - 2016-11-24 12:36 - 01257296 _____ C:Windowsntbtlog.txt 2016-09-06 14:47 - 2016-11-22 15:34 - 00000000 ____D C:UsersICT StageDesktopStage school documenten 2016-09-05 11:39 - 2016-09-05 11:39 - 00001183 _____ C:UsersICT StageDesktopMicrosoft Office Outlook.lnk 2016-09-05 08:39 - 2016-11-01 14:10 - 00000000 ____D C:UsersICT StageDesktopS&H - IT vaak nodig Drie Maanden Gewijzigd bestanden en mappen (Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.) 2016-11-24 13:06 - 2016-05-12 13:56 - 00001080 _____ C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762UA.job 2016-11-24 12:56 - 2016-07-27 15:31 - 00000000 ____D C:Program FilesWinZip 2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-11-24 12:47 - 2009-07-14 05:34 - 00031088 ____H C:Windowssystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-11-24 12:43 - 2010-11-21 00:57 - 00889294 _____ C:Windowssystem32perfh013.dat 2016-11-24 12:43 - 2010-11-21 00:57 - 00200702 _____ C:Windowssystem32perfc013.dat 2016-11-24 12:43 - 2010-11-20 22:01 - 00006648 _____ C:Windowssystem32PerfStringBackup.INI 2016-11-24 12:37 - 2015-12-08 11:49 - 00000000 ____D C:UsersICT Stage 2016-11-24 12:37 - 2011-09-22 08:35 - 00000112 _____ C:Windowssystem32confignetlogon.ftl 2016-11-24 12:37 - 2009-07-14 05:53 - 00000006 ____H C:WindowsTasksSA.DAT 2016-11-24 12:32 - 2015-12-08 11:49 - 00000160 ___SH C:UsersICT Stagentuser.ini 2016-11-24 12:20 - 2015-05-28 13:25 - 00170200 _____ (Malwarebytes) C:Windowssystem32DriversMBAMSwissArmy.sys 2016-11-24 12:18 - 2015-05-28 13:24 - 00094936 _____ (Malwarebytes) C:Windowssystem32Driversmbamchameleon.sys 2016-11-24 11:12 - 2016-02-15 09:03 - 00000000 ____D C:UsersICT StageAppDataLocalApps2.0 2016-11-24 11:12 - 2013-07-29 16:02 - 00000000 ____D C:UsersJeroen 2016-11-24 11:11 - 2009-07-14 03:04 - 00000215 _____ C:Windowssystem.ini 2016-11-24 10:34 - 2012-10-30 10:13 - 00000000 ____D C:WindowsMinidump 2016-11-24 10:32 - 2009-07-14 03:37 - 00000000 ____D C:Windowsinf 2016-11-24 09:06 - 2016-05-12 13:56 - 00001028 _____ C:WindowsTasksGoogleUpdateTaskUserS-1-5-21-1123561945-1202660629-839522115-4762Core.job 2016-11-24 08:26 - 2016-02-15 09:04 - 00000000 ____D C:UsersICT StageAppDataLocalDeployment 2016-11-23 16:57 - 2016-03-03 13:57 - 00000000 ____D C:UsersICT StageAppDataRoamingNotepad++ 2016-11-22 12:59 - 2011-09-22 08:36 - 00003796 __RSH C:ProgramDatantuser.pol 2016-11-22 12:44 - 2015-12-08 11:53 - 00000000 ____D C:UsersICT StageAppDataRoamingTeamViewer 2016-11-22 12:44 - 2015-11-30 10:06 - 00000000 ____D C:$WINDOWS.~BT 2016-11-22 12:44 - 2011-09-16 22:14 - 00000000 ____D C:ProgramDataTemp 2016-11-22 12:44 - 2011-02-14 16:03 - 00000000 ____D C:Windowspanther 2016-11-22 12:44 - 2009-07-14 05:52 - 00000000 ____D C:WindowsDownloaded Program Files 2016-11-22 11:17 - 2016-03-10 16:27 - 00002238 ____H C:UsersICT StageDocumentsDefault.rdp 2016-11-21 10:22 - 2016-02-15 10:48 - 00000000 ____D C:UsersICT StageAppDataLocalAdobe 2016-11-21 10:22 - 2015-12-08 11:49 - 00000000 ____D C:UsersICT StageAppDataRoamingAdobe 2016-11-21 09:26 - 2015-10-06 14:09 - 00000000 ____D C:Windowspss 2016-11-21 08:24 - 2011-09-22 08:57 - 00009030 _____ C:Windowscfgall.ini 2016-11-07 09:00 - 2016-02-16 12:29 - 00000000 ____D C:UsersICT StageAppDataLocalGoogle 2016-11-07 08:52 - 2015-10-06 15:02 - 00002441 _____ C:ProgramDataMicrosoftWindowsStart MenuProgramsAcrobat Reader DC.lnk 2016-11-03 15:44 - 2015-12-31 13:06 - 00001189 _____ C:UsersICT StageDesktopHandig_WD - Snelkoppeling.lnk 2016-10-28 02:22 - 2011-09-22 08:48 - 00407720 ____N (Microsoft Corporation) C:Windowssystem32MpSigStub.exe 2016-10-27 15:17 - 2009-07-14 03:37 - 00000000 ____D C:Windowsrescache 2016-10-26 09:08 - 2009-07-14 03:37 - 00000000 ___HD C:Windowssystem32GroupPolicy 2016-10-25 11:02 - 2012-04-02 08:42 - 00000000 ____D C:FBase Bestanden in de root van sommige mappen 2016-03-31 09:56 - 2016-03-31 09:56 - 0007602 _____ () C:UsersICT StageAppDataLocalResmon.ResmonCfg 2015-10-01 09:12 - 2015-10-01 09:12 - 0010392 _____ () C:ProgramDataregid.2015-09.com.zebra_382F6BCF-CF0F-4390-94F1-6CEF82FFFB02.swidtag Bestanden om te verplaatsen of verwijderen: C:UsersReceptieFirefox Setup Stub 25.0.1.exe C:UsersReceptieljP1000_P1500-HB-pnp-win32-en.exe Sommige bestanden in TEMP: C:UsersICT StageAppDataLocalTempcatchme.dll C:UsersICT StageAppDataLocalTempdllnt_dump.dll Bamital & volsnap (Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.) C:Windowsexplorer.exe => Bestand is getekend C:Windowssystem32winlogon.exe => Bestand is getekend C:Windowssystem32wininit.exe => Bestand is getekend C:Windowssystem32svchost.exe => Bestand is getekend C:Windowssystem32services.exe => Bestand is getekend C:Windowssystem32User32.dll => Bestand is getekend C:Windowssystem32userinit.exe => Bestand is getekend C:Windowssystem32rpcss.dll => Bestand is getekend C:Windowssystem32dnsapi.dll => Bestand is getekend C:Windowssystem32Driversvolsnap.sys => Bestand is getekend BCD Windows-opstartbeheer --------------------- id {bootmgr} device partition=DeviceHarddiskVolume1 path bootmgr description Windows Boot Manager locale nl-NL inherit {globalsettings} default {current} resumeobject {b831c149-afc7-11e6-8a55-806e6f6e6963} displayorder {current} toolsdisplayorder {memdiag} timeout 30 Windows-opstartlaadprogramma ---------------------------- id {87cde4fa-e0e5-11e0-aee8-180373b7c387} device unknown path Windowssystem32winload.exe description Windows 7 locale nl-NL inherit {bootloadersettings} recoverysequence {87cde4fb-e0e5-11e0-aee8-180373b7c387} recoveryenabled Yes osdevice unknown systemroot Windows resumeobject {87cde4f9-e0e5-11e0-aee8-180373b7c387} nx OptIn Windows-opstartlaadprogramma ---------------------------- id {87cde4fb-e0e5-11e0-aee8-180373b7c387} Windows-opstartlaadprogramma ---------------------------- id {current} device partition=C: path Windowssystem32winload.exe description Windows 7 Professional (hersteld) locale nl-NL recoverysequence {87cde4fb-e0e5-11e0-aee8-180373b7c387} recoveryenabled Yes osdevice partition=C: systemroot Windows resumeobject {b831c149-afc7-11e6-8a55-806e6f6e6963} Windows-opstartlaadprogramma ---------------------------- id {946682e1-b012-11e6-997b-80882100ed35} device ramdisk=[DeviceHarddiskVolume1]RecoverywindowsreWinre.wim,{946682e2-b012-11e6-997b-80882100ed35} path windowssystem32winload.exe description Windows Recovery Environment (hersteld) locale osdevice ramdisk=[DeviceHarddiskVolume1]RecoverywindowsreWinre.wim,{946682e2-b012-11e6-997b-80882100ed35} systemroot windows winpe Yes Hervatten uit sluimerstand -------------------------- id {87cde4f9-e0e5-11e0-aee8-180373b7c387} device unknown path Windowssystem32winresume.exe description Windows Resume Application locale nl-NL inherit {resumeloadersettings} filedevice unknown filepath hiberfil.sys pae Yes debugoptionenabled No Hervatten uit sluimerstand -------------------------- id {b831c149-afc7-11e6-8a55-806e6f6e6963} device partition=C: path Windowssystem32winresume.exe description Windows 7 Professional (hersteld) locale nl-NL inherit {resumeloadersettings} filedevice partition=C: filepath hiberfil.sys pae Yes debugoptionenabled No Windows-geheugentest -------------------- id {memdiag} device partition=DeviceHarddiskVolume1 path bootmemtest.exe description Windows Memory Diagnostic locale nl-NL inherit {globalsettings} badmemoryaccess Yes EMS-instellingen ---------------- id {emssettings} bootems Yes Debugger-instellingen --------------------- id {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM-defecten ------------ id {badmemory} Globale instellingen -------------------- id {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Instellingen voor opstartlaadprogramma -------------------------------------- id {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor-instellingen ------------------- id {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Instellingen voor hervattingslaadprogramma ------------------------------------------ id {resumeloadersettings} inherit {globalsettings} Apparaatopties -------------- id {87cde4fc-e0e5-11e0-aee8-180373b7c387} description Ramdisk Options ramdisksdidevice unknown ramdisksdipath RecoveryWindowsREboot.sdi Apparaatopties -------------- id {946682e2-b012-11e6-997b-80882100ed35} ramdisksdidevice partition=DeviceHarddiskVolume1 ramdisksdipath Recoverywindowsreboot.sdi LastRegBack: 2016-11-14 13:59 Eind van FRST.txt HIJACKTHIS LOG Logfile of Trend Micro HijackThis v2.0.5 Scan saved at 15:17:06, on 24-11-2016 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18163) Boot mode: Normal Running processes: C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Windowssystem32taskhost.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesInternet Exploreriexplore.exe C:Program FilesRealtekAudioHDARtDCpl.exe C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmNotify.exe C:Program FilesMicrosoft Security Clientmsseces.exe C:Program FilesCommon FilesJavaJava Updatejusched.exe C:ProgramDataLogishrdLogiOptionsSoftware3.42.7LogiOptionsMgr.exe C:Program FilesFreePDF_XPfpassist.exe C:Program FilesRoxioOEMRoxio BurnRoxioBurnLauncher.exe C:Program FilesCitrixICA Clientconcentr.exe C:Program FilesWinZipWZUpdateNotifier.exe C:Program FilesWinZipFAHWindow32.exe C:Program FilesWinZipWzPreloader.exe C:Program FilesCitrixICA ClientReceiverReceiver.exe C:Program FilesCitrixICA Clientwfcrun32.exe C:WindowsSystem32mobsync.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesCommon FilesJavaJava Updatejucheck.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Windowssystem32NOTEPAD.EXE C:Windowssystem32NOTEPAD.EXE C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:Program FilesGoogleChromeApplicationchrome.exe C:UsersICT StageDesktopHijackThis.exe R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130918748337091240&GUID=AEAAB23F-FFA8-40F3-9089-B284556C4739 R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = O2 - BHO: Java⢠Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.8.0_65binssv.dll O2 - BHO: Java⢠Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre1.8.0_65binjp2ssv.dll O4 - HKLM.Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtDCpl.exe O4 - HKLM.Run: [IgfxTray] C:Windowssystem32igfxtray.exe O4 - HKLM.Run: [Persistence] C:Windowssystem32igfxpers.exe O4 - HKLM.Run: [IAStorIcon] C:Program FilesIntelIntel® Rapid Storage TechnologyIAStorIcon.exe O4 - HKLM.Run: [IMSS] 'C:Program FilesIntelIntel® Management Engine ComponentsIMSSPIconStartup.exe' O4 - HKLM.Run: [TdmNotify] C:Program FilesDellDell Data ProtectionAccessAdvancedWaveTrusted Drive ManagerTdmNotify.exe O4 - HKLM.Run: [OfficeScanNT Monitor] 'C:Program FilesTrend MicroOfficeScan Clientpccntmon.exe' -HideWindow O4 - HKLM.Run: [MSC] 'c:Program FilesMicrosoft Security Clientmsseces.exe' -hide -runkey O4 - HKLM.Run: [LogiOptions] C:Program FilesLogitechLogiOptionsLogiOptions.exe /noui O4 - HKLM.Run: [VMware Netlink 3 HV Install Utility] C:Program FilesCommon FilesVMwareDeviceRedirectionCommonftnliu.exe O4 - HKLM.Run: [HPUsageTrackingLEDM] 'C:Program FilesHPHP UT LEDMbinhppusg.exe' 'C:Program FilesHPHP UT LEDM' O4 - HKLM.Run: [SwitchBoard] C:Program FilesCommon FilesAdobeSwitchBoardSwitchBoard.exe O4 - HKLM.Run: [SunJavaUpdateSched] 'C:Program FilesCommon FilesJavaJava Updatejusched.exe' O4 - HKLM.Run: [Spiceworks] C:Program FilesSpiceworksbinspicetray_silent.exe O4 - HKLM.Run: [RoxWatchTray] 'C:Program FilesCommon FilesRoxio SharedOEM12.0SharedCOMRoxWatchTray12OEM.exe' O4 - HKLM.Run: [ISUSScheduler] 'C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe' -start O4 - HKLM.Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe O4 - HKLM.Run: [FreePDF Assistant] C:Program FilesFreePDF_XPfpassist.exe O4 - HKLM.Run: [Desktop Disc Tool] 'C:Program FilesRoxioOEMRoxio BurnRoxioBurnLauncher.exe' O4 - HKLM.Run: [ConnectionCenter] 'C:Program FilesCitrixICA Clientconcentr.exe' /startup O4 - HKLM.Run: [AdobeCS5.5ServiceManager] 'C:Program FilesCommon FilesAdobeCS5.5ServiceManagerCS5.5ServiceManager.exe' -launchedbylogin O4 - HKLM.Run: [AdobeAAMUpdater-1.0] 'C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe' O4 - HKLM.Run: [Adobe ARM] 'C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe' O4 - HKCU.Run: [CCleaner Monitoring] 'C:Program FilesCCleanerCCleaner.exe' /MONITOR O4 - Global Startup: FAH.lnk = C:Program FilesWinZipFAHConsole.exe O4 - Global Startup: Update-melder.lnk = C:Program FilesWinZipWZUpdateNotifier.exe O4 - Global Startup: WinZip Preloader.lnk = C:Program FilesWinZipWzPreloader.exe O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program FilesHewlett-PackardSmartPrintsmartprintsetup.exe O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:Program FilesHewlett-PackardSmartPrintsmartprintsetup.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~1MICROS~1Office12REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.selectvracht.nl (HKLM) O15 - Trusted Zone: http://*.snh-dbs (HKLM) O15 - Trusted IP range: http://185.10.96.14 O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM) O16 - DPF: {B79C81C0-7650-4CAB-8466-E14C6A31EBAD} (SWTSC Control) - https://vpn.s-h.nl/SWTSC.cab O17 - HKLMSystemCCSServicesTcpipParameters: Domain = SH.lokaal O17 - HKLMSoftware.Telephony: DomainName = SH.lokaal O17 - HKLMSystemCCSServicesTcpip.{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1 O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = SH.lokaal O17 - HKLMSystemCS1ServicesTcpip.{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1 O17 - HKLMSystemCS2ServicesTcpipParameters: Domain = SH.lokaal O17 - HKLMSystemCS2ServicesTcpip.{0AC5B16C-0C6F-403B-AE87-32CC75F63D35}: NameServer = 192.168.1.3,192.168.1.1 O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:Program FilesCitrixICA ClientIcaMimeFilter.dll O20 - Winlogon Notify: spba - C:Program FilesCommon FilesSPBAhomefus2.dll -- End of file - 9515 bytes
Edited by hamluis, 24 November 2016 - 12:24 PM.
Merged posts - Hamluis. Scan performed on 4/25/2017, Computer: Toshiba Dynabook SS S8/210LNSN - Windows 7 64 bit
Outdated or Corrupted drivers:4/22
I have a redirected printer port that use redmon (redirect port monitor) with a postscript printer driver to convert postscript to pdf and apply some other effects like watermarks, overlays, etc.In win 7 all work fine but in windows 10 the process run under system user account.In the configuration window of the printer port there is a flag called 'Run as user' and in win7, checking this flag let the job running under the user account.In Windows 10 it seems not working.Any suggestion will be very appreciated.Thank you.Roy
RoyRoy
1 Answer
I had a similar problem. I needed the user that printed the document to select the type of document and a patient ID. Then print the document to our EHR system as a PDF. Works in Windows 7 when 'Run as User' is checked, but not on Windows 10. Redmon always runs the program as 'SYSTEM'. So I added a bit to the beginning of the program to check the user name. If it is 'SYSTEM' the program looks for the an interactive user on the system by finding an instance of explorer.exe. If more than one interactive user is logged onto the system this will fail. Not a problem for my task. The program then starts another instance of itself running as the same user as explorer.exe, passing the same command line. A pipe is used so that stdin from the first instance can be piped to stdin on the second instance. Another limitation is that on a 64 bit OS, a 64 bit version of the program must be used. Otherwise explorer.exe may not be found.
The following code is what I placed at the beginning of my program. Don't be fooled by the program starting at main(). I am using a GUII toolkit that has WinMain() in it and then calls main(). I have only tested the code on ASCII programs. I tried to use the ASCII version of calls so that it would work with non-ASCII programs, but I am not sure I got all of them.
The LogInfoSys('Hello World'); function just writes to a log file.
Good luck.
Charles FischerCharles Fischer
Got a question that you canât ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Not the answer you're looking for? Browse other questions tagged pdfprintingwindows-10ghostscriptredmon or ask your own question.Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |