Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 Chrome recurring popup www.newpoptab.com


  • This topic is locked This topic is locked
30 replies to this topic

#1 jeroenvanderlaarse

jeroenvanderlaarse

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 18 December 2015 - 05:48 AM

Dear Malware warriors,

 

Since a couple of weeks my Chrome is haunted by popups, suddenly opening tabs to www.newpoptab.com.

I have used Spyhunter 4 and Malwarebytes Anti--Malware to scan, clean and protect my computer.

 

Still, every now and then Malwarebytes catches the popup to www.newpoptab.com.

I would really like to completely delete the source of this popup from my computer.

What can I do?

 

Regards,

Jeroen



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 19 December 2015 - 09:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===


Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 21 December 2015 - 04:39 AM

Hello Nasdaq,
 
Thanks for your help.
 
Enclosed are my scanresults.
 
Scanresultaten van Farbar Recovery Scan Tool (FRST) (x64) Versie:20-12-2015
Gestart door Jeroen (Beheerder) op XPS (21-12-2015 10:22:47)
Gestart vanaf C:\Users\Jeroen\Downloads
Geladen Profielen: Jeroen & UpdatusUser (Beschikbare Profielen: Jeroen & UpdatusUser & Administrator & DefaultAppPool)
Platform: Windows 10 Pro (X64) Taal: Nederlands (Nederland)
Internet Explorer Versie 11 (Standaardbrowser: Chrome)
Boot Modus: Normal
 
==================== Processen (gefilterd) =================
 
(Als een item is opgenomen in de fixlist, het proces zal worden gesloten. Het bestand zal niet worden verplaatst.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files (x86)\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\MySQL\bin\mysqld-nt.exe
(CS Net) C:\Program Files (x86)\HDN\bin\hdnmonitor.exe
(Communications Security Net BV) C:\Program Files (x86)\CS Engineering\Scheduler\schedulerd.exe
(Communications Security Net BV) C:\Program Files (x86)\HDN\bin\hdnwsgw.exe
(TomTom) C:\Program Files (x86)\TomTom HOME\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(CS Net) C:\Program Files (x86)\CS Engineering\Dtgw\dtgw.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DivX, LLC) C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files (x86)\Opera\launcher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.25\opera_autoupdate.exe
 
 
==================== Register (gefilterd) ===========================
 
(Als een item is opgenomen in de fixlist, het registry item zal worden teruggezet naar de standaardwaarden of verwijderd. Het bestand zal niet worden verplaatst.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6486120 2010-09-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2120808 2010-09-03] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-01-23] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [CS Engineering Desktop Gateway (HDN)] => C:\Program Files (x86)\CS Engineering\Dtgw\dtgw.exe [37888 2013-12-10] (CS Net)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861640 2015-06-26] (DivX, LLC)
HKU\S-1-5-21-1191617861-1138891113-2551088673-1000\...\Run: [ApacheTomcatMonitor8.0_Tomcat8] => C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8w.exe [110208 2014-09-24] (Apache Software Foundation)
HKU\S-1-5-21-1191617861-1138891113-2551088673-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-1191617861-1138891113-2551088673-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-07-10] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
 
==================== Internet (gefilterd) ====================
 
(Als een item is opgenomen in de fixlist, als het een registry item is wordt verwijderd of hersteld naar de standaard.)
 
Tcpip\Parameters: [DhcpNameServer] 213.46.228.196 62.179.104.196
Tcpip\..\Interfaces\{a7c3f102-dae8-45c2-9f06-30b9aba7b2d4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{a7c3f102-dae8-45c2-9f06-30b9aba7b2d4}: [DhcpNameServer] 213.46.228.196 62.179.104.196
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130883747551442651&GUID=D12426E0-BF37-4C1F-AB4B-B74EC869A0BF
HKU\S-1-5-21-1191617861-1138891113-2551088673-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.nl/
HKU\S-1-5-21-1191617861-1138891113-2551088673-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1191617861-1138891113-2551088673-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-02] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-02] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2014-04-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.nl/
CHR Profile: C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Betalingen via Chrome Web Store) - C:\Users\Jeroen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-11]
 
==================== Services (gefilterd) ========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2014-01-21] (BlackBerry Limited) [Bestand niet getekend]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Bestand niet getekend]
R2 CSE Scheduler; C:\Program Files (x86)\CS Engineering\Scheduler\schedulerd.exe [84992 2013-09-25] (Communications Security Net BV) [Bestand niet getekend]
R2 HDN LOCALWS; C:\Program Files (x86)\HDN\bin\hdnwsgw.exe [871936 2015-11-04] (Communications Security Net BV) [Bestand niet getekend]
R2 HDN MONITOR; C:\Program Files (x86)\HDN\bin\hdnmonitor.exe [87552 2015-11-04] (CS Net) [Bestand niet getekend]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MySql; C:\Program Files (x86)\MySQL\bin\mysqld-nt.exe [2211840 2005-09-05] () [Bestand niet getekend]
U2 MYSQL5; C:\Program Files (x86)\MySQL\MySQL Server 5.6\my.ini [1365 2014-06-27] () [Bestand niet getekend]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 Tomcat8; C:\Program Files\Apache Software Foundation\Tomcat 8.0\bin\Tomcat8.exe [109696 2014-09-24] (Apache Software Foundation)
R2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME\TomTomHOMEService.exe [93040 2015-07-13] (TomTom)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 lifyqeki; geen ImagePath
 
===================== Drivers (gefilterd) ==========================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-10] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-12-21] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek                                            )
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-13] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; geen ImagePath
U3 wpcsvc; geen ImagePath
 
==================== NetSvcs (gefilterd) ===================
 
(Als een item is opgenomen in de fixlist, wordt uit het register verwijderd. Het bestand zal niet worden verplaatst tenzij apart vermeld.)
 
 
==================== Een Maand Aangemaakt bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-21 10:22 - 2015-12-21 10:22 - 02370560 _____ (Farbar) C:\Users\Jeroen\Downloads\FRST64.exe
2015-12-21 10:22 - 2015-12-21 10:22 - 00012680 _____ C:\Users\Jeroen\Downloads\FRST.txt
2015-12-21 10:14 - 2015-12-21 10:14 - 00016148 _____ C:\WINDOWS\system32\XPS_Jeroen_HistoryPrediction.bin
2015-12-19 18:03 - 2015-12-19 18:03 - 00003584 _____ C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-12-18 11:39 - 2015-12-18 11:39 - 00002501 _____ C:\malwarebyte.txt
2015-12-17 07:57 - 2015-12-18 12:10 - 00001884 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-15 12:53 - 2015-12-18 12:10 - 00001315 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office Outlook.lnk
2015-12-15 10:58 - 2015-12-20 08:06 - 00000000 ____D C:\Users\Jeroen\AppData\Local\CrashDumps
2015-12-14 10:51 - 2015-12-14 10:51 - 00000000 ____D C:\Users\Jeroen\AppData\Local\PeerDistRepub
2015-12-13 14:34 - 2015-12-21 10:22 - 00000000 ____D C:\FRST
2015-12-13 13:44 - 2015-12-13 14:38 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-13 13:44 - 2015-12-13 14:29 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-13 13:44 - 2015-12-13 13:44 - 00000000 __SHD C:\Users\Jeroen\AppData\Local\EmieBrowserModeList
2015-12-13 13:39 - 2015-12-18 10:37 - 00000000 ____D C:\Users\Jeroen\AppData\Local\VirtualStore
2015-12-13 13:34 - 2015-12-13 12:42 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2015-12-13 12:41 - 2015-12-13 13:29 - 00000000 ____D C:\zoek_backup
2015-12-13 12:24 - 2015-12-21 10:17 - 00000000 ____D C:\AdwCleaner
2015-12-13 12:12 - 2015-12-13 12:29 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-13 12:11 - 2015-12-13 12:11 - 00000000 ____D C:\WINDOWS\pss
2015-12-13 11:20 - 2015-12-13 11:20 - 00000083 _____ C:\Users\Jeroen\Documents\malware.txt
2015-12-12 09:41 - 2015-12-21 10:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-12 09:40 - 2015-12-12 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-12 09:40 - 2015-12-12 09:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-12 09:40 - 2015-12-12 09:40 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-12 09:40 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-12 09:40 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-12 09:40 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-11 18:29 - 2015-12-11 18:29 - 00000000 ____D C:\Users\Jeroen\.MCTranscodingSDK
2015-12-11 18:18 - 2015-12-11 18:18 - 00000000 ____D C:\Users\Jeroen\Documents\The KMPlayer
2015-12-11 10:13 - 2015-12-18 12:10 - 00001583 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter.lnk
2015-12-10 21:41 - 2015-12-10 21:41 - 00000000 _____ C:\autoexec.bat
2015-12-10 21:39 - 2015-12-10 21:39 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-12-10 14:17 - 2015-12-18 12:15 - 00001186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-12-10 14:17 - 2015-12-10 14:17 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1449753457
2015-12-10 11:38 - 2015-12-10 11:40 - 00000378 _____ C:\WINDOWS\SysWOW64\data.bin
2015-12-10 11:05 - 2015-12-10 11:05 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-12-10 11:05 - 2009-06-10 22:00 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-12-10 10:52 - 2015-12-10 10:52 - 00000038 _____ C:\Users\Jeroen\Documents\UBizzClientUpdate.VER
2015-12-09 11:44 - 2015-12-09 11:44 - 10660352 _____ C:\Users\Jeroen\Documents\1449652738Voorbespreekpost  tnv AM Klok .msg
2015-12-09 10:59 - 2015-12-09 10:59 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-12-09 10:18 - 2015-11-25 05:44 - 21872640 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-09 10:17 - 2015-12-01 08:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-09 10:17 - 2015-12-01 07:03 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-12-09 10:17 - 2015-12-01 06:54 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-12-09 10:17 - 2015-12-01 06:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-12-09 10:17 - 2015-12-01 06:49 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-12-09 10:17 - 2015-12-01 06:02 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-12-09 10:17 - 2015-12-01 05:59 - 05455360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-12-09 10:17 - 2015-11-25 06:42 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-12-09 10:17 - 2015-11-25 06:42 - 00168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2015-12-09 10:17 - 2015-11-25 06:41 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-09 10:17 - 2015-11-25 06:40 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-12-09 10:17 - 2015-11-25 06:33 - 03622272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-09 10:17 - 2015-11-25 06:32 - 00113184 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2015-12-09 10:17 - 2015-11-25 06:27 - 01366680 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-09 10:17 - 2015-11-25 06:12 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-12-09 10:17 - 2015-11-25 06:11 - 01532984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-09 10:17 - 2015-11-25 06:09 - 01310880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-09 10:17 - 2015-11-25 06:01 - 02879024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-09 10:17 - 2015-11-25 05:59 - 00092992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2015-12-09 10:17 - 2015-11-25 05:49 - 01569280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-12-09 10:17 - 2015-11-25 05:49 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-12-09 10:17 - 2015-11-25 05:49 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-09 10:17 - 2015-11-25 05:49 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2015-12-09 10:17 - 2015-11-25 05:48 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EthernetMediaManager.dll
2015-12-09 10:17 - 2015-11-25 05:48 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMediaManager.dll
2015-12-09 10:17 - 2015-11-25 05:42 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-09 10:17 - 2015-11-25 05:37 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-09 10:17 - 2015-11-25 05:36 - 01710592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-09 10:17 - 2015-11-25 05:36 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-12-09 10:17 - 2015-11-25 05:35 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-09 10:17 - 2015-11-25 05:35 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-12-09 10:17 - 2015-11-25 05:34 - 12504576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-09 10:17 - 2015-11-25 05:31 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAMM.dll
2015-12-09 10:17 - 2015-11-25 05:30 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3mm.dll
2015-12-09 10:17 - 2015-11-25 05:30 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-09 10:17 - 2015-11-25 05:30 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-12-09 10:17 - 2015-11-25 05:29 - 01649152 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-09 10:17 - 2015-11-25 05:29 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2015-12-09 10:17 - 2015-11-25 05:28 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-09 10:17 - 2015-11-25 05:28 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-09 10:17 - 2015-11-25 05:27 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-12-09 10:17 - 2015-11-25 05:26 - 00849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-12-09 10:17 - 2015-11-25 05:26 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-09 10:17 - 2015-11-25 05:25 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-12-09 10:17 - 2015-11-25 05:25 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2015-12-09 10:17 - 2015-11-25 05:23 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-09 10:17 - 2015-11-25 05:23 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-09 10:17 - 2015-11-25 05:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-12-09 10:17 - 2015-11-25 05:22 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-09 10:17 - 2015-11-25 05:22 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-09 10:17 - 2015-11-25 05:22 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-12-09 10:17 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdgeoqw.dll
2015-12-09 10:17 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZST.DLL
2015-12-09 10:17 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZEL.DLL
2015-12-09 10:17 - 2015-11-25 05:22 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDAZE.DLL
2015-12-09 10:17 - 2015-11-25 05:19 - 01795584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-12-09 10:17 - 2015-11-25 05:19 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-12-09 10:17 - 2015-11-25 05:18 - 01233920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-12-09 10:17 - 2015-11-25 05:17 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-09 10:17 - 2015-11-25 05:16 - 01442816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-09 10:17 - 2015-11-25 05:16 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-12-09 10:17 - 2015-11-25 05:13 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-09 10:17 - 2015-11-25 05:11 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2015-12-09 10:17 - 2015-11-25 05:10 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-09 10:17 - 2015-11-25 05:10 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-09 10:17 - 2015-11-25 05:10 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-09 10:17 - 2015-11-25 05:10 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-09 10:17 - 2015-11-25 05:08 - 00749568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-12-09 10:17 - 2015-11-25 05:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2015-12-09 10:17 - 2015-11-25 05:05 - 11263488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-09 10:17 - 2015-11-25 05:04 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-09 10:17 - 2015-11-25 05:04 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-12-09 10:17 - 2015-11-25 05:04 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2015-12-09 10:17 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdgeoqw.dll
2015-12-09 10:17 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZST.DLL
2015-12-09 10:17 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZEL.DLL
2015-12-09 10:17 - 2015-11-25 05:04 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDAZE.DLL
2015-12-09 10:17 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\SysWOW64\locale.nls
2015-12-09 10:17 - 2015-11-25 03:52 - 00775312 _____ C:\WINDOWS\system32\locale.nls
2015-12-08 13:42 - 2014-06-07 17:52 - 00000000 ____D C:\Program Files (x86)\qpdf
2015-12-06 13:26 - 2015-12-18 12:15 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-25 11:41 - 2015-12-18 12:15 - 00002003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loon 2015.lnk
2015-11-25 11:41 - 2015-11-25 11:41 - 00000000 ____D C:\Program Files (x86)\Loon 2015
2015-11-23 14:02 - 2015-12-18 12:09 - 00001371 _____ C:\Users\Jeroen\Desktop\VPN close.lnk
2015-11-23 13:58 - 2015-12-18 12:09 - 00001335 _____ C:\Users\Jeroen\Desktop\VPN.lnk
 
==================== Een Maand Gewijzigd bestanden en mappen ========
 
(Als een item is opgenomen in de fixlist, het bestand/map wordt verplaatst.)
 
2015-12-21 10:14 - 2014-06-26 13:08 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-21 10:13 - 2015-07-30 22:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-21 10:13 - 2015-07-10 10:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-21 10:06 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-21 10:03 - 2014-06-26 21:09 - 00000000 ____D C:\Users\Jeroen\Documents\Pyrrho
2015-12-21 09:59 - 2015-10-22 22:08 - 00004178 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1AB69379-0C5D-420E-94B6-159888721C4A}
2015-12-21 09:59 - 2015-07-30 23:42 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-20 18:52 - 2014-06-26 13:08 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-20 13:43 - 2015-10-03 22:10 - 00000000 ____D C:\Users\Jeroen
2015-12-20 13:43 - 2015-09-17 11:14 - 00001857 _____ C:\Users\Jeroen\.xmlcopyeditor
2015-12-20 11:38 - 2014-12-10 08:33 - 00000000 ____D C:\ProgramData\HDN
2015-12-20 08:09 - 2014-08-21 12:22 - 00000000 ____D C:\Users\Jeroen\AppData\Roaming\vlc
2015-12-19 18:09 - 2014-06-26 20:46 - 00000000 ____D C:\Users\Jeroen\AppData\Roaming\SmartFTP
2015-12-19 18:05 - 2014-11-14 11:26 - 00000000 ____D C:\ProgramData\DivX
2015-12-18 12:33 - 2014-06-27 11:03 - 00002324 ____H C:\Users\Jeroen\Documents\Default.rdp
2015-12-18 12:15 - 2015-10-03 22:19 - 00001483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-18 12:15 - 2015-07-18 12:23 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Balsamiq Mockups 3.lnk
2015-12-18 12:15 - 2015-07-01 08:51 - 00001295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-12-18 12:15 - 2015-07-01 08:50 - 00001364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-12-18 12:15 - 2015-05-14 15:20 - 00000883 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scratch 2.lnk
2015-12-18 12:15 - 2015-02-23 11:07 - 00000961 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-12-18 12:15 - 2014-08-06 20:24 - 00001178 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paint.NET.lnk
2015-12-18 12:13 - 2015-05-14 15:20 - 00000877 _____ C:\Users\Public\Desktop\Scratch 2.lnk
2015-12-18 12:10 - 2015-11-06 09:41 - 00001216 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera 33.lnk
2015-12-18 12:10 - 2015-10-04 09:36 - 00002427 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-18 12:10 - 2014-09-23 20:48 - 00001316 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UBizzAdministrator.LNK
2015-12-18 12:10 - 2014-06-27 11:41 - 00000987 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NSIS.lnk
2015-12-18 12:10 - 2014-06-27 11:39 - 00000963 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
2015-12-18 12:10 - 2014-06-26 21:07 - 00001240 _____ C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\UBizzClient.LNK
2015-12-18 12:09 - 2015-10-12 15:30 - 00001762 _____ C:\Users\Jeroen\Desktop\UBizzTemplates.lnk
2015-12-18 12:09 - 2015-10-06 13:35 - 00001384 _____ C:\Users\Jeroen\Desktop\UBizz Finsys.LNK
2015-12-18 12:09 - 2015-09-21 08:13 - 00001494 _____ C:\Users\Jeroen\Desktop\HDN validtest.lnk
2015-12-18 12:09 - 2015-09-21 08:12 - 00000932 _____ C:\Users\Jeroen\Desktop\HDN XML Copy Editor.lnk
2015-12-18 12:09 - 2015-07-21 09:24 - 00002359 _____ C:\Users\Jeroen\Desktop\map template jeroen.lnk
2015-12-18 12:09 - 2015-07-11 09:56 - 00002206 _____ C:\Users\Jeroen\Desktop\UBizz UM.LNK
2015-12-18 12:09 - 2014-12-10 13:32 - 00001274 _____ C:\Users\Jeroen\Desktop\UBizz HomeBase.LNK
2015-12-18 12:09 - 2014-11-21 10:41 - 00001384 _____ C:\Users\Jeroen\Desktop\UBizz PY.LNK
2015-12-18 12:09 - 2014-10-14 05:00 - 00002206 _____ C:\Users\Jeroen\Desktop\UBizz H+.LNK
2015-12-18 12:09 - 2014-10-10 08:14 - 00001270 _____ C:\Users\Jeroen\Desktop\services.lnk
2015-12-18 12:09 - 2014-10-07 06:38 - 00001349 _____ C:\Users\Jeroen\Desktop\RDC admin.lnk
2015-12-18 12:09 - 2014-09-24 13:30 - 00002176 _____ C:\Users\Jeroen\Desktop\UBizz SAS.LNK
2015-12-18 12:09 - 2014-06-26 21:08 - 00002176 _____ C:\Users\Jeroen\Desktop\UBizz JvdL.LNK
2015-12-18 12:09 - 2014-06-26 21:08 - 00001384 _____ C:\Users\Jeroen\Desktop\UBizz NWB.LNK
2015-12-18 12:09 - 2014-06-26 21:08 - 00001349 _____ C:\Users\Jeroen\Desktop\RDC.lnk
2015-12-18 11:26 - 2015-07-30 23:40 - 00000000 ____D C:\WINDOWS\INF
2015-12-18 11:25 - 2015-07-10 10:47 - 00000000 ____D C:\Windows
2015-12-18 10:40 - 2011-01-11 14:38 - 00000000 ____D C:\Pyrrho
2015-12-17 10:18 - 2014-07-01 14:59 - 00000000 ____D C:\Users\Jeroen\AppData\Roaming\Belastingdienst
2015-12-17 07:59 - 2014-12-07 16:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-12-15 22:48 - 2013-02-26 18:35 - 00000000 ____D C:\_Install10
2015-12-15 08:12 - 2011-01-11 14:08 - 00000000 ____D C:\__JL
2015-12-14 16:12 - 2014-07-14 14:03 - 00005616 _____ C:\Users\Jeroen\Desktop\Doc.txt
2015-12-13 13:30 - 2015-10-06 07:51 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-12-13 11:10 - 2015-10-04 09:31 - 00000000 ____D C:\Users\Jeroen\AppData\Local\Packages
2015-12-13 09:33 - 2015-10-03 22:06 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-11 18:28 - 2014-11-14 11:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-12-11 18:28 - 2014-11-14 11:27 - 00000000 ____D C:\Program Files (x86)\DivX
2015-12-11 11:30 - 2014-06-26 13:08 - 00000000 ____D C:\Users\Jeroen\AppData\Local\Google
2015-12-10 12:50 - 2015-09-10 06:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-10 12:49 - 2015-07-30 22:49 - 00345496 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 11:41 - 2015-11-12 14:10 - 00000000 ____D C:\Users\Jeroen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-10 11:41 - 2014-06-26 13:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-10 10:35 - 2012-01-02 21:15 - 00000000 ____D C:\_InstallScripts
2015-12-10 10:35 - 2011-01-12 16:36 - 00000000 ____D C:\_Install8
2015-12-10 09:52 - 2015-10-03 22:09 - 02133930 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-10 09:52 - 2015-09-10 06:09 - 00927814 _____ C:\WINDOWS\system32\perfh013.dat
2015-12-10 09:52 - 2015-09-10 06:09 - 00203282 _____ C:\WINDOWS\system32\perfc013.dat
2015-12-10 09:19 - 2014-06-26 21:00 - 00000000 ____D C:\Users\Jeroen\Documents\Visual Studio 2010
2015-12-10 08:40 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\rescache
2015-12-10 03:52 - 2014-12-24 15:54 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-10 03:36 - 2014-06-27 20:36 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:36 - 2014-06-27 20:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-10 03:34 - 2015-10-03 22:10 - 00000000 ____D C:\Users\UpdatusUser
2015-12-10 03:33 - 2015-07-30 23:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-09 12:31 - 2015-10-04 09:36 - 00000000 ___RD C:\Users\Jeroen\OneDrive
2015-12-09 11:03 - 2014-06-26 14:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 11:02 - 2014-06-27 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-09 10:57 - 2015-07-30 23:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-09 10:56 - 2014-06-26 23:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 10:42 - 2014-06-26 23:16 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-09 09:23 - 2015-11-18 18:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFtk - The PDF Toolkit
2015-12-09 09:23 - 2015-11-18 18:08 - 00000000 ____D C:\Program Files (x86)\PDFtk
2015-12-09 04:39 - 2010-11-21 04:27 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-06 13:26 - 2014-06-27 11:22 - 00000000 ____D C:\ProgramData\Adobe
2015-12-06 13:26 - 2014-06-27 11:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-04 04:47 - 2014-06-26 13:08 - 00004130 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 04:47 - 2014-06-26 13:08 - 00003898 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-03 10:57 - 2012-04-26 08:14 - 00000000 ____D C:\_PDF
2015-12-02 12:34 - 2014-09-24 14:54 - 00000000 ____D C:\ProgramData\Oracle
2015-12-02 11:11 - 2015-10-22 18:09 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-02 11:11 - 2015-05-31 06:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-02 11:11 - 2015-05-31 05:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-12-02 11:10 - 2015-10-22 18:09 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-12-02 11:10 - 2015-09-18 01:31 - 00000000 ____D C:\Users\Jeroen\.oracle_jre_usage
2015-12-01 11:37 - 2011-01-11 14:10 - 00000000 ____D C:\__Emma
2015-12-01 10:39 - 2015-05-25 08:33 - 00000000 ____D C:\Users\Jeroen\AppData\Local\Eclipse
2015-12-01 01:32 - 2015-07-30 23:43 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-01 01:32 - 2015-07-30 23:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-30 16:35 - 2015-02-17 14:38 - 00000000 ____D C:\^Werk
2015-11-29 23:21 - 2014-08-06 20:23 - 00000000 ____D C:\Users\Jeroen\AppData\Local\Paint.NET
2015-11-29 21:45 - 2011-01-12 15:57 - 00000000 ____D C:\dev
2015-11-26 16:09 - 2015-02-05 11:52 - 00000000 ____D C:\_HDN
2015-11-25 11:41 - 2015-01-26 12:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Loon 2015
2015-11-23 14:17 - 2014-06-27 08:05 - 00000000 ____D C:\Users\Jeroen\AppData\Local\Pyrrho
 
==================== Bestanden in de root van sommige mappen =======
 
2014-07-30 07:46 - 2015-01-01 09:41 - 0000770 _____ () C:\Users\Jeroen\AppData\Roaming\Rim.Desktop.Exception.log
2014-07-30 07:45 - 2014-07-30 07:45 - 0001153 _____ () C:\Users\Jeroen\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2014-07-30 07:46 - 2015-01-01 09:41 - 0000770 _____ () C:\Users\Jeroen\AppData\Roaming\Rim.DesktopHelper.Exception.log
2015-12-19 18:03 - 2015-12-19 18:03 - 0003584 _____ () C:\Users\Jeroen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-04 10:20 - 2014-09-04 10:20 - 0001449 _____ () C:\Users\Jeroen\AppData\Local\recently-used.xbel
2015-04-19 18:55 - 2015-04-19 18:56 - 0011748 _____ () C:\Users\Jeroen\AppData\Local\Temp-log.txt
 
Sommige bestanden in TEMP:
====================
C:\Users\Jeroen\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(Er is geen automatische fix voor bestanden die de verificatie niet doorkomen.)
 
C:\WINDOWS\system32\winlogon.exe => Bestand is getekend
C:\WINDOWS\system32\wininit.exe => Bestand is getekend
C:\WINDOWS\explorer.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\explorer.exe => Bestand is getekend
C:\WINDOWS\system32\svchost.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\svchost.exe => Bestand is getekend
C:\WINDOWS\system32\services.exe => Bestand is getekend
C:\WINDOWS\system32\User32.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\User32.dll => Bestand is getekend
C:\WINDOWS\system32\userinit.exe => Bestand is getekend
C:\WINDOWS\SysWOW64\userinit.exe => Bestand is getekend
C:\WINDOWS\system32\rpcss.dll => Bestand is getekend
C:\WINDOWS\system32\dnsapi.dll => Bestand is getekend
C:\WINDOWS\SysWOW64\dnsapi.dll => Bestand is getekend
C:\WINDOWS\system32\Drivers\volsnap.sys => Bestand is getekend
 
 
LastRegBack: 2015-12-20 08:32
 
==================== Eind van FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 21 December 2015 - 09:39 AM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT
Task: {20538742-6398-4657-9844-22AD200B733F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Geen bestand <==== AANDACHT
Task: {27206FD5-63EA-4697-A371-7B86476F87B5} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Geen bestand <==== AANDACHT
Task: {553BB6A6-F298-469D-B366-5C9A359F8236} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Geen bestand <==== AANDACHT
Task: {6BC86676-10E4-42E0-B54F-693F676142F3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Geen bestand <==== AANDACHT
Task: {873963E3-0109-4625-A602-FA7D2EB7965E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Geen bestand <==== AANDACHT
Task: {8D1B0FFC-0113-402E-A988-2C3DC8D4A33B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Geen bestand <==== AANDACHT
Task: {AC479D7D-4E5B-4BBF-81CB-D55A9AAAF417} - System32\Tasks\{91AAD143-DD73-4CEB-A323-FDEFE032B9E2} => pcalua.exe -a C:\Users\Jeroen\AppData\Roaming\mystartsearch\UninstallManager.exe -c  -ptid=smt
Task: {B7D330C9-664E-48EB-AA7A-6F817F8B40F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Geen bestand <==== AANDACHT
Task: {BC72139C-8F06-41F5-868D-DE80A6AFA65D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Geen bestand <==== AANDACHT
Task: {C90E338F-234E-4C4A-BE73-A88244A03943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Geen bestand <==== AANDACHT
Task: {C9626AE7-50AC-44F2-B199-CDE514D90A11} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Geen bestand <==== AANDACHT
Task: {FB4EFB6D-A8DA-4839-9237-E8D78573920B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Geen bestand <==== AANDACHT
Task: {FDFDD24A-EDC8-4584-B1F5-7DA6E5CFEB33} - \SmartWeb Upgrade Trigger Task -> Geen bestand <==== AANDACHT
HKU\S-1-5-21-1191617861-1138891113-2551088673-1000\...\StartupApproved\StartupFolder: => "SmartWeb.lnk"

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

Is the problem persisting?

#5 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 21 December 2015 - 11:24 AM

After executing FRST received attached fixlog.txt.

No popups up till now...

 

Thank you for your help!

 

Regards,

Jeroen

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 21 December 2015 - 01:58 PM

Glad we could help.


If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 22 December 2015 - 01:22 PM

Dear bleep,

Too bad...

Again a www.newpoptab.com popup was caught by malewarebytes.

Any suggestions?

 

Regards,

Jeroen

 

 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 23 December 2015 - 08:53 AM


Again a www.newpoptab.com popup was caught by malewarebytes.

Which browser were you using at the time.

Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

#9 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 23 December 2015 - 10:05 AM

I only use Google Chrome.

Find attached my zoek log.

Any clues?

Attached Files



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 23 December 2015 - 11:45 AM

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 29 December 2015 - 08:49 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 29 December 2015 - 11:35 AM

Deleting and reinstalling Chrome solver my problem.

I haven't seen a popup for a long time!

 

Smart malware, wonder how I contracted it and how it worked..

 

Thanks and happy new year!

 

Jeroen

 

 



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 29 December 2015 - 03:38 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#14 jeroenvanderlaarse

jeroenvanderlaarse
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:16 PM

Posted 11 January 2016 - 03:13 AM

Hi Nasdaq or others,

 

The popups have returned.

Probably after a reboot.

I have deleted and re-installed Chrome multiple times, but that didn't solve the problem again.

 

I have searched the site for clues and I now suspect a rootkit.

I don't know how to remove such a thing.

 

Could you help?

 

Regards,

Jeroen



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:16 PM

Posted 11 January 2016 - 09:13 AM

Run the Farbar tool and post a fresh FRST log.

When you do make sure you select the box "to create an Addition.txt file.
This will create a new Addition.txt file which you you also include in your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users