Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 30-4-2014 Scan Time: 16:34:01 Logfile: Malware 1.txt Administrator: No Version: 2.00.0.1000 Malware Database: v2014.04.30.06 Rootkit Database: v2014.03.27.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: kantoor VvE Scan Type: Threat Scan Result: Completed Objects Scanned: 248366 Time Elapsed: 7 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST, Quarantined, [0b73f23ef8830e28f3bf1d5bef13c23e], Registry Values: 1 PUP.Optional.WinRST.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINRST|ImagePath, C:\Program Files (x86)\WinRST\WinRST.exe, Quarantined, [0b73f23ef8830e28f3bf1d5bef13c23e] Registry Data: 1 PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[eb938ca4cbb0b185edc2260f6a9a09f7] Folders: 6 PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12594, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService, Quarantined, [fd8145eb94e7c67009ce0f59c9395ca4], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update, Quarantined, [fd8145eb94e7c67009ce0f59c9395ca4], Files: 36 PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\PluginService.exe, Quarantined, [e8962010d1aa57dfee45c48f49b88f71], PUP.Optional.WpManager, C:\ProgramData\WPM\wprotectmanager.exe, Quarantined, [1a64a18ff7841e185b2c78e527da3ec2], Trojan.Banker, C:\Users\kantoor VvE\Documents\Downloads\install_winamp555_2353_beta_full_en-us.exe, Quarantined, [2e50d858631813233901b371a85c748c], PUP.Optional.SearchProtect.A, C:\Users\kantoor VvE\AppData\Local\Temp\nsd9AA3.exe, Quarantined, [245a72be087367cf131a3ee82ed30ef2], PUP.Optional.SearchProtect.A, C:\Users\kantoor VvE\AppData\Local\Temp\nsd9DFE.exe, Quarantined, [ff7fcf612f4c4aec94999f872cd5b848], PUP.Optional.SearchProtect.A, C:\Users\kantoor VvE\AppData\Local\Temp\nsn73DE.exe, Quarantined, [116dfc349be02e08c568e343e61b01ff], PUP.Optional.SearchProtect.A, C:\Users\kantoor VvE\AppData\Local\Temp\nswCA46.exe, Quarantined, [b7c7c967f08b7bbbae7f3fe70df4fe02], PUP.Optional.SearchProtect.A, C:\Users\kantoor VvE\AppData\Local\Temp\nsx710F.exe, Quarantined, [56288da39dde1e1842eb899db1506898], PUP.Optional.RegCleanerPro, C:\Users\kantoor VvE\AppData\Local\Temp\RegClean6.exe, Quarantined, [1a64b17fc3b876c0467424e39f62956b], PUP.Optional.SkyTech.A, C:\Users\kantoor VvE\AppData\Local\Temp\fullpackage_temp1398852269\alilog.dll, Quarantined, [92ec40f0e49761d55abb062ca15f5ba5], PUP.Optional.IePluginService.A, C:\Users\kantoor VvE\AppData\Local\Temp\fullpackage_temp1398852269\tmp\SupTab.exe, Quarantined, [bec08ea25b2081b5d65d7dd6867bf808], PUP.Optional.WpManager, C:\Users\kantoor VvE\AppData\Local\Temp\fullpackage_temp1398852269\tmp\wpm.exe, Quarantined, [cdb18ea2522980b6384fd08d03fe47b9], PUP.Optional.Melondrea.A, C:\Users\kantoor VvE\AppData\Local\Temp\n135\melondrea_0702-81cfb2ef.exe, Quarantined, [5f1f9799df9ca5912149d83a8084ca36], PUP.Optional.BundleInstaller.A, C:\Users\kantoor VvE\AppData\Local\Temp\n135\s135.exe, Quarantined, [077773bd6318de5833a42f12bc4420e0], PUP.Optional.PirritSuggestor.A, C:\Users\kantoor VvE\AppData\Local\Temp\n4575\PirritSuggestor_0104-1d309b60.exe, Quarantined, [b3cbec445427e1556dcbf648f50b659b], PUP.Optional.BundleInstaller.A, C:\Users\kantoor VvE\AppData\Local\Temp\n4575\s4575.exe, Quarantined, [e49a5bd52556e94d8d4ab48d4eb2bb45], PUP.Optional.Conduit.A, C:\Users\kantoor VvE\AppData\Local\Temp\n4575\searchprotect_2111-1a12a8ce.exe, Quarantined, [1a64ba76d6a5c86e72e6c257aa57639d], PUP.Optional.Conduit.A, C:\Users\kantoor VvE\AppData\Local\Temp\nsc1F37\SpSetup.exe, Quarantined, [99e50f21fb80152177a50318b54c45bb], PUP.Optional.DomaIQ, C:\Users\kantoor VvE\Downloads\Setup.exe, Quarantined, [acd2a48cdba0b680597f053cc838e41c], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\AddonSafelist, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\log.xslt, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\completedatabase.db, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\Cookies.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\DigSign.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\FilePaths.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\FileSignature.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\Folders.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\Md5.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\Registry.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\SetupSign.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\signatures\StrSetupSign.bin, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\1545completedatabase.zip, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\1776mupdate.zip, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.AdvancedSystemProtector.A, C:\ProgramData\Systweak\Advanced System Protector\updates\1777update.zip, Quarantined, [1866bc743c3fb68008dd76efcd35d828], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginService\update\conf, Quarantined, [fd8145eb94e7c67009ce0f59c9395ca4], PUP.Optional.MySearchDial.A, C:\Users\kantoor VvE\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: ( "startup_urls": [ "http://www.msn.nl/", "http://start.mysearchdial.com/?f=1&a=dsites_14_14_ch&cd=2XzuyEtN2Y1L1Qzu0DyE0B0E0DzyzytB0FtDzzyC0CzytAtBtN0D0Tzu0SzztBtAtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyEzztCzyzz0D0C0EtGtDtDtAyDtG0A0BtCtCtGzztAyEtBtGtDzzyDzyyB0B0EyD0BtCzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0F0Azz0ByByC0CtG0BzzzzyCtGzy0F0E0AtGtC0D0EzztGyBtByE0A0AyEtAtC0D0ByCyD2Q&cr=1998581064&ir=" ],), Replaced,[5529f23e136878be62ae93cf29db9769] Physical Sectors: 0 (No malicious items detected) (end)