Malwarebytes Anti-Malware www.malwarebytes.org Scandatum: 5/08/2015 Scantijd: 8:29 Logboekbestand: MBAM ScanLog.txt Beheerder: Ja Versie: 2.1.8.1057 Malware-database: v2015.08.05.02 Rootkit-database: v2015.08.04.01 Licentie: Gratis Malware-bescherming: Uitgeschakeld Bescherming tegen kwaadaardige websites: Uitgeschakeld Zelfbescherming: Uitgeschakeld Besturingssysteem: Windows 7 Service Pack 1 Processor: x64 Bestandssysteem: NTFS Gebruiker: Patrick Scantype: Bedreigingsscan Resultaat: Voltooid Objecten gescand: 467091 Verstreken tijd: 24 min, 38 sec Geheugen: Ingeschakeld Opstarten: Ingeschakeld Bestandssysteem: Ingeschakeld Archieven: Ingeschakeld Rootkits: Uitgeschakeld Heuristiek: Ingeschakeld POP: Ingeschakeld POA: Ingeschakeld Processen: 0 (Geen kwaadaardige items gedetecteerd) Modules: 0 (Geen kwaadaardige items gedetecteerd) Registersleutels: 23 PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [ff375fa60a8137ffce442dea31d2f10f], PUP.Optional.Gameo.C, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\gameo_update, , [e25423e23b5075c152672be76e9556aa], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\OpenCandyHelperRunAsStandardUser66F9043B52144E218A9C3A24FD98482F, , [4bebde27b0db93a36d3fd13fed1635cb], PUP.Optional.OpenCandy.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\Tree\OpenCandyHelperRunOnce029F62B8C42A42DF8930F068E4EF36F8, , [cc6a16efbbd030063c70d13f36cda858], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}, , [ee4846bff19a83b3c08ba308659fad53], PUP.Optional.SuperOptimizer.C, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, , [c2749174a0eb77bf8b07d8cc12f2d42c], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56EE2FE9-00F0-4158-AD89-0AB9E64D99C4}, , [3df9f2139af1b6805088921658ac9070], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A35587F-4C1C-48D6-86DA-00077A7CA4A5}, , [e650e71e92f9fd399246b3f556ae3ec2], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78A543AA-AE9F-4A8E-BCD0-840FE014805E}, , [7db9c540c7c4a0964d8b812751b327d9], PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D40E5F5A-4C36-4524-B34B-C6A9D6F735E9}, , [c86ee3225b300a2ca830a800e12327d9], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}, , [4beb33d2cbc0270fa76b1403d231e61a], PUP.Optional.APNToolBar.Gen, HKU\S-1-5-18\SOFTWARE\AskPartnerNetwork, , [c4720104e2a93600ebcd3fd6c53eaa56], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [9a9c3bcaff8ce3536e22abf9f113c040], PUP.Optional.Gameo.C, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\Gameo, , [e74f9a6b3a5137ffbb72cd4a2bd80ef2], PUP.Optional.SuperOptimizer.C, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, , [2e08c83ddead1f17048c1a8a58ace917], PUP.Optional.SerachQU.A, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\APPDATALOW\SOFTWARE\searchqutoolbar, , [96a07a8b4447cc6a1add110305fefb05], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, , [58deca3b355653e37b3ecbd27f859c64], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{12AB1950-F3C3-4C3F-8583-EAD47C077BD2}, , [152143c2117a1620dddc2e6fa361f50b], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, , [201645c0aedd5adcf8c1326b808442be], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4D16-A23F-E6CE9486BAB5}, , [52e461a44f3c7eb89623257848bc56aa], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77FBDEE1-40C5-44B9-B8F7-51E32A497F69}, , [f3437c89cfbc2c0a9e1b0697cb39ec14], PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, , [033355b0107b44f26356edb0fc0801ff], PUP.Optional.SerachQU.A, HKU\S-1-5-21-3691458910-388010877-1701134427-1003\SOFTWARE\APPDATALOW\SOFTWARE\searchqutoolbar, , [71c5030290fbb28429ce21f315ee26da], Registerwaarden: 17 PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}, , [ff375fa60a8137ffce442dea31d2f10f] PUP.Optional.SearchQu.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json, , [c76fbf467b109f979577168634d0b34d] PUP.Optional.Yontoo.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}|Contact, support@yontoo.com, , [ee4846bff19a83b3c08ba308659fad53] PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{56EE2FE9-00F0-4158-AD89-0AB9E64D99C4}|AppPath, C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar, , [3df9f2139af1b6805088921658ac9070] PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{6A35587F-4C1C-48D6-86DA-00077A7CA4A5}|AppPath, C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar, , [e650e71e92f9fd399246b3f556ae3ec2] PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78A543AA-AE9F-4A8E-BCD0-840FE014805E}|AppPath, C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar, , [7db9c540c7c4a0964d8b812751b327d9] PUP.Optional.Bandoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{D40E5F5A-4C36-4524-B34B-C6A9D6F735E9}|AppPath, C:\PROGRA~2\WI3C8A~1\Datamngr\ToolBar, , [c86ee3225b300a2ca830a800e12327d9] PUP.Optional.SearchResults.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|URL, http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}, , [4beb33d2cbc0270fa76b1403d231e61a] PUP.Optional.SearchQu.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}|SuggestionsURL_JSON, http://www.searchqu.com/suggest.php?src=ieb&appid=113&systemid=406&qu={searchTerms}&ft=json, , [cf67b1540a81b68018f477256a9a9868] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [58deca3b355653e37b3ecbd27f859c64] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{12AB1950-F3C3-4C3F-8583-EAD47C077BD2}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [152143c2117a1620dddc2e6fa361f50b] PUP.Optional.Spigot.A, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{12AB1950-F3C3-4C3F-8583-EAD47C077BD2}|TopResultURL, http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=519169&p={searchTerms}, , [1125b055068593a3e43c56c3be45728e] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [201645c0aedd5adcf8c1326b808442be] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, http://isearch.omiga-plus.com//favicon.ico, , [f5412adb2d5e86b012a74f4e4eb6ae52] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [52e461a44f3c7eb89623257848bc56aa] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{77FBDEE1-40C5-44B9-B8F7-51E32A497F69}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [f3437c89cfbc2c0a9e1b0697cb39ec14] PUP.Optional.OmigaPlus.ShrtCln, HKU\S-1-5-21-3691458910-388010877-1701134427-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=face&utm_campaign=install_ie&utm_content=ds&from=face&uid=ST9500420AS_5VJCKWCNXXXX5VJCKWCN&ts=1423054742&type=default&q={searchTerms}, , [033355b0107b44f26356edb0fc0801ff] Registerdata: 0 (Geen kwaadaardige items gedetecteerd) Mappen: 5 PUP.Optional.WebExtend.A, C:\Users\Patrick\AppData\Roaming\WebExtend, , [92a436cff19a3cfa6c8fc348b44fc23e], PUP.Optional.Delta.ShrtCln, C:\Users\Patrick\AppData\LocalLow\Delta\delta, , [33033dc81279cd6997aabd4f659e9f61], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\Partial Backups, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], Bestanden: 11 PUP.Optional.Gameo.C, C:\Windows\System32\Tasks\gameo_update, , [86b0d134117a72c4eb403bdc2ed5d32d], PUP.Optional.OmigaPlus.ShrtCln, C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage, , [80b6d4313d4e5bdb8cac5cd0e221b14f], PUP.Optional.OmigaPlus.ShrtCln, C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.omiga-plus.com_0.localstorage-journal, , [3bfb3fc67a11ac8a79bfae7ea063bc44], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\ExcludeList.rcp, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_03-20-2013.log, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\log_03-21-2013.log, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\results.rcp, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\TempHLList.rcp, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\Partial Backups\00000001.rmx, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.WinZipRegOp.C, C:\Users\Viviane\AppData\Roaming\Nico Mak Computing\WinZip Registry Optimizer\Version 1\Partial Backups\00000001.rxb, , [78be1ce9e3a8ff37b6a1aa6653b00bf5], PUP.Optional.AskAPN.Gen, C:\Users\Viviane\AppData\Roaming\Mozilla\Firefox\Profiles\r1w6rh3w.default\searchplugins\ask-search.xml, , [58dee223e7a44fe7e499542cc73e649c], Fysieke Sectoren: 0 (Geen kwaadaardige items gedetecteerd) (end)