start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3389979238-2971104495-3866065991-1001\...\Run: [360wp-srv] => "C:\Users\Geert\AppData\Roaming\360bizhi\360wpsrv.exe" /autorun
ShellExecuteHooks: Geen Naam - {67056FD4-AFF9-11E6-90EA-64006A5CFC23} -  -> Geen bestand
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> Geen bestand
GroupPolicy: Restrictie - Chrome <======= AANDACHT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
HKU\S-1-5-21-3389979238-2971104495-3866065991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
HKU\S-1-5-21-3389979238-2971104495-3866065991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.amisites.com/search/?type=ds&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
Edge HomeButtonPage: HKU\S-1-5-21-3389979238-2971104495-3866065991-1001 -> hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
FF Homepage: Mozilla\Firefox\Profiles\e5vq14yn.default -> hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
FF SearchPlugin: C:\Users\Geert\AppData\Roaming\Mozilla\Firefox\Profiles\e5vq14yn.default\searchplugins\amisites.xml [2016-12-28]
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
CHR HomePage: ChromeDefaultData -> hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.amisites.com/?type=hp&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z" 
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.trotux.com/search/?q={searchTerms}&z=08f720fd55b37a7a2b7f9deg7zab4ocg8c3t7gdo7g&from=isr&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z&type=sp
CHR DefaultSearchKeyword: ChromeDefaultData -> trotux
CHR Profile: C:\Users\Geert\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2016-12-28] <==== AANDACHT
StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
R2 Convxxxx; C:\Users\Geert\AppData\Roaming\haeha\UvConverter.exe [393216 2016-12-27] (Copyright (C) 2016) [Bestand niet getekend]
R2 GubedZL; C:\Program Files (x86)\Gubed\GubedZL.dll [119808 2016-12-27] () [Bestand niet getekend]
R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [935312 2016-12-13] ()
R2 SaFiSvc; C:\Program Files\SaFiPlayer\SaFiSvc.dll [83696 2016-12-13] ()
S2 ed2kidle; "C:\Program Files (x86)\amuleC1\ed2k.exe" -downloadwhenidle [X]
S2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [X]
S2 Sermeward; C:\Program Files (x86)\Wiverphrupay\CstMpp.dll [X]
R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [219136 2016-12-28] () [Bestand niet getekend]
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== AANDACHT
S3 dbx; system32\DRIVERS\dbx.sys [X]
NETSVCx32: HpSvc -> geen bestandpad.
NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll ==> Geen bestand
NETSVCx32: WpSvc -> geen bestandpad.
C:\Program Files (x86)\WinArcher
C:\Program Files (x86)\cr5frgwk
C:\Windows\System32\Tasks\UCBrowserSecureUpdate
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\??????
C:\ProgramData\WinSAPSvc
C:\Program Files\SaFiPlayer
C:\Users\Geert\AppData\Roaming\haeha
C:\Program Files (x86)\Gubed
C:\Windows\Tasks\UCBrowserUpdater.job
C:\Windows\Tasks\UCBrowserUpdaterCore.job
C:\Program Files (x86)\UCBrowser
C:\Users\Geert\AppData\Roaming\360bizhi
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????
C:\360downloads
C:\Users\Geert\AppData\Roaming\Ludashi
C:\Users\Geert\AppData\Roaming\lockhomepage
C:\Windows\System32\Tasks\UCBrowserUpdaterCore
C:\Users\Geert\AppData\Roaming\KuaiZip
C:\Users\Geert\ntuser.pol
C:\Users\Geert\AppData\Roaming\360wp
C:\Users\Geert\AppData\Local\Chromium
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???
C:\Program Files (x86)\LuDaShi
C:\Users\Geert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???.lnk
C:\Users\Geert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC???
C:\Users\Geert\AppData\Local\UCBrowser
C:\Program Files (x86)\Wiverphrupay
C:\Users\Geert\AppData\Roaming\Shuhily
C:\Users\Geert\AppData\Local\Atawch
C:\Users\Geert\AppData\Local\Temp\7BFB.tmp.exe
C:\Users\Geert\AppData\Local\Temp\8DF6.tmp.exe
C:\Users\Geert\AppData\Local\Temp\Browser_V5.7.16400.16_r_4728_(Build1611171340).exe
C:\Users\Geert\AppData\Local\Temp\inst_buychannel_06.exe
C:\Users\Geert\AppData\Local\Temp\libeay32.dll
C:\Users\Geert\AppData\Local\Temp\ludashisetup.exe
C:\Users\Geert\AppData\Local\Temp\msvcr120.dll
C:\Users\Geert\AppData\Local\Temp\setup.exe
C:\Users\Geert\AppData\Local\Temp\sqlite3.dll
C:\Users\Geert\AppData\Local\Temp\ssleay32.dll
C:\Users\Geert\AppData\Local\Temp\~ct2ADB.tmp.dll
Task: {066127DC-7788-490B-B33D-C5A3B08E7475} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2016-12-25] (UC Web Inc.) <==== AANDACHT
Task: {2261DA75-BDB6-473E-AF5B-15FA48C00B95} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== AANDACHT
Task: {C3922874-0938-4366-B096-22038724C973} - System32\Tasks\UCBrowserUpdaterCore => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2016-12-13] (UCWeb Inc) <==== AANDACHT
Task: C:\Windows\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT
Task: C:\Windows\Tasks\UCBrowserUpdaterCore.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== AANDACHT
ShortcutWithArgument: C:\Users\Geert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
ShortcutWithArgument: C:\Users\Geert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
ShortcutWithArgument: C:\Users\Geert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
ShortcutWithArgument: C:\Users\Geert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
ShortcutWithArgument: C:\Users\Geert\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk -> C:\Users\Geert\AppData\Local\Popcorn-Time\Popcorn-Time.exe (The NWJS Community) -> --user-data-dir="C:\Users\Geert\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482913407&z=002eade787bcbb87b067252g1z4b9odtag4cfz3eft&from=che0812&uid=SamsungXSSDX850XEVOX500GB_S2RBNB0HB62022Z
AlternateDataStreams: C:\Windows\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\Windows\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\Windows\system32\drivers:x86 [1205026]
FirewallRules: [{86519D82-BD7A-4598-997A-2FE95851612C}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{C465ACFD-E5D8-405F-BE6A-D6F49E274A7B}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{8D485288-2008-403D-B394-82E5A3FE497D}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5D46C4A8-52F1-4CBC-91F6-52930A0AC115}] => C:\Users\Geert\AppData\Roaming\360bizhi\update\Link.exe
FirewallRules: [{78A9D12B-2CED-4F01-81FA-879A77D3EE97}] => C:\Users\Geert\AppData\Roaming\360bizhi\update\Link.exe
FirewallRules: [{A020E982-7E81-43C2-8C81-2BDE135F1290}] => C:\Users\Geert\AppData\Local\Temp\00013233\inst_buychannel_07.exe
FirewallRules: [{FAAF66AC-11E9-4FCF-9F03-804126B07B53}] => C:\Users\Geert\AppData\Local\Temp\00013233\inst_buychannel_07.exe
FirewallRules: [{2E3398C0-868E-4B72-8869-64B0D5180FA1}] => C:\Users\Geert\AppData\Local\Temp\{EEC363FD-0962-4615-8805-5B73027D2E56}\utils\Down.exe
FirewallRules: [{82D4AC08-1762-496F-9101-51EE20B3EAD4}] => C:\Users\Geert\AppData\Local\Temp\{EEC363FD-0962-4615-8805-5B73027D2E56}\utils\Down.exe
Hosts:
EmptyTemp:
end