start CreateRestorePoint: CloseProcesses: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131340695127494432&GUID=A68DA5DC-DA75-41A8-9AE8-E50911452EBC HKU\S-1-5-21-3808174966-3550055594-1478129862-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX HKU\S-1-5-21-3808174966-3550055594-1478129862-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1 SearchScopes: HKU\S-1-5-21-3808174966-3550055594-1478129862-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} SearchScopes: HKU\S-1-5-21-3808174966-3550055594-1478129862-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX Edge HomeButtonPage: HKU\S-1-5-21-3808174966-3550055594-1478129862-1000 -> hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX FF Homepage: Mozilla\Firefox\Profiles\huirt2q0.default-1448099985112 -> hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX FF SearchPlugin: C:\Users\Sippo\AppData\Roaming\Mozilla\Firefox\Profiles\huirt2q0.default-1448099985112\searchplugins\startpageing123.xml [2017-03-16] FF Extension: (SimilarWeb) - C:\Users\Sippo\AppData\Roaming\Firefox\Firefox\Profiles\huirt2q0.default-1448099985112\Extensions\@DA3566E2-F709-11E5-8E87-A604BC8E7F8B.xpi [2017-03-16] [ niet getekend] FF Extension: (FF Adr) - C:\Users\Sippo\AppData\Roaming\Firefox\Firefox\Profiles\huirt2q0.default-1448099985112\Extensions\@H99KV4DO-UCCF-9PFO-9ZLK-8RRP4FVOKD9O.xpi [2017-03-16] [ niet getekend] FF SearchPlugin: C:\Users\Sippo\AppData\Roaming\Firefox\Firefox\Profiles\huirt2q0.default-1448099985112\searchplugins\startsearch.xml [2017-03-16] StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX CHR HomePage: ChromeDefaultData -> hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX CHR StartupUrls: ChromeDefaultData -> "hxxp://www.startpageing123.com/?type=hp&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX" CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.startpageing123.com/search/?type=ds&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX&q={searchTerms} CHR DefaultSearchKeyword: ChromeDefaultData -> startpageing123 CHR Profile: C:\Users\Sippo\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-03-16] <==== AANDACHT StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX R2 WinSAPSvc; C:\Users\Sippo\AppData\Roaming\WinSAPSvc\WinSAP.dll [184832 2017-03-16] (Windows) [Bestand niet getekend] R2 WinSnare; C:\Users\Sippo\AppData\Roaming\WinSnare\WinSnare.dll [776704 2017-03-16] (InterSect Alliance Pty Ltd) [Bestand niet getekend] <==== AANDACHT S2 ed2kidle; "C:\Program Files (x86)\amulell\ed2k.exe" -downloadwhenidle [X] S2 FirefoxU; "C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe" [X] 2017-03-16 12:32 - 2017-03-16 15:04 - 00000000 ____D C:\Program Files (x86)\amulell 2017-03-16 12:32 - 2017-03-16 12:32 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2017-03-16 12:32 - 2017-03-16 12:32 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\aMule 2017-03-16 12:31 - 2017-03-16 12:32 - 00003674 _____ C:\WINDOWS\System32\Tasks\Milimili 2017-03-16 12:31 - 2017-03-16 12:32 - 00000000 ____D C:\Program Files (x86)\WinSnare(4.3.2) 2017-03-16 12:31 - 2017-03-16 12:32 - 00000000 ____D C:\Program Files (x86)\BikaQRss 2017-03-16 12:31 - 2017-03-16 12:31 - 00003328 _____ C:\WINDOWS\System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel 2017-03-16 12:31 - 2017-03-16 12:31 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\WinSnare 2017-03-16 12:31 - 2017-03-16 12:31 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\WinSAPSvc 2017-03-16 12:31 - 2017-03-16 12:31 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\Kyubey 2017-03-16 12:31 - 2017-03-16 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BikaQ 2017-03-16 12:28 - 2017-03-16 12:31 - 00000000 ____D C:\Program Files (x86)\MK 2017-03-10 06:27 - 2017-03-16 12:27 - 00000000 ____D C:\Program Files (x86)\Chopik 2017-03-10 06:27 - 2017-03-10 08:04 - 00000000 ____D C:\Users\Sippo\AppData\Roaming\Lamkpruzi C:\Program Files (x86)\BikaQRss Task: {5E520392-73FD-40ED-A20A-41FA3D82C194} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-02-23] (IEC) <==== AANDACHT Task: {ADAA6D01-EEF6-469C-A55A-03CF9F6724FA} - System32\Tasks\{68370195-F2A7-4DC1-8FC0-4078D884704C} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe" ShortcutWithArgument: C:\Users\Sippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX ShortcutWithArgument: C:\Users\Sippo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Hipmy\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX ShortcutWithArgument: C:\Users\Sippo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Hipmy\Application\chrome.exe (Google Inc.) -> hxxp://www.startpageing123.com/?type=sc&ts=1489664067&z=de3e0df172e08e7feee1077gbzdb2tcq1q0z8e3qdm&from=che0812&uid=HitachiXHTS547550A9E384_J2160051H6AZPDH6AZPDX 2017-03-16 12:31 - 2017-03-16 02:46 - 00113152 _____ () C:\Users\Sippo\AppData\Roaming\Kyubey\Kyubey.exe Reboot: end