start CreateRestorePoint: CloseProcesses: Task: {2D4EF326-C57D-4D7F-9F5C-6C2B9B0AAB74} - System32\Tasks\Coerwcult Center => C:\Program Files (x86)\Crecult\Coerwcultcntdnk.exe [2016-08-19] () ShortcutWithArgument: C:\Users\DELL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471620037&a=1054904&src=sh&uuid=e6d9c10e-227d-484e-8816-06614ce5e28d" ShortcutWithArgument: C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e ShortcutWithArgument: C:\Users\DELL\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://safesurfs.net/?ssid=1471620037&a=1054904&src=sh&uuid=e6d9c10e-227d-484e-8816-06614ce5e28d" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=11114&utm_medium=desktop&x-pos=Metro HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" 127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe HKLM-x32\...\Run: [win_en_77] => [X] Winlogon\Notify\ScCertProp: wlnotify.dll [X] GroupPolicy: Restrictie - Chrome <======= AANDACHT CHR HKLM\SOFTWARE\Policies\Google: Restrictie <======= AANDACHT HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restrictie <======= AANDACHT HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = search.mpc.am HKU\S-1-5-21-2412325288-324325390-2824101589-1000\Software\Microsoft\Internet Explorer\Main,Start Page = search.mpc.am StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e CHR HomePage: clacachthergidrigi -> hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e CHR StartupUrls: clacachthergidrigi -> "hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e" CHR DefaultSearchURL: clacachthergidrigi -> hxxp://s.coldsearch.com/web?type=ds&ts=1471621138&pid=csdi&uid=c74cbe09-e6f6-41fa-9234-811d91f2600e&q={searchTerms} CHR DefaultSearchKeyword: clacachthergidrigi -> coldsearch StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.coldsearch.com/?uid=c74cbe09-e6f6-41fa-9234-811d91f2600e S2 Coerwcultcntand.exe; C:\Program Files (x86)\Crecult\Coerwcultcntand.exe [415320 2016-08-19] () R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-08-19] (DotC United Inc) R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-19] (DotC United Inc) C:\Users\Public\Desktop\MPC Cleaner.lnk C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC C:\Users\DELL\AppData\Roaming\MCorp C:\WINDOWS\system32\Drivers\MPCKpt.sys C:\Program Files (x86)\MPC Cleaner C:\WINDOWS\System32\Tasks\Coerwcult Center C:\Program Files (x86)\65p3DD4 C:\Users\DELL\AppData\Local\tumilyfutakcurerk C:\Program Files (x86)\SoSoEasy C:\Program Files (x86)\Crecult Hosts: EmptyTemp: end