start:: CloseProcesses: Hosts: CreateRestorePoint: HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {1480b179-3cbd-11e2-9fb5-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {1480b187-3cbd-11e2-9fb5-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {3219c96d-cf0e-11e4-82dc-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e18380-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e18393-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e1839e-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183a7-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183b1-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183bc-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183c5-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183cf-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {34e183da-3eea-11e2-ba56-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {46dc2de2-4a75-11e2-94fa-9439e5cc5724} - F:\AutoRun.exe HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {4709ab6f-7b34-11e5-82c1-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {c77d3427-3f79-11e2-992f-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {c77d3434-3f79-11e2-992f-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 HKU\S-1-5-21-3092934182-1772052089-3972875262-1000\...\MountPoints2: {c77d343e-3f79-11e2-992f-9439e5cc5724} - F:\.\Setup.exe AUTORUN=1 CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = SearchScopes: HKLM-x32 -> DefaultScope la valeur est absente SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = BHO: Pas de nom -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> Pas de fichier Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Pas de fichier Toolbar: HKLM - Pas de nom - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - Pas de fichier DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Update Greener Web CHR HomePage: Default -> hxxp://www.search.ask.com/?gct=hp CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006" CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006 S3 cpuz134; \??\C:\Users\user\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X] <==== ATTENTION S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] DeleteKey: HKLM\SYSTEM\CurrentControlSet\Services\Util Greener Web DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} DeleteKey: HKLM\Software\Classes\CLSID\{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} DeleteKey: HKLM\SOFTWARE\Wow6432Node\WhiteSmoke DeleteKey: HKCU\SOFTWARE\InstallCore DeleteKey: HKCU\SOFTWARE\speeditupfree DeleteKey: HKCU\SOFTWARE\WhiteSmoke C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rich Media Player CHR HKLM-x32\...\Chrome\Extension: [jmolcgpienlcieaajfkkdamlngancncm] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx S2 Update Greener Web; "C:\Program Files (x86)\Greener Web\updateGreenerWeb.exe" [X] S2 Util Greener Web; "C:\Program Files (x86)\Greener Web\bin\utilGreenerWeb.exe" [X] 2013-06-16 04:26 - 2014-02-23 02:51 - 000028609 _____ () C:\Users\user\AppData\Roaming\Bubble Dock.installation.log CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll => Pas de fichier CustomCLSID: HKU\S-1-5-21-3092934182-1772052089-3972875262-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier ContextMenuHandlers1: [DSCtxMenu] -> {209158E9-FF14-41D6-B3C4-70861BB3FFFA} => -> Pas de fichier Task: {BAA678D2-E4AC-4378-9AA9-61193385B7C2} - \PC Performer_UPDATES -> Pas de fichier <==== ATTENTION Task: {C304958F-F398-4329-82EC-8180A958D504} - \PC Performer_DEFAULT -> Pas de fichier <==== ATTENTION AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1 [112] DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\BabMaint_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock AddonsUI_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock BSetup_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Setup_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Setup_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock Update_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock UpSetup_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock UpSetup_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Bubble Dock_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GreenerWeb_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GreenerWeb_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\OCBrowserHelper_1_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\service-x86_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\service-x86_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreenerWeb_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateGreenerWeb_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilGreenerWeb_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilGreenerWeb_RASMANCS C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.teesupport.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_blog.teesupport.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fr.iminent.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_fr.iminent.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_francais.babylon.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_francais.babylon.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_isearch.babylon.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lp.ilivid.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_lyrics.wikia.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.bz_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.bz_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.is_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.ms_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_putlocker.ms_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_start.iminent.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.deeal.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.deeal.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_watchwarmbodiesputlockerhd.tumblr.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_watchwarmbodiesputlockerhd.tumblr.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bonzuna.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.bonzuna.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.tw_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.putlocker.tw_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchgol.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchgol.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.searchnu.com_0.localstorage-journal DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D1B480-D7CD-4636-88AB-B768E7EDA605} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{10D1B480-D7CD-4636-88AB-B768E7EDA605} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{10D1B480-D7CD-4636-88AB-B768E7EDA605} C:\WINDOWS\System32\Tasks\{D716CE42-01C1-4BB4-979B-AFDA52F7AD12} DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE9BBAF-9317-49B8-860E-CA8C01A4511C} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FE9BBAF-9317-49B8-860E-CA8C01A4511C} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2FE9BBAF-9317-49B8-860E-CA8C01A4511C} C:\WINDOWS\System32\Tasks\{8E04411B-344E-4339-8167-62E333605A49} DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DBB3A19-C87B-4EB5-B3D4-9F025B321ABA} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DBB3A19-C87B-4EB5-B3D4-9F025B321ABA} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4DBB3A19-C87B-4EB5-B3D4-9F025B321ABA} C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BFF9CD7-E40B-4F7E-8D67-8898DD5D8324} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BFF9CD7-E40B-4F7E-8D67-8898DD5D8324} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5BFF9CD7-E40B-4F7E-8D67-8898DD5D8324} C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3092934182-1772052089-3972875262-1000 DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6970D352-47CB-4812-A139-87C7722F8456} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6970D352-47CB-4812-A139-87C7722F8456} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{6970D352-47CB-4812-A139-87C7722F8456} C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3092934182-1772052089-3972875262-1000 DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B9691C-5707-4B1D-B446-6385E7A54F40} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76B9691C-5707-4B1D-B446-6385E7A54F40} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{76B9691C-5707-4B1D-B446-6385E7A54F40} C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\StartRecording DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F09EB4-DAC1-46D8-BC4A-C4A0BC30ED07} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86F09EB4-DAC1-46D8-BC4A-C4A0BC30ED07} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{86F09EB4-DAC1-46D8-BC4A-C4A0BC30ED07} C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE9AA8F-0BD1-47F7-8944-668D3B6100F2} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8EE9AA8F-0BD1-47F7-8944-668D3B6100F2} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8EE9AA8F-0BD1-47F7-8944-668D3B6100F2} C:\WINDOWS\System32\Tasks\{08758EF1-CE4C-4D16-BDD9-D4C78BD01365} DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FE02CA5-CBEA-4B02-A55E-66F34C9D8E30} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FE02CA5-CBEA-4B02-A55E-66F34C9D8E30} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8FE02CA5-CBEA-4B02-A55E-66F34C9D8E30} C:\WINDOWS\System32\Tasks\Microsoft\Windows\Media Center\mcupdate DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC198E27-2E40-4BA6-A8B2-5A55A02291EF} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC198E27-2E40-4BA6-A8B2-5A55A02291EF} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{BC198E27-2E40-4BA6-A8B2-5A55A02291EF} C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3092934182-1772052089-3972875262-1000 DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C526F727-D56D-4A69-858A-2D446A4E1221} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C526F727-D56D-4A69-858A-2D446A4E1221} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C526F727-D56D-4A69-858A-2D446A4E1221} C:\WINDOWS\System32\Tasks\{2835E46D-37C1-4228-B55C-B5B6A67005C9} DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C64E766E-4463-4FA6-9C10-8AF4953944C6} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C64E766E-4463-4FA6-9C10-8AF4953944C6} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{C64E766E-4463-4FA6-9C10-8AF4953944C6} C:\WINDOWS\System32\Tasks\{10934443-A9BA-4F1F-8E14-C869494E41D8} DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3DA064A-1492-43B6-9B7C-99BEE484E68E} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3DA064A-1492-43B6-9B7C-99BEE484E68E} DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{E3DA064A-1492-43B6-9B7C-99BEE484E68E} C:\WINDOWS\System32\Tasks\{EED717CF-8E7E-43ED-BAAF-7A7BEA131DCE} DeleteKey: HKCU\SOFTWARE\APN PIP DeleteKey: HKCU\SOFTWARE\Reimage DeleteKey: HKCU\SOFTWARE\TeleCharger C:\Users\user\AppData\Local\Popcorn Time Offical C:\Users\user\AppData\Local\Popcorn-Time DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2D9532F9-4456-4609-A64A-382EB333E5DF}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{ECE7BC1A-48F2-4AFF-895A-9F816816BD01}C:\users\user\appdata\local\popcorn time offical\node-webkit\popcorn time.exe DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASAPI32 DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PCPerformer_RASMANCS C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d10lpsik1i8c69.cloudfront.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d23716qn9q7omq.cloudfront.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbcdn-photos-a.akamaihd.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbcdn-photos-a.akamaihd.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbcdn-photos-g-a.akamaihd.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbcdn-photos-g-a.akamaihd.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_mystart.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.socialnewpages.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.socialnewpages.com_0.localstorage-journal C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal EmptyTemp: end::