CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Common Files\Wondershare
2019-03-01 17:21 - 2019-01-13 20:14 - 000000000 ____D C:\Program Files (x86)\Kerish Doctor
2019-03-01 17:21 - 2018-08-31 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerish Doctor
2019-03-01 17:24 - 2018-11-20 09:32 - 000000000 ____D C:\Program Files\WinRAR
2019-03-01 17:23 - 2018-11-20 09:31 - 000000000 ____D C:\Program Files (x86)\WinRAR
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [482]
DeleteValue: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|"Wondershare Helper Compact.exe"
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85667DB4-C795-4836-BC66-0FED1D6E590F}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{4E22BF64-F07A-41E0-9273-F0E3ACE31748}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{53D62FF5-38F0-41D0-B53D-D4DEACDA5646}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{386C6792-FCDD-46CA-AD7C-A7419716C65D}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{0CBF669E-8B25-4D80-90F3-F1052EDAF69E}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{637345F3-A578-4DFF-B541-293EFF04FB5C}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{F4BDFF3A-E1F8-4660-BCB2-DC543F2D9A7A}
C:\Users\laurent\Downloads\Compressed\DriverBoosterPROPortable_6.0.2.691
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{EAC56BE5-4033-4C47-BFE3-4D1B08CEFAB1}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{28C969E4-0B1E-454B-9634-DCF2736257D2}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{448D56DC-50D9-4848-B9D9-8BE105FA7F08}
Resethosts:
emptytemp: