start::
CreateRestorePoint:
CloseProcesses:
Task: {20A6FD9C-A356-4540-B6F2-C5F68717078A} - System32\Tasks\sr_notifier_executor => C:\Program Files (x86)\Security Reviver\notifier.exe
CHR HKLM\...\Chrome\Extension: [cnoeembbmidhnbndjgekmhmpbpppolji] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-4265624635-2019933758-61733912-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cnoeembbmidhnbndjgekmhmpbpppolji] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cnoeembbmidhnbndjgekmhmpbpppolji] - hxxps://clients2.google.com/service/update2/crx
2019-04-14 09:54 - 2019-04-14 09:54 - 000046352 _____ (青岛软媒网络科技有限公司) C:\WINDOWS\system32\Drivers\pcmastercoredrv.sys
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-4265624635-2019933758-61733912-1001\...\webcompanion.com -> hxxp://webcompanion.com
C:\Program Files (x86)\Security Reviver\notifier.exe
Hosts:
EmptyTemp:
end::