start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
HKLM\Software\Microsoft\Active Setup\Installed Components: [{052EB454-9F19-CB42-7875-807F79F311C4}] -> C:\Program Files (x86)\CCleaner Browser\Application\83.1.4977.119\Installer\chrmstp.exe
Task: {5E2AEA87-D2ED-45D7-B9CC-254DE65DFAD6} - System32\Tasks\CCleanerUpdateTaskMachineUA => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {750C3F16-1CB9-47B0-BA9B-FCD6E2463550} - System32\Tasks\CCleaner Browser Heartbeat Task (Hourly) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Task: {7FF34D8D-E134-4F7C-969A-7BCA392B91A1} - System32\Tasks\AdwCleaner_onReboot => C:\Users\JS\Downloads\adwcleaner_8.0.6.exe
Task: {C367E322-C7B5-4B69-AED2-BC8877019309} - System32\Tasks\CCleanerUpdateTaskMachineCore => C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
Task: {DA14987C-FF60-483E-81FF-E675376B9850} - System32\Tasks\PrivaZer_SkipUAC => C:\Program Files (x86)\PrivaZer\PrivaZer.exe [19794808 2020-07-20]
Task: {EC977DE5-9954-4120-A5DB-D7A9002EE37C} - System32\Tasks\CCleaner Browser Heartbeat Task (Logon) => C:\Program Files (x86)\CCleaner Browser\Application\CCleanerBrowser.exe
Edge Profile: C:\Users\JS\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-07-26] <==== ATTENTION
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=3 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll 
FF Plugin-x32: @update.ccleanerbrowser.com/CCleaner Browser;version=9 -> C:\Program Files (x86)\CCleaner Browser\Update\1.7.913.0\npCCleanerBrowserUpdate3.dll
CHR StartupUrls: Default -> "hxxps://www.google.com/","hxxp://start.search.us.com/v/2/?guid=
S2 ccleaner; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe
S3 CCleanerBrowserElevationService; C:\Program Files (x86)\CCleaner Browser\Application\83.1.4977.119\elevation_service.exe
S3 ccleanerm; C:\Program Files (x86)\CCleaner Browser\Update\CCleanerBrowserUpdate.exe 
2020-07-24 18:17 - 2020-07-24 18:17 - 000003170 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2020-07-24 18:15 - 2020-07-24 18:15 - 008414384 _____ (Malwarebytes) C:\Users\JS\Downloads\adwcleaner_8.0.7.exe
2020-07-22 18:27 - 2020-07-22 18:27 - 000003842 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Hourly)
2020-07-22 18:27 - 2020-07-22 18:27 - 000003642 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineUA
2020-07-22 18:27 - 2020-07-22 18:27 - 000003518 _____ C:\WINDOWS\system32\Tasks\CCleanerUpdateTaskMachineCore
2020-07-22 18:27 - 2020-07-22 18:27 - 000003258 _____ C:\WINDOWS\system32\Tasks\CCleaner Browser Heartbeat Task (Logon)
2020-07-22 18:27 - 2020-07-22 18:27 - 000002422 _____ C:\Users\Public\Desktop\CCleaner Browser.lnk
2020-07-22 18:27 - 2020-07-22 18:27 - 000000000 ____D C:\Users\JS\AppData\Local\CCleaner Browser
2020-07-22 18:27 - 2020-07-22 18:27 - 000000000 ____D C:\ProgramData\CCleaner Browser
2020-07-22 18:27 - 2020-07-22 18:27 - 000000000 ____D C:\Program Files (x86)\CCleaner Browser
2020-07-20 16:06 - 2020-07-26 18:09 - 000000000 ____D C:\Users\JS\AppData\Local\PrivaZer
2020-07-20 16:06 - 2020-07-20 16:06 - 000003178 _____ C:\WINDOWS\system32\Tasks\PrivaZer_SkipUAC
2020-07-20 16:06 - 2020-07-20 16:06 - 000000000 ____D C:\ProgramData\privazer
2020-07-20 16:06 - 2020-07-20 16:06 - 000000000 ____D C:\Program Files (x86)\PrivaZer
2020-07-28 17:21 - 2018-11-20 19:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-07-28 17:21 - 2018-08-09 18:06 - 000000000 ____D C:\Users\JS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
2020-07-22 18:27 - 2020-04-14 17:51 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner Browser.lnk
2020-07-20 16:06 - 2019-02-15 19:12 - 000001954 _____ C:\Users\Public\Desktop\PrivaZer.lnk
2020-07-20 16:06 - 2018-08-09 18:06 - 000001966 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
EmptyTemp:
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh winsock reset
cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
cmd: DISM /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
end::