start 
CreateRestorePoint:
CloseProcesses:
RemoveProxy:

ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => No File 
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => No File 
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => No File 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\S-1-5-21-3945232695-3215460919-1870042044-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome 
HKU\S-1-5-21-3945232695-3215460919-1870042044-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch 
HKU\S-1-5-21-3945232695-3215460919-1870042044-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=SL5M&ocid=SL5MDHP&osmkt=ar-xl 
SearchScopes: HKU\S-1-5-21-3945232695-3215460919-1870042044-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: No Name -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File 
FF ProfilePath: C:\Users\poste19\AppData\Roaming\Mozilla\Firefox\Profiles\zdsp00f0.default 
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found 
S3 catchme; \??\C:\Users\poste19\AppData\Local\Temp\catchme.sys [X] 
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] 
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] 
2016-06-16 13:02 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\inf 
2016-05-24 22:34 - 2016-02-13 14:10 - 00000000 ___HD C:\$WINDOWS.~BT 


CMD: netsh winsock reset all
CMD: ipconfig /flushdns
hosts:
EmptyTemp:
Reboot:
end