start CreateRestorePoint: CloseProcesses: RemoveProxy: HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\RunOnce: [Uninstall C:\Users\AKRAM\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\AKRAM\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64" HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\MountPoints2: {3a21fae5-f5f6-11e5-832c-38eaa7fd5b3c} - "D:\Auto.exe" HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\MountPoints2: {3a21faf2-f5f6-11e5-832c-38eaa7fd5b3c} - "D:\Auto.exe" HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\MountPoints2: {dffb3c0b-0677-11e6-832e-38eaa7fd5b3c} - "D:\Auto.exe" HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\MountPoints2: {dffb3c1a-0677-11e6-832e-38eaa7fd5b3c} - "D:\Auto.exe" CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - iexplore.exe FF ProfilePath: C:\Users\AKRAM\AppData\Roaming\Mozilla\Firefox\Profiles\ply0ci38.default FF NewTab: about:newtab FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-03-10] (ESET) S1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [52872 2015-09-23] (ESET) 2016-06-21 02:49 - 2016-06-21 02:49 - 00000000 ____D C:\Program Files (x86)\ESET 2016-06-21 02:47 - 2016-06-21 02:49 - 02870984 _____ (ESET) C:\Users\AKRAM\Desktop\esetsmartinstaller_fra.exe 2016-06-16 12:32 - 2016-06-16 12:32 - 00000000 ___HD C:\$Windows.~BT 2016-06-16 12:31 - 2016-06-16 13:28 - 00000000 ___HD C:\$SysReset 2016-06-19 11:52 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF Adobe Flash Player ActiveX Packages (HKU\S-1-5-21-1753773576-1647398134-3515720838-1001\...\Adobe Flash Player ActiveX Packages) (Version: - ) <==== ATTENTION ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.1.8.0 - Byte Technologies LLC) <==== ATTENTION Task: {03075A8C-FD29-4FEC-B8D3-074A9E53421F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {19541ED8-D879-4D1D-A9AB-6BBB9D7EFA0F} - \AutoKMS -> No File <==== ATTENTION Task: {1C6EC84E-1717-488D-BA19-0B7DB06E5259} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {2C7E5DBF-0A9F-4479-9B42-A45C9B612A9D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {2EFC8591-0C0B-4712-9F3F-60824F9ED55A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {3931485B-C6F7-4FBB-9E12-172750838050} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {6122EA86-3194-415E-92B9-192A6FA3CE13} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {72D3BA4F-38DC-4163-A234-015F9D02D2C6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {78994B33-E81D-4616-AFDB-141333F674A9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {92FFE737-F3F9-4DE4-934F-83E7F014C8A0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {9DFA6C1D-6440-4165-8950-242E9FCC15B4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {C0C30450-051D-4706-86D6-EF16EBD4A83A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION CMD: netsh winsock reset all CMD: ipconfig /flushdns hosts: EmptyTemp: Reboot: end