start 
CreateRestorePoint: 
CloseProcesses: 
RemoveProxy: 

HKLM\...\Run: [bintin] => C:\WINDOWS\system32\wscript.exe /e:VBScript.Encode D:\bin.doc <==== ATTENTION 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {21f07676-9de5-11e7-8c73-0018bd5ada20} - K:\SystÃ¨me_Windows\Installer.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {44225ddf-a31e-11e3-8638-002481143393} - K:\LGAutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {472659da-a461-11e7-b0e2-0018bd5ada20} - K:\SystÃ¨me_Windows\Installer.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {58e7c9bf-18e7-11e6-bf94-002481143393} - K:\AutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {744b993f-9eb2-11e7-86d7-0018bd5ada20} - K:\SystÃ¨me_Windows\Installer.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {744b9986-9eb2-11e7-86d7-0018bd5ada20} - K:\AutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {77c221e7-9685-11e5-af18-0018bd5ada20} - K:\autorun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {a23fac86-7f37-11e7-9394-0018bd5ada20} - K:\AutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {aeb60894-3d73-11e7-bd4a-0018bd5ada20} - K:\Setup.exe /s 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {b08f8804-7217-11e7-a80f-0018bd5ada20} - K:\AutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {b5c97c1d-6715-11e7-9c41-0018bd5ada20} - K:\AutoRun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {ef1f054d-29cc-11e7-8e2f-0018bd5ada20} - K:\autorun.exe 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\...\MountPoints2: {f0a38572-2513-11e7-969f-0018bd5ada20} - K:\AutoRun.exe 
GroupPolicy: Restriction ? <==== ATTENTION 
HKU\S-1-5-21-1076428414-641238508-383798790-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.inwi.ma 
CHR DefaultSearchURL: Default -> hxxps://search.randomwalktab.com/?q={searchTerms} 
CHR DefaultSearchKeyword: Default -> Random Walk Shapes 
CHR DefaultSuggestURL: Default -> hxxps://randomwalktab.com/suggestions.php?q={searchTerms} 
S3 massfilter; system32\drivers\massfilter.sys [X] 
S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X] 
S3 USBZTECCID; system32\DRIVERS\ZTEusbccid.sys [X] 
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] 
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] 
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X] 
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] 
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X] 
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] 
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] 


CMD: netsh winsock reset all 
CMD: ipconfig /flushdns 
hosts: 
EmptyTemp: 
Reboot: 
end