CloseProcesses:
CreateRestorePoint:
2015-08-09 12:15 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMS.job
2015-08-08 22:20 - 2015-03-01 23:20 - 00000248 _____ C:\windows\Tasks\AutoKMSDaily.job
Task: {6E4F472F-CA1B-4975-B1E2-425CE3DCBE7A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {ABDE922D-66AF-4C31-88EF-89D9D4DCFB97} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMS.job => C:\Windows\AutoKMS\AutoKMS.exe
Task: C:\windows\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS\AutoKMS.exe
FirewallRules: [TCP Query User{249AFFA7-84D5-448E-BBE0-88D2E38DCB46}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
FirewallRules: [UDP Query User{D49392A9-7C28-4BD8-BC08-A09B806A478A}C:\windows\kmsemulator.exe] => (Allow) C:\windows\kmsemulator.exe
Task: {6CC22947-C959-4F4A-9C1A-4694BE0AB57C} - System32\Tasks\{745A26DB-0E8C-449F-925B-FF4D22A4369A} => pcalua.exe -a C:\Windows\UnJSLang.exe -d C:\windows
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F