CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-864748573-4061960047-3974132408-1001\...\MountPoints2: I - "I:\Setup.exe" HKU\S-1-5-21-864748573-4061960047-3974132408-1001\...\MountPoints2: {e548840f-5fec-11e6-af0e-ac2b6e7a2032} - "I:\Setup.exe" HKU\S-1-5-21-864748573-4061960047-3974132408-1001\...\MountPoints2: {e5488569-5fec-11e6-af0e-ac2b6e7a2032} - "G:\setup.exe" HKU\S-1-5-21-864748573-4061960047-3974132408-1001\...\MountPoints2: {e54885f5-5fec-11e6-af0e-ac2b6e7a2032} - "F:\setup.exe" HKU\S-1-5-21-864748573-4061960047-3974132408-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE HKU\S-1-5-21-864748573-4061960047-3974132408-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE HKU\S-1-5-21-864748573-4061960047-3974132408-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com SearchScopes: HKU\S-1-5-21-864748573-4061960047-3974132408-1001 -> DefaultScope {5AD19C14-18C2-4C9E-8597-020CB88297D6} URL = SearchScopes: HKU\S-1-5-21-864748573-4061960047-3974132408-1001 -> {5AD19C14-18C2-4C9E-8597-020CB88297D6} URL = ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File Task: {F9802654-F5A1-4F84-9CB0-6D67CAE8248B} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION EmptyTemp: CMD: ipconfig /flushdns CMD: netsh advfirewall reset Powershell: wevtutil el | Foreach-Object {wevtutil cl "$_"}