CloseProcesses: CreateRestorePoint: Unlock: C:\windows\System32\drivers\drmkpro64.sys Unlock: C:\Program Files (x86)\qdcomsvc Unlock: C:\Program Files (x86)\dataup Unlock: C:\Program Files (x86)\dataup\dataup.exe Unlock: C:\Program Files (x86)\cpx\cpx.exe Unlock: C:\Program Files (x86)\cpx Unlock: C:\Program Files (x86)\svcvmx\svcvmx.exe Unlock: C:\Program Files (x86)\svcvmx\vmxclient.exe unlock: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx reg: reg delete "HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\cpx" /f unlock: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx reg: reg delete "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\cpx" /f unlock: HKLM\SYSTEM\CurrentControlSet\services\Dataup reg: reg delete "HKLM\SYSTEM\CurrentControlSet\services\Dataup" /f unlock: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\windowsmanagementservice" /f HKLM-x32\...\Run: [cpx] => C:\Program Files (x86)\cpx\cpx.exe [649216 2017-01-05] () <===== ATTENTION HKLM-x32\...\Run: [svcvmx] => C:\Program Files (x86)\svcvmx\svcvmx.exe [896512 2017-01-13] () R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2017-01-05] () [File not signed] <==== ATTENTION S2 qdcomsvc; "C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe" /svc [X] <==== ATTENTION S2 windowsmanagementservice; C:\Users\P-Dub\AppData\Local\Temp\20170220\ct.exe [X] <==== ATTENTION <==== ATTENTION R1 drmkpro64; C:\windows\System32\drivers\drmkpro64.sys [53832 2012-01-31] () [File not signed] <==== ATTENTION C:\Users\P-Dub\AppData\Local\cpx C:\Program Files (x86)\cpx C:\Program Files (x86)\svcvmx C:\Users\P-Dub\AppData\Local\llssoft C:\Users\P-Dub\AppData\Local\CEF C:\windows\TEMPcoral.vbs C:\Program Files (x86)\dataup C:\Users\P-Dub\AppData\Roaming\c C:\Users\P-Dub\AppData\Local\Temp\20170220\ct.exe C:\Program Files (x86)\qdcomsvc\qdcomsvc.exe" /svc C:\Program Files (x86)\qdcomsvc C:\windows\System32\drivers\drmkpro64.sys C:\Program Files (x86)\winscr C:\Program Files (x86)\svcvmx\libcef.dll C:\Program Files (x86)\svcvmx\libglesv2.dll C:\Program Files (x86)\svcvmx\libegl.dll C:\Program Files (x86)\svcvmx\pepflashplayer.dll C:\Program Files (x86)\cpx\libcef.dll C:\Program Files (x86)\cpx\core.dll C:\Program Files (x86)\cpx\libglesv2.dll C:\Program Files (x86)\cpx\libegl.dll C:\Program Files (x86)\cpx\PepperFlash\pepflashplayer.dll C:\Program Files (x86)\dataup\help_dll.dll CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: