CloseProcesses:
CreateRestorePoint:
EmptyTemp:
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\Run: [user] => cmd.exe /c start www.dipladoks.org
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\MountPoints2: {90663788-016a-11e8-826a-40f02f7f1d44} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\MountPoints2: {bf39c71f-861f-11e8-827b-f01faf69c1d9} - "D:\autorun.exe" 
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\MountPoints2: {bf39cf8f-861f-11e8-827b-f01faf69c1d9} - "D:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\...\MountPoints2: {d0d0b18e-5ced-11e8-8273-40f02f7f1d44} - "D:\autorun.exe" 
CHR HKU\S-1-5-21-3187734472-1224757334-2708839159-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
Task: {E6311A3C-B452-4CE3-8C64-0DC1BBE0995D} - System32\Tasks\user => cmd.exe /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v user /t REG_SZ /d "cmd.exe /c start www.dipladoks.org"
AlternateDataStreams: C:\ProgramData\TEMP:E25BED53 [155]
RemoveProxy:
CMD: ipconfig /flushdns