start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
EmptyTemp:
HKU\S-1-5-21-4036137253-2371338342-4266407100-1001\...\Run: [SysinfY2X] => C:\WINDOWS\system32\cmd.exe /c start wscript /e:VBScript.Encode %temp%\SysinfY2X.db <==== ATTENTION
FF Extension: (Avira Browser Safety) - C:\Users\sev\AppData\Roaming\Mozilla\Firefox\Profiles\A0D4oxsJ.default\Extensions\abs@avira.com
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
cmd: ipconfig /flushdns
end::