start::
CreateRestorePoint:
CloseProcesses:
Hosts:
RemoveProxy:
EmptyTemp:
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9 20 C:\WINDOWS\SysWOW64\SafeIPs.dll [384000 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
Winsock: Catalog9-x64 20 C:\WINDOWS\system32\SafeIPs64.dll [547328 2015-08-03] (SafeIP)
SearchScopes: HKU\S-1-5-21-3655865910-337415979-2611008747-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3655865910-337415979-2611008747-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
2018-12-13 14:13 - 2018-12-13 14:14 - 000000008 _____ () C:\Users\NOUS2\AppData\Roaming\pdfdrawcodec.dll
2018-12-21 09:36 - 2018-12-23 08:21 - 000000129 _____ () C:\Users\NOUS2\AppData\Local\d4e5668b6e2e908885f6371d26f35d07
AlternateDataStreams: C:\ProgramData\Temp:8E3D07DE [390]
HKU\S-1-5-21-3655865910-337415979-2611008747-1001\...\StartupApproved\Run: => "uTorrent"
cmd: ipconfig /flushdns
end::