CreateRestorePoint:
S2 esegixy; "C:\ProgramData\boostwebapp\1.1.0.31\mohqwban.exe" -cms [X]
S2 HowgazJuldo; "C:\ProgramData\boostwebapp\1.1.0.31\GaaflaCoce.exe" -cmd [X]
S2 mespelcamm; "C:\ProgramData\boostwebapp\1.1.0.31\mohqaban.exe" /ts2=1 [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys => ""="Driver" 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys => ""="Driver"
CMD: netsh advfirewall reset
Cmd: wevtutil cl application
Cmd: wevtutil cl system
Cmd: wevtutil cl security
EmptyTemp: