S4 lhuenodv; System32\drivers\cgkzsdev.sys [X]
2018-10-12 20:14 - 2018-10-13 18:02 - 000000000 ____D C:\Users\user\AppData\Local\dssergu
2018-10-12 20:11 - 2018-10-13 21:17 - 000000000 ____D C:\Users\user\AppData\Local\cgibwlu
2018-10-12 20:10 - 2018-10-13 18:08 - 002921984 _____ C:\WINDOWS\system32\sesvgxasvc.exe
2018-10-12 20:01 - 2018-10-12 20:14 - 000000000 ____D C:\WINDOWS\system32\svaukmb
2018-10-12 20:01 - 2018-10-12 20:01 - 000003410 _____ C:\WINDOWS\System32\Tasks\AGProxyCheck
2018-10-12 20:01 - 2018-10-12 20:01 - 000000000 ____D C:\WINDOWS\SysWOW64\svaukmb
2018-10-12 19:57 - 2018-10-12 19:57 - 000000000 ____D C:\Users\user\AppData\Local\Turbo.net
2018-10-12 19:56 - 2018-10-12 20:24 - 000000000 ___HD C:\Program Files (x86)\Telecomm
2018-10-12 19:56 - 2018-10-12 20:24 - 000000000 ___HD C:\Program Files (x86)\mystere
2018-10-12 19:56 - 2018-10-12 20:23 - 000000000 ____D C:\ProgramData\Bet
2018-10-12 19:56 - 2018-10-12 20:23 - 000000000 ____D C:\Program Files (x86)\rifkind
2018-10-12 19:56 - 2018-10-12 20:23 - 000000000 ____D C:\Program Files (x86)\lifters
2018-10-12 19:56 - 2018-10-12 20:23 - 000000000 ____D C:\Program Files (x86)\Incorporates
2018-10-12 19:56 - 2018-10-12 19:56 - 000004060 _____ C:\WINDOWS\System32\Tasks\highlighting
2018-10-12 19:56 - 2018-10-12 19:56 - 000003928 _____ C:\WINDOWS\System32\Tasks\highlightinghighlighting
2018-10-12 19:56 - 2018-10-12 19:56 - 000000012 _____ C:\WINDOWS\b81564443
2018-10-12 19:56 - 2018-10-12 19:56 - 000000000 ____D C:\Program Files (x86)\Lugar
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {043E3A7B-C127-4D64-B330-818BBBEAA86A} - System32\Tasks\sweepsies => c:\Windows\System32\shutdown.exe [2018-04-11] (Microsoft Corporation)
Task: {078FEC85-1976-4ECB-B9FD-3D4F863C4E9E} - System32\Tasks\highlightinghighlighting => C:\Program Files (x86)\Lugar\flacks.exe [2018-10-12] ()
Task: {26AEF9F2-67B5-4B4D-B620-05E20063A49A} - System32\Tasks\AGProxyCheck => C:\Program [Argument = Files (x86)\AnonymizerGadget\AGService.exe /recove]
Task: {67C1A499-51FB-4A42-B594-F38E007CBB97} - System32\Tasks\highlighting => C:\Program Files (x86)\Lugar\flacks.exe [2018-10-12] ()
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 25a09b37-9bcb-4309-b86f-1ec3e70fa147.job => D:\SUPERAntiSpyware\SASTask.exeVD:\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task fada3000-4bad-4c5b-9577-5027ce4f30fd.job => D:\SUPERAntiSpyware\SASTask.exeVD:\SUPERAntiSpyware\SUPERAntiSpyware.exe
FirewallRules: [{C4DBD78F-F92E-45F5-A094-DE8AD32B4814}] => (Allow) C:\Users\user\AppData\Local\iabgmrd\tiklova.exe
FirewallRules: [{9A1CFFDF-9BA7-4EA0-BD62-4FF1E5738300}] => (Allow) C:\Users\user\AppData\Local\iabgmrd\tiklova.exe
C:\Users\user\AppData\Local\iabgmrd
C:\Program Files (x86)\Lugar
C:\Windows\System32\drivers\sprdawkb.sys
C:Windows\System32\sesvgxasvc.exe
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: