Task: {14188E23-1297-411A-BB0D-02FC5B93FFF3} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {15DCBBE5-1695-4311-985D-C89440220B67} - \KbWWqoUEaBoFNX -> No File <==== ATTENTION
Task: {2EF3D578-3360-4512-9203-223C08BF5848} - \Microsoft\Windows\Starter -> No File <==== ATTENTION
Task: {335A00CE-0120-41B8-BD79-4B01F961C31A} - \Microsoft\QuickLaunch -> No File <==== ATTENTION
Task: {352B8148-7E3C-4D22-920C-6C04F5C05945} - \Microsoft\Windows\rempl\shell-maintenance -> No File <==== ATTENTION
Task: {6A8D5D93-5E29-41A4-BC4C-7BE73AF066E4} - \VBhhySWvkpTFjTd2 -> No File <==== ATTENTION
Task: {788C4EA4-C3F6-4A56-98DB-B0D307E3E136} - \Microsoft\Windows\Setup\EOSNotify -> No File <==== ATTENTION
Task: {8EA0B5D6-D9C3-4321-A481-995116346F15} - \IGBVcIMfordoUyqZp2 -> No File <==== ATTENTION
Task: {A6FA35EE-0956-4815-AA42-1551A2C2459E} - \Microsoft\Windows\Setup\Notifier -> No File <==== ATTENTION
Task: {B2F4AC84-A8D0-4524-9363-BFF5A5911A00} - \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask -> No File <==== ATTENTION
Task: {C33F4607-C279-4257-9039-34FF9FE1F21A} - \Microsoft\Windows\AppID\SmartScreenSpecific -> No File <==== ATTENTION
Task: {E6010D43-6AE7-4B59-8E67-EC78FD8E8E96} - \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler -> No File <==== ATTENTION
Task: {E98AFDFB-4B5D-4DC1-9DCF-5DD16ED4B901} - \Microsoft\Windows\Plug and Play\Plug and Play Cleanup -> No File <==== ATTENTION
Task: {EAE51EEE-9760-426E-9089-98E35FF25353} - \VHhVqcqNICEiQjOpdnZ2 -> No File <==== ATTENTION
MSCONFIG\Services: MWY3M2 => 2
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "F71EKDQ0AXAL2BW"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "FAU7K52LX6SC4FD"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "F0XU9HC4FDJXIIA"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "JSMXJAYAX5PB26N"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "VNCEBMVO73NMJNR"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "PVI6JKUQMNKW06F"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "7M42HMZNM7F337G"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "XQ4X5K1TUZRRSHX"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "AM2HUDSW2UDDJ35"
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\...\StartupApproved\Run: => "HRFONG9U9TXBT2Q"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
HKU\S-1-5-21-3149856289-15504586-2066733169-1001\Software\Microsoft\Internet Explorer\Main,Start Page = ABOUT:BLANK 
Edge Extension: (Adblock Plus) -> 10_EyeoGmbHAdblockPlus_d55gg7py3s0m0 => C:\Program Files\WindowsApps\EyeoGmbH.AdblockPlus_0.9.11.0_neutral__d55gg7py3s0m0 [not found]
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1414158211&from=cor&uid=SAMSUNGXHM321HI_S265J90B183093183093
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://mail.ru/cnt/10445","hxxp://go.mail.ru/?chverfix=1&fr=chverfix_sg","hxxp://mail.ru/cnt/10445?gp=blackbear7","hxxp://mail.ru/cnt/10445?gp=820031","hxxp://www.yoursearching.com/?type=hp&ts=1450954941&z=10c9cd17e055f208b80b536gdz9w8e0tfw3z4t8cdm&from=brd&uid=SAMSUNGXHM321HI_S265J90B183093183093","hxxp://mail.ru/cnt/10445?gp=801407","hxxp://mail.ru/cnt/10445?gp=801010","hxxp://mail.ru/cnt/10445?gp=821272"
CHR DefaultSearchKeyword: Default -> google.ru_
2018-08-10 15:42 - 2018-07-09 22:09 - 000000000 ____D C:\Program Files\MWY3M2
EmptyTemp:
Reboot:

;uVS v4.0.14 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

delref HTTPS://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?P=MKO_AWFZXIPYRAHDGKBRHOJYN9_5EDL7QPPMXLVOCDRHYVQM9U576TKO5BQ6POVOWZMC1VFT4YX0DH1Q9R_AMCXRS-528GOLW4WBVDX87VTQNHROCR3-9KIQ-V9RU3RZ7FOUU8KI3ZZQXWGV_B_2WODPGNUBE3TYM1LHXIM4EXOXDJKWPHSSCAOHH0EK50
delref HTTPS://NEWTAB.CLUB
delall %SystemRoot%\TEMP\JZKOEBITVPFCRZRE\BPOCLNPRX.EXE
delall %SystemRoot%\TEMP\INLCPPNPCTGODNIY\PEADILODD.EXE
delall %SystemDrive%\PROGRAMDATA\WINDOWSMENU\WESTAT.EXE
delall %SystemDrive%\PROGRAM FILES (X86)\YKZSZAYRFZZSC\CVCVUWZ.DLL
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\DUOZAP.REG
delall %SystemDrive%\PROGRAM FILES (X86)\LWUEOSHGOBPOUROJZER\FADMHUO.DLL
delall %SystemDrive%\PROGRAMDATA\BQLRBDPGLIGGRXVB\GKUZXPL.WSF
delall %SystemDrive%\PROGRAM FILES (X86)\AOPBTRQYU\IEQXEO.DLL
delall %SystemDrive%\PROGRAM FILES (X86)\SJUIFJJOVMHU2\IINEUQNXPESOM.DLL
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\JOB-LIGHT.REG
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\RONCOF.REG
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\STATLIGHT.REG
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\TAMPSANTRAX.REG
delall %SystemDrive%\PROGRAMDATA\VOYASOLLAM\TEMPCOM.REG
delref HTTP://OVGORSKIY.RU
delref HTTP://WWW.SWEET-PAGE.COM/?TYPE=HP&TS=1414158211&FROM=COR&UID=SAMSUNGXHM321HI_S265J90B183093183093
apply

regt 27
deltmp
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE15\OLICENSEHEARTBEAT.EXE
delref {9F2B0085-9218-42A1-88B0-9F0E65851666}\[CLSID]
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref {5AA199A0-1CED-43A5-9B85-3226086738A3}\[CLSID]
delref {DEF03232-9688-11E2-BE7F-B4B52FD966FF}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\REMPL\REMSH.EXE
delref %Sys32%\EOSNOTIFY.EXE
delref %Sys32%\NOTIFIER.EXE
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\APPVETWCLIENTRES.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCLR.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DXGMMS2.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SMBDIRECT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {19916E01-B44E-4E31-94A4-4696DF46157B}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\[CLSID]
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref %Sys32%\HVSICONTAINERSERVICE.DLL
delref %Sys32%\WINDOWSANYTIMEUPGRADERESULTS.EXE
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref %Sys32%\BLANK.HTM
delref SMART MOUNT SHELL EXTENSION\[CLSID]
delref {472083B0-C522-11CF-8763-00608CC02F24}\[CLSID]
delref %Sys32%\DRIVERS\HDAUDADDSERVICE.SYS
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref %Sys32%\DRIVERS\USBAUDIO.SYS
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\MSMIRADISP.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE_64.DLL
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %Sys32%\IGFXOSP.DLL
delref %Sys32%\CHTADVANCEDDS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemRoot%\SYSWOW64\TTLSEXT.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemRoot%\SYSWOW64\WBEM\KEYBOARDFILTERWMI.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemRoot%\SYSWOW64\PERCEPTIONSIMULATIONEXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\KI127176.INF_AMD64_86C658CABFB17C9C\IGFXEXPS32.DLL
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.29.1\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\AZBJTDWTZIE\XYNZJYUIRU.EXE
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemRoot%\SYSWOW64\RMSROAMINGSECURITY.DLL
delref %SystemRoot%\SYSWOW64\SYSTEMSETTINGSBROKER.EXE
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemRoot%\SYSWOW64\CONNECTEDSTORAGESERVICE.PROXYSTUB.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
;-------------------------------------------------------------

restart