HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\StartupApproved\Run: => "MinerGateGui"
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\StartupApproved\Run: => "Discord"
FirewallRules: [{2571C056-46B0-4EDC-A9AD-EF3C53B01C10}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe => No File
FirewallRules: [{AA18A938-6F44-4F5A-B308-94043F64B624}] => (Allow) C:\Program Files (x86)\Zona\Zona.exe => No File
FirewallRules: [TCP Query User{40F4AC03-1576-4916-9ACE-65269E98DEFF}C:\program files (x86)\zona\jre\bin\javaw.exe] => (Block) C:\program files (x86)\zona\jre\bin\javaw.exe => No File
FirewallRules: [UDP Query User{A17F4F33-03FC-4826-9B0C-D8738D8388BC}C:\program files (x86)\zona\jre\bin\javaw.exe] => (Block) C:\program files (x86)\zona\jre\bin\javaw.exe => No File
FirewallRules: [TCP Query User{BBFF876C-026B-4DC1-B0EC-045922709343}C:\program files (x86)\zona\zona.exe] => (Block) C:\program files (x86)\zona\zona.exe => No File
FirewallRules: [UDP Query User{DD71E6FC-96B0-4495-842C-4BCFC4B4E51F}C:\program files (x86)\zona\zona.exe] => (Block) C:\program files (x86)\zona\zona.exe => No File
FirewallRules: [{821F5C00-3647-42E7-8EB5-46BD1422736D}] => (Block) LPort=139
FirewallRules: [{42D4972C-5D67-4FCE-A0F1-2EFD9BEDB485}] => (Block) LPort=445
FirewallRules: [{6B2F7E78-880D-489C-B3C3-4839A1712AB0}] => (Block) LPort=445
FirewallRules: [{3708742E-F2BA-4EAC-A2EE-A7DB4F233FDF}] => (Block) LPort=139
FirewallRules: [{5549379D-DA8A-4B4C-96F2-54DA635F711D}] => (Allow) LPort=3389
FirewallRules: [{C35EB250-9306-4924-951D-63CC740A1356}] => (Allow) LPort=3389
FirewallRules: [TCP Query User{9072CAA6-5BA1-4174-9008-61D7204B0412}D:\aliens colonial marines\binaries\win32\acm.exe] => (Allow) D:\aliens colonial marines\binaries\win32\acm.exe => No File
FirewallRules: [UDP Query User{41A38DB1-C80D-43EA-8E73-8E48ADD93003}D:\aliens colonial marines\binaries\win32\acm.exe] => (Allow) D:\aliens colonial marines\binaries\win32\acm.exe => No File
FirewallRules: [{F2927657-F2B2-4148-BAF1-D1ABEB7557F2}] => (Allow) C:\Users\zz\AppData\Local\Programs\Opera\70.0.3728.178\opera.exe => No File
FirewallRules: [{758C5FC1-E755-465D-82BD-089486920C71}] => (Allow) C:\Users\zz\AppData\Local\Programs\Opera\70.0.3728.189\opera.exe => No File
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [1] eav_trial_rus.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [2] avast_free_antivirus_setup_online.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [3] eis_trial_rus.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [4] essf_trial_rus.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [5] hitmanpro_x64.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [6] ESETOnlineScanner_UKR.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [7] ESETOnlineScanner_RUS.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [8] HitmanPro.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [9] 360TS_Setup_Mini.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [10] Cezurity_Scanner_Pro_Free.exe
HKU\S-1-5-21-863895609-1658055285-2912962486-1001\...\Policies\Explorer\DisallowRun: [11] Cube.exe
GroupPolicy: Restriction ? <==== ATTENTION
Task: {16DEA092-FB0C-40D0-AE20-0536BECC21D9} - \Microsoft\Windows\EDP\EDP App Launch Task -> No File <==== ATTENTION
Task: {1B65DD58-D16B-45E8-BEB4-94D7E4D64DF7} - \Microsoft\Windows\EDP\EDP Auth Task -> No File <==== ATTENTION
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird => not found
2020-10-11 11:17 - 2020-10-11 11:17 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2020-10-11 10:54 - 2020-10-11 11:54 - 000000000 ____D C:\Program Files\ESET
2020-10-11 10:53 - 2020-10-11 10:53 - 000000000 ____D C:\Users\Все пользователи\ESET
2020-10-11 10:53 - 2020-10-11 10:53 - 000000000 ____D C:\ProgramData\ESET
2020-10-11 18:05 - 2020-08-26 12:26 - 000000000 __SHD C:\AdwCleaner
2020-08-26 12:26 C:\KVRT_Data
2020-08-26 12:26 C:\Program Files\AVAST Software
2020-08-26 12:26 C:\Program Files\AVG
2020-08-26 12:26 C:\Program Files\ByteFence
2020-08-26 12:26 C:\Program Files\Cezurity
2020-08-26 12:26 C:\Program Files\COMODO
2020-08-26 12:26 C:\Program Files\Enigma Software Group
2020-08-26 12:26 C:\Program Files\Kaspersky Lab
2020-08-26 12:26 C:\Program Files\Malwarebytes
2020-08-26 12:26 C:\Program Files\SpyHunter
2020-08-26 12:26 C:\Program Files (x86)\360
2020-08-26 12:26 C:\Program Files (x86)\AVAST Software
2020-08-26 12:26 C:\Program Files (x86)\AVG
2020-08-26 12:26 C:\Program Files (x86)\Cezurity
2020-08-26 12:26 C:\Program Files (x86)\GRIZZLY Antivirus
2020-08-26 12:26 C:\Program Files (x86)\Kaspersky Lab
2020-08-26 12:26 C:\Program Files (x86)\Microsoft JDX
2020-08-26 12:26 C:\Program Files (x86)\Panda Security
2020-08-26 12:26 C:\Program Files (x86)\SpyHunter
2020-08-26 12:26 C:\Windows\speechstracing
2020-08-26 12:26 C:\Program Files\Common Files\McAfee
2020-08-26 12:26 C:\ProgramData\360safe
2020-08-26 12:26 C:\ProgramData\AVAST Software
2020-08-26 12:26 C:\ProgramData\Doctor Web
2020-08-26 12:26 C:\ProgramData\grizzly
2020-08-26 12:26 C:\ProgramData\Indus
2020-08-26 12:26 C:\ProgramData\Kaspersky Lab
2020-08-26 12:26 C:\ProgramData\Kaspersky Lab Setup Files
2020-08-26 12:26 C:\ProgramData\Malwarebytes
2020-08-26 12:26 C:\ProgramData\MB3Install
2020-08-26 12:26 C:\ProgramData\McAfee
2020-08-26 12:26 C:\ProgramData\Norton
2020-08-26 12:26 C:\Users\Все пользователи\360safe
2020-08-26 12:26 C:\Users\Все пользователи\AVAST Software
2020-08-26 12:26 C:\Users\Все пользователи\Doctor Web
2020-08-26 12:26 C:\Users\Все пользователи\grizzly
2020-08-26 12:26 C:\Users\Все пользователи\Indus
2020-08-26 12:26 C:\Users\Все пользователи\Kaspersky Lab
2020-08-26 12:26 C:\Users\Все пользователи\Kaspersky Lab Setup Files
2020-08-26 12:26 C:\Users\Все пользователи\Malwarebytes
2020-08-26 12:26 C:\Users\Все пользователи\MB3Install
2020-08-26 12:26 C:\Users\Все пользователи\McAfee
2020-08-26 12:26 C:\Users\Все пользователи\Norton


EmptyTemp:
Reboot:

;uVS v4.11 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
deltmp
regt 26
regt 38
restart
;---------command-block---------
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DLDGPJDIADOMHINPIMGCHMEEMBBGOJNJK%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://WWW.GOOGLE.COM/SEARCH?HL=RU&Q={SEARCHTERMS}
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref %Sys32%\BLANK.HTM
delref %SystemDrive%\USERS\ZZ\DESKTOP\НОВАЯ ПАПКА (4)\MBAMINSTALLERSERVICE.EXE
apply

;uVS v4.11 [http://dsrt.dyndns.org:8888]
;Target OS: NTv6.1
v400c
OFFSGNSAVE
;------------------------autoscript---------------------------

deldirex %SystemDrive%\PROGRAM FILES\BTCLIENT\BTCLIENT\1.4.2.8

deldirex %SystemDrive%\PROGRAM FILES\LOVIVIDEO

deldirex %SystemDrive%\PROGRAM FILES\MAIL.RU\UPDATE SERVICE

deldirex %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\BABYLONTOOLBAR\BABYLONTOOLBAR\1.3.22.2

deldirex %SystemDrive%\PROGRAM FILES\BTCLIENT\BTCLIENT

deldirex %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\USERS\UPDATUSUSER\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER

deldirex %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\AMIGO\APPLICATION

delref %SystemDrive%\PROGRAM FILES\MAIL.RU\MAILRUUPDATER\MAILRUUPDATER.EXE
del %SystemDrive%\PROGRAM FILES\MAIL.RU\MAILRUUPDATER\MAILRUUPDATER.EXE
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\MAIL.RU\MAILRUUPDATER.EXE
del %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\MAIL.RU\MAILRUUPDATER.EXE
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL
del %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\MAIL.RU\SPUTNIK\IESEARCHPLUGIN.DLL
delref HTTP://CLIENTS2.GOOGLE.COM/SERVICE/UPDATE2/CRX?RESPONSE=REDIRECT&PRODVERSION=38.0&X=ID%3DJDFONANKHFNHIHDCPAAGPABBAOCLNJFP%26INSTALLSOURCE%3DONDEMAND%26UC
delref HTTP://MAIL.RU/CNT/10445?GP=811005
delref HTTP://GO.MAIL.RU/DISTIB/EP/?PRODUCT_ID=%7B3E5761D8-2C81-4E5B-B7BD-19A81BD9EBAC%7D&GP=811006
delref HTTP://WWW.YANDEX.RU/?WIN=114&CLID=1950377
delall %SystemDrive%\USERS\3CD8~1\APPDATA\LOCAL\TEMP\HYD78D8.TMP.1452360792\HTA\3RDPARTY\OCCOMSDK.DLL
delref HTTP://WWW.BING.COM/SEARCH?Q={SEARCHTERMS}&SRC=IE-SEARCHBOX&FORM=IESR02
delref HTTP://SEARCH.BABYLON.COM/?Q={SEARCHTERMS}&BABSRC=SP_SS&MNTRID=4E8F0019C1A1B35A&AFFID=121743&TSP=4936
delref HTTP://WWW.QWORD.COM/SEARCH.PHP?Q={SEARCHTERMS}&S=2
delref HTTP://GO.MAIL.RU/DISTIB/EP/?Q={SEARCHTERMS}&PRODUCT_ID=%7B0482ABBE-F7F8-4083-808A-04EF6694BF70%7D&GP=811006
delref HTTP://YAMBLER.NET/?IM
delref HTTP://WWW.QWORD.COM/?S=1
delall %SystemDrive%\TEMP\ABBYY FINEREADER 11\AUTORUN.EXE
delref HTTP://WWW.SPEEDANALYSIS.COM/ADDON.PHP?CID=4096
delref HTTP://WWW.NBGET.COM
delref HTTP://WWW.NBGET.COM/PURCHASE.PHP?UID=PL&SPKT=10000&PTYPE=50
delref HTTP://WWW.QWORD.COM/?S=SM
delref HTTP://WWW.MAIL.RU/CNT/20775012?GP=811000
delref HTTP://R.MAIL.RU/N137257727
delref HTTP://COMMUNITY.VERSALSOFT.COM/
delref HTTP://EN.VERSALSOFT.COM/CONTACT.HTM
delref HTTP://EN.VERSALSOFT.COM/PURCHASE.HTM
delref HTTP://EN.VERSALSOFT.COM
delref HTTP://FILEDOWNLOAD.VERSALSOFT.COM
delref HTTP://FILEDOWNLOAD.VERSALSOFT.COM/DOWNLOADDEMO/FILEDOWNLOADDEMO.ASP
apply

;-------------------------------------------------------------

deltmp
regt 26
regt 38
exec MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0}
uidel MsiExec.exe /I{26A24AE4-039D-4CA4-87B4-2F83218025F0}
restart
;---------command-block---------
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\GRAND MEDIA\DOWNLOAD STUDIO\DATA\DHT6.DAT
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\GRAND MEDIA\DOWNLOAD STUDIO\DATA\COOKIES.DAT
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\7B66EFD123BA1FFC669872A32AF95826\3141F81BAE4C0B148B062719FA8B34EE17866665
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\B2564CA1A8EAFAE904E144874022EBF9\WINDOWS6.1-KB4486563-X86.CAB
delref %SystemRoot%\SOFTWAREDISTRIBUTION\DOWNLOAD\F8BE6D99CFF317EEE242B6B1B4FFFC87\44F6F484E1A034E98517BB33BC04873AE79F3A3C
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\BABYLONTOOLBAR\BABYLONTOOLBAR\1.3.22.2\BTCLIENT.EXE
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\BABYLONTOOLBAR\BABYLONTOOLBAR\1.3.22.2\BTSETUP.EXE
delref %SystemDrive%\PROGRAM FILES\LENOVO\CUSTOMER FEEDBACK PROGRAM 35\LENOVO.TVT.CUSTOMERFEEDBACK.AGENT35.EXE
delref {23E5D772-327A-42F5-BDEE-C65C6796BB2A}\[CLSID]
delref {177AFECE-9599-46CF-90D7-68EC9EEB27B4}\[CLSID]
delref {CEF51277-5358-477B-858C-4E14F0C80BF7}\[CLSID]
delref {59116E30-02BD-4B84-BA1E-5D77E809B1A2}\[CLSID]
delref E:\SETUP.EXE
delref %SystemDrive%\PROGRAM FILES\FREETIME\FORMATFACTORY\FFMODULES\FILTERS\HAALI\DXR.DLL
delref %Sys32%\DRIVERS\RDVGKMD.SYS
delref %SystemDrive%\PROGRA~2\BITGUARD\271832~1.68\{C16C1~1\BITGUARD.DLL
delref {98889811-442D-49DD-99D7-DC866BE87DBC}\[CLSID]
delref %SystemDrive%\PROGRAM FILES\VK OK ADBLOCK\IEEF\OZXJ72.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref %SystemDrive%\USERS\UPDATUSUSER\APPDATA\LOCALLOW\UNITY\WEBPLAYER\LOADER\UNITYWEBPLUGINAX.OCX
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\MSSPELLCHECKINGFACILITY.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %Sys32%\BLANK.HTM
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref EZCD EXTENSION\[CLSID]
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref %Sys32%\DRIVERS\RTS5121.SYS
delref %Sys32%\DRIVERS\RTS516XIR.SYS
delref %Sys32%\DRIVERS\RTS5161CCID.SYS
delref %Sys32%\PSXSS.EXE
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO350.DLL
delref %SystemDrive%\BVTBIN\TESTS\INSTALLPACKAGE\CBSTEST\X86\CSITEST.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\ADOBE\SHELL\AIICON.DLL
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\YANDEX\UPDATER2\U2-CTRL.EXE
delref F:\COREL\GRAPHICS12\PROGRAMSD\CORELDRW.DLL
delref %Sys32%\SHAREMEDIACPL.CPL
delref %SystemDrive%\PROGRAM FILES\FREETIME\FORMATFACTORY\FFMODULES\FILTERS\HAALI\OGM.DLL
delref F:\HTC_SYNC_MANAGER_PC.EXE
delref H:\ISTUDIO.EXE
delref G:\HTC_SYNC_MANAGER_PC.EXE
delref G:\IMDAPP.EXE
delref H:\AUTORUN.EXE
delref %SystemDrive%\PROGRAM FILES\OPERA\OPERA.EXE
delref {5AE58FCF-6F6A-49B2-B064-02492C66E3F4}\[CLSID]
delref {7854F00C-DC77-477E-A10E-603F48442D3B}\[CLSID]
delref %SystemDrive%\PST\PST04B016-1.EXE
delref %SystemDrive%\PROGRAMDATA\BITGUARD\2.7.1832.68\{C16C1CCB-7046-4E5C-A2F3-533AD2FEC8E8}\UNINSTALL.EXE
delref %SystemDrive%\USERS\МУЗАФФАР\APPDATA\LOCAL\AMIGO\APPLICATION\AMIGO.EXE
delall %SystemDrive%\PROGRAM FILES\BTCLIENT\BTCLIENT\UPDT.JS
delall %SystemDrive%\PROGRAM FILES\MALWAREBYTES\QT5HELP.DLL
delall %SystemDrive%\PROGRAM FILES\MALWAREBYTES\QT5WINEXTRAS.DLL
delall %SystemDrive%\PROGRAM FILES\OPENDNS\API-MS-WIN-CORE-TIMEZONE-L1-1-0.DLL
delall %SystemDrive%\PROGRAM FILES\OPENDNS\CLI.EXE
delall %SystemDrive%\PROGRAMDATA\VMWARE\VMWARE TOOLS\VMTOOLSD.EXE
apply