CMD: Type C:\Windows\wotsuper.reg
C:\Windows\wotsuper.reg
C:\Program Files (x86)\Beo
C:\Users\27845\AppData\Local\Temp\3184765357.exe
C:\Users\27845\AppData\Local\Temp\msbd4xpflf1
C:\Users\27845\AppData\Local\Temp\ulq4x0uyp0p
C:\Users\27845\AppData\Local\Temp\ypiu4vd4gnz
HKLM\...\RunOnce: [k4ksywwbmgn] => C:\Program Files (x86)\Beo\90678640.exe [615424 2020-01-15] () [File not signed]
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {09da0e7a-84c6-11e9-a533-8c89a59f49e3} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\...\MountPoints2: {9a5b42c6-9931-11e9-a537-d46e0e010e39} - "N:\Setup.exe"
HKU\S-1-5-21-1433173932-3963356919-369050832-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxl1oRC_xS3_uy7wBCFXcBUJsi9iCnwRohuO6nwNkfBWrhragj_BDnL2aIerEGzk8Q_o3EmaJ4jBImulj6m0f6VAeMDWwyJo2ThWXgeO8RwE62FnfOmrf5zvogV_fw1DvWXBMCSIV46r4dRRBUB80X4YhJCU9WNOq_Y-iyMBumA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1433173932-3963356919-369050832-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2020-01-10] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2020-01-10] <==== ATTENTION
FF Homepage: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\q6lhne0s.default -> file:///C:/ProgramData/Voyasollams/ff.NT
FF HomepageOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: homepage@mail.ru
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: {a38384b3-2d1d-4f36-bc22-0f7ae402bcd7}
FF NewTabOverride: Mozilla\Firefox\Profiles\q6lhne0s.default -> Enabled: search@mail.ru
S1 bkwzglic; \??\C:\Windows\system32\drivers\bkwzglic.sys [X]
2020-01-16 21:23 - 2020-01-16 21:23 - 000001756 _____ C:\Users\27845\Desktop\Garbage Cleaner.lnk
2020-01-16 21:20 - 2020-01-16 21:23 - 000000000 ____D C:\ProgramData\Garbage Cleaner
2020-01-16 15:02 - 2020-01-17 11:13 - 000000000 ____D C:\ProgramData\0KZNVGKEGG770ZJSKZHSHS2JP
2020-01-16 15:02 - 2020-01-16 15:02 - 000000000 ____D C:\Program Files (x86)\wotsuper
2020-01-15 19:21 - 2020-01-16 09:43 - 000000000 ____D C:\ProgramData\7M9M0TDBY4L4O1J2VR5AJDFY8
2020-01-15 15:32 - 2020-01-15 15:36 - 000000000 ____D C:\ProgramData\CGQNHC7T6GKTA6UOU2Z8NT2CK
2020-01-15 15:23 - 2020-01-15 15:26 - 000000000 ____D C:\ProgramData\J2SZZ27BLSEH18K6HW3G3NPII
2020-01-15 15:12 - 2020-01-15 15:15 - 000000000 ____D C:\ProgramData\L2W3LCU7AVIGVJJD5AD4WP8JU
2020-01-15 15:02 - 2020-01-15 15:05 - 000000000 ____D C:\ProgramData\DSI2XKSEKNN8MWE1E8D9QKCDM
2020-01-15 14:25 - 2020-01-15 14:55 - 000000000 ____D C:\ProgramData\CS82ZZ0S0XZRNNXEASNVYWCJ7
2020-01-15 14:15 - 2020-01-15 14:15 - 000000000 ____D C:\ProgramData\456C36BR2D44WJ1NQSTUJUKC6
2020-01-15 13:58 - 2020-01-15 13:58 - 000602112 _____ C:\Windows\system32\e92G0.exe
2020-01-15 12:13 - 2020-01-15 12:14 - 000000000 ____D C:\ProgramData\KZEVI3HGKU5TA6T9NL28EXZEQ
2020-01-15 12:05 - 2020-01-15 12:06 - 000000000 ____D C:\ProgramData\KUKPX4VLJ67XYC1SDHJVWYVW6
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:32 - 2020-01-15 11:32 - 000000000 ____D C:\Windows\SysWOW64\jwvaxflh
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ C:\Users\27845\AppData\Local\Zimsoft.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000602112 _____ C:\Windows\system32\61dzW5w9.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 006504336 ____N C:\Windows\system32\Drivers\Wdf66150.sys
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000000000 ____D C:\ProgramData\I2PWNYQQ6KB0AOEUMD6APQ8KB
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:29 - 2020-01-15 11:30 - 000000000 ____D C:\Program Files (x86)\Beo
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ C:\Users\27845\AppData\Roaming\scvrrv.exe
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2019-12-20 16:11 - 2019-12-20 16:11 - 000000450 _____ C:\Windows\wotsuper.reg
2020-01-16 14:27 - 2019-11-11 09:56 - 000032768 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-shm
2020-01-16 14:27 - 2019-11-11 09:55 - 000032768 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.browser_extension_registry.kvdb-shm
2020-01-16 12:46 - 2019-11-11 09:56 - 000086552 _____ C:\Windows\SysWOW64\antimalware.patch_management.product_registry.kvdb-wal
2020-01-06 13:32 - 2019-11-11 09:55 - 000057712 _____ C:\Windows\SysWOW64\antimalware.unwanted_products.product_registry.kvdb-wal
2018-09-15 09:28 - 2018-09-15 09:28 - 000232960 ___SH () C:\Users\27845\AppData\Roaming\dthritw
2020-01-15 11:26 - 2020-01-15 11:26 - 016061440 _____ () C:\Users\27845\AppData\Roaming\ervdetbrvyb.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000000270 ___SH () C:\Users\27845\AppData\Roaming\scdsvfc
2020-01-15 11:27 - 2020-01-15 11:28 - 001728000 _____ () C:\Users\27845\AppData\Roaming\scvrrv.exe
2018-09-15 09:28 - 2018-09-15 09:28 - 000314570 ___SH () C:\Users\27845\AppData\Roaming\trtcjua
2020-01-15 11:31 - 2020-01-15 11:31 - 008460288 _____ () C:\Users\27845\AppData\Local\agent.dat
2020-01-15 11:30 - 2020-01-15 11:30 - 000044032 _____ () C:\Users\27845\AppData\Local\ApplicationHosting.dat
2020-01-15 11:30 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Bioflex.exe
2020-01-15 11:30 - 2020-01-15 11:30 - 000068317 _____ () C:\Users\27845\AppData\Local\Bioflex.tst
2020-01-15 11:31 - 2020-01-15 11:31 - 000070992 _____ () C:\Users\27845\AppData\Local\Config.xml
2020-01-15 11:30 - 2020-01-15 11:30 - 000140800 _____ () C:\Users\27845\AppData\Local\installer.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 001895384 _____ () C:\Users\27845\AppData\Local\Istech.bin
2020-01-15 11:30 - 2020-01-15 11:30 - 000126464 _____ () C:\Users\27845\AppData\Local\lobby.dat
2020-01-15 11:30 - 2020-01-15 11:31 - 000005568 _____ () C:\Users\27845\AppData\Local\md.xml
2020-01-15 11:31 - 2020-01-15 11:31 - 000126464 _____ () C:\Users\27845\AppData\Local\noah.dat
2020-01-15 11:32 - 2020-01-15 11:32 - 000032038 _____ () C:\Users\27845\AppData\Local\uninstall_temp.ico
2020-01-15 11:31 - 2020-01-15 11:29 - 001767424 _____ () C:\Users\27845\AppData\Local\Zimsoft.exe
2020-01-15 11:31 - 2020-01-15 11:31 - 002157848 _____ () C:\Users\27845\AppData\Local\Zimsoft.tst
ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} =>  -> No File
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} =>  -> No File
AlternateDataStreams: C:\Users\27845\OneDrive:${3D0CE612-FDEE-43f7-8ACA-957BEC0CCBA0}.SyncRootIdentity [130]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
EmptyTemp:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: