Skip to content

Instantly share code, notes, and snippets.

/evilMs.log Secret

Created October 15, 2015 05:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save anonymous/b0d33a223791508fee0a to your computer and use it in GitHub Desktop.
Save anonymous/b0d33a223791508fee0a to your computer and use it in GitHub Desktop.
evilMs.log
[i] Uninstall evil M$ updates..
[11:05:00.30] Uninstall update KB3080149..
[11:05:01.18] Update KB3080149 not installed
[11:05:01.18] Uninstall update KB3075249..
[11:05:01.99] Update KB3075249 not installed
[11:05:01.99] Uninstall update KB2952664..
[11:05:02.82] Update KB2952664 not installed
[11:05:02.82] Uninstall update KB3035583..
[11:05:03.65] Update KB3035583 not installed
[11:05:03.65] Uninstall update KB3068708..
[11:05:04.48] Update KB3068708 not installed
[11:05:04.48] Uninstall update KB3022345..
[11:05:05.30] Update KB3022345 not installed
[11:05:05.30] Uninstall update KB3021917..
[11:05:06.13] Update KB3021917 not installed
[11:05:06.13] Uninstall update KB2976978..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[11:05:08.49] Uninstall update KB3044374..
[11:05:09.32] Update KB3044374 not installed
[11:05:09.32] Uninstall update KB2990214..
[11:05:10.15] Update KB2990214 not installed
[11:05:10.15] Uninstall update KB971033..
[11:05:10.98] Update KB971033 not installed
[11:05:10.98] Uninstall update KB3075851..
[11:05:11.79] Update KB3075851 not installed
[11:05:11.81] Uninstall update KB3065988..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[11:05:13.51] Uninstall update KB3083325..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[11:05:15.26] Uninstall update KB3083324..
[11:05:16.08] Update KB3083324 not installed
[11:05:16.08] Uninstall update KB3075853..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[11:05:17.86] Uninstall update KB3065987..
[11:05:18.70] Update KB3065987 not installed
[11:05:18.70] Uninstall update KB3050265..
[11:05:19.51] Update KB3050265 not installed
[11:05:19.51] Uninstall update KB3050267..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[11:05:21.26] Uninstall update KB3046480..
[Error] Cannot disable updates: Update your PowerShell or install PowerShell module 'PSWindowsUpdate'
[i] Disable (hide) uninstalled updates..
[Notice] It can take a lot of time - wait please, or use -d flag for disable this feature..
[11:05:23.02] Disable updates: KB3080149,KB3075249,KB2952664,KB3035583,KB3068708,KB3022345,KB3021917,KB2976978,KB3044374,KB2990214,KB971033,KB3075851,KB3065988,KB3083325,KB3083324,KB3075853,KB3065987,KB3050265,KB3050267,KB3046480..
[11:07:23.78] Updates successfully DISABLED
[i] Disable some windows tasks..
[11:07:23.79] Disable task \Microsoft\Windows\Application Experience\AitAgent
[11:07:23.81] Disable task \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
[11:07:23.83] Disable task \Microsoft\Windows\Application Experience\ProgramDataUpdater
[11:07:23.84] Disable task \Microsoft\Windows\Autochk\Proxy
[11:07:23.84] Disable task \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
[11:07:23.86] Disable task \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask
[11:07:23.87] Disable task \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
[11:07:23.89] Disable task \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
[11:07:23.90] Disable task \Microsoft\Windows\PI\Sqm-Tasks
[11:07:23.92] Disable task \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
[11:07:23.94] Disable task \Microsoft\Windows\Windows Error Reporting\QueueReporting
[11:07:23.94] Disable task \Microsoft\Windows\Maintenance\WinSAT
[11:07:23.95] Disable task \Microsoft\Windows\Media Center\ActivateWindowsSearch
[11:07:23.97] Disable task \Microsoft\Windows\Media Center\ConfigureInternetTimeService
[11:07:23.98] Disable task \Microsoft\Windows\Media Center\DispatchRecoveryTasks
[11:07:24.00] Disable task \Microsoft\Windows\Media Center\ehDRMInit
[11:07:24.00] Disable task \Microsoft\Windows\Media Center\InstallPlayReady
[11:07:24.01] Disable task \Microsoft\Windows\Media Center\mcupdate
[11:07:24.03] Disable task \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
[11:07:24.04] Disable task \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
[11:07:24.06] Disable task \Microsoft\Windows\Media Center\OCURActivate
[11:07:24.06] Disable task \Microsoft\Windows\Media Center\OCURDiscovery
[11:07:24.08] Disable task \Microsoft\Windows\Media Center\PBDADiscovery
[11:07:24.09] Disable task \Microsoft\Windows\Media Center\PBDADiscoveryW1
[11:07:24.11] Disable task \Microsoft\Windows\Media Center\PBDADiscoveryW2
[11:07:24.12] Disable task \Microsoft\Windows\Media Center\PvrRecoveryTask
[11:07:24.12] Disable task \Microsoft\Windows\Media Center\PvrScheduleTask
[11:07:24.14] Disable task \Microsoft\Windows\Media Center\RegisterSearch
[11:07:24.15] Disable task \Microsoft\Windows\Media Center\ReindexSearchRoot
[11:07:24.17] Disable task \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
[11:07:24.19] Disable task \Microsoft\Windows\Media Center\UpdateRecordPath
[i] Disable services..
[11:07:24.20] Disable service 'Diagtrack'
[11:07:24.20] Service 'Diagtrack' not installed
[11:07:24.20] Disable service 'dmwappushservice'
[11:07:24.22] Service 'dmwappushservice' not installed
[11:07:24.22] Disable service 'WerSvc'
[11:07:24.23] Service 'WerSvc' disabled successful
[i] Block M$ servers IP addresses..
[11:07:24.25] Block route to 111.221.29.177
[11:07:24.26] Block route to 111.221.29.253
[11:07:24.26] Block route to 131.253.40.37
[11:07:24.28] Block route to 134.170.30.202
[11:07:24.28] Block route to 134.170.115.60
[11:07:24.29] Block route to 134.170.165.248
[11:07:24.29] Block route to 134.170.165.253
[11:07:24.31] Block route to 134.170.185.70
[11:07:24.33] Block route to 137.116.81.24
[11:07:24.33] Block route to 137.117.235.16
[11:07:24.34] Block route to 157.55.129.21
[11:07:24.34] Block route to 157.55.133.204
[11:07:24.36] Block route to 157.56.121.89
[11:07:24.36] Block route to 157.56.91.77
[11:07:24.37] Block route to 168.63.108.233
[11:07:24.39] Block route to 184.86.56.12
[11:07:24.39] Block route to 185.13.160.61
[11:07:24.40] Block route to 191.232.139.254
[11:07:24.40] Block route to 191.232.80.58
[11:07:24.42] Block route to 191.232.80.62
[11:07:24.42] Block route to 191.237.208.126
[11:07:24.44] Block route to 204.79.197.200
[11:07:24.44] Block route to 207.46.101.29
[11:07:24.45] Block route to 207.46.114.58
[11:07:24.45] Block route to 207.46.223.94
[11:07:24.47] Block route to 207.68.166.254
[11:07:24.48] Block route to 212.30.134.204
[11:07:24.48] Block route to 212.30.134.205
[11:07:24.50] Block route to 23.102.21.4
[11:07:24.50] Block route to 23.99.10.11
[11:07:24.51] Block route to 23.218.212.69
[11:07:24.51] Block route to 64.4.54.22
[11:07:24.53] Block route to 64.4.54.32
[11:07:24.53] Block route to 64.4.6.100
[11:07:24.54] Block route to 65.39.117.230
[11:07:24.54] Block route to 65.52.100.11
[11:07:24.56] Block route to 65.52.100.7
[11:07:24.58] Block route to 65.52.100.9
[11:07:24.58] Block route to 65.52.100.91
[11:07:24.59] Block route to 65.52.100.92
[11:07:24.59] Block route to 65.52.100.93
[11:07:24.61] Block route to 65.52.100.94
[11:07:24.61] Block route to 65.52.108.29
[11:07:24.62] Block route to 65.55.108.23
[11:07:24.62] Block route to 65.55.138.114
[11:07:24.64] Block route to 65.55.138.126
[11:07:24.65] Block route to 65.55.138.186
[11:07:24.65] Block route to 65.55.252.63
[11:07:24.67] Block route to 65.55.252.71
[11:07:24.67] Block route to 65.55.252.92
[11:07:24.69] Block route to 65.55.252.93
[11:07:24.69] Block route to 65.55.29.238
[11:07:24.70] Block route to 65.55.39.10
[i] Add blocked IP adressess to firewall rule..
[11:07:24.83] IP adresses blocked with firewall rule 'Block MS Telemetry': '111.221.29.177,111.221.29.253,131.253.40.37,134.170.30.202,134.170.115.60,134.170.165.248,134.170.165.253,134.170.185.70,137.116.81.24,137.117.235.16,157.55.129.21,157.55.133.204,157.56.121.89,157.56.91.77,168.63.108.233,184.86.56.12,185.13.160.61,191.232.139.254,191.232.80.58,191.232.80.62,191.237.208.126,204.79.197.200,207.46.101.29,207.46.114.58,207.46.223.94,207.68.166.254,212.30.134.204,212.30.134.205,23.102.21.4,23.99.10.11,23.218.212.69,64.4.54.22,64.4.54.32,64.4.6.100,65.39.117.230,65.52.100.11,65.52.100.7,65.52.100.9,65.52.100.91,65.52.100.92,65.52.100.93,65.52.100.94,65.52.108.29,65.55.108.23,65.55.138.114,65.55.138.126,65.55.138.186,65.55.252.63,65.55.252.71,65.55.252.92,65.55.252.93,65.55.29.238,65.55.39.10'
[i] Find and add M$ domains to HOSTS file (block)..
[11:07:24.87] Domain msedge.net ADDED
[11:07:24.90] Domain a-msedge.net ADDED
[11:07:24.92] Domain a-0001.a-msedge.net ADDED
[11:07:24.94] Domain a-0002.a-msedge.net ADDED
[11:07:24.95] Domain a-0003.a-msedge.net ADDED
[11:07:24.97] Domain a-0004.a-msedge.net ADDED
[11:07:24.98] Domain a-0005.a-msedge.net ADDED
[11:07:24.98] Domain a-0006.a-msedge.net ADDED
[11:07:25.00] Domain a-0007.a-msedge.net ADDED
[11:07:25.01] Domain a-0008.a-msedge.net ADDED
[11:07:25.01] Domain a-0009.a-msedge.net ADDED
[11:07:25.03] Domain a1095.g2.akamai.net ADDED
[11:07:25.05] Domain ad.doubleclick.net ADDED
[11:07:25.06] Domain adnexus.net ADDED
[11:07:25.06] Domain adnxs.com ADDED
[11:07:25.08] Domain secure.adnxs.com ADDED
[11:07:25.09] Domain m.adnxs.com ADDED
[11:07:25.09] Domain ads1.msads.net ALREADY added
[11:07:25.11] Domain ads1.msn.com ADDED
[11:07:25.12] Domain ads2.msn.com ADDED
[11:07:25.12] Domain flex.msn.com ALREADY added
[11:07:25.14] Domain g.msn.com ADDED
[11:07:25.15] Domain h2.msn.com ADDED
[11:07:25.17] Domain h1.msn.com ADDED
[11:07:25.17] Domain a.ads1.msn.com ADDED
[11:07:25.19] Domain a.ads2.msn.com ADDED
[11:07:25.20] Domain a.ads2.msads.net ADDED
[11:07:25.20] Domain live.rads.msn.com ADDED
[11:07:25.22] Domain ads2.msn.com.c.footprint.net ADDED
[11:07:25.23] Domain apps.skype.com ALREADY added
[11:07:25.23] Domain ui.skype.com ADDED
[11:07:25.25] Domain aka-cdn-ns.adtech.de ADDED
[11:07:25.26] Domain az361816.vo.msecnd.net ADDED
[11:07:25.28] Domain az512334.vo.msecnd.net ADDED
[11:07:25.28] Domain bs.serving-sys.com ADDED
[11:07:25.30] Domain diagnostics.support.microsoft.akadns.net ADDED
[11:07:25.31] Domain diagnostics.support.microsoft.com ADDED
[11:07:25.31] Domain msntest.serving-sys.com ADDED
[11:07:25.33] Domain telemetry.microsoft.com ADDED
[11:07:25.34] Domain ca.telemetry.microsoft.com ADDED
[11:07:25.36] Domain c.msn.com ADDED
[11:07:25.36] Domain aidps.atdmt.com ADDED
[11:07:25.37] Domain view.atdmt.com ADDED
[11:07:25.39] Domain ec.atdmt.com ADDED
[11:07:25.39] Domain c.atdmt.com ALREADY added
[11:07:25.40] Domain db3aqu.atdmt.com ADDED
[11:07:25.42] Domain cdn.atdmt.com ADDED
[11:07:25.42] Domain msftncsi.com ADDED
[11:07:25.44] Domain www.msftncsi.com ADDED
[11:07:25.45] Domain choice.live.com ADDED
[11:07:25.47] Domain choice.microsoft.com ADDED
[11:07:25.47] Domain choice.microsoft.com.nsatc.net ADDED
[11:07:25.48] Domain compatexchange.cloudapp.net ADDED
[11:07:25.50] Domain corpext.msitadfs.glbdns2.microsoft.com ADDED
[11:07:25.50] Domain corp.sts.microsoft.com ADDED
[11:07:25.51] Domain cs1.wpc.v0cdn.net ADDED
[11:07:25.53] Domain df.telemetry.microsoft.com ADDED
[11:07:25.55] Domain e9946.g.akamaiedge.net ADDED
[11:07:25.55] Domain fe2.update.microsoft.com.akadns.net ADDED
[11:07:25.56] Domain fe3.delivery.dsp.mp.microsoft.com.nsatc.net ADDED
[11:07:25.58] Domain microsoft-hohm.com ADDED
[11:07:25.58] Domain feedback.microsoft-hohm.com ADDED
[11:07:25.59] Domain feedback.search.microsoft.com ADDED
[11:07:25.61] Domain feedback.windows.com ADDED
[11:07:25.62] Domain i1.services.social.microsoft.com ADDED
[11:07:25.62] Domain i1.services.social.microsoft.com.nsatc.net ADDED
[11:07:25.64] Domain i.s1.social.ms.akadns.net ADDED
[11:07:25.65] Domain lb1.www.ms.akadns.net ADDED
[11:07:25.67] Domain legacy-redirection-neurope-prod-hp.cloudapp.net ADDED
[11:07:25.67] Domain oca.telemetry.microsoft.com ADDED
[11:07:25.69] Domain oca.telemetry.microsoft.com.nsatc.net ADDED
[11:07:25.70] Domain onesettings-hk2.metron.live.com.nsatc.net ADDED
[11:07:25.70] Domain pre.footprintpredict.com ADDED
[11:07:25.72] Domain preview.msn.com ADDED
[11:07:25.73] Domain ads.msn.com ALREADY added
[11:07:25.73] Domain rad.msn.com ALREADY added
[11:07:25.75] Domain rad.live.com ADDED
[11:07:25.76] Domain b.rad.msn.com ADDED
[11:07:25.76] Domain b.ads2.msads.net ADDED
[11:07:25.78] Domain b.ads1.msn.com ADDED
[11:07:25.80] Domain ac3.msn.com ADDED
[11:07:25.81] Domain a.rad.msn.com ADDED
[11:07:25.81] Domain cds26.ams9.msecn.net ADDED
[11:07:25.83] Domain m.hotmail.com ADDED
[11:07:25.84] Domain secure.flashtalking.com ADDED
[11:07:25.86] Domain static.2mdn.net ADDED
[11:07:25.86] Domain s0.2mdn.net ADDED
[11:07:25.87] Domain redirection.prod.cms.msn.com ADDED
[11:07:25.89] Domain redirection.prod.cms.msn.com.akadns.net ADDED
[11:07:25.89] Domain redir.metaservices.microsoft.com ADDED
[11:07:25.90] Domain redir.metaservices.microsoft.com.akadns.net ADDED
[11:07:25.92] Domain redir.metaservices.microsoft.com.edgesuite.net ADDED
[11:07:25.94] Domain wes.df.telemetry.microsoft.com ADDED
[11:07:25.94] Domain reports.wes.df.telemetry.microsoft.com ADDED
[11:07:25.95] Domain services.wes.df.telemetry.microsoft.com ADDED
[11:07:25.97] Domain settings.data.glbdns2.microsoft.com ADDED
[11:07:25.97] Domain settings.data.microsoft.com ADDED
[11:07:25.98] Domain settings-sandbox.data.glbdns2.microsoft.com ADDED
[11:07:26.00] Domain settings-sandbox.data.microsoft.com ADDED
[11:07:26.01] Domain settings-win.data.microsoft.com ADDED
[11:07:26.01] Domain schemas.microsoft.akadns.net ADDED
[11:07:26.03] Domain siweb.microsoft.akadns.net ADDED
[11:07:26.05] Domain sls.update.microsoft.com.akadns.net ADDED
[11:07:26.05] Domain spynet2.microsoft.akadns.net ADDED
[11:07:26.06] Domain spynet2.microsoft.com ADDED
[11:07:26.08] Domain spynetalt.microsoft.akadns.net ADDED
[11:07:26.09] Domain spynetalt.microsoft.com ADDED
[11:07:26.09] Domain spyneteurope.microsoft.akadns.net ADDED
[11:07:26.11] Domain sqm.df.telemetry.microsoft.com ADDED
[11:07:26.12] Domain sqm.telemetry.microsoft.com ADDED
[11:07:26.12] Domain sqm.telemetry.microsoft.com.nsatc.net ADDED
[11:07:26.14] Domain ssw.live.com ADDED
[11:07:26.15] Domain ssw.live.com.nsatc.net ADDED
[11:07:26.17] Domain s.gateway.messenger.live.com ADDED
[11:07:26.17] Domain statsfe1.ws.microsoft.com ADDED
[11:07:26.19] Domain statsfe1.ws.microsoft.com.nsatc.net ADDED
[11:07:26.20] Domain statsfe2.update.microsoft.com.akadns.net ADDED
[11:07:26.20] Domain statsfe2.ws.microsoft.com ADDED
[11:07:26.22] Domain statsfe2.ws.microsoft.com.nsatc.net ADDED
[11:07:26.23] Domain support.msn.microsoft.akadns.net ADDED
[11:07:26.25] Domain watson.microsoft.com ADDED
[11:07:26.25] Domain survey.watson.microsoft.com ADDED
[11:07:26.26] Domain telecommand.telemetry.microsoft.com ADDED
[11:07:26.28] Domain telecommand.telemetry.microsoft.com.nsatc.net ADDED
[11:07:26.28] Domain telemetry.appex.bing.net ADDED
[11:07:26.30] Domain telemetry.appex.search.prod.ms.akadns.net ADDED
[11:07:26.31] Domain telemetry.urs.microsoft.com ADDED
[11:07:26.33] Domain t.urs.microsoft.com.nsatc.net ADDED
[11:07:26.33] Domain vortex.data.glbdns2.microsoft.com ADDED
[11:07:26.34] Domain vortex.data.metron.live.com.nsatc.net ADDED
[11:07:26.36] Domain vortex-bn2.metron.live.com.nsatc.net ADDED
[11:07:26.36] Domain vortex-cy2.metron.live.com.nsatc.net ADDED
[11:07:26.37] Domain vortex.data.microsoft.com ADDED
[11:07:26.39] Domain vortex-db5.metron.live.com.nsatc.net ADDED
[11:07:26.39] Domain vortex-sandbox.data.glbdns2.microsoft.com ADDED
[11:07:26.40] Domain vortex-sandbox.data.microsoft.com ADDED
[11:07:26.42] Domain vortex-win.data.metron.live.com.nsatc.net ADDED
[11:07:26.44] Domain vortex-win.data.microsoft.com ADDED
[11:07:26.44] Domain watson.live.com ADDED
[11:07:26.45] Domain watson.microsoft.com.nsatc.net ADDED
[11:07:26.47] Domain watson.ppe.telemetry.microsoft.com ADDED
[11:07:26.47] Domain watson.telemetry.microsoft.com ADDED
[11:07:26.48] Domain watson.telemetry.microsoft.com.nsatc.net ADDED
[i] Disable automatic windows update (make search, but you must manually select updates to install)
[i] Exit after 60 seconds, or press any key for exit now
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment