ShellExecuteHooks-x32: No Name - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} -  -> No File
AlternateDataStreams: C:\ProgramData\TEMP:F336C880 [440]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:F336C880 [440]
BHO-x32: No Name -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> No File
BHO-x32: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FirewallRules: [{546F9BAB-96DB-4055-B141-C4DF005E53DC}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F51820DE-A4E1-4022-931C-D803300AFCCA}] => (Allow) C:\Users\Admin\AppData\Roaming\Zoom\bin\Zoom.exe => No File
FirewallRules: [TCP Query User{69BA2096-16E8-42B1-B088-24AEB6AC8AA3}G:\progs\snappy_2019\sdi_x64_r1909.exe] => (Allow) G:\progs\snappy_2019\sdi_x64_r1909.exe => No File
FirewallRules: [UDP Query User{939A1F64-A7FA-41BD-8F3B-F2FEA763B52B}G:\progs\snappy_2019\sdi_x64_r1909.exe] => (Allow) G:\progs\snappy_2019\sdi_x64_r1909.exe => No File
FirewallRules: [TCP Query User{11C209C1-9862-4DCB-A7D3-08A9DEA5659C}C:\users\master\downloads\usr-tcp232-t24-v5.1.1.20 .exe] => (Allow) C:\users\master\downloads\usr-tcp232-t24-v5.1.1.20 .exe => No File
FirewallRules: [UDP Query User{0FA914BB-D842-4006-9C74-B8C9B6C21E1A}C:\users\master\downloads\usr-tcp232-t24-v5.1.1.20 .exe] => (Allow) C:\users\master\downloads\usr-tcp232-t24-v5.1.1.20 .exe => No File
(ESET, spol. s r.o. -> ESET) C:\Users\Admin\AppData\Local\Temp\eset\bts.session\{02D83BBE-5908-558D-2470-15CD5D0DCED3}\BootHelper.exe
(ESET, spol. s r.o. -> ESET) 
HKLM\...\RunOnce: [AvRepair] => "C:\Program Files\Avast Software\Avast\setup\instup.exe" /instop:repair /wait
Task: {077333D6-06BA-4EA4-BDF4-1CD1439558F2} - \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask -> No File <==== ATTENTION
R3 esihdrv; C:\Users\Admin\AppData\Local\Temp\esihdrv.sys [205464 2020-11-03] (ESET, spol. s r.o. -> ESET) <==== ATTENTION


EmptyTemp:
Reboot:

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
FirewallRules: [{BC11B804-C64B-438C-844A-EE942A0021C8}] => (Block) LPort=139
FirewallRules: [{781603CC-12A8-44B2-B6A4-75D11DA1F494}] => (Block) LPort=139
FirewallRules: [{FFF65005-3D95-4B77-9DDF-C162FBA912A5}] => (Block) LPort=445
FirewallRules: [{7AB68719-02A9-48ED-A469-0FF880F2FA3F}] => (Block) LPort=445
2020-11-02 20:01 - 2020-05-29 11:01 - 000000000 __SHD C:\Users\Все пользователи\Kaspersky Lab Setup Files
2020-11-02 20:01 - 2020-05-29 11:01 - 000000000 __SHD C:\ProgramData\Kaspersky Lab Setup Files
2020-11-03 10:58 - 2020-05-29 11:01 - 000000000 __SHD C:\AdwCleaner
2020-10-16 00:05 - 2020-05-29 11:01 - 000000000 __SHD C:\KVRT_Data
2020-10-15 12:35 - 2020-05-29 11:01 - 000000000 __SHD C:\Users\Все пользователи\Doctor Web
2020-10-15 12:35 - 2020-05-29 11:01 - 000000000 __SHD C:\ProgramData\Doctor Web
2020-10-15 16:48 - 2020-11-03 11:05 - 000000000 ____D C:\FRST
2020-10-15 12:22 - 2020-10-15 13:23 - 000000000 ____D C:\Users\Admin\Doctor Web
AlternateDataStreams: C:\ProgramData\TEMP:F336C880 [440]
AlternateDataStreams: C:\Users\Все пользователи\TEMP:F336C880 [440]
EmptyTemp:
Reboot:

;uVS v4.11 [http://dsrt.dyndns.org:8888]
;Target OS: NTv10.0
v400c
OFFSGNSAVE
deltmp
REGT 18
regt 26
regt 38
restart
;---------command-block---------
delref %SystemDrive%\PROGRAM FILES\WINDOWSAPPS\MICROSOFT.SKYPEAPP_15.64.80.0_X86__KZF8QXF38ZG5C\SKYPE\RESOURCES\APP.ASAR\PRELOAD.JS
delref %SystemDrive%\PROGRAMDATA\MICROSOFT\SPEECH_ONECORE\SR\SV10-EV100\EN-US-N\MV101\NASPMODELSMETADATA.XML
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\TEMP\YANDEX_BROWSER_BITS_10020_139835550\RESPONSE
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\TEMP\YANDEX_BROWSER_BITS_688_1689454049\RESPONSE
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\TEMP\YANDEX_BROWSER_BITS_3440_1983834015\RESPONSE
delref %SystemDrive%\USERS\ADMIN\APPDATA\LOCAL\TEMP\YANDEX_BROWSER_BITS_12508_465870943\RESPONSE
delref %SystemDrive%\PROGRAM FILES\DOLBY DIGITAL PLUS\DDP.EXE
delref {E984D939-0E00-4DD9-AC3A-7ACA04745521}\[CLSID]
delref %SystemRoot%\SYSWOW64\MAPSTOASTTASK.DLL
delref %SystemRoot%\SYSWOW64\MAPSUPDATETASK.DLL
delref %SystemDrive%\USERS\ADMIN\APPDATA\ROAMING\SERVICE.EXE
delref %SystemRoot%\SYSWOW64\GPSVC.DLL
delref %SystemRoot%\SYSWOW64\VID.DLL
delref %SystemRoot%\SYSWOW64\PEERDISTSVC.DLL
delref %SystemRoot%\SYSWOW64\WEVTSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\TCPIP.SYS
delref %SystemRoot%\SYSWOW64\APPVETWCLIENTRES.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\MRXSMB.SYS
delref %SystemRoot%\SYSWOW64\W32TIME.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\NDIS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\USBXHCI.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SRV2.SYS
delref %SystemRoot%\SYSWOW64\RDPCORETS.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DXGMMS2.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\HTTP.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\WINNAT.SYS
delref %SystemRoot%\SYSWOW64\UMPOEXT.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBUSR.SYS
delref %SystemRoot%\SYSWOW64\BTHSERV.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\DMVSC.SYS
delref %SystemRoot%\SYSWOW64\IPHLPSVC.DLL
delref %SystemRoot%\SYSWOW64\CSCSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SMBDIRECT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\VMBKMCL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\REFS.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\SPACEPORT.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\FVEVOL.SYS
delref %SystemRoot%\SYSWOW64\DRIVERS\AFD.SYS
delref %SystemRoot%\SYSWOW64\PNRPSVC.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\PACER.SYS
delref %SystemRoot%\SYSWOW64\HVHOSTSVC.DLL
delref %SystemRoot%\SYSWOW64\LSM.DLL
delref %SystemRoot%\SYSWOW64\DRIVERS\SYNTH3DVSC.SYS
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\GROOVEEX.DLL
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\URLREDIR.DLL
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\IEAWSDC.DLL
delref {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\[CLSID]
delref {166B1BCA-3F9C-11CF-8075-444553540000}\[CLSID]
delref {233C1507-6A77-46A4-9443-F871F945D258}\[CLSID]
delref {4063BE15-3B08-470D-A0D5-B37161CFFD69}\[CLSID]
delref {88D969C0-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C1-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C2-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C3-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C4-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {88D969C5-F192-11D4-A65F-0040963251E5}\[CLSID]
delref {8AD9C840-044E-11D1-B3E9-00805F499D93}\[CLSID]
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\AUTHZAX.DLL
delref {CA8A9780-280D-11CF-A24D-444553540000}\[CLSID]
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\STSCOPY.DLL
delref {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA}\[CLSID]
delref %SystemRoot%\SYSWOW64\IE4USHOWIE.EXE
delref %SystemRoot%\SYSWOW64\IE4UINIT.EXE
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\NPAUTHZ.DLL
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\NPSPWRAP.DLL
delref {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}\[CLSID]
delref %SystemRoot%\SYSWOW64\BLANK.HTM
delref {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48}\[CLSID]
delref {E6FB5E20-DE35-11CF-9C87-00AA005127ED}\[CLSID]
delref {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}\[CLSID]
delref %Sys32%\DRIVERS\VMBUSR.SYS
delref {0D012ABD-CEED-11D2-9C76-00105AA73033}\[CLSID]
delref {56A58823-AE99-11D5-B90B-0050DACD1F75}\[CLSID]
delref {E01D1C6A-4F40-11D3-8958-00105A272DCF}\[CLSID]
delref %Sys32%\DRIVERS\UMDF\WUDFUSBCCIDDRIVER.DLL
delref %Sys32%\PWCREATOR.EXE
delref %Sys32%\DRIVERS\UMDF\USBCCIDDRIVER.DLL
delref %Sys32%\BLANK.HTM
delref %Sys32%\DRIVERS\HDAUDADDSERVICE.SYS
delref HELPSVC\[SERVICE]
delref SACSVR\[SERVICE]
delref TBS\[SERVICE]
delref VMMS\[SERVICE]
delref BROWSER\[SERVICE]
delref MESSENGER\[SERVICE]
delref RDSESSMGR\[SERVICE]
delref IRENUM\[SERVICE]
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.41\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.137.93\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.29\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.452\PSMACHINE_64.DLL
delref %Sys32%\TETHERINGSETTINGHANDLER.DLL
delref %Sys32%\QUICKACTIONSPS.DLL
delref %Sys32%\VAILAUDIOPROXY.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.49\PSMACHINE_64.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\DAO\DAO360.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.41\PSMACHINE.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.137.93\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SPEECHRUNTIME.EXE
delref %SystemRoot%\SYSWOW64\TAPILUA.DLL
delref %SystemRoot%\SYSWOW64\UPDATEDEPLOYMENTPROVIDER.DLL
delref %SystemRoot%\SYSWOW64\LOCATIONFRAMEWORK.DLL
delref %SystemRoot%\SYSWOW64\MAPSBTSVCPROXY.DLL
delref %SystemRoot%\SYSWOW64\PERCEPTIONSIMULATIONEXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\COMPPKGSRV.EXE
delref %SystemRoot%\SYSWOW64\EAPPCFGUI.DLL
delref %SystemRoot%\SYSWOW64\MAPSCSP.DLL
delref %SystemRoot%\SYSWOW64\LISTSVC.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.29\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\AUTHHOSTPROXY.DLL
delref %SystemRoot%\SYSWOW64\WPCREFRESHTASK.DLL
delref %SystemRoot%\SYSWOW64\RMSROAMINGSECURITY.DLL
delref %SystemRoot%\SYSWOW64\SYSTEMSETTINGSBROKER.EXE
delref %SystemDrive%\PROGRAM FILES (X86)\GOOGLE\UPDATE\1.3.35.452\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\SPEECH_ONECORE\COMMON\SAPI_EXTENSIONS.DLL
delref %SystemRoot%\SYSWOW64\SMARTSCREEN.EXE
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\NAMECO~1.DLL
delref %SystemDrive%\PROGRAM FILES (X86)\MICROSOFT\EDGEUPDATE\1.3.135.49\PSMACHINE.DLL
delref %SystemRoot%\SYSWOW64\IDLISTEN.DLL
delref %SystemRoot%\SYSWOW64\WIFICONFIGSP.DLL
delref %SystemDrive%\PROGRAM FILES\COMMON FILES\SYSTEM\OLE DB\MSDAORA.DLL
delref %SystemRoot%\SYSWOW64\WIREDNETWORKCSP.DLL
delref %SystemDrive%\PROGRA~2\MICROS~1\OFFICE14\VVIEWER.DLL
delref E:\SETUP.EXE
apply