Словил C:\ProgramData\WindowsTask\MicrosoftHost.exe

O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks: \Microsoft\Windows\rempl\shell - C:\Program Files\rempl\sedlauncher.exe (file missing)
O22 - Tasks: \Microsoft\Windows\rempl\shell-usoscan - C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\OnlogonCheck - C:\Programdata\ReaItekHD\taskhostw.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\RealtekCheck - C:\Programdata\ReaItekHD\taskhost.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\TaskCheck - C:\Programdata\ReaItekHD\taskhostw.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\WinlogonCheck - C:\Programdata\ReaItekHD\taskhost.exe (file missing)
O22 - Tasks: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" (file missing)
O22 - Tasks: CAssistant-zaval - C:\ProgramData\malldir\Taskscheduler.exe /scheduler /iwait=10 /waitfor=window (file missing)
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks: Red Giant Link - C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (file missing)
O22 - Tasks: Восстановление сервиса обновлений Яндекс.Браузера - C:\Program Files (x86)\Yandex\YandexBrowser\22.9.1.1095\service_update.exe --repair (file missing)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner - C:\WINDOWS\system32\mitigationscanner.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\rempl\shell - C:\Program Files\rempl\sedlauncher.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\rempl\shell-usoscan - C:\Program Files\rempl\remsh.exe /RunUsoScanOnly (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask - C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Disable (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask - C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe Warning (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (file missing)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" (file missing)
O22 - Tasks_Migrated: {BA78BADE-5BE9-4B8F-B109-74C5F1E9FEE1} - c:\program files\mozilla firefox\firefox.exe https://www.skype.com/go/downloading?source=lightinstaller&ver=7.40.66.103&LastError=12007 (file missing)
O22 - Tasks_Migrated: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks_Migrated: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (file missing)
O22 - Tasks_Migrated: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (file missing)
O22 - Tasks_Migrated: OneDrive Per-Machine Standalone Update Task - C:\Program Files (x86)\Microsoft OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Tasks_Migrated: Opera scheduled assistant Autoupdate 1618087202 - C:\Users\zaval\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\zaval\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: Opera scheduled Autoupdate 1618087200 - C:\Users\zaval\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: Red Giant Link - C:\Program Files\Red Giant Link\Red Giant Link.exe --silent (file missing)
O22 - Tasks_Migrated: Восстановление сервиса обновлений Яндекс.Браузера - C:\Program Files (x86)\Yandex\YandexBrowser\21.3.0.673\service_update.exe --repair (file missing)
O22 - Tasks_Migrated: Обновление Браузера Яндекс - C:\Users\zaval\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --background-update --noerrdialogs
O22 - Tasks_Migrated: Системное обновление Браузера Яндекс - C:\Program Files (x86)\Yandex\YandexBrowser\21.3.0.673\service_update.exe --run-as-launcher (file missing)

Start::
SystemRestore: On
CreateRestorePoint:
HKLM\SOFTWARE\Policies\Microsoft\MRT: Ограничение <==== ВНИМАНИЕ
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (Нет файла)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (Нет файла)
HKU\S-1-5-21-507634182-1165612642-319205247-1008\...\Run: [CAssistent] => C:\ProgramData\malldir\Taskscheduler.exe /registry /iwait=10 /waitfor=window  (Нет файла)
HKU\S-1-5-21-507634182-1165612642-319205247-1008\...\Run: [YandexBrowserAutoLaunch_EF27E88E62B2179D569C8DEB9212A032] => "C:\Users\zaval\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" --shutdown-if-not-closed-by-system-restart (Нет файла)
GroupPolicy: Ограничение ? <==== ВНИМАНИЕ
Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ограничение <==== ВНИМАНИЕ
Task: {54827C32-CAE0-48CB-B99C-73F3967F9525} - System32\Tasks\Обновление Браузера Яндекс => C:\Users\zaval\AppData\Local\Yandex\YandexBrowser\Application\browser.exe --background-update --noerrdialogs (Нет файла)
Task: {64886FB9-4876-48C2-83F8-A432DFC19548} - System32\Tasks\Системное обновление Браузера Яндекс => C:\Program Files (x86)\Yandex\YandexBrowser\23.3.1.896\service_update.exe --run-as-launcher (Нет файла)
Edge Extension: (Нет имени) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [не найдено]
Edge Extension: (Нет имени) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [не найдено]
Edge Extension: (Нет имени) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [не найдено]
Edge Extension: (Нет имени) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [не найдено]
S2 YandexBrowserService; "C:\Program Files (x86)\Yandex\YandexBrowser\23.3.1.896\service_update.exe" --run-as-service [X]
CustomCLSID: HKU\S-1-5-21-507634182-1165612642-319205247-1008_Classes\CLSID\{345D3165-3889-4694-AB75-A91A27B217E8}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe => Нет файла
CustomCLSID: HKU\S-1-5-21-507634182-1165612642-319205247-1008_Classes\CLSID\{8B4929F8-076F-4AEC-AFEE-8928747B7AE3}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => Нет файла
CustomCLSID: HKU\S-1-5-21-507634182-1165612642-319205247-1008_Classes\CLSID\{AA46BA8A-9825-40FD-8493-0BA3C4D5CEB5}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2022\acad.exe /Automation => Нет файла
CustomCLSID: HKU\S-1-5-21-507634182-1165612642-319205247-1008_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2022\ru-RU\acadficn.dll => Нет файла
AlternateDataStreams: C:\ProgramData\TEMP:D8999815 [402]
FirewallRules: [{6DAA194F-38F5-4C08-9818-F10350B311D3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe => Нет файла
FirewallRules: [{0DFCD41E-82E8-4852-A81E-CF8C535F04DB}] => (Allow) C:\Users\zaval\AppData\Local\Programs\Opera\75.0.3969.149\opera.exe => Нет файла
FirewallRules: [{2C3AB007-5944-41FF-92C5-F81B109963A8}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio-gui.exe => Нет файла
FirewallRules: [{4C05D3E6-1A18-4600-AA22-C3A656446FD7}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio-gui.exe => Нет файла
FirewallRules: [{A5A14FE4-509F-4438-A73B-D659554311D0}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio.exe => Нет файла
FirewallRules: [{F97F301E-54E7-4125-BD0C-15A0C3C16E13}] => (Allow) C:\Program Files (x86)\Download Studio\dstudio.exe => Нет файла
FirewallRules: [{FAFC91F8-A3CE-4AF7-849A-7C968F1C4785}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe => Нет файла
FirewallRules: [{BE4704DD-79C2-46A7-B492-87B9A745D825}] => (Allow) C:\Users\zaval\AppData\Local\Yandex\YandexBrowser\Application\browser.exe => Нет файла
FirewallRules: [{6AEBFCD0-7231-413F-918C-0847FAB67765}] => (Allow) C:\Users\zaval\AppData\Roaming\Zoom\bin\airhost.exe => Нет файла
FirewallRules: [{FA1D3E5A-056A-45CF-ACCF-3998F218DB0F}] => (Allow) C:\Users\zaval\AppData\Roaming\Zoom\bin\airhost.exe => Нет файла
FirewallRules: [{71A0534B-A446-4F62-80AE-9D3412CD3992}] => (Allow) C:\Users\zaval\AppData\Roaming\Zoom\bin\Zoom.exe => Нет файла
FirewallRules: [{F49BD8F3-999A-4F06-BE47-E57CE7FDEA06}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => Нет файла
FirewallRules: [{5635207B-9F86-4CDC-A5DC-8F6DB24F8A1E}] => (Allow) C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe => Нет файла
FirewallRules: [{02A1558A-59F3-442F-A529-78D2EBD05B7E}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла
FirewallRules: [{FDCF08C8-A0EA-447F-AA84-C60723D21C96}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => Нет файла
FirewallRules: [{E0AACF27-E2D5-4144-B7CA-0B9400060160}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe => Нет файла
FirewallRules: [{0D0DDAA0-550D-4DAC-94EB-3CC1D6290F9C}] => (Allow) C:\Program Files\Cakewalk\Shared Utilities\StartPage\CakewalkStartScreen.exe => Нет файла
FirewallRules: [{08647FF9-9E9C-4162-AB7C-D3CE5AF90AAF}] => (Allow) C:\ProgramData\WindowsTask\AppModule.exe => Нет файла
FirewallRules: [{6C4E80BA-49C7-4C16-9F2E-671FDCEC5AF5}] => (Allow) C:\ProgramData\WindowsTask\AMD.exe => Нет файла
FirewallRules: [{11766772-ECC4-4A53-AD49-E4AFFC722BC1}] => (Block) LPort=445
FirewallRules: [{9C2E2BE4-CAB5-4D45-8D41-88BF6C48FBC8}] => (Block) LPort=445
FirewallRules: [{0E292D43-A320-4734-B002-C51C61F6BC39}] => (Block) LPort=139
FirewallRules: [{8DF18393-F186-4DE1-8B26-0CB211CF1E98}] => (Block) LPort=139
FirewallRules: [{EA4F1B4A-8840-48FB-8535-658CD833106F}] => (Allow) C:\ProgramData\Windows Tasks Service\winserv.exe => Нет файла
FirewallRules: [{05B039F8-4C36-4ED3-818C-95E6FCEF5B07}] => (Allow) LPort=3389
Reboot:
End::