(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\9i8Gy94oJsJ0.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\Fk2FyKaU.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0\zAQjfYLkX.exe
(Doctor Web Ltd. -> ) C:\Users\BevPC\Desktop\gmf715m4.exe
C:\Users\BevPC\AppData\Local\Temp\EF3E940-69E5B480-41367920-5FE698E0
Task: {9A8E9FE5-4490-4B46-8DB1-7878980DBDAF} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
S2 SystemServices; C:\Program Files\qemu\SystemServices.exe [X] <==== ATTENTION
C:\Program Files\qemu
S3 cpuz149; \??\C:\Users\BevPC\AppData\Local\Temp\cpuz149\cpuz149_x64.sys [X] <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\WpsExternal_20161117083023.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
2020-11-30 09:31 - 2020-11-30 09:32 - 234940200 _____ C:\Users\BevPC\Desktop\gmf715m4.exe
2020-11-30 07:01 - 2020-04-16 18:49 - 000000000 __SHD C:\Program Files\qemu
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
BHO-x32: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> No File
FirewallRules: [{48441662-84AE-47E9-9D4E-F2D6454228A7}] => (Allow) C:\Users\BevPC\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{38DDF7EE-310E-473F-9DEE-525BABB665EE}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{C0A002E9-9142-4467-9FFB-3EAA5EB5D7C1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => No File
FirewallRules: [{405A4A84-6DF1-4716-9704-412583FC57B3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{613223D2-652B-400A-82E4-7556E9F27CBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => No File
FirewallRules: [{D8F88A2A-D1F9-4E81-B110-3C6D00258401}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{67D9960B-9B06-483F-A544-1C10812CC6A0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe => No File
FirewallRules: [{8D36E66C-79A0-4AF4-B3A9-CF7456A28E5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{684E31F5-538F-477B-9C8B-ABF30E7B952B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => No File
FirewallRules: [{21DE9962-02A5-4BA7-B21E-3AB522918B86}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
FirewallRules: [{22A6A719-AD88-4A34-8F49-87042E2D7C89}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => No File
2020-11-15 00:30 - 2020-11-30 13:13 - 000000000 ____D C:\ProgramData\Doctor Web
2020-11-15 00:30 - 2020-11-15 00:54 - 000000000 ____D C:\Users\BevPC\Doctor Web
2020-11-15 00:28 - 2020-11-15 00:29 - 232596160 _____ C:\Users\BevPC\Downloads\vci0a7k1.exe
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
CMD: DISM /Online /Cleanup-Image /RestoreHealth
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot: