Dobrý den,
mám podezření na zavirovaný počítat, tento týden mi unikly mi hesla z emailu a netflixu. Již delší dobu se mi taky sám přepíná vyhledávač z "google" na "bezpečné vyhledávání". Opakovaně měním zpět, ale po nějaké době se to vrátí. Mohli byste se na to, prosím, podívat? V příloze zasílám log z FRST a Addition.
Děkuji moc.
Hezký zbytek večera,
eva.sel
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Podezření na zavirovaný PC
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Podezření na zavirovaný PC
- Přílohy
-
- FRST_Addition.zip
- (25.69 KiB) Staženo 2 x
-
Rudy
- Site Admin
- Příspěvky: 119751
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
Zdravím!
Dejte nejprve log ADWCleaner:
Dejte nejprve log ADWCleaner:
Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/
ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na zavirovaný PC
# -------------------------------
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-04-2026
# Duration: 00:00:00
# OS: Windows 11 (Build 26100.7623)
# Cleaned: 3
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
AdwCleaner[S00].txt - [3723 octets] - [16/06/2023 18:55:12]
AdwCleaner[S01].txt - [3784 octets] - [20/06/2023 17:03:46]
AdwCleaner[S02].txt - [3845 octets] - [06/07/2023 09:46:15]
AdwCleaner[C02].txt - [3250 octets] - [06/07/2023 09:46:43]
AdwCleaner[S03].txt - [2119 octets] - [20/07/2023 12:03:34]
AdwCleaner[S04].txt - [2180 octets] - [13/09/2023 10:25:50]
AdwCleaner[C04].txt - [2607 octets] - [13/09/2023 10:26:34]
AdwCleaner[S05].txt - [2155 octets] - [07/12/2023 08:22:44]
AdwCleaner[C05].txt - [2569 octets] - [07/12/2023 08:23:09]
AdwCleaner[S06].txt - [2277 octets] - [08/05/2024 22:48:36]
AdwCleaner[C06].txt - [2691 octets] - [08/05/2024 22:49:04]
AdwCleaner[S07].txt - [2305 octets] - [05/06/2024 08:48:50]
AdwCleaner[C07].txt - [2706 octets] - [05/06/2024 08:49:46]
AdwCleaner[S08].txt - [2668 octets] - [11/09/2024 22:12:47]
AdwCleaner[C08].txt - [2921 octets] - [11/09/2024 22:13:25]
AdwCleaner[S09].txt - [2335 octets] - [21/10/2024 08:11:20]
AdwCleaner[C09].txt - [2525 octets] - [21/10/2024 08:11:31]
AdwCleaner[S10].txt - [2457 octets] - [01/11/2024 12:00:42]
AdwCleaner[C10].txt - [2647 octets] - [01/11/2024 12:00:54]
AdwCleaner[S11].txt - [2579 octets] - [19/03/2025 09:03:28]
AdwCleaner[S12].txt - [3001 octets] - [12/06/2025 13:31:06]
AdwCleaner[C12].txt - [3241 octets] - [12/06/2025 13:31:31]
AdwCleaner[S13].txt - [2762 octets] - [27/09/2025 16:56:17]
AdwCleaner[C13].txt - [2952 octets] - [27/09/2025 16:56:33]
AdwCleaner[S14].txt - [2886 octets] - [12/10/2025 14:51:26]
AdwCleaner[C14].txt - [3076 octets] - [12/10/2025 14:51:35]
AdwCleaner[S15].txt - [3369 octets] - [02/02/2026 08:56:41]
AdwCleaner[C15].txt - [3677 octets] - [02/02/2026 08:57:14]
AdwCleaner[S16].txt - [3338 octets] - [04/02/2026 21:32:33]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C16].txt ##########
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-04-2026
# Duration: 00:00:00
# OS: Windows 11 (Build 26100.7623)
# Cleaned: 3
# Awaiting reboot:1
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
AdwCleaner[S00].txt - [3723 octets] - [16/06/2023 18:55:12]
AdwCleaner[S01].txt - [3784 octets] - [20/06/2023 17:03:46]
AdwCleaner[S02].txt - [3845 octets] - [06/07/2023 09:46:15]
AdwCleaner[C02].txt - [3250 octets] - [06/07/2023 09:46:43]
AdwCleaner[S03].txt - [2119 octets] - [20/07/2023 12:03:34]
AdwCleaner[S04].txt - [2180 octets] - [13/09/2023 10:25:50]
AdwCleaner[C04].txt - [2607 octets] - [13/09/2023 10:26:34]
AdwCleaner[S05].txt - [2155 octets] - [07/12/2023 08:22:44]
AdwCleaner[C05].txt - [2569 octets] - [07/12/2023 08:23:09]
AdwCleaner[S06].txt - [2277 octets] - [08/05/2024 22:48:36]
AdwCleaner[C06].txt - [2691 octets] - [08/05/2024 22:49:04]
AdwCleaner[S07].txt - [2305 octets] - [05/06/2024 08:48:50]
AdwCleaner[C07].txt - [2706 octets] - [05/06/2024 08:49:46]
AdwCleaner[S08].txt - [2668 octets] - [11/09/2024 22:12:47]
AdwCleaner[C08].txt - [2921 octets] - [11/09/2024 22:13:25]
AdwCleaner[S09].txt - [2335 octets] - [21/10/2024 08:11:20]
AdwCleaner[C09].txt - [2525 octets] - [21/10/2024 08:11:31]
AdwCleaner[S10].txt - [2457 octets] - [01/11/2024 12:00:42]
AdwCleaner[C10].txt - [2647 octets] - [01/11/2024 12:00:54]
AdwCleaner[S11].txt - [2579 octets] - [19/03/2025 09:03:28]
AdwCleaner[S12].txt - [3001 octets] - [12/06/2025 13:31:06]
AdwCleaner[C12].txt - [3241 octets] - [12/06/2025 13:31:31]
AdwCleaner[S13].txt - [2762 octets] - [27/09/2025 16:56:17]
AdwCleaner[C13].txt - [2952 octets] - [27/09/2025 16:56:33]
AdwCleaner[S14].txt - [2886 octets] - [12/10/2025 14:51:26]
AdwCleaner[C14].txt - [3076 octets] - [12/10/2025 14:51:35]
AdwCleaner[S15].txt - [3369 octets] - [02/02/2026 08:56:41]
AdwCleaner[C15].txt - [3677 octets] - [02/02/2026 08:57:14]
AdwCleaner[S16].txt - [3338 octets] - [04/02/2026 21:32:33]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C16].txt ##########
-
Rudy
- Site Admin
- Příspěvky: 119751
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Podezření na zavirovaný PC
OK, ty preinstalled jsou neškodné utility od Lenova. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.Start
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3A5F2451-A421-49F2-AFE4-C78CE498247C} - \Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5 -> No File <==== ATTENTION
Task: {4EA0C94D-F29E-4C31-873B-120EA7C42F76} - \Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9 -> No File <==== ATTENTION
Task: {577B085B-CDAB-45F9-84D8-8F235FA5089D} - \Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c -> No File <==== ATTENTION
Task: {B634E3B9-724E-4DFA-89CC-903A1D843806} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {DF7406CF-F371-4F24-B007-5FFE3CDA29CB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3C5A0601-34D0-4D70-AFA5-83EBBB6D4891} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B181EBAE-352B-4378-BD70-AC786A26A6C1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {C7A08914-F802-4516-8AB6-9DBAA20DA6F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {7102AC70-3E48-497B-B782-847F12963493} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5} - System32\Tasks\Opera scheduled Autoupdate 1635174843 => C:\Users\evase\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {EB858073-7FDD-407D-8C7B-81845DEDEA1A} - System32\Tasks\Opera scheduled Autoupdate 1641756030 => C:\Users\evase\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk:F362B48BC7 [3442]
FirewallRules: [UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\80.0.4170.63\opera.exe => No File
FirewallRules: [{CBB090C9-7AFD-495D-89F0-340982EE4EA1}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{C36BD33A-FA85-4947-B51D-BE23009187C0}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\opera.exe => No File
EmptyTemp:
End
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Podezření na zavirovaný PC
Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2026 01
Ran by evase (04-02-2026 22:13:04) Run:1
Running from C:\Users\evase\Desktop
Loaded Profiles: evase
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3A5F2451-A421-49F2-AFE4-C78CE498247C} - \Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5 -> No File <==== ATTENTION
Task: {4EA0C94D-F29E-4C31-873B-120EA7C42F76} - \Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9 -> No File <==== ATTENTION
Task: {577B085B-CDAB-45F9-84D8-8F235FA5089D} - \Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c -> No File <==== ATTENTION
Task: {B634E3B9-724E-4DFA-89CC-903A1D843806} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {DF7406CF-F371-4F24-B007-5FFE3CDA29CB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3C5A0601-34D0-4D70-AFA5-83EBBB6D4891} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B181EBAE-352B-4378-BD70-AC786A26A6C1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {C7A08914-F802-4516-8AB6-9DBAA20DA6F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {7102AC70-3E48-497B-B782-847F12963493} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5} - System32\Tasks\Opera scheduled Autoupdate 1635174843 => C:\Users\evase\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {EB858073-7FDD-407D-8C7B-81845DEDEA1A} - System32\Tasks\Opera scheduled Autoupdate 1641756030 => C:\Users\evase\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk:F362B48BC7 [3442]
FirewallRules: [UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\80.0.4170.63\opera.exe => No File
FirewallRules: [{CBB090C9-7AFD-495D-89F0-340982EE4EA1}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{C36BD33A-FA85-4947-B51D-BE23009187C0}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\opera.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1635174843 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1635174843" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1641756030 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1641756030" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => moved successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk => ":B026C77744" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk => ":C5D586BE93" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk => ":60EC9648C0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk => ":F20EF51E1F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk => ":104946E0EA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":3DF0A9C0EF" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":954E53D7F9" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk => ":F362B48BC7" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBB090C9-7AFD-495D-89F0-340982EE4EA1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C36BD33A-FA85-4947-B51D-BE23009187C0}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11606173 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 149577341 B
Windows/system/drivers => 20478775 B
Edge => 24876284 B
Chrome => 1930216822 B
Brave => 32057069 B
Firefox => 0 B
Opera => 0 B
Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2572 B
evase => 169143266 B
RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2026 22:17:57)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 22:17:57 ====
Ran by evase (04-02-2026 22:13:04) Run:1
Running from C:\Users\evase\Desktop
Loaded Profiles: evase
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3A5F2451-A421-49F2-AFE4-C78CE498247C} - \Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5 -> No File <==== ATTENTION
Task: {4EA0C94D-F29E-4C31-873B-120EA7C42F76} - \Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9 -> No File <==== ATTENTION
Task: {577B085B-CDAB-45F9-84D8-8F235FA5089D} - \Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c -> No File <==== ATTENTION
Task: {B634E3B9-724E-4DFA-89CC-903A1D843806} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {DF7406CF-F371-4F24-B007-5FFE3CDA29CB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3C5A0601-34D0-4D70-AFA5-83EBBB6D4891} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B181EBAE-352B-4378-BD70-AC786A26A6C1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {C7A08914-F802-4516-8AB6-9DBAA20DA6F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {7102AC70-3E48-497B-B782-847F12963493} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5} - System32\Tasks\Opera scheduled Autoupdate 1635174843 => C:\Users\evase\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {EB858073-7FDD-407D-8C7B-81845DEDEA1A} - System32\Tasks\Opera scheduled Autoupdate 1641756030 => C:\Users\evase\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk:F362B48BC7 [3442]
FirewallRules: [UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\80.0.4170.63\opera.exe => No File
FirewallRules: [{CBB090C9-7AFD-495D-89F0-340982EE4EA1}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{C36BD33A-FA85-4947-B51D-BE23009187C0}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\opera.exe => No File
EmptyTemp:
End
*****************
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1635174843 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1635174843" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1641756030 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1641756030" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => moved successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk => ":B026C77744" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk => ":C5D586BE93" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk => ":60EC9648C0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk => ":F20EF51E1F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk => ":104946E0EA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":3DF0A9C0EF" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":954E53D7F9" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk => ":F362B48BC7" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBB090C9-7AFD-495D-89F0-340982EE4EA1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C36BD33A-FA85-4947-B51D-BE23009187C0}" => removed successfully
=========== EmptyTemp: ==========
FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11606173 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 149577341 B
Windows/system/drivers => 20478775 B
Edge => 24876284 B
Chrome => 1930216822 B
Brave => 32057069 B
Firefox => 0 B
Opera => 0 B
Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2572 B
evase => 169143266 B
RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.
================================
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2026 22:17:57)
C:\DumpStack.log.tmp => Could not move
==== End of Fixlog 22:17:57 ====
Přispějete na provoz fóra?