VIRY.CZ

Dobrý den,
mám podezření na zavirovaný počítat, tento týden mi unikly mi hesla z emailu a netflixu. Již delší dobu se mi taky sám přepíná vyhledávač z "google" na "bezpečné vyhledávání". Opakovaně měním zpět, ale po nějaké době se to vrátí. Mohli byste se na to, prosím, podívat? V příloze zasílám log z FRST a Addition.
Děkuji moc.

Hezký zbytek večera,
eva.sel

Zdravím!
Dejte nejprve log ADWCleaner:

Ulozte na plochu AdwCleaner https://malwarebytes.com/adwcleaner/ nebo http://www.bleepingcomputer.com/download/adwcleaner/

ukoncete vsechny programy
odsouhlaste licencni podmiky (EULA) klikem na Souhlasim
kliknete pravym na ikonu AdwCleaneru a vyberte Spustit jako spravce (v pripade Win XP spustte obycejne dvojklikem)
kliknete na Skenovat nyni (Scan now), pote na Cisteni a opravy (Clean and Repair)
po restartu na Vas vyskoci log (pripadne jej najdete v C:\AdwCleaner\Logs\AdwCleaner[Cxx].txt), jehoz obsah zkopirujte do pristi odpovedi

# -------------------------------
# Malwarebytes AdwCleaner 8.7.0.619
# -------------------------------
# Build: 12-17-2025
# Database: 2025-12-16.1 (Cloud)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-04-2026
# Duration: 00:00:00
# OS: Windows 11 (Build 26100.7623)
# Cleaned: 3
# Awaiting reboot:1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Needs Reboot Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

***** Reboot Required to Complete *****



AdwCleaner[S00].txt - [3723 octets] - [16/06/2023 18:55:12]
AdwCleaner[S01].txt - [3784 octets] - [20/06/2023 17:03:46]
AdwCleaner[S02].txt - [3845 octets] - [06/07/2023 09:46:15]
AdwCleaner[C02].txt - [3250 octets] - [06/07/2023 09:46:43]
AdwCleaner[S03].txt - [2119 octets] - [20/07/2023 12:03:34]
AdwCleaner[S04].txt - [2180 octets] - [13/09/2023 10:25:50]
AdwCleaner[C04].txt - [2607 octets] - [13/09/2023 10:26:34]
AdwCleaner[S05].txt - [2155 octets] - [07/12/2023 08:22:44]
AdwCleaner[C05].txt - [2569 octets] - [07/12/2023 08:23:09]
AdwCleaner[S06].txt - [2277 octets] - [08/05/2024 22:48:36]
AdwCleaner[C06].txt - [2691 octets] - [08/05/2024 22:49:04]
AdwCleaner[S07].txt - [2305 octets] - [05/06/2024 08:48:50]
AdwCleaner[C07].txt - [2706 octets] - [05/06/2024 08:49:46]
AdwCleaner[S08].txt - [2668 octets] - [11/09/2024 22:12:47]
AdwCleaner[C08].txt - [2921 octets] - [11/09/2024 22:13:25]
AdwCleaner[S09].txt - [2335 octets] - [21/10/2024 08:11:20]
AdwCleaner[C09].txt - [2525 octets] - [21/10/2024 08:11:31]
AdwCleaner[S10].txt - [2457 octets] - [01/11/2024 12:00:42]
AdwCleaner[C10].txt - [2647 octets] - [01/11/2024 12:00:54]
AdwCleaner[S11].txt - [2579 octets] - [19/03/2025 09:03:28]
AdwCleaner[S12].txt - [3001 octets] - [12/06/2025 13:31:06]
AdwCleaner[C12].txt - [3241 octets] - [12/06/2025 13:31:31]
AdwCleaner[S13].txt - [2762 octets] - [27/09/2025 16:56:17]
AdwCleaner[C13].txt - [2952 octets] - [27/09/2025 16:56:33]
AdwCleaner[S14].txt - [2886 octets] - [12/10/2025 14:51:26]
AdwCleaner[C14].txt - [3076 octets] - [12/10/2025 14:51:35]
AdwCleaner[S15].txt - [3369 octets] - [02/02/2026 08:56:41]
AdwCleaner[C15].txt - [3677 octets] - [02/02/2026 08:57:14]
AdwCleaner[S16].txt - [3338 octets] - [04/02/2026 21:32:33]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C16].txt ##########

OK, ty preinstalled jsou neškodné utility od Lenova. Otevřte poznámkový blok a zkopírujte do něj:

Start

CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3A5F2451-A421-49F2-AFE4-C78CE498247C} - \Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5 -> No File <==== ATTENTION
Task: {4EA0C94D-F29E-4C31-873B-120EA7C42F76} - \Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9 -> No File <==== ATTENTION
Task: {577B085B-CDAB-45F9-84D8-8F235FA5089D} - \Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c -> No File <==== ATTENTION
Task: {B634E3B9-724E-4DFA-89CC-903A1D843806} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {DF7406CF-F371-4F24-B007-5FFE3CDA29CB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3C5A0601-34D0-4D70-AFA5-83EBBB6D4891} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B181EBAE-352B-4378-BD70-AC786A26A6C1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {C7A08914-F802-4516-8AB6-9DBAA20DA6F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {7102AC70-3E48-497B-B782-847F12963493} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5} - System32\Tasks\Opera scheduled Autoupdate 1635174843 => C:\Users\evase\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {EB858073-7FDD-407D-8C7B-81845DEDEA1A} - System32\Tasks\Opera scheduled Autoupdate 1641756030 => C:\Users\evase\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk:F362B48BC7 [3442]
FirewallRules: [UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\80.0.4170.63\opera.exe => No File
FirewallRules: [{CBB090C9-7AFD-495D-89F0-340982EE4EA1}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{C36BD33A-FA85-4947-B51D-BE23009187C0}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\opera.exe => No File

EmptyTemp:
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 03-02-2026 01
Ran by evase (04-02-2026 22:13:04) Run:1
Running from C:\Users\evase\Desktop
Loaded Profiles: evase
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {3A5F2451-A421-49F2-AFE4-C78CE498247C} - \Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5 -> No File <==== ATTENTION
Task: {4EA0C94D-F29E-4C31-873B-120EA7C42F76} - \Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9 -> No File <==== ATTENTION
Task: {577B085B-CDAB-45F9-84D8-8F235FA5089D} - \Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c -> No File <==== ATTENTION
Task: {B634E3B9-724E-4DFA-89CC-903A1D843806} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION
Task: {DF7406CF-F371-4F24-B007-5FFE3CDA29CB} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION
Task: {F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION
Task: {3C5A0601-34D0-4D70-AFA5-83EBBB6D4891} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {B181EBAE-352B-4378-BD70-AC786A26A6C1} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {C7A08914-F802-4516-8AB6-9DBAA20DA6F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (No File)
Task: {7102AC70-3E48-497B-B782-847F12963493} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5} - System32\Tasks\Opera scheduled Autoupdate 1635174843 => C:\Users\evase\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {EB858073-7FDD-407D-8C7B-81845DEDEA1A} - System32\Tasks\Opera scheduled Autoupdate 1641756030 => C:\Users\evase\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask $(Arg0) (No File)
C:\DumpStack.log.tmp
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk:C5D586BE93 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:3DF0A9C0EF [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk:954E53D7F9 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk:F362B48BC7 [3442]
FirewallRules: [UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe] => (Allow) C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe => No File
FirewallRules: [{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}] => (Allow) C:\Users\evase\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\80.0.4170.63\opera.exe => No File
FirewallRules: [{CBB090C9-7AFD-495D-89F0-340982EE4EA1}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\78.0.4093.147\opera.exe => No File
FirewallRules: [UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe] => (Allow) C:\programdata\evase\microsoft\teams\current\teams.exe => No File
FirewallRules: [{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => No File
FirewallRules: [{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => No File
FirewallRules: [TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe => No File
FirewallRules: [{C36BD33A-FA85-4947-B51D-BE23009187C0}] => (Allow) C:\Users\evase\AppData\Local\Programs\Opera\opera.exe => No File

EmptyTemp:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => removed successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A5F2451-A421-49F2-AFE4-C78CE498247C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\49eb29b7-b4bc-4ac4-a575-c4e36ef0cbb5" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EA0C94D-F29E-4C31-873B-120EA7C42F76}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\1f585b78-ef20-4e4d-98a6-380ceefd01f9" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{577B085B-CDAB-45F9-84D8-8F235FA5089D}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\176fd1a6-2f3d-48df-a946-84392316650c" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B634E3B9-724E-4DFA-89CC-903A1D843806}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF7406CF-F371-4F24-B007-5FFE3CDA29CB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F9D0B1AE-3DA5-49B3-92FB-79439CCA8A58}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C5A0601-34D0-4D70-AFA5-83EBBB6D4891}" => removed successfully
C:\WINDOWS\System32\Tasks\Lenovo\Vantage\StartupFixPlan => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\Vantage\StartupFixPlan" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{077BA067-7C15-40F0-B22E-C9DC2A54B4A2}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B181EBAE-352B-4378-BD70-AC786A26A6C1}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7A08914-F802-4516-8AB6-9DBAA20DA6F6}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7102AC70-3E48-497B-B782-847F12963493}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2ABABC6C-0CDF-4009-91F9-C4AED2D59AF5}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1635174843 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1635174843" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB858073-7FDD-407D-8C7B-81845DEDEA1A}" => removed successfully
C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1641756030 => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1641756030" => removed successfully
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => moved successfully
C:\ProgramData\mntemp => ":8EAD8B3507" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk => ":B026C77744" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk => ":C5D586BE93" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk => ":60EC9648C0" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk => ":F20EF51E1F" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk => ":104946E0EA" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":3DF0A9C0EF" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk => ":954E53D7F9" ADS removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transmission Qt Client.lnk => ":F362B48BC7" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CE5C7C5A-2C81-436B-834E-8874D081EA56}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{87C34AEA-A438-4F16-B19C-D8BA66079705}C:\users\evase\appdata\roaming\gameranger\gameranger\gameranger.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F91F526B-C7CB-4C45-AF18-1FBB553A2C48}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F8AC9CF5-B06A-4B60-BFE4-86FB310013D3}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{694F9EA3-3C34-4C84-99EC-3CCD6C18E41A}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBB090C9-7AFD-495D-89F0-340982EE4EA1}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{4A1BB8F3-CE02-4CB2-8384-162C7005411C}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{858A48B1-337B-47ED-88A9-C647915217B0}C:\programdata\evase\microsoft\teams\current\teams.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D44E36B3-8CE8-4BF4-AF3D-AF8555BEB55C}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{267C95D1-773E-4CED-9D7E-37C30E1A8C1D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{FABA5F5B-5467-42B4-917A-9DAF94C14C2C}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78F4806C-DDAF-40EC-89C6-78EFBD888670}C:\users\evase\appdata\local\discord\app-1.0.9007\discord.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C36BD33A-FA85-4947-B51D-BE23009187C0}" => removed successfully

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 11606173 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 149577341 B
Windows/system/drivers => 20478775 B
Edge => 24876284 B
Chrome => 1930216822 B
Brave => 32057069 B
Firefox => 0 B
Opera => 0 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 2572 B
evase => 169143266 B

RecycleBin => 0 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 04-02-2026 22:17:57)

C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 22:17:57 ====