content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
Task: {485FA3F1-91B9-422B-AD46-75FD68900391} - System32\Tasks\AsrAPPShop => C:\Program Files (x86)\ASRock Utility\Auto Driver Installer\AsrAPPShop.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
S4 AmdTools64; \SystemRoot\System32\drivers\AmdTools64.sys (No File)
S3 amduw23g; \SystemRoot\System32\DriverStore\FileRepository\u0413716.inf_amd64_05f67121425d2179\B409877\amdkmdag.sys (No File)
CustomCLSID: HKU\S-1-5-21-2518755091-3211838001-4167600821-1001_Classes\CLSID\{973b15a8-6023-8d20-1551-89ba98bba399}\localserver32 -> "C:\Users\DCmet\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe" -ToastActivated => No File
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [10412]
FirewallRules: [{7126CE73-1043-4E8D-863B-6E75432CFC60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SC Jogos\Barro F22\Barro F22.exe => No File
FirewallRules: [{DACAF3AA-9C46-419D-AECE-DD85B8DBA1F0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SC Jogos\Barro F22\Barro F22.exe => No File
FirewallRules: [{189BB12F-E0C7-465B-9B88-2C2D040E6BED}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SC Jogos\Launcher\SC Jogos Launcher.exe => No File
FirewallRules: [{D63BCB81-B7BA-4AFE-BF4B-DB078C2A8497}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SC Jogos\Launcher\SC Jogos Launcher.exe => No File
FirewallRules: [{37213C1B-75C1-48A3-A31B-AE0AFFD70320}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{85C2E006-13AC-4FE2-95B8-5AC80E1AF39C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [TCP Query User{B5A24894-7EF1-4706-91EF-120161A0D9BD}C:\users\dcmet\appdata\roaming\beammp-launcher\beammp-launcher.exe] => (Allow) C:\users\dcmet\appdata\roaming\beammp-launcher\beammp-launcher.exe => No File
FirewallRules: [UDP Query User{AA4E23E8-9AAD-43A1-A20D-831268A9D76A}C:\users\dcmet\appdata\roaming\beammp-launcher\beammp-launcher.exe] => (Allow) C:\users\dcmet\appdata\roaming\beammp-launcher\beammp-launcher.exe => No File
FirewallRules: [TCP Query User{034032F1-C244-4201-9520-92E732014B24}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => No File
FirewallRules: [UDP Query User{5E16AD0B-139C-41B5-9A28-2828F6213B24}C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\assettocorsa\acs.exe => No File
FirewallRules: [TCP Query User{424346F5-4BED-43F1-BCE3-99F4A947E45C}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe => No File
FirewallRules: [UDP Query User{60DA7664-D600-4EE1-984C-33F5A342EA66}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-e.exe => No File
FirewallRules: [TCP Query User{F5F4BC19-C225-498A-A938-2096705214F0}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File
FirewallRules: [UDP Query User{C912FE05-B885-49AB-95B5-B4042E06E2CF}C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\the finals\discovery\binaries\win64\discovery-d.exe => No File
FirewallRules: [{83C606CC-D501-4E2D-8F95-69B6B40A3EE7}] => (Block) %ProgramFiles% (x86)\F1 2020\F1_2020.exe => No File
FirewallRules: [{5B388669-8FFB-40BE-9885-86F53A2EB7E1}] => (Block) %ProgramFiles% (x86)\F1 2020\F1_2020.exe => No File
FirewallRules: [{B376428F-6D19-4AB3-A7EF-F5DD14CB0295}] => (Block) %USERPROFILE%\Desktop\LMU\Le Mans Ultimate.exe => No File
FirewallRules: [{C0121707-0633-42CD-B683-DA6D2570A030}] => (Block) %USERPROFILE%\Desktop\LMU\Le Mans Ultimate.exe => No File
FirewallRules: [{E3C694FE-C737-4FBF-98B1-BB842B41A975}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2 Demo\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{9F916587-B36E-4DF3-A53F-7C76F1406525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2 Demo\bin\win_x64\eurotrucks2.exe => No File
FirewallRules: [{A4BCC1C6-D060-4862-BCCE-246A4DCE812F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{2C9E9878-E442-4F98-B6B0-2466F9CFA91D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\American Truck Simulator Demo\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{F385C8FD-C48D-4AAA-B066-718BE82714CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [{C0E84595-BCF0-4506-B365-D87241D10A7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\Game\x64\RRRE64.exe => No File
FirewallRules: [{19BB85B0-C99A-481F-B087-89F28B9EA0AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\Game\x64dxvk\RRRE64.exe => No File
FirewallRules: [{4F79E774-9F6F-435C-ACEB-B2A9EAA5919B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\raceroom racing experience\Game\x64dxvk\RRRE64.exe => No File
FirewallRules: [{74C2C382-F1F5-4484-B88D-F2A2FFD5EED5}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => No File
FirewallRules: [TCP Query User{E6D051B7-912E-4145-8257-463243DA6A23}C:\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) C:\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [UDP Query User{7F9B6FC0-1AFD-41CD-B3DD-0987561846B3}C:\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe] => (Allow) C:\assetto corsa competizione\ac2\binaries\win64\ac2-win64-shipping.exe => No File
FirewallRules: [{D2323528-CE02-4D85-8237-4439BF857D43}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Off Piste\OffTrailWindows\OffTrail.exe => No File
FirewallRules: [{414EFD66-D326-4C68-99B1-8A36D826D016}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Off Piste\OffTrailWindows\OffTrail.exe => No File
FirewallRules: [TCP Query User{37190AC6-7AE2-4B56-B672-7C5AABB37908}C:\program files (x86)\steam\steamapps\common\lanesplit demo\lanesplit\binaries\win64\lanesplit-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lanesplit demo\lanesplit\binaries\win64\lanesplit-win64-shipping.exe => No File
FirewallRules: [UDP Query User{0FDD3631-673D-47E6-8EB8-47C1A0CBE1C3}C:\program files (x86)\steam\steamapps\common\lanesplit demo\lanesplit\binaries\win64\lanesplit-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\lanesplit demo\lanesplit\binaries\win64\lanesplit-win64-shipping.exe => No File
FirewallRules: [TCP Query User{25F781F5-3E31-4A03-9C49-0AB5BA9BE9C1}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [UDP Query User{89468A60-A72D-4163-8759-8542E01DE26C}C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\war thunder\win64\aces.exe => No File
FirewallRules: [{EFC832D2-DDC8-482D-80EC-C1B3A4C8E781}] => (Allow) C:\Program Files\Razer\RazerAppEngine\app-4.0.660\RazerAppEngine.exe => No File
FirewallRules: [TCP Query User{8957901D-9164-4B40-A07B-2A02AE790F24}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{1D8E033E-6DA6-4333-9196-8441C84FC1F1}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Allow) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
R3 cpuz158; C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [44592 2026-04-30] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ATTENTION
S3 HWiNFO_206; C:\Users\DCmet\AppData\Local\Temp\HWiNFO_x64_206.sys [57512 2026-04-06] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION
S3 HWiNFO_214; C:\Users\DCmet\AppData\Local\Temp\HWiNFO_x64_214.sys [60072 2026-04-30] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION
R3 HWiNFO_215; C:\Users\DCmet\AppData\Local\Temp\HWiNFO_x64_215.sys [60080 2026-04-30] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ATTENTION
HKU\S-1-5-21-2518755091-3211838001-4167600821-1001\Software\Classes\regfile: <==== ATTENTION
HKU\S-1-5-21-2518755091-3211838001-4167600821-1001\Software\Classes\.reg: => <==== ATTENTION
HKU\S-1-5-21-2518755091-3211838001-4167600821-1001\Software\Classes\.bat: => <==== ATTENTION
HKU\S-1-5-21-2518755091-3211838001-4167600821-1001\Software\Classes\.cmd: => <==== ATTENTION
reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /f
File: C:\Users\DCmet\Downloads\content-manager\Content Manager.exe
StartPowerShell:
# Enable real-time protection
Set-MpPreference -DisableRealtimeMonitoring $false
# Enable behavioural protection
Set-MpPreference -DisableBehaviorMonitoring $false
# Enable PUP detection
Set-MpPreference -PUAProtection Enabled
# Enable cloud protection to level 4 - aggressively block unknowns and apply additional protection measures, alternatively use 2 for lower protection or 0 for default
Set-MpPreference -CloudBlockLevel 4
# Send advanced information about malicious/unwanted software present on your device
Set-MpPreference -MAPSReporting 2
# Send safe samples automatically to Microsoft
Set-MpPreference -SubmitSamplesConsent 1
# Enables inspection of HTTP traffic to detect malicious websites
Set-MpPreference -EnableNetworkProtection Enabled
# Enables block at first seen
Set-MpPreference -DisableBlockAtFirstSeen $false
# Allows scanning of archive files, such as .zip and .cab files for malware/PUP
Set-MpPreference -DisableArchiveScanning $false
# Enables automatic scanning of USB & removal drives
Set-MpPreference -DisableRemovableDriveScanning $false
# Enables scanning of network files
Set-MpPreference -DisableScanningNetworkFiles $false
# Forces signature check before running a scan
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true
# Extends cloud check timer from default 10 to 30 seconds
Set-MpPreference -CloudExtendedTimeout 30
# Enables automatic scanning of all downloaded files and attachments
Set-MpPreference -DisableIOAVProtection $false
# Enables script detection
Set-MpPreference -DisableScriptScanning $false
# Disables automatic exclusions from scanning
Set-MpPreference -DisableAutoExclusions 1
# Enables scanning of mapped network drives
Set-MpPreference -DisableScanningMappedNetworkDrivesForFullScan 0
# Enables scanning of email files
Set-MpPreference -DisableEmailScanning 0
# Enables blocking of malicious domains and IP's on DNS level
Set-MpPreference -EnableDnsSinkhole $true
# Enables signature updates every 12 hours
Set-MpPreference -SignatureUpdateInterval 12
# Enables automatic quarantine for threats labelled as high and severe
Set-MpPreference -HighThreatDefaultAction Quarantine
Set-MpPreference -SevereThreatDefaultAction Quarantine
# Updates signatures
Update-MpSignature
EndPowerShell:
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableLUA"=dword:00000001
EndRegedit:
StartPowerShell:
# This snippet downloads Emsisoft Emergency Kit (EEK) from the Emsisoft's official site, updates it, scans with it.
# Do note that the executable is 300MB and may take some time to download.
# ---
# This will scan for malware and PUP's in 1) system memory 2) important folders as documentation says
# It will scan in compressed archives, in mail archives, in NTFS alternate data streams and use cloud requests
# ---
# You can use argument "/delete" to delete found objects including references but this is permanent and irreversible.
# You can remove the "/quick" argument to do a full scan but that may take longer than what FRST can handle.
# You can use argument "/quarantine="[folder]"" to put found malware into quarantine, but I personally prefer first verifying the detections.
$downloadUrl = "https://dl.emsisoft.com/EmsisoftEmergencyKit.exe"
$systemDrive = $env:SystemDrive
$frstPath = "$systemDrive\FRST"
$savePath = "$frstPath\EEK.exe"
$extractPath = "$frstPath\EEK"
if (-not (Test-Path $frstPath)) {
New-Item -Path $frstPath -ItemType Directory -Force | Out-Null
}
if (-not (Test-Path $extractPath)) {
New-Item -Path $extractPath -ItemType Directory -Force | Out-Null
}
Invoke-WebRequest -Uri $downloadUrl -OutFile $savePath -UseBasicParsing
$proc = Start-Process -FilePath $savePath -ArgumentList "-s -d`"$extractPath`"" -PassThru
while (-not (Test-Path "$extractPath\bin64\a2cmd.exe")) { Start-Sleep -Milliseconds 1000 }
Stop-Process -Id $proc.Id -Force -ErrorAction SilentlyContinue
if ([Environment]::Is64BitOperatingSystem) {
$a2cmdPath = Join-Path $extractPath "bin64\a2cmd.exe"
} else {
$a2cmdPath = Join-Path $extractPath "bin32\a2cmd.exe"
}
Start-Process -FilePath $a2cmdPath -ArgumentList "/update" -Wait -NoNewWindow
Start-Process -FilePath $a2cmdPath -ArgumentList "/malware /quick /m /t /pup /a /am /cloud=1 /la=`"$frstPath\EEK_scan.log`"" -Wait -NoNewWindow
Get-Content "$frstPath\EEK_scan.log"
exit
EndPowerShell:
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
CMD: netsh int ip reset
CMD: netsh int ipv6 reset
CMD: ipconfig /flushDNS
CMD: netsh winsock reset catalog
C:\Users\CurrentUserName\AppData\Local\Temp\*
C:\Windows\Temp\*
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.