content copied
content
Start::
CreateRestorePoint:
CloseProcesses:
2026-03-31 22:40 - 2022-12-23 23:55 - 000000000 ____D C:\Users\vlaue\AppData\Roaming\RenPy
CustomCLSID: HKU\S-1-5-21-1277946573-2952317390-4141189700-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\vlaue\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-1277946573-2952317390-4141189700-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\vlaue\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20031.2\x64\Microsoft.Teams.AddinLoader.dll => No File
AlternateDataStreams: C:\ProgramData:err [1450]
AlternateDataStreams: C:\Users\All Users:err [1450]
AlternateDataStreams: C:\ProgramData\Dane aplikacji:err [1450]
AlternateDataStreams: C:\ProgramData\TEMP:535FBEA2 [136]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [7054]
AlternateDataStreams: C:\Users\vlaue\Documents\medprac 2.2022.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\vlaue\Documents\medprac 2.2022.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Atos 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Atos 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Atos.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Atos.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Wipro 2.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Wipro 2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Wipro.jpeg:3or4kl4x13tuuug3Byamue2s4b [81]
AlternateDataStreams: C:\Users\vlaue\Documents\skan Wipro.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
HKU\S-1-5-21-1277946573-2952317390-4141189700-1001\...\Run: [Lync] => "C:\Program Files\Microsoft Office\Root\Office16\lync.exe" /fromrunkey (No File)
HKU\S-1-5-21-1277946573-2952317390-4141189700-1001\...\Run: [CyberGhost] => "C:\Program Files\CyberGhost 8\Dashboard.exe" /autostart /min (No File)
HKU\S-1-5-21-1277946573-2952317390-4141189700-1001\...\Run: [com.evernote.Evernote] => C:\Users\vlaue\AppData\Local\Programs\Evernote\Evernote.exe --was-opened-with-auto-launch (No File)
S4 Rockstar Service; "D:\Program Files\Rockstar Games\Launcher\RockstarService.exe" [X]
2026-04-01 11:48 - 2026-04-01 11:48 - 000000008 _____ C:\ProgramData\ntuser.pol
StartPowerShell:
# Downloads newest AdwCleaner version directly from Malwarebytes, performs an update, scans, cleans and writes the log in console
# Does not clean preinstalled objects, only PUP/Adware
# If you would like to delete preinstalled objects, add an argument /preinstalled to the /clean argument
# If you would like to only scan with it, change the argument from /clean to /scan
New-Item -ItemType Directory -Force -Path "$env:SystemDrive\AdwCleaner" | Out-Null
Invoke-WebRequest -Uri "https://adwcleaner.malwarebytes.com/adwcleaner?channel=release" -OutFile "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/eula" -Wait -WindowStyle Hidden
$logFile = "$env:SystemDrive\AdwCleaner\AdwCleanerOutputFRST.txt"
Start-Process -FilePath "$env:SystemDrive\AdwCleaner\AdwCleanerFRST.exe" -ArgumentList "/noreboot /clean" -Wait -WindowStyle Hidden -RedirectStandardOutput $logFile
Get-Content $logFile -Encoding Unicode
Remove-Item -Path $logFile -Force -ErrorAction SilentlyContinue
EndPowerShell:
StartPowershell:
Try {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) {
Remove-MpPreference -ExclusionPath $Path -force -ErrorAction Stop
}
foreach ($Extension in $Extensions) {
Remove-MpPreference -ExclusionExtension $Extension -force -ErrorAction Stop
}
foreach ($Process in $Processes) {
Remove-MpPreference -ExclusionProcess $Process -force -ErrorAction Stop
}
}
Catch {
Write-Error "Error occurred while removing Windows Defender exclusions: $_"
}
EndPowershell:
2026-03-31 22:46 - 2026-03-31 22:46 - 000000000 ____D C:\Users\vlaue\Juzupe
2026-03-31 22:43 - 2026-03-31 22:43 - 000000000 ____D C:\Users\vlaue\Lujiqux
2026-03-31 22:41 - 2026-03-31 22:41 - 000000000 ____D C:\ProgramData\Kawema
2026-03-31 22:41 - 2026-03-31 22:41 - 000000000 ____D C:\ProgramData\Gukop
2024-12-13 14:53 - 2024-12-13 14:53 - 000000048 ____R () C:\Users\vlaue\AppData\Local\3A3A84C71B9B001D9FA09B00B8F8A798
EmptyTemp:
End::
Warning
Executing a Fixlist on the wrong system may permanently damage it. Continue only if this link was meant for you.
To view the content, acknowledge this warning.