VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Pozůstatky malware ?

https://forum.viry.cz:443/viewtopic.php?t=160666

Stránka 1 z 1

Pozůstatky malware ?

Napsal: 26 bře 2026 16:00
od pepaa
Dobrý den,

prosím o konntrolu logu, 18.03.2025 kolem p§l osmé ráno jsem při vstývání zjitil, že jsem se stal obětí hackerského útoku, kdy mi byly odcizeny ověřené účty na sociálních sítích bez upozornění, vyčistil jsem snad vše a zasílám log pro kointrolu, podíváte se mi na to prosím ?
can result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-03-2026
Ran by Jose Madeira (administrator) on JOSECKO (Dell Inc. Latitude 5510) (26-03-2026 15:41:16)
Running from C:\Users\Jose Madeira\Downloads\FRST64.exe
Loaded Profiles: Jose Madeira & WsiAccount
Platform: Microsoft Windows 11 Pro Version 24H2 26100.8039 (X64) Language: Čeština (Česko)
Default browser: Edge
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSATray.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AppleMobileDeviceProcess.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudDrive.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudPhotos.exe
(C:\ProgramData\Dell\drivers\7e98c440-4a26-46d6-864d-50287d8955fe\DellOptimizer.exe ->) (Dell Technologies Inc. -> Dell Technologies, Inc.) C:\Windows\Temp\{0F53B847-F7AD-4001-850E-C0763C766A0D}\_is6E39.exe <2>
(C:\ProgramData\Dell\UpdateService\Downloads\FOLDER14235674M\4\Dell-Optimizer-Application_J9P2R_WIN64_6.3.2.0_A00.EXE ->) (Dell Technologies Inc. -> Dell Technologies, Inc.) C:\ProgramData\Dell\drivers\7e98c440-4a26-46d6-864d-50287d8955fe\DellOptimizer.exe
(C:\Windows\Temp\{0F53B847-F7AD-4001-850E-C0763C766A0D}\_is6E39.exe ->) (Dell Technologies Inc. -> Flexera) C:\Windows\Temp\{0F53B847-F7AD-4001-850E-C0763C766A0D}\{3858D95B}\setup64.exe
(Dell Technologies Inc. -> ) C:\Program Files\Dell\DellOptimizer\DellEnterpriseClientFrameworkSubAgent.exe
(Dell Technologies Inc. -> ) C:\Program Files\Dell\DTP\DiagnosticsSubAgent\Dell.TechHub.Diagnostics.SubAgent.exe
(Dell Technologies Inc. -> Dell Inc.) C:\ProgramData\Dell\UpdateService\Downloads\FOLDER14235674M\4\Dell-Optimizer-Application_J9P2R_WIN64_6.3.2.0_A00.EXE
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellOptimizer\Console\DellOptimizer.Systray.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellOptimizer\SubAgents\Dell.UUE.CoreSubAgent\Dell.UUE.CoreSubAgent.exe
(Dell Technologies Inc. -> Dell Technologies Inc.) C:\Program Files\Dell\DellOptimizer\SubAgents\Dell.UUE.User.SubAgent\Dell.UUE.User.SubAgent.exe
(Dell Technologies Inc. -> Dell) C:\Program Files\Dell\DellDigitalDelivery\SubAgent\Dell.Digital.Delivery.Service.SubAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_0e0cef3aab259dd1\igfxCUIService.exe ->) (Intel Graphics Internal 2023 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0e0cef3aab259dd1\igfxEM.exe
(DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_helper.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <12>
(explorer.exe ->) (Telegram FZ-LLC -> Telegram FZ-LLC) C:\Users\Jose Madeira\AppData\Roaming\Telegram Desktop\Telegram.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_19.2603.48201.0_x64__8wekyb3d8bbwe\M365Copilot.exe
(msiexec.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(services.exe ->) ("STMicroelectronics Srl" -> ) C:\Windows\System32\drivers\DellFFDPWmiService.exe
(services.exe ->) (Avid Technology, Inc. -> M-Audio) C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe
(services.exe ->) (Broadcom Inc. -> ) C:\Windows\System32\bcmUshUpgradeService.exe
(services.exe ->) (Broadcom Inc. -> Broadcom Corporation) C:\Windows\System32\bcmHostControlService.exe
(services.exe ->) (Broadcom Inc. -> Broadcom Corporation) C:\Windows\System32\bcmHostStorageService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files (x86)\Dell\CommandIntelvProOutOfBand\DellAWESvc.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\EndpointConfigure\Dell.EndpointConfigure.WinServiceAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell INC.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(services.exe ->) (Dell Technologies Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(services.exe ->) (Dell Technologies Inc. -> Dell) C:\Program Files\Dell\TrustedDevice\Dell.TrustedDevice.Service.exe
(services.exe ->) (Fibocom Wireless Inc. -> Fibocom Wireless Inc.) C:\Windows\Firmware\FwSwitchbin\FwSwitchService.exe
(services.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_99f6bd58bfe82726\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d7a222f6ce13d429\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSAUpdateService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_581d7e91d349facc\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel Graphics Internal 2023 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0e0cef3aab259dd1\igfxCUIService.exe
(services.exe ->) (Intel Graphics Internal 2023 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_bcf814bde8c7d262\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Graphics Internal 2023 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6d5820df0105f0e9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Graphics Internal 2023 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6d5820df0105f0e9\IntelCpHeciSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\WirelessKB850NotificationService.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm\Bluetooth Suite\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\NisSrv.exe
(services.exe ->) (MuseCY SM Ltd -> Muse Group) C:\Program Files\MuseHub\current\MuseAuthService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>
(services.exe ->) (Waves Inc -> Waves Audio Ltd.) C:\Windows\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_9cf66a75b9c50ded\WavesSysSvc64.exe
(sihost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> WhatsApp.Root) C:\Program Files\WindowsApps\5319275A.51895FA4EA97F_2.2611.101.0_x64__cv1g1gvanyjgm\WhatsApp.Root.exe
(sihost.exe ->) (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe <5>
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe
(sihost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\iCloudHome.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\ApplePhotoStreams.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple, Inc.) C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Gen Digital Inc. -> Gen Digital Inc.) C:\Program Files\Piriform\CCleaner 7\CCleaner.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2601.2.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.241.0.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\UtcDecoderHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961360 2023-11-02] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo9de.inf_amd64_9cf66a75b9c50ded\WavesSvc64.exe [5542112 2024-03-08] (Waves Inc -> Waves Audio Ltd.)
HKLM\...\Run: [MuseHub] => C:\Program Files\MuseHub\current\MuseHub.exe [59699760 2026-01-15] (MuseCY SM Ltd -> MuseHub)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Jose Madeira\AppData\Local\Programs\signal-desktop\Signal.exe [213754288 2026-02-25] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\146.0.7680.165\Installer\chrmstp.exe [2026-03-26] (Google LLC -> Google LLC)
Startup: C:\Users\Jose Madeira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk [2026-03-17]
ShortcutTarget: Telegram.lnk -> C:\Users\Jose Madeira\AppData\Roaming\Telegram Desktop\Telegram.exe (Telegram FZ-LLC -> Telegram FZ-LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ableton USB Audio Control Panel Autostart.lnk [2025-12-11]
ShortcutTarget: Ableton USB Audio Control Panel Autostart.lnk -> C:\Program Files\Ableton\USB Audio Driver\x64\AbletonAudioCpl.exe (Thesycon Software Solutions GmbH & Co. KG -> )
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {ECA0AB4E-E54E-4804-A96A-B004F16FB6E8} - System32\Tasks\CCleaner 7 - Skip UAC - S-1-5-21-196143437-2400517662-190078704-1002 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5315192 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {2170452D-DCF4-4DB9-ADE5-114C6DED8287} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe [1308312 2026-02-27] (Dell Technologies Inc. -> Dell Inc.) -> C:\Program Files\Dell\SupportAssistAgent\bin\AutoUpdate
Task: {1A0A632B-1BAB-4D19-ADFF-5F197AACDE10} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem148.0.7730.0{6BBFD062-BC30-4841-A3F4-E0D77EE0D9CA} => C:\Program Files (x86)\Google\GoogleUpdater\148.0.7730.0\updater.exe [6517400 2026-03-12] (Google LLC -> Google LLC)
Task: {43D76A25-682E-4F6E-9E32-EE3B2A2D3112} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [6466256 2026-01-16] (Intel Corporation -> Intel Corporation)
Task: {78FBE537-0B95-4261-95BD-5E82B5422479} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [6466256 2026-01-16] (Intel Corporation -> Intel Corporation)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {D4867D41-B900-49EC-9726-967D0865C165} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpCmdRun.exe [1786528 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {190FC5EF-3D50-4208-A483-5B8B4B106A8D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpCmdRun.exe [1786528 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D6A1AAB0-8D6C-4D61-941B-A684532F7A70} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpCmdRun.exe [1786528 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CDE98D87-3A36-469B-A7A0-509DC9591E75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpCmdRun.exe [1786528 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9AA6FEB3-EFD5-4437-854A-7EEEFFEA1426} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-196143437-2400517662-190078704-1002 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5315192 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {2CC11382-FC30-4A59-8D71-708174423A8B} - System32\Tasks\Piriform\CCleaner 7 - S-1-5-21-196143437-2400517662-190078704-1003 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5315192 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {EE263844-040D-4103-ACFF-44BEA51F7FD5} - System32\Tasks\Piriform\CCleaner 7 - Scheduled Cleaning - default - S-1-5-21-196143437-2400517662-190078704-1002 => C:\Program Files\Piriform\CCleaner 7\CCleaner.exe [5315192 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {DBE9539C-7117-4B64-8BE2-3A1C19CB26D0} - System32\Tasks\Piriform\CCleaner 7 BugReport => C:\Program Files\Piriform\CCleaner 7\CCleanerBugReport.exe [6461560 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.) -> --send "dumps|report" --product 234 --programpath "C:\Program Files\Piriform\CCleaner 7" --configpath "C:\Program Files\Piriform\CCleaner 7\data" --path "C:\Program Files\Piriform\CCleaner 7\log" --path "C:\Program Files\Piriform\CCleaner 7\data\dumps" --logpath "C:\Program Files\Piriform\CCleaner 7 (the data entry has 58 more characters).
Task: {9C428FDC-8851-47E1-A838-93C85E6309FD} - System32\Tasks\Piriform\CCleaner 7 Update => C:\Program Files\Common Files\Piriform\Icarus\piriform-ccl\icarus.exe [9274080 2026-02-26] (Gen Digital Inc. -> Gen Digital Inc.)
Task: {C48797BD-B567-4358-9FEE-0C6FC1888DA5} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe [454656 2025-11-07] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\-Command "Start-Process -WindowStyle Hidden task.bat"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0ac08c43-85cc-49e2-97c5-8b314b5e5f80}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d46ca9e9-995c-47a4-94a0-0b34a7790ba2}: [DhcpNameServer] 192.168.0.1

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Default [2026-03-26]
Edge Notifications: Default -> hxxps://www.snapchat.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2026-03-25]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-03-04]
Edge Extension: (Edge relevant text changes) - C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-12-10]
Edge Profile: C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2026-03-04]
Edge Extension: (Dokumenty Google offline) - C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-09]
Edge Extension: (Edge relevant text changes) - C:\Users\Jose Madeira\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2025-12-09]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default [2026-03-26]
CHR Notifications: Default -> hxxps://business.facebook.com; hxxps://webmail.forpsi.com; hxxps://www.facebook.com; hxxps://www.youtube.com
CHR Extension: (Překladač Google) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2025-11-24]
CHR Extension: (Authenticator) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhghoamapcdpbohphigoooaddinpkbai [2025-12-11]
CHR Extension: (Word Online) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2025-11-24]
CHR Extension: (Dokumenty Google offline) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-03-17]
CHR Extension: (Platby Internetového obchodu Chrome) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-11-24]
CHR Extension: (Hesla na iCloudu) - C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pejdijmoenmkgeppbflobdenhhabjlaj [2025-12-19]
CHR Profile: C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\System Profile [2026-03-20]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm\Bluetooth Suite\adminservice.exe [404384 2022-01-23] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R2 CCleaner7; C:\Program Files\Piriform\CCleaner 7\CCleaner_service.exe [29465352 2026-03-04] (Gen Digital Inc. -> Gen Digital Inc.)
R2 DCECMISvc; C:\Program Files\Dell\EndpointConfigure\Dell.EndpointConfigure.WinServiceAgent.exe [168216 2025-04-15] (Dell Technologies Inc. -> Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [20240 2025-12-02] (Dell Technologies Inc. -> Dell INC.)
R2 DellAweSvc; C:\Program Files (x86)\Dell\CommandIntelvProOutOfBand\DellAWESvc.exe [73968 2025-04-04] (Dell Technologies Inc. -> Dell Inc.)
R2 DellClientManagementService; C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe [49952 2026-02-02] (Dell Technologies Inc. -> )
R2 DellFFDPWmiService; C:\WINDOWS\System32\drivers\DellFFDPWmiService.exe [33368 2022-01-26] ("STMicroelectronics Srl" -> )
R2 DellTechHub; C:\Program Files\Dell\TechHub\Dell.TechHub.exe [149704 2025-11-30] (Dell Technologies Inc. -> Dell)
R2 DellTrustedDevice; C:\Program Files\Dell\TrustedDevice\Dell.TrustedDevice.Service.exe [154752 2025-11-07] (Dell Technologies Inc. -> Dell)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSAService.exe [133736 2025-08-27] (Intel Corporation -> Intel)
R2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\x86\DSAUpdateService.exe [133224 2025-08-27] (Intel Corporation -> Intel)
R2 FastTrackProAudioDevMon; C:\Program Files (x86)\M-Audio\Fast Track Pro\AudioDevMon.exe [1688296 2015-06-10] (Avid Technology, Inc. -> M-Audio)
R2 hostcontrolsvc; C:\WINDOWS\System32\bcmHostControlService.exe [846512 2025-06-16] (Broadcom Inc. -> Broadcom Corporation)
R2 hoststoragesvc; C:\WINDOWS\System32\bcmHostStorageService.exe [209136 2025-10-21] (Broadcom Inc. -> Broadcom Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_581d7e91d349facc\AS\IAS\IntelAudioService.exe [412128 2022-10-27] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11420952 2026-03-20] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2026-01-10] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpDefenderCoreService.exe [2088128 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MuseAuthService; C:\Program Files\MuseHub\current\MuseAuthService.exe [9957424 2026-01-15] (MuseCY SM Ltd -> Muse Group)
S3 MuseHubUpdaterService; C:\Program Files\MuseHub\current\MuseHub.Updater.exe [8250416 2026-01-15] (MuseCY SM Ltd -> MuseHub.Updater)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [811360 2026-02-24] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [149656 2026-02-27] (Dell Technologies Inc. -> Dell Inc.)
R2 ushupgradesvc; C:\WINDOWS\System32\bcmUshUpgradeService.exe [360752 2025-10-21] (Broadcom Inc. -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\NisSrv.exe [4451664 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MsMpEng.exe [290704 2026-03-25] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WirelessKB850NotificationService; C:\WINDOWS\system32\WirelessKB850NotificationService.exe [176624 2018-05-14] (Microsoft Corporation -> Microsoft Corporation)
S3 AppShellElevationService; "C:\Program Files\TikTok LIVE Studio\1.12.0\elevation_service.exe" [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cxwmbclass; C:\WINDOWS\System32\DriverStore\FileRepository\netwmbclass.inf_amd64_7e33f06b13d0c370\cxwmbclass.sys [167936 2026-02-24] (Microsoft Windows -> Microsoft Corporation)
S3 DellBV; C:\WINDOWS\system32\DRIVERS\DellBV.sys [161072 2025-11-07] (Dell Technologies Inc. -> Dell)
S3 DellInstrumentation; C:\WINDOWS\System32\drivers\DellInstrumentation.sys [33336 2025-11-20] (Microsoft Windows Hardware Compatibility Publisher -> Dell)
S3 DPMDriver; C:\WINDOWS\System32\drivers\DPMDriver.sys [142272 2024-10-30] (IndiLogic LLC -> Dell Inc.)
R1 dtdsel; C:\WINDOWS\System32\DRIVERS\dtdsel.sys [139576 2025-11-07] (Dell Technologies Inc. -> Dell)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_0a58c9ba33b1dc0f\e1d.sys [625368 2025-09-01] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 MAUSBFASTTRACKPRO; C:\WINDOWS\System32\drivers\MAudioFastTrackPro.sys [184552 2015-06-10] (Avid Technology, Inc. -> M-Audio)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-03-25] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2026-01-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-03-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MoisesVAD; C:\WINDOWS\System32\DriverStore\FileRepository\moisesvad.inf_amd64_69572c0db43b9e35\MoisesVAD.sys [80872 2026-02-02] (Moises Systems, Inc. -> Windows (R) Win 7 DDK provider)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S3 RtkUsbAD_2370; C:\WINDOWS\System32\DriverStore\FileRepository\rtdusbad_dell.inf_amd64_fcf8a1ae51151778\RtUsbA64.sys [504168 2023-10-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 RtkUsbAD_2422; C:\WINDOWS\System32\DriverStore\FileRepository\rtdusbad_dell.inf_amd64_07ee7a18aaea6155\RtUsbA64.sys [524288 2025-08-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64sta.inf_amd64_96b55918d02d83c6\rtu53cx22x64.sys [1168896 2025-12-03] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 rtucx21x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtucx21x64.inf_amd64_286645bc82b2f9fb\rtucx21x64.sys [1359360 2024-04-01] (Microsoft Windows -> Realtek Corporation)
R3 UDE; C:\WINDOWS\System32\drivers\UDE.sys [337384 2021-09-27] (Fibocom Wireless Inc. -> Intel Corporation)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
S3 UsbNcm; C:\WINDOWS\System32\DriverStore\FileRepository\usbncm.inf_amd64_989230fcb4a5468f\UsbNcm.sys [208896 2026-02-24] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21888 2026-03-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [641416 2026-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [103816 2026-03-25] (Microsoft Windows -> Microsoft Corporation)
R3 WiManH; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_1d81bc4f31bf65c7\WiManH\WiManH.sys [184224 2025-10-28] (Intel Corporation -> Intel Corporation)
S3 WirelessKeyboardFilter; C:\WINDOWS\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-03-26 15:41 - 2026-03-26 15:43 - 000030444 _____ C:\Users\Jose Madeira\Downloads\FRST.txt
2026-03-26 15:41 - 2026-03-26 15:42 - 000000000 ____D C:\FRST
2026-03-26 15:40 - 2026-03-26 15:40 - 002445824 _____ (Farbar) C:\Users\Jose Madeira\Downloads\FRST64.exe
2026-03-26 14:12 - 2026-03-26 14:12 - 006416248 _____ C:\Users\Jose Madeira\Downloads\IMG_3A56896E-1DAA-4365-BC77-BB9767BDCCF9.JPEG
2026-03-26 14:11 - 2026-03-26 14:11 - 000105699 _____ C:\Users\Jose Madeira\Downloads\71987a73-dc0a-4c41-a338-a45519ebec4e.JPEG
2026-03-26 14:09 - 2026-03-26 14:09 - 002930270 _____ C:\Users\Jose Madeira\Downloads\IMG_4FB31948-405D-4F8C-A467-30FA29FDCD0A.JPEG
2026-03-26 13:55 - 2026-03-26 13:55 - 000089263 _____ C:\Users\Jose Madeira\OneDrive\Plocha\WhatsApp Image 2026-03-26 at 02.25.46.jpeg
2026-03-26 13:55 - 2026-03-26 13:55 - 000066589 _____ C:\Users\Jose Madeira\OneDrive\Plocha\WhatsApp Image 2026-03-26 at 02.27.56.jpeg
2026-03-26 13:33 - 2026-03-26 13:33 - 000002207 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-03-26 13:33 - 2026-03-26 13:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleSystem
2026-03-26 13:32 - 2026-03-26 13:32 - 011487160 _____ (Google LLC) C:\Users\Jose Madeira\Downloads\ChromeSetup.exe
2026-03-26 11:40 - 2026-03-26 11:40 - 000679834 _____ C:\WINDOWS\system32\perfh005.dat
2026-03-26 11:40 - 2026-03-26 11:40 - 000145634 _____ C:\WINDOWS\system32\perfc005.dat
2026-03-25 21:57 - 2026-03-25 21:57 - 000000000 ____D C:\Program Files\Google
2026-03-25 18:27 - 2026-03-26 11:52 - 000000000 ____D C:\ProgramData\RogueKiller
2026-03-25 18:12 - 2026-03-25 18:12 - 000000000 ____D C:\AdwCleaner
2026-03-24 10:29 - 2026-03-26 13:33 - 000000000 ____D C:\WINDOWS\CbsTemp
2026-03-21 01:33 - 2026-03-21 01:33 - 000000765 _____ C:\Users\Jose Madeira\OneDrive\Plocha\rekordbox 7.lnk
2026-03-20 20:49 - 2026-03-20 20:49 - 000000000 ____D C:\Users\Jose Madeira\Downloads\Telegram Desktop
2026-03-17 17:10 - 2026-03-17 20:01 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\tor
2026-03-17 08:13 - 2026-03-26 12:42 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\FOTKY NA SC
2026-03-17 05:12 - 2026-03-17 05:12 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\AdvinstAnalytics
2026-03-17 05:11 - 2026-03-17 05:11 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Opera Software
2026-03-13 18:09 - 2026-03-26 12:44 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\MUJ TRACK
2026-03-13 02:02 - 2026-03-13 02:02 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Xfer
2026-03-13 01:59 - 2026-03-13 01:59 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Xfer
2026-03-13 01:58 - 2026-03-13 01:58 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Documents\Xfer
2026-03-10 07:04 - 2026-03-10 07:07 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Moises
2026-03-10 07:04 - 2026-03-10 07:04 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\moises-desktop-updater
2026-03-10 06:41 - 2026-03-10 19:39 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Moises Live
2026-03-10 06:41 - 2026-03-10 06:41 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\moises-live-windows-updater
2026-03-06 20:44 - 2026-03-06 20:44 - 005255624 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\Netwtw10.sys
2026-03-06 20:44 - 2026-03-06 20:44 - 001627080 _____ (Intel Corporation) C:\WINDOWS\system32\IntelIHVRouter10.dll
2026-03-05 12:58 - 2026-03-05 12:58 - 000001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ableton Live 12 Suite.lnk
2026-03-05 12:58 - 2026-03-05 12:58 - 000000410 __RSH C:\ProgramData\ntuser.pol
2026-03-05 12:37 - 2026-03-05 12:37 - 000000000 ____D C:\WINDOWS\system32\Tasks\SoftLanding
2026-03-04 20:19 - 2026-03-11 07:02 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Avast Software
2026-03-04 20:14 - 2026-03-04 20:14 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\CEF
2026-03-04 20:12 - 2026-03-11 07:31 - 000000000 ____D C:\ProgramData\Avast Software
2026-03-04 20:12 - 2026-03-10 19:23 - 000002398 _____ C:\WINDOWS\system32\Tasks\CCleaner 7 - Skip UAC - S-1-5-21-196143437-2400517662-190078704-1002
2026-03-04 20:12 - 2026-03-04 20:12 - 000056128 _____ (Gen Digital Inc.) C:\WINDOWS\system32\icarus_rvrt.exe
2026-03-04 20:12 - 2026-03-04 20:12 - 000002152 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 7.lnk
2026-03-04 20:12 - 2026-03-04 20:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Piriform
2026-03-04 20:12 - 2026-03-04 20:12 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\CCleaner
2026-03-04 20:12 - 2026-03-04 20:12 - 000000000 ____D C:\ProgramData\Piriform
2026-03-04 20:12 - 2026-03-04 20:12 - 000000000 ____D C:\Program Files\Piriform
2026-03-04 20:12 - 2026-03-04 20:12 - 000000000 ____D C:\Program Files\Common Files\Piriform
2026-03-03 12:14 - 2026-03-10 19:23 - 000002608 _____ C:\WINDOWS\system32\Tasks\USER_ESRV_SVC_QUEENCREEK
2026-03-03 12:14 - 2026-01-27 11:24 - 000049872 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\semav6msr64.sys
2026-02-26 10:30 - 2026-02-26 10:30 - 000000000 ____D C:\Users\Jose Madeira\0
2026-02-24 19:43 - 2026-02-24 19:43 - 000083946 _____ C:\WINDOWS\SysWOW64\ctac.json
2026-02-24 19:43 - 2026-02-24 19:43 - 000083946 _____ C:\WINDOWS\system32\ctac.json
2026-02-24 19:43 - 2026-02-24 19:43 - 000036382 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2026-02-24 19:43 - 2026-02-24 19:43 - 000036382 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2026-03-26 15:44 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-03-26 15:43 - 2026-01-10 08:54 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Malwarebytes
2026-03-26 15:40 - 2025-11-07 08:05 - 000000000 ____D C:\Program Files (x86)\Dell
2026-03-26 14:33 - 2024-04-01 08:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-03-26 13:34 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-03-26 13:33 - 2025-11-24 09:34 - 000000000 ____D C:\Program Files (x86)\Google
2026-03-26 13:31 - 2026-02-18 02:12 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Telegram Desktop
2026-03-26 12:44 - 2026-02-23 22:37 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\HLAS BEZ TVÁŘE - PROJEKT
2026-03-26 12:43 - 2026-01-06 13:16 - 000000000 ___RD C:\Users\Jose Madeira\OneDrive\Plocha\HUDBA
2026-03-26 12:12 - 2025-11-07 07:56 - 000000000 ___DC C:\WINDOWS\Panther
2026-03-26 12:08 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ServiceState
2026-03-26 12:06 - 2024-04-01 08:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-03-26 11:40 - 2025-11-07 08:07 - 001603854 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-03-26 11:40 - 2024-04-01 08:24 - 000000000 ____D C:\WINDOWS\INF
2026-03-26 11:39 - 2025-11-07 07:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-03-26 11:35 - 2025-12-10 13:57 - 000000000 ___RD C:\Users\Jose Madeira\iCloudDrive
2026-03-26 11:35 - 2025-12-10 04:34 - 000000000 ___RD C:\Users\Jose Madeira\iCloudPhotos
2026-03-26 11:33 - 2025-11-14 10:57 - 000000000 __SHD C:\Users\Jose Madeira\IntelGraphicsProfiles
2026-03-26 11:33 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\Registration
2026-03-26 11:32 - 2025-12-11 02:44 - 000000000 ____D C:\ProgramData\boost_interprocess
2026-03-26 11:32 - 2025-11-07 08:09 - 000000000 ____D C:\Intel
2026-03-26 11:32 - 2025-11-07 08:07 - 000450668 _____ C:\WINDOWS\system32\CVFirmwareUpgradeLog.txt
2026-03-26 11:32 - 2025-11-07 08:04 - 000020878 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-03-26 11:32 - 2025-11-07 07:58 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-03-26 11:32 - 2025-11-07 07:57 - 000012288 ___SH C:\DumpStack.log.tmp
2026-03-26 11:32 - 2024-04-01 08:21 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2026-03-26 09:59 - 2025-11-24 19:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\GoogleUserPEH
2026-03-26 09:56 - 2025-11-07 07:57 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2026-03-26 08:05 - 2025-11-07 07:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-03-26 08:04 - 2025-11-14 10:57 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\D3DSCache
2026-03-25 21:46 - 2026-01-15 19:49 - 000000000 ____D C:\WINDOWS\Minidump
2026-03-25 21:46 - 2026-01-11 07:08 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\CrashDumps
2026-03-25 21:18 - 2025-11-07 07:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2026-03-25 21:06 - 2025-11-14 10:57 - 000000000 ____D C:\Users\Jose Madeira
2026-03-25 18:15 - 2025-11-24 07:55 - 000000000 ____D C:\Users\WsiAccount
2026-03-25 18:03 - 2025-11-14 10:57 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Packages
2026-03-25 17:53 - 2025-11-07 08:48 - 000000000 ____D C:\Program Files (x86)\Intel
2026-03-25 17:46 - 2025-11-07 08:42 - 000000000 ____D C:\ProgramData\Package Cache
2026-03-25 17:46 - 2025-11-07 08:42 - 000000000 ____D C:\Program Files\Intel
2026-03-25 11:43 - 2025-11-24 07:07 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Comms
2026-03-22 11:51 - 2024-04-01 08:26 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2026-03-22 11:51 - 2024-04-01 08:26 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2026-03-21 21:20 - 2025-12-10 05:25 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\audacity
2026-03-21 03:07 - 2025-11-24 06:58 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\rekordboxAgent
2026-03-21 01:35 - 2025-11-25 05:26 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rekordbox
2026-03-21 01:35 - 2025-11-24 06:58 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\PioneerLog
2026-03-21 01:35 - 2025-11-24 06:52 - 000000000 ____D C:\Program Files\rekordbox
2026-03-19 23:45 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2026-03-17 17:28 - 2020-08-13 06:00 - 000056520 _____ (Microsoft Corporation) C:\WINDOWS\cryptdll.dll
2026-03-17 17:28 - 2019-12-09 10:06 - 000001368 _____ C:\WINDOWS\system32\README.txt
2026-03-17 17:08 - 2025-11-14 10:57 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Microsoft\Windows
2026-03-17 16:53 - 2025-11-25 04:01 - 000003030 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2026-03-17 16:53 - 2025-11-25 04:01 - 000002664 _____ C:\WINDOWS\system32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2026-03-17 15:54 - 2025-12-10 05:01 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\APPKY
2026-03-17 15:09 - 2026-01-26 06:06 - 000002611 _____ C:\Users\Jose Madeira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk
2026-03-17 14:45 - 2025-11-07 08:00 - 000000000 ____D C:\ProgramData\Packages
2026-03-17 05:01 - 2025-12-31 19:01 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\honza fa
2026-03-15 18:23 - 2026-01-10 08:54 - 000002053 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2026-03-15 18:22 - 2026-01-10 08:53 - 000000000 ____D C:\ProgramData\Malwarebytes
2026-03-15 18:22 - 2026-01-10 08:53 - 000000000 ____D C:\Program Files\Malwarebytes
2026-03-13 01:58 - 2025-12-11 02:47 - 000000000 ____D C:\Program Files\Common Files\VST3
2026-03-11 13:57 - 2025-12-11 08:19 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Documents\Audacity
2026-03-11 12:18 - 2026-01-10 09:38 - 000003942 _____ C:\WINDOWS\system32\Tasks\Dell SupportAssistAgent AutoUpdate
2026-03-11 12:18 - 2025-11-07 08:04 - 000000000 ____D C:\ProgramData\Dell
2026-03-11 06:54 - 2025-12-20 19:48 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Bytedance
2026-03-11 03:56 - 2024-04-01 17:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2026-03-11 03:56 - 2024-04-01 08:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2026-03-11 03:56 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SystemResources
2026-03-11 03:56 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2026-03-11 03:56 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2026-03-11 03:45 - 2025-11-07 08:02 - 003270144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2026-03-10 23:41 - 2025-11-25 04:01 - 000000000 ____D C:\Program Files\dotnet
2026-03-10 23:40 - 2025-11-25 04:00 - 000000000 ____D C:\Program Files (x86)\dotnet
2026-03-10 19:23 - 2025-11-07 07:58 - 000003642 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA{6753DEC1-A261-4A01-94F7-175AF372A4FF}
2026-03-10 19:23 - 2025-11-07 07:58 - 000003416 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore{8A9FE38D-73D2-48B8-AEC7-62EF82D81B0D}
2026-03-10 16:28 - 2025-12-11 08:47 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Documents\Max 9
2026-03-10 13:13 - 2026-02-17 15:19 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\ABLETON - PROJEKTY
2026-03-08 17:46 - 2025-11-24 14:26 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\CapCut
2026-03-08 17:40 - 2025-12-10 03:50 - 000001426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2026-03-05 13:02 - 2025-12-11 08:46 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Ableton
2026-03-04 21:27 - 2026-02-01 22:38 - 000000000 ____D C:\Users\Jose Madeira\OneDrive\Plocha\veci na AKAI & ABLETON
2026-03-04 20:29 - 2026-01-26 06:06 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Signal
2026-03-04 20:29 - 2025-12-11 02:44 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\Muse Hub
2026-03-04 20:21 - 2026-01-10 08:54 - 000245864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2026-03-04 20:13 - 2024-04-01 08:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2026-03-03 19:21 - 2025-12-11 02:44 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\MuseSampler
2026-02-28 10:43 - 2026-01-14 12:36 - 000000000 ____D C:\Users\Jose Madeira\AppData\Local\VirtualDJ
2026-02-28 10:43 - 2026-01-14 12:36 - 000000000 ____D C:\Program Files\VirtualDJ
2026-02-26 10:44 - 2025-11-24 10:26 - 000000000 ____D C:\Users\Jose Madeira\AppData\Roaming\Microsoft\MMC
2026-02-25 17:12 - 2026-01-10 10:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\UUS
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\setup
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2026-02-24 20:42 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2026-02-24 20:41 - 2024-04-01 17:31 - 000000000 ____D C:\WINDOWS\InboxApps
2026-02-24 20:41 - 2024-04-01 17:31 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2026-02-24 20:41 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2026-02-24 20:41 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2026-02-24 20:41 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2026-02-24 20:41 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\BrowserCore
2026-02-24 20:41 - 2024-04-01 08:26 - 000000000 ____D C:\WINDOWS\appcompat
2026-02-24 20:41 - 2024-04-01 08:21 - 000000000 ____D C:\WINDOWS\servicing

==================== Files in the root of some directories ========

2024-02-22 12:40 - 2024-02-22 12:40 - 000181440 _____ (Dell Inc.) C:\Users\Jose Madeira\DellInstaller_x64.exe
2025-12-11 02:47 - 2025-12-11 02:47 - 000450785 _____ () C:\Program Files\Common Files\Place_it_Uninstall.exe
2025-12-11 02:48 - 2025-12-11 02:48 - 000060131 _____ () C:\Program Files\Common Files\Shape_it_Uninstall.exe
2026-01-17 19:07 - 2026-01-17 19:07 - 000000017 _____ () C:\Users\Jose Madeira\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 16:08
od Rudy
Zdravím!
1. Žádost o kontrolu stačí dát poze jednou za předpokladu, že se nejedná o 2 různé počítače. Pokud ne, druhý post bude smazán.
2. Ke kotrole potřebuji vidět jaště log Addition. je v souboru addition.txt v C:\Users\Jose Madeira\Downloads.

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 16:12
od pepaa
Dobrý den,

ale já mám jen jeden notebook, posílám log pouze z jednoho....mám tento noitebook krátce, pokud tam vidíte něco co já ne, prosím radši si nechám poradit jsem laik :/
dditional scan result of Farbar Recovery Scan Tool (x64) Version: 25-03-2026
Ran by Jose Madeira (26-03-2026 15:45:03)
Running from C:\Users\Jose Madeira\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.8039 (X64) (2025-11-07 07:00:39)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-196143437-2400517662-190078704-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-196143437-2400517662-190078704-503 - Limited - Disabled)
Guest (S-1-5-21-196143437-2400517662-190078704-501 - Limited - Disabled)
Jose Madeira (S-1-5-21-196143437-2400517662-190078704-1002 - Administrators - Enabled) => C:\Users\Jose Madeira
WDAGUtilityAccount (S-1-5-21-196143437-2400517662-190078704-504 - Limited - Disabled)
WsiAccount (S-1-5-21-196143437-2400517662-190078704-1003 - Limited - Disabled) => C:\Users\WsiAccount

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 12 Suite (HKLM\...\Ableton Live 12 Suite-2026-03-0512:5312:53:17_is1) (Version: 12 - Ableton)
Ableton USB Audio Driver v5.72.0 (HKLM\...\{4652E628-8DBC-4BFD-AA78-E40AD7756F01}) (Version: 5.72.0 - Ableton)
Akai F9 Instruments Beats Edition (HKLM-x32\...\Akai F9 Instruments Beats Edition_is1) (Version: - )
Akai MPC Beats ADSR LoFi Producer Collection (HKLM-x32\...\Akai MPC Beats ADSR LoFi Producer Collection_is1) (Version: - )
Akai MPC Beats LANIAKEA SOUNDS TrapSoul and LoFi Beats (HKLM-x32\...\Akai MPC Beats LANIAKEA SOUNDS TrapSoul and LoFi Beats_is1) (Version: - )
Akai MPC Beats MSX Soulful Experience Expansion (HKLM-x32\...\Akai MPC Beats MSX Soulful Experience Expansion_is1) (Version: - )
Akai MPC Beats Producer Kits (HKLM-x32\...\Akai MPC Beats Producer Kits_is1) (Version: - )
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.16 - tippach engineering)
Auburn Sounds Graillon 3 (HKLM\...\Auburn Sounds Graillon 3) (Version: - )
Audacity 3.7.7 (HKLM\...\Audacity_is1) (Version: 3.7.7 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner 7 (HKLM\...\CCleaner 7) (Version: 7.5.1255.1528 - Piriform)
Dell AppCore (HKLM\...\{EB0E6DC8-60C3-4C2D-9D00-0A0E0FF84EC1}) (Version: 6.3.1.0 - Dell) Hidden
Dell Command | Endpoint Configure for Microsoft Intune (HKLM\...\{FB9C2866-B318-4157-AAFE-7C1413ABC12C}) (Version: 2.0.1.3 - Dell Inc.)
Dell Command | Integration Suite for System Center (HKLM-x32\...\{CA5A01D0-63E0-4FE2-9947-427039A9DEBF}) (Version: 6.6.1.6 - Dell Inc.)
Dell Command | Intel® vPro™ Out of Band (HKLM-x32\...\{9C4C51BE-CFFB-4400-91BE-43E8285AD207}) (Version: 4.6.1.6 - Dell Inc.)
Dell Command | Update for Windows Universal (HKLM\...\{E13806C4-0DE9-42EC-B268-4F4FAD73DB72}) (Version: 5.6.0 - Dell Inc.)
Dell Core Services (HKLM\...\{1035D2D9-C210-4022-81D4-747CAFF9F1CA}) (Version: 1.12.12.0 - Dell, Inc.)
Dell Optimizer (HKLM\...\{5730189B-F84B-4052-95D9-970F6D2207CE}) (Version: 6.3.1.0 - Dell) Hidden
Dell Optimizer (HKLM-x32\...\{CC40119D-6ADF-4832-8025-4808195E41D5}) (Version: 6.3.1.0 - Dell Technologies Inc.)
Dell SupportAssist (HKLM\...\{19A9EDD8-0C4D-4CF4-B0EA-D110407DF54B}) (Version: 5.0.1.2516 - Dell Inc.)
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM\...\{2BB71BFE-FF34-474D-93A6-1C271DF5960A}) (Version: 5.5.15.1 - Dell Inc.) Hidden
Dell SupportAssist OS Recovery Plugin for Dell Update (HKLM-x32\...\{0b198c3f-cf48-43cf-960f-f198786705ad}) (Version: 5.5.15.1 - Dell Inc.)
Dell SupportAssist Remediation (HKLM\...\{3DFCDFF3-E1A3-4399-9015-E983D178B1BD}) (Version: 5.5.15.1 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{3cafb176-f026-4127-bcc0-9726574298c1}) (Version: 5.5.15.1 - Dell Inc.)
Dell Trusted Device (HKLM\...\{65D1B41B-8906-4902-999C-F289C0CC0E30}) (Version: 7.2.1.0 - Dell Technologies, Inc.)
Dell.Digital.Delivery-64Bit (HKLM\...\{D1B0BC04-B28B-44E3-96F2-56BB4D8BBB8B}) (Version: 3.8.49.0 - Dell Technologies, Inc.) Hidden
Diva 1.4.8 (HKLM\...\Diva_is1) (Version: - )
Documentation Manager (HKLM\...\{43F79AB0-9ECF-4039-9855-6E930B41A500}) (Version: 24.30.1.1 - Intel Corporation) Hidden
Dynamic Application Loader Host Interface Service (HKLM\...\{AAA4B93F-43C9-405F-8599-4BD85504D9F6}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Electric version 1.2.1.14 (c3a5fb8a34) (HKLM-x32\...\{com.Electric.standalone}_is1) (Version: 1.2.1.14 (c3a5fb8a34) - )
Essential Keyboards version 2.1.1 (HKLM\...\{72DD4817-2435-4911-B01C-368C90F65121}}_is1) (Version: 2.1.1 - inMusic Brands, LLC)
FlexASIO 1.10b (HKLM\...\FlexASIO_is1) (Version: 1.10b - Etienne Dechamps)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 146.0.7680.165 - Google LLC)
Hybrid Content (HKLM-x32\...\{9E822C67-B1C4-4E85-870C-23ADE106BB4F}) (Version: 3.0.0.18468 - AIR Music Tech GmbH)
Hype version 1.2.1.14 (c3a5fb8a34) (HKLM-x32\...\{com.Hype.standalone}_is1) (Version: 1.2.1.14 (c3a5fb8a34) - )
iCloud Outlook (HKLM\...\{142666BE-DE50-4165-9480-BC6E6E556085}) (Version: 15.5.0.23 - Apple Inc.)
inMusic Software Center (HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\inmusic_software_center) (Version: 1.35.0 - inMusic Brands)
Intel Driver && Support Assistant (HKLM-x32\...\{90EFD4CC-39A4-4470-AEEB-878CB2BCBC81}) (Version: 25.4.36.6 - Intel) Hidden
Intel(R) Computing Improvement Program (HKLM\...\{7B9E218F-62F1-4434-A404-6C99EC662ADF}) (Version: 2.4.11118 - Intel Corporation)
Intel(R) Computing Improvement Program (HKLM-x32\...\{d35114fc-76c3-491e-a437-f66d12172da1}) (Version: 2.4.11001 - Intel Corporation) Hidden
Intel(R) Icls (HKLM\...\{31A96CE0-F2B5-4541-BFD7-054791D3A0A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 2514.7.16.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{73914B9D-2CC5-433B-83DE-FCE8A06C3F1C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{FC097512-87B3-4601-95CA-2D3A7BBC9349}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME WMI Provider (HKLM\...\{7D1D9DBF-5D4F-4A0F-8F75-0F08AB938331}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{531F2CB2-5A78-49E5-A71B-FFF7C7CDC32C}) (Version: 30.100.2020.7 - Intel Corporation) Hidden
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.2020.7 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{00001030-0240-1029-84C8-B8D95FA3C8C3}) (Version: 24.30.1.1 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4152D055-4116-42A3-BC9E-86D0A17B35A5}) (Version: 25.4.36.6 - Intel)
Intel® Software Installer (HKLM\...\{0C6E54F1-6FA0-407F-AB3F-D97A116078D3}) (Version: 24.30.1.1 - Intel Corporation) Hidden
Malwarebytes version 5.5.2.242 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.5.2.242 - Malwarebytes)
M-Audio Fast Track Pro 6.1.11 (x64) (HKLM\...\{F1575328-1680-4E8D-905F-EC9646588225}) (Version: 6.1.11 - M-Audio)
Microsoft .NET Host - 8.0.25 (x64) (HKLM\...\{55218133-14C8-4372-A748-614DE61D6AAA}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft .NET Host - 8.0.25 (x86) (HKLM-x32\...\{0FDD50D2-5A8F-47AE-B0D4-9597DA9E4BC1}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.25 (x64) (HKLM\...\{D0E1D031-D6BB-43A5-BD42-175C0C4EE245}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.25 (x86) (HKLM-x32\...\{D2D27CA3-24C5-4933-8FA5-6C584CBD87EF}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.25 (x64) (HKLM\...\{99B0C384-9362-4D4E-8DAF-23CA44E306E8}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.25 (x64) (HKLM-x32\...\{1cb420eb-a7f3-405b-89bc-672d9c742f9b}) (Version: 8.0.25.35812 - Microsoft Corporation)
Microsoft .NET Runtime - 8.0.25 (x86) (HKLM-x32\...\{EDBD217F-7014-458D-8A6A-B9D5782623D3}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 8.0.25 - Shared Framework (x64) (HKLM-x32\...\{1ad59802-63d0-4834-9329-5a2585689169}) (Version: 8.0.25.26112 - Microsoft Corporation)
Microsoft ASP.NET Core 8.0.25 - Shared Framework (x86) (HKLM-x32\...\{e2abf715-7c71-49d8-9240-585d9c8b140e}) (Version: 8.0.25.26112 - Microsoft Corporation)
Microsoft ASP.NET Core 8.0.25 Shared Framework (x64) (HKLM\...\{671A8FA4-3958-361B-BA4E-D7DE0079E929}) (Version: 8.0.25.26112 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 8.0.25 Shared Framework (x86) (HKLM-x32\...\{503421DD-2921-384A-A9DD-89C963119639}) (Version: 8.0.25.26112 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\{4B43EAC3-54A3-3B32-89CC-8CD4C1C092CA}) (Version: 146.0.3856.78 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 146.0.3856.78 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.50.35710 (HKLM\...\{9393725C-A0DA-47F1-8DB9-D1C223A0DD5A}) (Version: 14.50.35710 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.50.35710 (HKLM\...\{0BCFDDE2-AA44-4087-8E77-E0025551AC6E}) (Version: 14.50.35710 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ v14 Redistributable (x64) - 14.50.35710 (HKLM-x32\...\{b2f5e2cc-18af-40da-9bb9-c296da1cb96c}) (Version: 14.50.35710.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.25 (x64) (HKLM\...\{C5343D9A-9640-4351-90D2-F6CF157C208E}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.25 (x64) (HKLM-x32\...\{64c75e04-ef03-4544-b153-24860eac8d23}) (Version: 8.0.25.35812 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.25 (x86) (HKLM-x32\...\{37dfbec9-5543-4ead-bc54-46b3451befaa}) (Version: 8.0.25.35812 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 8.0.25 (x86) (HKLM-x32\...\{FE4C16DD-05C8-4D7B-85A4-13FBCDC75D03}) (Version: 64.100.48707 - Microsoft Corporation) Hidden
MPC Beats 2.14.0 (HKLM\...\com.akaipro.mpc.beats_is1) (Version: 2.14.0 - Akai Professional)
MPK Mini III Program Editor 1.0.3 (HKLM\...\{4FD50427-4169-495C-81F8-52E75FA1A15A}) (Version: 1.0.3 - Akai Professional)
MuseFX version 1.0 (HKLM-x32\...\{5EBC9761-5ED6-421D-BDA1-F7A34135EE23}}_is1) (Version: 1.0 - Muse)
MuseHub (HKLM\...\MuseHub) (Version: 2.6.5.2120 - Muse Group)
OptaneDowngradeGuard (HKLM\...\{86B0E6C1-32E0-42CC-BC4F-BF3C0730CECB}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10531 - Qualcomm)
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9597.1 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.26100.21374 - Realtek Semiconductor Corp.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.2370 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 11.17.20.1030 - Realtek)
rekordbox 7.2.11 64bit (HKLM\...\Pioneer rekordbox 7.2.11) (Version: 7.2.11.0342 - AlphaTheta)
RstDowngradeGuard (HKLM\...\{13C2A26E-7AD4-4D82-BB4F-DEA6E871B958}) (Version: 18.0.0.0 - Intel Corporation) Hidden
Signal 8.0.0 (HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 8.0.0 - Signal Messenger, LLC)
Splice INSTRUMENT version 1.4.0 (HKLM\...\{49F0A01A-8397-4A91-94C3-D67ACE8D5D2B}}_is1) (Version: 1.4.0 - Distributed Creation Inc)
ST Microelectronics 3 Axis Digital Accelerometer Solution verze 4.10.0103 (HKLM\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}_is1) (Version: 4.10.0103 - ST Microelectronics)
Telegram Desktop (HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 6.6.2 - Telegram FZ-LLC)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 11.56 - Ghisler Software GmbH)
VirtualDJ 2026 (HKLM\...\{6E5AFD38-F9F7-41B6-A0A5-45ABEE7DA494}) (Version: 8.5.9004.0 - Atomix Productions)
Xfer Records Serum 2 (HKLM-x32\...\Serum2) (Version: 2.0.24 - Xfer Records)

Packages:
=========
AppleInc.AppleDevices -> C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa [2026-03-05] (Apple Inc.) [Startup Task]
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-11-07] (INTEL CORP) [Startup Task]
Dell Command | Update -> C:\Program Files\WindowsApps\DellInc.DellCommandUpdate_5.6.25.0_x86__htrsf667h5kn2 [2026-01-10] (Dell Inc)
Dell Free Fall Data Protection -> C:\Program Files\WindowsApps\STMicroelectronicsMEMS.DellFreeFallDataProtection_1.0.27.0_x64__rp6h1c31mfy1y [2025-11-07] (STMICROELECTRONICS S.R.L.)
Dell SupportAssist -> C:\Program Files\WindowsApps\Dell.SupportAssistforPCs_5.0.1.0_x64__18ctm2993j0dg [2026-03-11] (Dell Inc)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.27.8090.0_x64__rz1tebttyb220 [2026-03-17] (Dolby Laboratories)
ChatGPT -> C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0 [2026-02-13] (OpenAI) [Startup Task]
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_15.7.56.0_x64__nzyj5cx40ttqa [2026-02-02] (Apple Inc.) [Startup Task]
Intel(R) Management and Security Status -> C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2537.8.7.0_x64__8j3eq9eme6ctt [2026-01-09] (INTEL CORP) [Startup Task]
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1042.0_x64__8j3eq9eme6ctt [2025-11-07] (INTEL CORP)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12139.10003.61011.0_x64__nzyj5cx40ttqa [2026-03-05] (Apple Inc.) [Startup Task]
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2026-03-20] ()
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2025-11-25] (Microsoft Platform Extensions)
PDF24 Tools -> C:\Program Files\WindowsApps\PDF24.PDF24Tools_1.0.1.0_neutral__26hz7jjzcwjj0 [2025-11-24] (PDF24)
Smart Gateway -> C:\Program Files\WindowsApps\GEWISSSpA.HappyHome_1.8.0.0_x64__6xa2xn39k83fw [2026-02-01] (GEWISS SpA)
Snapchat -> C:\Program Files\WindowsApps\SnapInc.Snapchat_4.0.1.0_neutral__k1zn018256b8e [2026-01-28] (Snap Inc.)
SoundCloud - Music & Songs -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_2.0.0.0_neutral__2xc63xn306dnw [2025-11-24] (SoundCloud Global Limited &amp; Co. KG)
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2025-12-30] (Bytedance Pte. Ltd.)
WhatsApp Beta -> C:\Program Files\WindowsApps\5319275A.51895FA4EA97F_2.2611.101.0_x64__cv1g1gvanyjgm [2026-03-19] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.8 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.8_8000.806.2252.0_x64__8wekyb3d8bbwe [2026-03-26] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_8000.806.2252.0_x64__8wekyb3d8bbwe [2026-03-26] (Microsoft Corp.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{1131f266-5b75-f5a0-ded5-61c709ea045a}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\DDPM.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{45C9E6A8-C1D4-4A07-8B7C-4A05E76F4970} -> [Fotky na iCloudu] => C:\Users\Jose Madeira\iCloudPhotos\Photos [2025-12-10 04:34]
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{5C7489C5-3598-4D7A-A39D-678D6B80660C}\localserver32 -> c:\program files\musehub\current\musehub.exe (MuseCY SM Ltd -> MuseHub)
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{65f15f72-3bd6-c8de-dca3-cee75e674ac4}\localserver32 -> C:\Program Files\Dell\DellOptimizer\Console\DellOptimizer.Systray.exe (Dell Technologies Inc. -> Dell Technologies Inc.)
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{aaafeb27-6abd-d0ea-ffd6-e6894baf4a29}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\Plugins\DDPM.Subagent.User\DDPM.Subagent.User.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{B5DE90A3-7B9A-46B1-9F50-09278D353B23} -> [iCloud Drive] => C:\Users\Jose Madeira\iCloudDrive [2025-12-10 13:57]
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{bdbe658b-16cc-62aa-6edb-8890bad01195}\localserver32 -> C:\Program Files\Dell\DellOptimizer\Console\DellOptimizer.ThickClient.exe (Dell Technologies Inc. -> Dell Technologies Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-03-20] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-03-20] (Malwarebytes Inc -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [MidisrvTransferComplete] => 1
HKLM\...\Drivers32: [midi1] => C:\WINDOWS\system32\wdmaud2.drv [143360 2026-02-24] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Drivers32: [midi1] => C:\Windows\SysWOW64\wdmaud2.drv [91648 2026-02-24] (Microsoft Windows -> Microsoft Corporation)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jose Madeira\OneDrive\Plocha\APPKY\TikTok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\Jose Madeira\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_ggjocahimgaohmigbfhghnlfcnjemagj\Grok.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ggjocahimgaohmigbfhghnlfcnjemagj

==================== Loaded Modules (Whitelisted) =============

2026-01-17 21:36 - 2026-01-17 21:36 - 001093120 _____ (Microsoft Corporation) [File not signed] C:\WINDOWS\WinSxS\Fusion\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_none_bd39c11e9405d29b\8.0\8.0.50727.6195\MFC80U.DLL

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2024-04-01 08:26 - 2024-04-01 08:24 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Network ===========================

(Currently there is no automatic fix for this section.)

DNS Servers: 192.168.0.1
Windows Firewall is enabled.

Network Binding:
=============
Mobilní síť 11: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 12: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 13: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 17: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Síťové připojení Bluetooth: Bluetooth Device (Personal Area Network) -> bthpan.sys
Ethernet 2: Realtek USB GbE Family Controller -> rtu53cx22x64.sys
Mobilní síť 16: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 6: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 2: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 15: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 4: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 5: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 10: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Ethernet: Intel(R) Ethernet Connection (10) I219-LM -> e1d.sys
Mobilní síť 14: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 3: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 8: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Mobilní síť 7: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys
Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
Mobilní síť 9: DW5820e Intel(R) 7360 LTE-A -> cxwmbclass.sys

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-196143437-2400517662-190078704-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Jose Madeira\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-196143437-2400517662-190078704-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)


==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Ableton USB Audio Control Panel Autostart.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "MuseHub"
HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\StartupApproved\Run: => "Teams"
HKU\S-1-5-21-196143437-2400517662-190078704-1002\...\StartupApproved\Run: => "org.whispersystems.signal-desktop"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{9625980C-9BA1-4178-A0EA-3D6531E4E6BC}C:\programdata\ableton\live 12 suite\program\ableton live 12 suite.exe] => (Allow) C:\programdata\ableton\live 12 suite\program\ableton live 12 suite.exe (Ableton AG -> Ableton)
FirewallRules: [UDP Query User{BB45AFC4-7A0D-4101-9D8D-FF0C26B23AE7}C:\programdata\ableton\live 12 suite\program\ableton live 12 suite.exe] => (Allow) C:\programdata\ableton\live 12 suite\program\ableton live 12 suite.exe (Ableton AG -> Ableton)
FirewallRules: [TCP Query User{2E822BA6-58E0-4852-8BD7-1DD0F56720F8}C:\users\jose madeira\appdata\local\inmusic_software_center\app-1.35.0\inmusic software center.exe] => (Allow) C:\users\jose madeira\appdata\local\inmusic_software_center\app-1.35.0\inmusic software center.exe (inMusic Brands, Inc. -> inMusic Brands)
FirewallRules: [UDP Query User{9FBE07AA-8AD4-4FCC-8B5B-79E45ACD0430}C:\users\jose madeira\appdata\local\inmusic_software_center\app-1.35.0\inmusic software center.exe] => (Allow) C:\users\jose madeira\appdata\local\inmusic_software_center\app-1.35.0\inmusic software center.exe (inMusic Brands, Inc. -> inMusic Brands)
FirewallRules: [TCP Query User{5010B7E3-DC90-45F4-8FF1-AEB48FD3A264}C:\program files\akai pro\mpc beats\mpc beats.exe] => (Allow) C:\program files\akai pro\mpc beats\mpc beats.exe (inMusic Brands, Inc. -> )
FirewallRules: [UDP Query User{085E4F5F-1D45-4899-8014-E51A12F22232}C:\program files\akai pro\mpc beats\mpc beats.exe] => (Allow) C:\program files\akai pro\mpc beats\mpc beats.exe (inMusic Brands, Inc. -> )
FirewallRules: [TCP Query User{329E8CFB-8600-4F05-81D2-52CF270CFF72}C:\program files\vstplugins\essential keyboards\essential keyboards.exe] => (Allow) C:\program files\vstplugins\essential keyboards\essential keyboards.exe (inMusic Brands, Inc. -> )
FirewallRules: [UDP Query User{1E007CB3-3099-4E17-87CD-0114D590D821}C:\program files\vstplugins\essential keyboards\essential keyboards.exe] => (Allow) C:\program files\vstplugins\essential keyboards\essential keyboards.exe (inMusic Brands, Inc. -> )
FirewallRules: [TCP Query User{05E0C880-3C1F-4DC9-B733-CEC77FCDB28D}C:\program files\air music technology\hype\hype.exe] => (Allow) C:\program files\air music technology\hype\hype.exe (inMusic Brands, Inc. -> inmusic)
FirewallRules: [UDP Query User{2AD6471F-324E-4553-BE1C-C676E1123B83}C:\program files\air music technology\hype\hype.exe] => (Allow) C:\program files\air music technology\hype\hype.exe (inMusic Brands, Inc. -> inmusic)
FirewallRules: [TCP Query User{BCBBD330-8F32-490F-A7C1-D3825D96D0AD}C:\program files\air music technology\electric\electric.exe] => (Allow) C:\program files\air music technology\electric\electric.exe (inMusic Brands, Inc. -> inmusic)
FirewallRules: [UDP Query User{12D5EABB-5DF3-474B-AFDC-335FD6C8A7CF}C:\program files\air music technology\electric\electric.exe] => (Allow) C:\program files\air music technology\electric\electric.exe (inMusic Brands, Inc. -> inmusic)
FirewallRules: [TCP Query User{48314344-FF5D-4575-AE00-B7B6FA06CDC4}C:\program files\audacity\audacity.exe] => (Block) C:\program files\audacity\audacity.exe (MuseCY SM Ltd -> Audacity Team)
FirewallRules: [UDP Query User{ABF1B1F3-3DC8-4C48-968A-07E3810E77BF}C:\program files\audacity\audacity.exe] => (Block) C:\program files\audacity\audacity.exe (MuseCY SM Ltd -> Audacity Team)
FirewallRules: [TCP Query User{B7CC0C8F-9BF4-4702-A0F8-69228117597D}C:\programdata\ableton\live 12 suite\resources\extensions\pluginscanner\ableton plugin scanner.exe] => (Allow) C:\programdata\ableton\live 12 suite\resources\extensions\pluginscanner\ableton plugin scanner.exe (Ableton AG -> )
FirewallRules: [UDP Query User{72F6D07C-B7FF-4511-AE79-CE7C87A1448E}C:\programdata\ableton\live 12 suite\resources\extensions\pluginscanner\ableton plugin scanner.exe] => (Allow) C:\programdata\ableton\live 12 suite\resources\extensions\pluginscanner\ableton plugin scanner.exe (Ableton AG -> )
FirewallRules: [{4CAA4127-C3CE-4B8A-AA91-8D1AA42F2544}] => (Allow) C:\Program Files\MuseHub\current\MuseHub.exe (MuseCY SM Ltd -> MuseHub)
FirewallRules: [{13DB03E7-7ABD-41BC-AD77-ECE8DE8E99FE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DFAAA121-22C8-4BAB-AB5F-2DB88407C3D3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{92355294-91D9-401D-8B2C-3D532B079DCF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5843FE0F-8B7D-4CF5-A4AC-01B47401FB4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B813B533-D180-46F2-91A9-F84D292E8D0B}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{A9A02C31-8C05-448F-A068-DD5B1443B19E}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{D682990F-25D7-4183-8CE3-5434C8F6B995}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{D4002915-B5F2-45BF-AAD9-744CA480146D}] => (Allow) C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2026.43.0_x64__2p2nqsd0c76g0\app\ChatGPT.exe (50BDFD77-8903-4850-9FFE-6E8522F64D5B -> OpenAI)
FirewallRules: [{10D3D8EA-7B5D-4D06-B153-6391C7161209}] => (Allow) C:\Program Files\rekordbox\rekordbox 7.2.11\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation)
FirewallRules: [{3753B138-4412-4C86-9FB4-BFD0C4D08ED6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.10003.61011.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{58B11AEB-E831-404E-9DCE-16C0494ED24A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.10003.61011.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{CA1C7016-7CA5-4C19-A62C-2B59A3ECEF29}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.10003.61011.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2DD56055-BFB4-428A-8238-2785EABBAE32}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12139.10003.61011.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{87FB5E17-A7A5-4838-87AF-C17302B21FBC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B097936D-8308-46F0-BE96-CE48298211A1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{27622012-E91B-44C8-B20D-AF0FB7A92BFA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C6DE248E-7B37-4A47-B876-2A4E5F04EAD3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24328.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{C97A1E74-C41F-409B-8C39-05825D79584B}] => (Allow) C:\Program Files\rekordbox\rekordbox 7.2.11\rekordbox.exe (AlphaTheta Corporation -> AlphaTheta Corporation)
FirewallRules: [{DAB199B9-71CE-4009-8484-AF25070422B0}] => (Allow) C:\Program Files\rekordbox\rekordbox 7.2.11\edb_streamd.exe (AlphaTheta Corporation -> )
FirewallRules: [{CE11DAE7-B69E-464D-8603-C1B2CB7D36E7}] => (Allow) C:\Program Files\rekordbox\rekordbox 7.2.11\rbHttpServer.exe (AlphaTheta Corporation -> )
FirewallRules: [{6768D4BB-EBCD-4149-A763-F41C231BB853}] => (Allow) C:\Program Files\rekordbox\rekordbox 7.2.11\rekordboxAgent-win32-x64\rekordboxAgent.exe (AlphaTheta Corporation -> AlphaTheta Corporation)
FirewallRules: [{AF035AE1-69FA-4A4F-AD51-F458E5A0BD0F}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{D6EFD7FB-12CA-4835-81A5-76E58AFEDC45}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:236.22 GB) (Free:32.41 GB) (14%)

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (03/26/2026 03:47:30 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:41:08 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:35:42 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:30:11 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:24:25 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:18:04 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:12:12 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.

Error: (03/26/2026 03:06:30 PM) (Source: MsiInstaller) (EventID: 11714) (User: NT AUTHORITY)
Description: Product: Dell Core Services -- Error 1714. The older version of Dell Core Services cannot be removed. Contact your technical support group. System Error 1612.


System errors:
=============
Error: (03/26/2026 02:36:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Dell Client Management Service byla neočekávaně ukončena. Tento stav nastal již 2krát.

Error: (03/26/2026 02:00:38 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Dell Client Management Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (03/26/2026 12:06:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Instalace se nezdařila: Instalování následující aktualizace se nezdařilo z důvodu chyby (0x80073d02): 9WZDNCRD29V9-MICROSOFT.MICROSOFTOFFICEHUB.

Error: (03/26/2026 11:52:11 AM) (Source: BTHUSB) (EventID: 16) (User: )
Description: Vzájemné ověření mezi místním adaptérem Bluetooth a zařízením s adresou adaptéru Bluetooth (8c:33:96:25:2d:14) se nezdařilo.

Error: (03/26/2026 11:35:16 AM) (Source: Service Control Manager) (EventID: 7016) (User: )
Description: Služba DellAweSvc ohlásila neplatný současný stav 0.

Error: (03/26/2026 11:31:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/26/2026 11:31:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {995C996E-D918-4A8C-A302-45719A6F4EA7} se v daném časovém limitu neregistroval u služby DCOM.

Error: (03/26/2026 11:31:41 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {38E441FB-3D16-422F-8750-B2DACEC5CEFC} se v daném časovém limitu neregistroval u služby DCOM.


Windows Defender:
================
Date: 2026-03-25 21:30:01
Description:
Antivirová ochrana v programu Microsoft Defender ŝċдή ћªś ьёéñ ѕţòρφéď вęƒõгè ćöмрŀέτіόⁿ.%ⁿ %ťŚςάŋ ĨĐ:%ъ{77E41556-770E-430E-83D8-8F07BEF3749F}%л %ŧЅćдń Ţγρэ:%ъAntimalwarový program%π %тЅςàή Ρäгámêт℮гŝ:%вRychlé prohledávání%л %ŧŨśęѓ:%ъNT AUTHORITY\SYSTEM%ń %τŠτõρ Ŗėаѕǿп:%ьŚċħеďŭľĕđ şçдη щαś śκīφρēđ ьéčаüŝě τħé ľãšт śúсçэѕśƒüℓ ŝċдņ ώãѕ ẅїтђίʼn ŧĥè ℓαѕт 7 ðãуś

Date: 2026-03-25 17:50:18
Description:
Antivirová ochrana v programu Microsoft Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Trojan:Win32/Wacatac.B!ml
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Jose Madeira\OneDrive\Plocha\FRST64.exe; webfile:_C:\Users\Jose Madeira\OneDrive\Plocha\FRST64.exe|https://download.bleepingcomputer.com/d ... 0164344199
Původ detekce: Internet
Typ detekce: FastPath
Zdroj detekce: Soubory ke stažení a přílohy
Uživatel: JOSECKO\Jose Madeira
Název procesu: Unknown
Verze bezpečnostních informací: AV: 1.445.745.0, AS: 1.445.745.0, NIS: 1.445.745.0
Verze modulu: AM: 1.1.26010.1, NIS: 1.1.26010.1

Date: 2026-03-25 11:52:41
Description:
Antivirová ochrana v programu Microsoft Defender ŝċдή ћªś ьёéñ ѕţòρφéď вęƒõгè ćöмрŀέτіόⁿ.%ⁿ %ťŚςάŋ ĨĐ:%ъ{01F1C755-0C35-44E5-A7F0-BC189CA47481}%л %ŧЅćдń Ţγρэ:%ъAntimalwarový program%π %тЅςàή Ρäгámêт℮гŝ:%вRychlé prohledávání%л %ŧŨśęѓ:%ъNT AUTHORITY\SYSTEM%ń %τŠτõρ Ŗėаѕǿп:%ьŞĉђěδυŀзď şсåл ẃãŝ śкϊрρеđ ъè¢àϋšє тнè ŀаѕť ŝų¢сзŝšƒυĺ ѕçâń ωàş ώіτђĭʼn τђэ ľăŝŧ 7 đаўś

Date: 2026-03-24 09:50:41
Description:
Antivirová ochrana v programu Microsoft Defender ŝċдή ћªś ьёéñ ѕţòρφéď вęƒõгè ćöмрŀέτіόⁿ.%ⁿ %ťŚςάŋ ĨĐ:%ъ{D1973F36-24D2-4494-96D3-0C8F0E28A3A8}%л %ŧЅćдń Ţγρэ:%ъAntimalwarový program%π %тЅςàή Ρäгámêт℮гŝ:%вRychlé prohledávání%л %ŧŨśęѓ:%ъNT AUTHORITY\SYSTEM%ń %τŠτõρ Ŗėаѕǿп:%ьŔΡС ċоπʼnέĉťîõη яΰńδǿώň

Date: 2026-03-22 12:01:58
Description:
Antivirová ochrana v programu Microsoft Defender ŝċдή ћªś ьёéñ ѕţòρφéď вęƒõгè ćöмрŀέτіόⁿ.%ⁿ %ťŚςάŋ ĨĐ:%ъ{C5229C26-60BF-4A8C-B911-4EDE8143B11D}%л %ŧЅćдń Ţγρэ:%ъAntimalwarový program%π %тЅςàή Ρäгámêт℮гŝ:%вRychlé prohledávání%л %ŧŨśęѓ:%ъNT AUTHORITY\SYSTEM%ń %τŠτõρ Ŗėаѕǿп:%ьŞĉђěδυŀзď şсåл ẃãŝ śкϊрρеđ ъè¢àϋšє тнè ŀаѕť ŝų¢сзŝšƒυĺ ѕçâń ωàş ώіτђĭʼn τђэ ľăŝŧ 7 đаўś
Event[0]

Date: 2026-01-27 08:47:31
Description:
Antivirová ochrana v programu Microsoft Defender narazil na kritickou chybu při provádění akce s malwarem nebo jiným potenciálně nežádoucím softwarem.
Další informace:
https://go.microsoft.com/fwlink/?linkid ... terprise=0
Název: Adware:Win32/Tnega
Závažnost: Vysoké
Kategorie: Software placený zobrazováním reklamy
Cesta: file:_C:\Users\Jose Madeira\OneDrive\Plocha\Setup 1.7.2 password 123\Setup.exe
Původ detekce: Místní počítač
Typ detekce: FastPath
Zdroj detekce: Ochrana v reálném čase
Uživatel: NT AUTHORITY\SYSTEM
Název procesu: C:\Program Files\totalcmd\TOTALCMD64.EXE
Akce: Karanténa
Stav akce: No additional actions required
Kód chyby: 0x80070020
Popis chyby: Proces nemá přístup k souboru, neboť jej právě využívá jiný proces.
Verze bezpečnostních informací: AV: 1.443.866.0, AS: 1.443.866.0, NIS: 1.443.866.0
Verze modulu: AM: 1.1.25110.1, NIS: 1.1.25110.1

Date: 2026-01-15 00:01:50
Description:
Funkce Ochrana v reálném čase u prohledávání Antivirová ochrana v programu Microsoft Defender zjistila chybu a došlo k jejímu selhání.
Funkce: Systém kontroly sítě
Kód chyby: 0x80004005
Popis chyby: Nespecifikovaná chyba
Důvod: V systému chybí aktualizace potřebné ke spuštění systému kontroly sítě. Nainstalujte potřebné aktualizace a restartujte zařízení.

CodeIntegrity:
===============
Date: 2026-03-26 15:39:21
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.

Date: 2026-03-26 15:39:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.

Date: 2026-03-26 15:32:02
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.26020.6-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: Dell Inc. 1.40.1 12/10/2025
Motherboard: Dell Inc. 08PHDH
Processor: Intel(R) Core(TM) i5-10310U CPU @ 1.70GHz
Percentage of memory in use: 80%
Total physical RAM: 7792.48 MB
Available physical RAM: 1485.05 MB
Total Virtual: 18661.7 MB
Available Virtual: 4136.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:236.22 GB) (Free:32.44 GB) (Model: BC511 NVMe SK hynix 256GB) (Protected) NTFS

\\?\Volume{648eed39-6346-4e2b-ba3a-fa3ffe421d0d}\ () (Fixed) (Total:0.72 GB) (Free:0.07 GB) NTFS
\\?\Volume{69753b31-82f1-4352-1ff7-f3269b49570c}\ (DELLSUPPORT) (Fixed) (Total:1.41 GB) (Free:0.32 GB) NTFS
\\?\Volume{cafa4bd5-d540-47a8-839d-a09d8d754efa}\ () (Fixed) (Total:0.09 GB) (Free:0 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A80DADCF)

Partition: GPT.

==================== End of Addition.txt =======================

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 16:58
od Rudy
Pod tímto postem vidím ještě jeden se stejným názvem (vy ho musíte vidět také). Takže pokud nejde o jiný PC, smaži jej. Zásadně dáváme jeden post pro jeden problém. Dva (příp. více postů je nesmysl), mne stačí, když si to přečtu jednou.
Otevřte poznámkový blok a zkopírujte do něj:
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{1131f266-5b75-f5a0-ded5-61c709ea045a}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\DDPM.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{aaafeb27-6abd-d0ea-ffd6-e6894baf4a29}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\Plugins\DDPM.Subagent.User\DDPM.Subagent.User.exe" -ToastActivated => No File
C:\Users\Jose Madeira\OneDrive\Plocha\Setup 1.7.2 password 123\Setup.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\DumpStack.log.tmp

EmptyTemp:
End
Uložte do C:\Users\Jose Madeira\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 17:35
od pepaa
Dobry den, log se jeste neukazal, jestli sem zalozil duplicitni prispevek, tak se omlouvam, nebylo to schvalne, mám pouze jeden notebook :(

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 17:39
od pepaa
Fix result of Farbar Recovery Scan Tool (x64) Version: 25-03-2026
Ran by Jose Madeira (26-03-2026 17:14:56) Run:1
Running from C:\Users\Jose Madeira\Downloads
Loaded Profiles: Jose Madeira & WsiAccount
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CloseProcesses:
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{1131f266-5b75-f5a0-ded5-61c709ea045a}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\DDPM.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{aaafeb27-6abd-d0ea-ffd6-e6894baf4a29}\localserver32 -> "C:\Program Files\Dell\Dell Display and Peripheral Manager\Plugins\DDPM.Subagent.User\DDPM.Subagent.User.exe" -ToastActivated => No File
C:\Users\Jose Madeira\OneDrive\Plocha\Setup 1.7.2 password 123\Setup.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
C:\DumpStack.log.tmp

EmptyTemp:
End
*****************

Processes closed successfully.
HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{1131f266-5b75-f5a0-ded5-61c709ea045a} => removed successfully
HKU\S-1-5-21-196143437-2400517662-190078704-1002_Classes\CLSID\{aaafeb27-6abd-d0ea-ffd6-e6894baf4a29} => removed successfully
"C:\Users\Jose Madeira\OneDrive\Plocha\Setup 1.7.2 password 123\Setup.exe" => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => removed successfully

"C:\WINDOWS\system32\GroupPolicy\Machine" Folder move:

C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => removed successfully
Could not move "C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2" => Scheduled to move on reboot.
Could not move "C:\DumpStack.log.tmp" => Scheduled to move on reboot.

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 39288643 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 6870758947 B
Edge => 211719091 B
Chrome => 769894731 B
Firefox => 0 B
Opera => 0 B

Local\Temp, Local\*.tmp, LocalLow\Temp, Roaming\Temp, Roaming\*.tmp , IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 5640 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Jose Madeira => 4157007 B
WsiAccount => 0 B

RecycleBin => 2256 B
EmptyTemp: => 7.4 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 26-03-2026 17:38:21)

C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2 => Could not move
C:\DumpStack.log.tmp => Could not move

==== End of Fixlog 17:38:22 ====

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 17:51
od Rudy
FRST smazal, co smazat měl. Mohu tedy duplicitní post smazat? Nastala nějaká změna?

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 17:54
od pepaa
Změna zatím nedokážu posoudit, ale cháppu správně, že se to vyčistilo ?

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 18:45
od Rudy
Ano, vyčistilo. Jak s tím vaším duplicitním postem? Smazat?

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 18:48
od pepaa
smazat prosim

Re: Pozůstatky malware ?

Napsal: 26 bře 2026 19:45
od Rudy
OK.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz