Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Dell (06-06-2018 20:35:26)
Running from C:\Users\Dell\Desktop
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-10 21:06:23)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2909802881-1809305294-4137571501-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2909802881-1809305294-4137571501-503 - Limited - Disabled)
Dell (S-1-5-21-2909802881-1809305294-4137571501-1001 - Administrator - Enabled) => C:\Users\Dell
Guest (S-1-5-21-2909802881-1809305294-4137571501-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2909802881-1809305294-4137571501-1002 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2909802881-1809305294-4137571501-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Artisan (HKLM-x32\...\Artisan) (Version: 1.2.0.3 - The Artisan Team)
Avira (HKLM-x32\...\{4b629f54-1d82-40c9-9979-4485bb58d155}) (Version: 1.2.109.23832 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{B9E9546C-BAD0-43AB-8812-4FC3F8A9547C}) (Version: 1.2.113.25350 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{d2c9315d-82be-4e7a-8d9f-ccbe716c2552}) (Version: 1.2.113.25350 - Avira Operations GmbH & Co. KG)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.180 - Avira Operations GmbH & Co. KG)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 10.1207.101.103 - ALPS ELECTRIC CO., LTD.)
Fresh Beans SR-700 (HKLM-x32\...\{D09D0DA0-2423-4CD9-AF24-F9FACF0FB1E6}) (Version: 1.03 - Fresh Beans)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
LibreOffice 5.4.3.2 (HKLM-x32\...\{CAE1C579-A42B-4A1E-9765-9D6648EFBD25}) (Version: 5.4.3.2 - The Document Foundation)
Malwarebytes verze 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018171844912\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018172711339\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192018072012600\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 cs) (HKLM\...\Mozilla Firefox 60.0.1 (x64 cs)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0 - Mozilla)
Openroast 1.2.0rc3 (HKLM\...\Openroast 1.2.0rc3) (Version: 1.2.0rc3 - Roastero)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018171844912\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018172711339\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 (32-bit) (HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192018072012600\...\{9218130b-5ad0-4cf7-82be-6993cfd6cb84}) (Version: 3.6.4150.0 - Python Software Foundation)
Python 3.6.4 Add to Path (32-bit) (HKLM-x32\...\{B7F6071F-CC88-469C-9AC6-BEBA83594819}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Core Interpreter (32-bit) (HKLM-x32\...\{D188614B-E656-4EF1-9F5A-23559EBE8F5A}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Development Libraries (32-bit) (HKLM-x32\...\{C3797E33-967D-4687-8F1A-9DE771A00125}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Documentation (32-bit) (HKLM-x32\...\{E09874D3-E898-4AB6-B043-EE24DF786088}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Executables (32-bit) (HKLM-x32\...\{47A75DB9-F3F5-4697-9261-DBA5162DBB9E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 pip Bootstrap (32-bit) (HKLM-x32\...\{54142B43-2FA5-4BBA-BF03-27C10EB50C1E}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Standard Library (32-bit) (HKLM-x32\...\{2832768E-9BCA-4421-950C-7186B3BDFC45}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Tcl/Tk Support (32-bit) (HKLM-x32\...\{20888FA1-8127-42E3-969F-9BF93245AC83}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Test Suite (32-bit) (HKLM-x32\...\{D14FB2FA-51B2-415C-93BF-5053102235EE}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python 3.6.4 Utility Scripts (32-bit) (HKLM-x32\...\{D0730E44-E519-4F39-B926-E2FC0449D67C}) (Version: 3.6.4150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{B42FF40A-60D4-4096-AC47-C86153D72797}) (Version: 3.6.6196.0 - Python Software Foundation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2909802881-1809305294-4137571501-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-14] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-05-14] (Avira Operations GmbH & Co. KG)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04F48FCB-64FF-410E-B41D-D24BF9D0723B} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {058FF6C4-AC45-45A0-9C54-8F7EF961B50C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {07C96D22-783E-4E04-9132-88943FEF1481} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {1D31F5A1-1482-49AE-8D87-CD6FFC0CBB72} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2DD2127E-3F47-4C47-BB1E-63C30B730760} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3310015C-DA70-4F13-926D-844006123C46} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5292F73E-486D-4D42-9468-88B63131671A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5EC51427-C4F1-4107-8859-B6C00249CB57} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5F0DBDA1-D051-42ED-883D-EF3D8DB529F1} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-05-24] (Avira Operations GmbH & Co. KG)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {77654389-3548-4439-8E5E-A76E7C13A05C} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {83A6BB13-C131-412C-819C-6F695ACFDC89} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {84095955-7ECA-4A1E-94AC-3196D28CB12E} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {842E245F-75ED-4A2A-BF06-1E87762FFDFB} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {957C8364-7BDE-48F2-913A-6AEFF3BA9467} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9D17742B-7AD0-49B8-A008-B940922C97DE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-23] (Google Inc.)
Task: {A2F0C58E-1478-4A95-95A5-BEC84222C3CB} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {AB909709-E4D6-44A6-BC73-F39A76887DB5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B0811582-F540-4804-8E7F-7A41392C8A4B} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BBF820C6-2B7E-4336-8088-4292970AA9AC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD4B99C7-5C62-4EF1-B692-8B403FCAA9C1} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {BE11E7B8-323B-4B2B-9FA3-5EF97C6095BA} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C334E7E8-342F-454E-A6CE-35AC418EFBD0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EC544BCE-9112-4E41-BA28-E27BBDD3165F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {F1846765-1A57-40F3-86E5-71C045208183} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-23] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 01:35 - 2018-04-12 17:53 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-27 14:37 - 2018-04-26 05:14 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libglesv2.dll
2018-04-27 14:37 - 2018-04-26 05:14 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\66.0.3359.139\libegl.dll
2018-05-24 14:27 - 2018-05-24 14:28 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-24 14:27 - 2018-05-24 14:28 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-24 14:27 - 2018-05-24 14:28 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-24 14:27 - 2018-05-24 14:28 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-08 21:37 - 2018-05-08 21:39 - 000187392 _____ () C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_85.1.379.0_x64__v10z8vjag6ke6\HPPageLift.UWP.dll
2017-11-04 13:04 - 2017-11-04 13:04 - 001034856 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxml2.dll
2017-11-04 13:04 - 2017-11-04 13:04 - 000184424 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxslt.dll
2017-11-04 13:04 - 2017-11-04 13:04 - 000183400 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxmlsec-mscrypto.dll
2017-11-04 13:04 - 2017-11-04 13:04 - 000293480 _____ () C:\Program Files (x86)\LibreOffice 5\program\libxmlsec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP1.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:3or4kl4x13tuuug3Byamue2s4b [97]
AlternateDataStreams: C:\Users\Dell\Documents\OP2.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018171844418\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018172711020\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192018072010894\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018171844735\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018172711160\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192018072011532\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018171844912\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05162018172711339\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-2909802881-1809305294-4137571501-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05192018072012600\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BBC3518B-7483-474F-8809-170D6EC278F0}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5D4CB92E-252A-44C8-8E00-ABC36F44C5A8}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{C6FF9084-BB62-44FC-942D-64218F2A3AFC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{61C3CBF8-E75E-4E98-9740-E2562628AC91}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{0EB2BCF6-0411-4C1A-8F60-0DB515EC3C07}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{4260B98B-E262-40FC-8C79-C9AB2786F520}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B0E8642C-9E11-41ED-9675-60A14F636182}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AA9BC67A-633D-44C9-93DB-F0F73940D17A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2018 05:14:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 6c78

Čas spuštění: 01d3f778d490bf78

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 606b8dba-bf4b-46ad-82e5-67a4c16a28a0

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/26/2018 01:20:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 6254

Čas spuštění: 01d3f45ebce0f65f

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 9f4c671b-80d0-49c7-bdd8-113de295001a

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/25/2018 09:16:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 6ddc

Čas spuštění: 01d3f35bcdd82567

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: fd6dc316-b8f4-4bf8-8f34-f6bb46ff3d8f

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/24/2018 09:21:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HxTsr.exe, verze: 16.0.9226.2170, časové razítko: 0x5af39710
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.17134.1, časové razítko: 0x701ca188
Kód výjimky: 0xe06d7363
Posun chyby: 0x000000000003f218
ID chybujícího procesu: 0x6d10
Čas spuštění chybující aplikace: 0x01d3f376149adb9e
Cesta k chybující aplikaci: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe\HxTsr.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 30cf4014-4a9f-46c6-b1d1-958738fc5299
Úplný název chybujícího balíčku: microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe
ID aplikace související s chybujícím balíčkem: ppleae38af2e007f4358a809ac99a64a67c1

Error: (05/24/2018 02:24:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 64ec

Čas spuštění: 01d3f21e2c9328d5

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 610f3b3b-3cfb-4a57-8f96-f3b3c4e6cbe3

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/23/2018 12:42:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 5864

Čas spuštění: 01d3f205008be208

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: df6a652c-8533-4885-aa08-7e84b66b2951

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/21/2018 09:04:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Microsoft.Photos.exe verze 2018.18031.15820.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 5d14

Čas spuštění: 01d3f0324611dee0

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

ID hlášení: 28c57b02-58dc-4df8-999e-5f65ffb8c405

Úplný název balíčku s chybou: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe

ID aplikace související s balíčkem s chybou: App

Error: (05/21/2018 10:09:10 AM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: Dell-PC)
Description: httphttp-2147467263


System errors:
=============
Error: (06/06/2018 01:01:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/05/2018 01:48:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/05/2018 01:43:55 PM) (Source: DCOM) (EventID: 10010) (User: Dell-PC)
Description: Server Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/04/2018 10:34:27 PM) (Source: DCOM) (EventID: 10010) (User: Dell-PC)
Description: Server Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/04/2018 06:36:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/03/2018 08:27:16 PM) (Source: DCOM) (EventID: 10010) (User: Dell-PC)
Description: Server Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/01/2018 09:53:10 PM) (Source: DCOM) (EventID: 10010) (User: Dell-PC)
Description: Server Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe!App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca se v daném časovém limitu neregistroval u služby DCOM.

Error: (05/31/2018 10:29:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================

Date: 2018-05-21 09:58:59.921
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-21 09:58:59.920
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-21 09:58:59.913
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-21 09:58:59.904
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-21 09:58:59.904
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-21 09:58:59.904
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-05-16 17:26:40.501
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-16 17:17:15.461
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz
Percentage of memory in use: 76%
Total physical RAM: 3969.1 MB
Available physical RAM: 917.32 MB
Total Virtual: 8065.1 MB
Available Virtual: 2960.25 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:117.82 GB) (Free:84.33 GB) NTFS

\\?\Volume{9fb3f905-be4e-11e7-9d3d-806e6f6e6963}\ (Rezervováno systémem) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{d90825cb-0000-0000-0000-00684a000000}\ () (Fixed) (Total:0.46 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: D90825CB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=475 MB) - (Type=27)
Partition 4: (Not Active) - (Size=179.7 GB) - (Type=05)

==================== End of Addition.txt ============================