﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.09.2018 03
Ran by X6 (06-09-2018 16:04:22)
Running from D:\DOWNLOADS++++++++++++++++++
Windows 10 Pro Version 1803 17134.254 (X64) (2018-05-01 09:45:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3780314511-1121673050-2194208838-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3780314511-1121673050-2194208838-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3780314511-1121673050-2194208838-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3780314511-1121673050-2194208838-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3780314511-1121673050-2194208838-504 - Limited - Disabled)
X6 (S-1-5-21-3780314511-1121673050-2194208838-1001 - Administrator - Enabled) => C:\Users\X6

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.23) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
AOMEI Partition Assistant Standard Edition 6.6 (HKLM-x32\...\{02F850ED-FD0E-4ED1-BE0B-54981f5BD3D4}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Ashampoo HDD Control 2017 (HKLM-x32\...\{4209F371-0379-F90A-4356-52C930989916}_is1) (Version: 3.20.00 - Ashampoo GmbH & Co. KG)
Ashampoo PDF Free (HKLM-x32\...\{0A11EA01-107A-2357-1F95-FA34649FD14D}_is1) (Version: 1.0.7 - Ashampoo GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.41 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.6795 - CDBurnerXP)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
EaseUS Partition Master 12.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EaseUS Todo Backup Free 10.6 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 10.6 - CHENGDU YIWO Tech Development Co., Ltd)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
EPSON L800 Series Printer Uninstall (HKLM\...\EPSON L800 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppP1100P1560P1600SeriesLaserJetService (HKLM-x32\...\{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}) (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (HKLM-x32\...\{853F464A-B2B8-404E-BA3E-B98FF6862C41}) (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
IM-Magic Partition Resizer Free 2018 (HKLM-x32\...\IM_Magic_PR) (Version: 2018 - IM-Magic Inc.)
IObit Malware Fighter 6 (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 6.0 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.5.0.7 - IObit)
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
LG Mobile Drivers (HKLM-x32\...\{D8D0327A-72B4-4C79-9883-1B6B6C20ED2B}) (Version: 4.0.3 - LG Electronics)
Malwarebytes verze 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.10325.20118 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3780314511-1121673050-2194208838-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
MKVToolNix 21.0.0 (64-bit) (HKLM-x32\...\MKVToolNix) (Version: 21.0.0 - Moritz Bunkus)
Mozilla Firefox 61.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 61.0.2 (x64 cs)) (Version: 61.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 61.0.2.6793 - Mozilla)
Mozilla Thunderbird 52.9.1 (x86 cs) (HKLM-x32\...\Mozilla Thunderbird 52.9.1 (x86 cs)) (Version: 52.9.1 - Mozilla)
Mp3tag v2.88a (HKLM-x32\...\Mp3tag) (Version: 2.88a - Florian Heidenreich)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.0.3.0 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10325.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0405-1000-0000000FF1CE}) (Version: 16.0.10325.20118 - Microsoft Corporation) Hidden
PDFTools Version 1.3 (08/26/2007) (HKLM-x32\...\PDFTools_is1) (Version: 1.3 - www.SheelApps.com - Sheel Khanna)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
RogueKiller verze 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SnailDriver 2 Lite version 2.1.0.0 (HKLM-x32\...\{3189DA22-4E71-4794-9F3D-39A3DE0062DE}_is1) (Version: 2.1.0.0 - Snailsuite)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1158 - SUPERAntiSpyware.com)
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Total Commander 64+32-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Wise Disk Cleaner 9.6.3 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 9.6.3 - WiseCleaner.com, Inc.)
Zoner Photo Studio 18 (HKLM\...\ZonerPhotoStudio18_CZ_is1) (Version: 18.0.1.10 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [                    IMFSafeBox] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [SimpleShlExt] -> {45203D3B-3D73-4497-8AFE-D29950AC6C55} => C:\Program Files (x86)\EaseUS\Todo Backup\bin\x64\ImageSh.dll [2017-09-04] (CHENGDU YIWO Tech Development Co.,Ltd)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2016-03-08] (Piriform Ltd)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll [2018-03-20] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A15E450-6BD9-4BD5-B648-73B9028B1725} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
Task: {28048DB7-2096-48FA-B434-BF15EE32C45A} - System32\Tasks\SnailDriver2_Lite_SkipUAC => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailDriver.exe [2018-06-11] (Snail)
Task: {29247BBD-E044-4679-89F9-8D6BC66F5751} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {3B097DA0-E233-4831-BF9A-14CB1B991073} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-08-18] (AVAST Software)
Task: {474A3FAD-6677-4B33-BEF4-D6A9A1F16EFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-01-18] (Google Inc.)
Task: {554313EA-D1B8-4FAF-8497-EAB778E63086} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\osfinstaller.exe [2018-08-18] (Microsoft Corporation)
Task: {5F9178A3-3729-4AA1-9CBF-C9375F885872} - System32\Tasks\SnailDriver2_Lite_Launch => C:\Program Files (x86)\SnailSuite\SnailDriver 2 Lite\SnailLaunch.exe [2018-06-11] (SnailDrivers)
Task: {6202DC62-2F60-4700-B563-9C2757FD516E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {81FF9E31-1466-4E34-88DB-7555F733DC93} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-06] (Piriform Ltd)
Task: {8B148E34-8B2D-4E36-A80E-774DCF0A8D17} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {9134040E-15FA-4E9D-B3B5-42AFFA65ACD9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-18] (Microsoft Corporation)
Task: {9532E3CF-9D8E-4C42-B7AB-A0FD2C334305} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-08-18] (Microsoft Corporation)
Task: {974B6B07-2D63-4EE6-8206-01EBE8951CEB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-08-18] (Microsoft Corporation)
Task: {9E5D893F-3990-4CC6-8AC2-71BBF1018FEC} - System32\Tasks\WiseCleaner\WDCSkipUAC => C:\Program Files (x86)\Wise\Wise Disk Cleaner\WiseDiskCleaner.exe [2018-02-07] (WiseCleaner.com)
Task: {CA62BB80-F995-462B-83A3-2FBDB6C1CFCB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-08-09] (Microsoft Corporation)
Task: {D2DE82A0-61CF-4BF9-A41D-BDFC6CEA4254} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-08-18] (Microsoft Corporation)
Task: {DA0D47B4-A142-4087-B24C-E8C93B521C14} - System32\Tasks\Uninstaller_SkipUac_X6 => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2018-06-21] (IObit)
Task: {DD1FA2CB-7EDD-4CAA-80E1-A876087D0A82} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)
Task: {E4F2073A-B6F4-45BC-A8AD-6A55EF6D299B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {EFC79A36-E114-4196-AD28-4FF0E142CB07} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-03-06] (Piriform Ltd)
Task: {FCA4F502-B6A4-4917-80F4-2CF3284C944E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe [2018-07-31] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_X6.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-01-27 14:57 - 2012-08-31 16:03 - 000288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2017-01-27 14:57 - 2012-08-31 16:02 - 000074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2017-11-05 17:22 - 2017-01-17 13:42 - 000332120 _____ () c:\program files (x86)\ashampoo\ashampoo hdd control 2017\hddc2017service.exe
2017-11-09 10:49 - 2017-08-30 13:29 - 000260752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-09-04 16:44 - 2018-08-09 06:23 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 19:37 - 2018-07-17 19:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 19:37 - 2018-07-17 19:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 19:37 - 2018-07-17 19:37 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 19:37 - 2018-07-17 19:37 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 19:37 - 2018-07-17 19:37 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-22 15:52 - 2014-11-18 15:44 - 000255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\TrayTipAgentE.exe
2018-09-01 18:37 - 2018-09-01 18:37 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-01 18:37 - 2018-09-01 18:37 - 069283840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-06 13:46 - 2017-10-06 13:47 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-08-20 23:29 - 2018-08-20 23:29 - 000049664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-26 08:00 - 2018-04-26 08:00 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-20 23:29 - 2018-08-20 23:29 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-08-20 23:29 - 2018-08-20 23:29 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-04-03 08:43 - 2018-04-03 08:43 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 014333440 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 002869248 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-26 20:38 - 2018-07-26 20:38 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-01 18:37 - 2018-09-01 18:37 - 000145920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18071.15310.0_x64__8wekyb3d8bbwe\SKU.dll
2018-07-31 06:25 - 2018-07-31 06:26 - 000199168 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-07-31 06:25 - 2018-07-31 06:25 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-31 06:25 - 2018-07-31 06:26 - 007814144 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11807.1001.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2018-08-20 23:29 - 2018-08-20 23:29 - 004255232 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-08-20 23:29 - 2018-08-20 23:29 - 004445248 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-03 19:15 - 2018-05-03 19:15 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1807.2121.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2017-11-09 10:49 - 2017-02-21 18:19 - 000083136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000019648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000090816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2017-11-09 10:49 - 2016-03-07 19:08 - 001291264 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2017-11-09 10:49 - 2004-10-05 04:08 - 000055808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000024768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000188608 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000183440 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000163520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt_RTTO.dll
2017-11-09 10:49 - 2017-08-30 13:27 - 000055952 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000018112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000061072 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2017-11-09 10:49 - 2017-09-04 18:39 - 000699024 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EuActiveOnline.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000487568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EULicenseDLL.DLL
2017-11-09 10:49 - 2017-08-30 13:26 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\fsclog.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000085648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000032912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000070800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000160400 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000296592 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000078528 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000305808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSUtil.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000026304 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CallbackOperator.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000074432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000142016 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2017-11-09 10:49 - 2017-09-11 15:28 - 000085136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000844944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000195776 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000414400 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000162448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000029376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000114368 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000026816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000022720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000034448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000054464 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000066240 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000026768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2017-11-09 10:49 - 2017-08-30 13:26 - 000072848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000221376 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000079040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000021648 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000138432 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000021696 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2017-11-09 10:49 - 2017-08-30 13:27 - 000074896 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlExBrowser.dll
2017-11-09 10:49 - 2017-08-30 13:27 - 000585872 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SqlSMOCPlusPlus.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000045248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000367760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2017-11-09 10:49 - 2017-08-30 13:25 - 000141456 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000149184 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000052416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000064192 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2017-11-09 10:49 - 2016-12-06 03:43 - 000091840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2017-11-09 10:49 - 2016-12-06 03:44 - 000058560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000966512 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000339816 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000266096 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000360304 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000040808 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000139112 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000495464 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000081776 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2018-02-23 14:58 - 2017-09-01 17:35 - 002411968 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2018-02-23 14:58 - 2017-09-04 11:10 - 000126832 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000175984 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000348008 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000089960 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000724848 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000073584 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000298864 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000978792 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000114544 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000266088 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2018-02-23 14:58 - 2017-09-04 11:11 - 000188264 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2017-01-18 17:20 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2017-01-18 17:20 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2017-01-18 17:20 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2017-11-09 10:49 - 2016-12-06 03:44 - 000210112 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2018-02-22 15:52 - 2014-02-13 16:27 - 000222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\traynet.dll
2018-02-22 15:52 - 2014-02-13 16:27 - 000275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\libcurl.dll
2018-02-22 15:52 - 2014-02-13 16:27 - 000113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\zlib1.dll
2018-02-22 15:52 - 2014-02-13 16:27 - 000249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 12.8\bin\TrayPopupE\uexper.dll
2018-07-02 14:54 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2017-01-18 17:20 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2017-01-18 17:20 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 13:47 - 2017-12-29 10:39 - 000000747 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3780314511-1121673050-2194208838-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3780314511-1121673050-2194208838-1001\...\StartupApproved\Run: => "SnailDriver"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{C0E9CD46-C789-4C9D-8B5E-83F5C3F314DB}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{C833CB2A-C966-4F80-B908-149367D4AEA9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{7CD65459-6086-4B47-9F33-E13B7F157E43}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{DD6C4DD3-325C-4A96-9BA7-7E524CC25C7A}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{CA1BD6A4-7288-4E09-84CD-0AAC73640452}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{C532B4CB-D5B2-417F-B840-D7AC3BAFEBBD}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{681ECBAF-32B9-40C1-A322-EA83D6E0C779}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{14AC258E-CCE6-4E7D-943F-518DE031A47F}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{1FDCE644-24BE-4E0A-99EC-BEF1DEA594C1}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C432E151-0116-49D8-9602-2A10CD01960E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [UDP Query User{7F89CB69-73EA-408B-BA34-1FDE781D0A7F}C:\users\x6\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\x6\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{3CE42C4D-0D60-4B36-9226-F170BA361E1C}C:\users\x6\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\x6\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2650913D-91D0-4708-A936-8CB42457C73D}D:\utorrent.exe] => (Allow) D:\utorrent.exe
FirewallRules: [TCP Query User{D50027DA-9F2A-4D54-91CA-DE28B560A749}D:\utorrent.exe] => (Allow) D:\utorrent.exe
FirewallRules: [UDP Query User{A435D05B-0259-4D48-9956-83F2BF59DC57}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [TCP Query User{6E868013-6980-45A1-A980-7B994A5B8BD5}C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_121\bin\javaw.exe
FirewallRules: [{07658AA0-DDB1-4546-9025-D26393354AB9}] => (Allow) C:\Program Files\Zoner\Photo Studio 18\Program32\MediaServer.exe
FirewallRules: [{CD156F62-47B8-4E33-8E15-13D1E58D0034}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{2167C46E-F864-4D05-94B0-6ACD6278FCC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{9E10BE41-8978-4B90-8363-11D930CED2FF}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [UDP Query User{95D75A60-B88E-467C-8ED1-A2E2466D505A}C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_141\bin\javaw.exe
FirewallRules: [TCP Query User{CA2F627E-6026-4713-B0EB-AB4513B92714}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{C68F110F-FB4A-41A6-BC88-60BB8E4D7288}C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.9.601.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{D68F317E-A80F-42D2-9D61-936323333331}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{20B374DA-44DB-42EB-AB96-D81B82EF359A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3E00700D-4158-4BEC-8A56-39C87F5FC9E0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{814EC370-3CE2-44A2-8C24-AC279A5CD994}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{4A3874D1-0B29-4756-906B-0B10186BEAC2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9AABBAC0-6FB5-4610-97DF-643B28DEBFA4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2C70ABB5-28E0-4532-8076-65F0AEE8AF5C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B3A7DF50-382D-4FD9-97DF-C5A389D0BE99}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{ABC03FC7-94A9-42AA-9D25-FC3CA5BF9ED6}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{ED843874-B7C2-4FE5-B110-143E8B5B340E}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{1CB0704C-C751-40FF-B1EF-B424237269A4}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{FFAAC592-9707-41CC-9ED4-78D6C67BD920}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2018 04:02:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.1, časové razítko: 0xe8b78880
Kód výjimky: 0xc000041d
Posun chyby: 0x000063a7
ID chybujícího procesu: 0x2260
Čas spuštění chybující aplikace: 0x01d445e8e054cbf2
Cesta k chybující aplikaci: C:\Users\X6\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 127e85f8-1cdf-4e3a-bf89-7400cc6fb4db
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (09/06/2018 02:18:03 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-GU89MQV)
Description: httphttp-2147467263

Error: (09/06/2018 02:18:00 PM) (Source: Microsoft-Windows-SpellChecker) (EventID: 33) (User: DESKTOP-GU89MQV)
Description: httphttp-2147467263

Error: (09/06/2018 02:11:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.1, časové razítko: 0xe8b78880
Kód výjimky: 0xc000041d
Posun chyby: 0x000063a7
ID chybujícího procesu: 0x2518
Čas spuštění chybující aplikace: 0x01d445d888ed4e6f
Cesta k chybující aplikaci: C:\Users\X6\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: d0beecd9-2485-4b7a-94d0-5a7ac249299d
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (09/06/2018 01:55:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.1, časové razítko: 0xe8b78880
Kód výjimky: 0xc000041d
Posun chyby: 0x000063a7
ID chybujícího procesu: 0x21f0
Čas spuštění chybující aplikace: 0x01d445d87acce6b5
Cesta k chybující aplikaci: C:\Users\X6\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 9d641482-98cb-45a3-87ce-79bbea1de36a
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (09/06/2018 01:25:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.1, časové razítko: 0xe8b78880
Kód výjimky: 0xc000041d
Posun chyby: 0x000063a7
ID chybujícího procesu: 0x12fc
Čas spuštění chybující aplikace: 0x01d445d403ef201f
Cesta k chybující aplikaci: C:\Users\X6\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: 4ed42c58-375d-4f29-a993-bcc657c02702
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (09/06/2018 01:01:13 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Vytvoření bodu obnovení se nezdařilo (Proces = C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.165_none_eaf410441d6d7311\TiWorker.exe -Embedding; Popis = Instalační služba modulů systému Windows; Chyba = 0x80070422).

Error: (09/06/2018 07:15:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: utorrent.exe, verze: 2.2.1.25534, časové razítko: 0x4e4594ce
Název chybujícího modulu: GDI32.dll, verze: 10.0.17134.1, časové razítko: 0xe8b78880
Kód výjimky: 0xc000041d
Posun chyby: 0x000063a7
ID chybujícího procesu: 0x26b4
Čas spuštění chybující aplikace: 0x01d445a027cf4d30
Cesta k chybující aplikaci: C:\Users\X6\AppData\Roaming\uTorrent\utorrent.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\GDI32.dll
ID zprávy: b41832d5-8355-4414-a54f-321f3834dd87
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (09/06/2018 03:05:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscDataProtection
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/06/2018 03:05:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscBrokerManager
 a APPID 
Není k dispozici
 uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/06/2018 03:03:29 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-GU89MQV)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Spuštění pro serverovou aplikaci COM s identifikátorem CLSID 
Windows.SecurityCenter.WscCloudBackupProvider
 a APPID 
Není k dispozici
 uživateli DESKTOP-GU89MQV\X6 (SID: S-1-5-21-3780314511-1121673050-2194208838-1001) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (09/06/2018 03:02:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Microsoft Passport Container neuspěla při spuštění v důsledku následující chyby: 
Přesměrování bylo ukončeno.

Error: (09/06/2018 03:02:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Instalační služba modulů systému Windows byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error: (09/06/2018 03:02:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Microsoft Office Klikni a spusť byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (09/06/2018 03:02:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Defragmentation-Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (09/06/2018 03:02:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Virtuální disk byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.


Windows Defender:
===================================
Date: 2018-09-02 21:43:16.186
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {96D8A3EC-6EB3-4D68-A3D5-235F704D7AC5}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-28 13:25:46.854
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {04BC07BF-1C2A-46F5-B6B7-F291F2F99B1B}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-25 12:16:39.184
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {AAEC5663-EDEC-4140-93C9-33F0765BDC0D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-24 08:19:08.663
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {657FD240-B06E-4108-91F2-B74DD3BC4D47}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-24 07:04:40.386
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {3AD82254-7619-4BEE-97A3-5C027499CAAA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2018-08-18 22:31:09.213
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.273.1167.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.15100.1
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic. 

Date: 2018-08-18 22:31:09.212
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.273.1167.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.15100.1
Kód chyby: 0x80240022
Popis chyby :V daném programu nelze zkontrolovat aktualizace definic. 

Date: 2018-08-07 19:10:23.615
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070002
Popis chyby: Systém nemůže nalézt uvedený soubor. 
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

Date: 2018-08-06 18:19:30.646
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.273.927.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.15100.1
Kód chyby: 0x80070643
Popis chyby :Při instalaci došlo k závažné chybě. 

Date: 2018-07-28 20:57:52.453
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o načtení podpisů a pokusí se o obnovení sady podpisů, jejichž správnost je potvrzena.
Podpisy, které se měly načíst: Aktuální
Kód chyby: 0x80070003
Popis chyby: Systém nemůže nalézt uvedenou cestu. 
Verze podpisu: 0.0.0.0;0.0.0.0
Verze modulu: 0.0.0.0

==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X6 1055T Processor
Percentage of memory in use: 30%
Total physical RAM: 7934.11 MB
Available physical RAM: 5518.55 MB
Total Virtual: 8446.11 MB
Available Virtual: 5963.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.4 GB) (Free:209.16 GB) NTFS
Drive d: (DATA) (Fixed) (Total:596.17 GB) (Free:154.5 GB) NTFS
Drive e: (DATA) (Fixed) (Total:2794.52 GB) (Free:616.33 GB) NTFS
Drive i: (DATA) (Fixed) (Total:1863.02 GB) (Free:113.08 GB) NTFS
Drive k: (DATA) (Fixed) (Total:931.51 GB) (Free:92.2 GB) NTFS

\\?\Volume{5b8e8972-0000-0000-007e-000000000000}\ (Rezervováno systémem) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: 5B8E8972)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: D893B4D3)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 596.2 GB) (Disk ID: 40E067B5)
Partition 1: (Not Active) - (Size=596.2 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 1863 GB) (Disk ID: 56034FF4)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 2794.5 GB) (Disk ID: 850C5C95)

Partition: GPT.

==================== End of Addition.txt ============================