Prosím o kontrolu logu Vyřešeno

[Kotik]

FrSt2

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-10-2016
Ran by Michal Kot (02-11-2016 22:28:18)
Running from C:\Users\Michal Kot\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-09 18:16:34)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3301925586-152780995-2195207930-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3301925586-152780995-2195207930-503 - Limited - Disabled)
Guest (S-1-5-21-3301925586-152780995-2195207930-501 - Limited - Disabled)
Michal Kot (S-1-5-21-3301925586-152780995-2195207930-1001 - Administrator - Enabled) => C:\Users\Michal Kot

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET NOD32 Antivirus 9.0.401.1 (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET NOD32 Antivirus 9.0.401.1 (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrylic Wi-Fi Home v3.1 (HKU\S-1-5-21-3301925586-152780995-2195207930-1001\...\{3706FB7A-11FB-44C4-AD94-2B29878D75DC}_is1) (Version: 3.1 - Tarlogic Security S.L.)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Aktualizace produktu Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{0A1FAC46-B899-421D-B1A2-470896DC45DB}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{5260BB53-C1F7-4A3B-9AEB-3EC9B37FF194}) (Version: - Microsoft)
Aktualizace produktu Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E68DD413-B834-4923-8181-0A03B7555187}) (Version: - Microsoft)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.275.0 - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.1.720 - Broadcom Corporation)
CCleaner (HKLM\...\CCleaner) (Version: 5.22 - Piriform)
CPUID CPU-Z 1.76 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
CrystalDiskInfo 7.0.4 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.4 - Crystal Dew World)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6618 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.5.6618 - Název společnosti:) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ESET NOD32 Antivirus (HKLM\...\{F92DA023-338E-4C8A-A6C6-8F36DB179AE4}) (Version: 9.0.385.1 - ESET, spol. s r.o.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GrPing 1.3 (HKLM-x32\...\GrPing) (Version: - )
HP DeskJet 5570 series Nápověda (HKLM-x32\...\{17C64B75-5B72-4BFF-B048-ADD986EDE0A8}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{39C8BE76-CF6A-466F-8618-0B52CC4CA0FC}) (Version: 8.3.34.7 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{7C3170E8-E61A-41D9-8547-8E96445EA510}) (Version: 12.5.32.37 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{EFA01423-3857-468C-B7B6-F30AA08E50BC}) (Version: 1.1.5.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{29AAC3D3-23FC-496D-8266-0E3833686758}) (Version: 6.0.2.10 - Apple Inc.)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4248 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
iTunes (HKLM\...\{F11677B7-0D8E-4F34-BEBB-6869FE861CDF}) (Version: 12.5.2.36 - Apple Inc.)
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.1.3.3 - PandoraTV)
KYE64 (HKLM\...\{30A68EDA-53FA-43B5-8007-D18ED1F61659}) (Version: 1.00.0000 - )
Malwarebytes Anti-Malware verze 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 365 ProPlus - cs-cz (HKLM\...\O365ProPlusRetail - cs-cz) (Version: 16.0.7466.2023 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Preview Redistributable (x64) - 12.0.20617 (HKLM-x32\...\{448652c1-f5f3-4230-98c6-68c10c88b1fb}) (Version: 12.0.20617.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 49.0.1 (x86 cs) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 cs)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2023 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1009 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2023 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2023 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
PingPlotter 5 (x32 Version: 5.02.3.1931 - Pingman Tools, LLC) Hidden
PingPlotter 5 5.02.3 (HKLM-x32\...\PingPlotter 5 5.02.3.1931) (Version: 5.02.3.1931 - Pingman Tools, LLC)
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{F2871C89-C8A5-42EE-8D45-0F02506385A6}) (Version: 5.1 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{9BC93467-75D1-4AA4-BD58-D9C51D88DFAB}) (Version: 5.1 - Apple Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.370.87 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.6 - Sophos Limited)
Studie vylepšování produktu HP DeskJet 5570 series (HKLM\...\{71997EDA-A717-4ECF-A957-42A2B63893F6}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.107 - Synaptics Incorporated)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1EEE0BEE-0BC8-11E5-A19E-F04DA23A5C58}) (Version: 13.0.453 - Sony)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Základní software zařízení HP DeskJet 5570 series (HKLM\...\{4D4488BC-AB61-4B57-91C7-53B899483A38}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.50.133 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3301925586-152780995-2195207930-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Michal Kot\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {036F4D2F-55F3-4A44-8D2F-0236E930AEA0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-27] (Microsoft Corporation)
Task: {2E469A2E-38F2-47DC-A3C0-76472A793534} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-19] (Microsoft Corporation)
Task: {2E87449E-86FB-4BF1-A07E-31D70E62A955} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-27] (Microsoft Corporation)
Task: {43161B19-0A38-4833-8A37-5F19C58E67AF} - System32\Tasks\HPCustPartic.exe_{0A5F0162-166D-4CC5-AFF1-6DDFC1B95CCD} => C:\Program Files\HP\HP DeskJet 5570 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {4E327A13-9E17-4EC2-9789-69E2381FBBEF} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2016-10-05] (Apple Inc.)
Task: {52122DFC-0141-4CF9-AB11-3FCEA7C5CA23} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {5DA71452-DAC4-4FB0-B5E1-D5E099C61482} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-08-26] (Piriform Ltd)
Task: {6192FD03-7550-4726-80B2-8B6382FDF2B6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-07-04] (HP Inc.)
Task: {65E1188A-5170-4768-AED9-9CBB3E9C136A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {6F367270-8A07-4DDA-998A-E1BDDA934F63} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {83E6DAE2-F80E-42D0-9BF5-1C94BF09C9C4} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Michal Kot\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-10-26] (Microsoft Corporation)
Task: {8BB6D51E-F4CC-43CB-89F3-5B12C01AA8E9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-19] (Microsoft Corporation)
Task: {94879DAA-12BF-41CF-AE21-78F4EFF4D63C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {B98F3724-A56A-4A80-BD71-2091024BBB8E} - System32\Tasks\HPCeeScheduleForMichal Kot => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {BF8633C5-58E9-4E5E-A3AC-6F9A28830E64} - System32\Tasks\HPCustParticipation HP DeskJet 5570 series => C:\Program Files\HP\HP DeskJet 5570 series\Bin\HPCustPartic.exe [2015-04-09] (Hewlett-Packard Development Company, LP)
Task: {C832891B-C202-4A78-A6E8-898D78F30843} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-10-27] (Microsoft Corporation)
Task: {D6648101-743D-42B0-806E-FA14C5A24F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {DD576A10-1E86-4C57-9827-00964C4A589F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {F642D0A5-7E89-4A6A-A361-662142D4C554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {F7CD52D3-8B48-4529-AD9B-39EC2D2F7D1A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {FD3CE69E-406A-465A-9BA4-35BD640B5BCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMichal Kot.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-15 20:01 - 2016-02-15 20:01 - 00031256 _____ () C:\WINDOWS\System32\us008lm.dll
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-10-05 18:17 - 2016-10-05 18:17 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-15 20:01 - 2016-02-15 20:01 - 01730400 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\us008du.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-09-30 18:26 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-09-30 18:26 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-25 09:12 - 2015-07-25 09:12 - 00404912 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-30 18:26 - 2016-09-15 18:25 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-26 14:45 - 2016-10-26 14:45 - 01864384 _____ () C:\Users\Michal Kot\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-11-02 22:10 - 2016-11-02 22:10 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-09-15 09:26 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 10:26 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-27 23:53 - 2016-10-15 04:41 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-27 23:53 - 2016-10-15 04:34 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-27 23:53 - 2016-10-15 04:34 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-27 23:53 - 2016-10-15 04:34 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-27 23:53 - 2016-10-15 04:38 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-20 14:10 - 2016-10-20 14:11 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 14:10 - 2016-10-20 14:11 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 14:10 - 2016-10-20 14:11 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2009-08-21 14:51 - 2009-08-21 14:51 - 00040960 _____ () C:\Windows\SysWOW64\CMRHook.exe
2015-07-10 22:37 - 2015-07-10 22:37 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-11-02 21:55 - 2016-11-02 21:55 - 00098816 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32api.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00110080 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\pywintypes27.dll
2016-11-02 21:55 - 2016-11-02 21:55 - 00364544 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\pythoncom27.dll
2016-11-02 21:55 - 2016-11-02 21:55 - 00320512 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32com.shell.shell.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00776704 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_hashlib.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 01176576 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._core_.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00806400 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._gdi_.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00816128 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._windows_.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 01067008 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._controls_.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00733184 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._misc_.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00682496 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\pysqlite2._sqlite.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00088064 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_ctypes.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00119808 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32file.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00108544 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32security.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00007168 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\hashobjs_ext.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00017920 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\thumbnails_ext.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00088064 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\usb_ext.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00012800 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\common.time34.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00018432 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32event.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00167936 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32gui.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00046080 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_socket.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 01208320 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_ssl.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00128512 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_elementtree.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00127488 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\pyexpat.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00038912 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32inet.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00036864 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_psutil_windows.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00525208 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\windows._lib_cacheinvalidation.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00011264 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32crypt.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00077312 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._html2.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00027136 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_multiprocessing.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00020480 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\_yappi.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00035840 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32process.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00686080 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\unicodedata.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00078848 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._animate.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00123392 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\wx._wizard.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00024064 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32pipe.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00010240 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\select.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00025600 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32pdh.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00017408 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32profile.pyd
2016-11-02 21:55 - 2016-11-02 21:55 - 00022528 ____R () C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402\win32ts.pyd
2016-10-05 18:18 - 2016-10-05 18:18 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-01 17:13 - 2016-09-01 17:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 08:24 - 2016-10-31 19:39 - 00000753 ____A C:\WINDOWS\system32\Drivers\etc\hosts


127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3301925586-152780995-2195207930-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michal Kot\Desktop\Tapety plocha\memorable_sunset_beach-wallpaper-1366x768.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{01236EB8-E4B5-4C32-8F6A-AE97FB7F9ADB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E0391321-E9B6-46AC-9BC5-0D4AD57958E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{35474C6F-E0CE-4BC5-AEBF-D824C2F25D69}C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{7E5D2B26-7DF9-4AF9-B3B9-C2E98AEC62C4}C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{53A77677-2D93-4595-99B6-8CFD7A8B80BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{1AF842F7-C631-4C65-8CCD-055C427EAD96}] => (Allow) C:\Program Files\HP\HP DeskJet 5570 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{F09E32B0-BA8F-4EF7-B945-1D582815BC82}] => (Allow) LPort=5357
FirewallRules: [{69687F47-DFCF-41D6-B65D-FF6CF14DAB84}] => (Allow) C:\Program Files\HP\HP DeskJet 5570 series\Bin\DeviceSetup.exe
FirewallRules: [{4EE6FF3A-D30B-4ADF-B2B1-D51383453F16}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{88FA20A0-BC41-4536-9522-3FAD5EEBF091}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{A9ED5370-9422-4605-B10A-1AD927CACA1A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{215A0BCB-9F57-4C1F-A153-C2FE6E2FC5D4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E1855142-F901-4FDF-8E69-9637CFA332BB}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{796233F6-51E7-4C32-A0C0-89CA62BC6F01}C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{0F90D417-5AD9-482A-A638-C6BECCD6D162}C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\michal kot\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A3344C11-08E3-4057-BBCE-512FFAB67528}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{F8E49A2B-3BFE-4C8C-918A-C3A0D5828F14}] => (Allow) C:\Program Files\Acrylic Wi-Fi Home\Acrylic.exe
FirewallRules: [{B13FA48C-4891-44B0-98DA-9D880ED3054E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71D733D8-05BE-4CDF-B5A7-6FF50CDA39A5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E6387851-D4E5-4DAF-88EC-89D7D81A79B1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{15289958-55C1-4E07-9EE5-014CB8E77745}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{41360A4A-FF17-434E-B56B-E6DDBB26E423}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54F49042-5D24-46BD-88A0-872250B435C2}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

26-10-2016 13:13:39 Removed Apple Mobile Device Support
31-10-2016 18:12:03 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/02/2016 10:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/02/2016 10:11:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/02/2016 10:11:15 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/02/2016 09:57:55 PM) (Source: MsiInstaller) (EventID: 1002) (User: DESKTOP-I0G743D)
Description: Neočekávaná nebo chybějící hodnota (název: PackageName, hodnota: ) v klíči HKU\S-1-5-21-3301925586-152780995-2195207930-1001\Software\Microsoft\Installer\Products\ADE86A03AF355B3408701DE81D6F6195\SourceList

Error: (11/01/2016 11:05:54 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/01/2016 11:05:53 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/01/2016 11:05:17 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/01/2016 10:32:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_AudioCacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/01/2016 10:32:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\program files\cyberlink\photodirector\kernel\ces\CES_CacheAgent.exe.Manifest se nezdařilo.
Závislé sestavení PDR.X,type="win32",version="1.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (11/01/2016 10:32:11 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest se nezdařilo. Chyba v souboru manifestu nebo zásady C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL na řádku 1.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.


System errors:
=============
Error: (11/02/2016 09:54:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/01/2016 10:37:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (11/01/2016 09:32:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/31/2016 07:52:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (10/31/2016 07:50:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/31/2016 07:50:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/31/2016 07:50:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/31/2016 07:50:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/31/2016 07:50:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Služba PEVSystemStart je označena jako interaktivní služba. Avšak systém je nakonfigurován tak, že neumožňuje použití interaktivní služby. Tato služba nebude fungovat správně.

Error: (10/31/2016 07:35:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
a APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
uživateli NT AUTHORITY\SYSTEM (SID: S-1-5-18) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


CodeIntegrity:
===================================
Date: 2016-11-02 22:26:43.024
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:43.022
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:35.933
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:35.932
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:34.696
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:34.693
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:34.691
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:26:34.689
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:23:33.028
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-11-02 22:23:33.026
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 4018.27 MB
Available physical RAM: 2293.84 MB
Total Virtual: 4722.27 MB
Available Virtual: 2742.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:216.02 GB) (Free:107.64 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:20.64 GB) (Free:2.34 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: FEAAB229)

Partition: GPT.

==================== End of Addition.txt ============================

_________________________________________________________________________________________________________

aswMBR:

aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
Run date: 2016-11-02 22:30:00
-----------------------------
22:30:00.629 OS Version: Windows x64 6.2.9200
22:30:00.629 Number of processors: 4 586 0x3D04
22:30:00.629 ComputerName: DESKTOP-I0G743D UserName: Michal Kot
22:30:01.114 Initialize success
22:30:01.151 VM: initialized successfully
22:30:01.151 VM: Intel CPU BiosDisabled
22:30:06.257 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002f
22:30:06.257 Disk 0 Vendor: AXNS381E-256GM-B 263j-HP Size: 244198MB BusType: 11
22:30:06.257 Disk 0 MBR read successfully
22:30:06.273 Disk 0 MBR scan
22:30:06.273 Disk 0 unknown MBR code
22:30:06.273 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
22:30:06.273 Disk 0 scanning C:\WINDOWS\system32\drivers
22:30:07.639 Service scanning
22:30:08.206 Service eelam C:\WINDOWS\system32\DRIVERS\eelam.sys **LOCKED** 5
22:30:08.226 Service ehdrv C:\WINDOWS\system32\DRIVERS\ehdrv.sys **LOCKED** 5
22:30:08.263 Service epfwwfpr C:\WINDOWS\system32\DRIVERS\epfwwfpr.sys **LOCKED** 5
22:30:10.651 Modules scanning
22:30:10.658 Disk 0 trace - called modules:
22:30:10.689 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys storport.sys iaStorA.sys hal.dll
22:30:10.705 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffff95829fc00060]
22:30:10.705 3 CLASSPNP.SYS[fffff8058d275efb] -> nt!IofCallDriver -> [0xffff95829fb01910]
22:30:10.720 5 hpdskflt.sys[fffff8058c77242b] -> nt!IofCallDriver -> [0xffff95829d1f7320]
22:30:10.720 7 ACPI.sys[fffff8058bd54571] -> nt!IofCallDriver -> \Device\0000002f[0xffff95829d1f6060]
22:30:10.736 Disk 0 statistics 149325/0/0 @ 86,70 MB/s
22:30:10.736 Scan finished successfully
22:30:28.906 Disk 0 MBR has been saved successfully to "C:\Users\Michal Kot\Desktop\MBR.dat"
22:30:28.906 The log file has been saved successfully to "C:\Users\Michal Kot\Desktop\aswMBR.txt"

[Reklama]

[jaro3]

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

Kód: Vybrat vše

Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3301925586-152780995-2195207930-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-3301925586-152780995-2195207930-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Michal Kot\AppData\Local\00BD3B0A-007A-4C84-A7E2-8AA15722A313.aplzod
C:\Program Files (x86)\akdz8pdve0.dat
C:\ProgramData\Ament.ini
Task: {D6648101-743D-42B0-806E-FA14C5A24F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {F642D0A5-7E89-4A6A-A361-662142D4C554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402

EmptyTemp:
End

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\System32\us008lm.dll
C:\WINDOWS\system32\spool\DRIVERS\x64\3\us008du.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Nebo na:
http://www.virscan.org/

Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

možná by bylo dobré zadat téma do sekce problém s HW.

Co Memtest?

[Kotik]

S provedením mám problém. FRST mi nejde spustit skript, při spuštění programu mi stále dokola probíhá okno o aktualizaci viz screen, a nejde to zastavit, nepomáhá ani OK ani křížek, ani restart.

Za další soubory v té složce vůbec neexistují, skryté složky, soubory jsem povolil, a nikde nenašel. Memtest jsem nechal 2h, bez erroru, zkusím ještě zítra jednou. Více jsem nestihl, přišel jsem dlouho z práce.
A v neposlední řadě tímto viz níže myslíš co? Co by to mohlo naznačovat?

Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

možná by bylo dobré zadat téma do sekce problém s HW.

[jaro3]

udělal si tohle správně:

Prosím, postupuj následujícím způsobem:
Otevřít poznámkový blok (Start => Všechny programy => Příslušenství => Poznámkový blok).
Prosím, zkopíruj do něj celý obsah níže.

(Můžeš použít funkci „vybrat vše“, klepni pravým tlačítkem myši na levé horní políčko v otevřeném poznámkovém bloku a zvol „ Vložit“).

Ulož jej na na plochu jako fixlist.txt


Spusťt FRST a stiskni tlačítko „Fix“ (Opravit) jen jednou a čekej.
Nástroj vypracuje log na ploše (Fixlog.txt), prosím zkopíruj sem celý jeho obsah.

a tohle si udělal:

+odškrtni zatržítko skrýt chráněné soubory operačního systému

?

[Kotik]

Přísahám bohu, že jsem to přesně tak vše udělal a nešlo...Teď jsem zkoušel znova a FRST proveden, i složky se objevily.
Jinak MemTest jsem nechal přes noc, běžel víc jak 8h, bylo tam přes 700% a bez chyb.

https://www.virustotal.com/cs/file/7636 ... 478286769/
https://www.virustotal.com/cs/file/46ef ... 478286939/

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Michal Kot (04-11-2016 20:06:50) Run:1
Running from C:\Users\Michal Kot\Desktop
Loaded Profiles: Michal Kot (Available Profiles: Michal Kot)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3301925586-152780995-2195207930-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
CHR HKU\S-1-5-21-3301925586-152780995-2195207930-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
C:\Users\Michal Kot\AppData\Local\00BD3B0A-007A-4C84-A7E2-8AA15722A313.aplzod
C:\Program Files (x86)\akdz8pdve0.dat
C:\ProgramData\Ament.ini
Task: {D6648101-743D-42B0-806E-FA14C5A24F4C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: {F642D0A5-7E89-4A6A-A361-662142D4C554} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-30] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402

EmptyTemp:
End
*****************

Processes closed successfully.
"HKU\S-1-5-21-3301925586-152780995-2195207930-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}" => key removed successfully
HKCR\CLSID\{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
"HKU\S-1-5-21-3301925586-152780995-2195207930-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => key removed successfully
C:\Users\Michal Kot\AppData\Local\00BD3B0A-007A-4C84-A7E2-8AA15722A313.aplzod => moved successfully
C:\Program Files (x86)\akdz8pdve0.dat => moved successfully
C:\ProgramData\Ament.ini => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D6648101-743D-42B0-806E-FA14C5A24F4C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6648101-743D-42B0-806E-FA14C5A24F4C}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F642D0A5-7E89-4A6A-A361-662142D4C554}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F642D0A5-7E89-4A6A-A361-662142D4C554}" => key removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
"C:\Users\Michal Kot\AppData\Local\Temp\_MEI68402" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 1124939 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 265722585 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 1160937 B
Edge => 384 B
Chrome => 636198739 B
Firefox => 33159267 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 22876 B
NetworkService => 2652 B
Michal Kot => 44470649 B

RecycleBin => 67587 B
EmptyTemp: => 936.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:07:03 ====

[Orcus]

Soubory čisté, FRST ok.

Stáhni si zde DelFix
https://toolslib.net/downloads/viewdownload/2-delfix/

ulož si soubor na plochu.
Poklepáním na ikonu spusť nástroj Delfix.exe
( Ve Windows Vista, Windows 7 a 8, musíš spustit soubor pravým tlačítkem myši -> Spustit jako správce .
V hlavním menu, zkontroluj tyto možnosti - Odstranění dezinfekce nástrojů (Remove desinfection tools) – Vyčistit body obnovy (Purge System Restore) .
Poté klikněte na tlačítko Spustit (Run) a nech nástroj dělat svoji práci.

Poté se zpráva se otevře (DelFix.txt). Vlož celý obsah zprávy sem. Jinak je zpráva zde: C: \ DelFix.txt

Za nás vše, můžeš označit jako vyřešené a přesunout se do HW sekce. Na viry to je čisté.

[Kotik]

Dobrá, děkuji moc za všechno!
Zkusím teda ještě tu HW sekci, poslední dva dny mi Wi-Fi nefunguje třeba jednou ze tří zapnutí.


# DelFix v1.013 - Logfile created 05/11/2016 at 10:23:01
# Updated 17/04/2016 by Xplode
# Username : Michal Kot - DESKTOP-I0G743D
# Operating System : Windows 10 Home (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\Michal Kot\Desktop\FRST-OlderVersion
Deleted : C:\zoek-results.log
Deleted : C:\Users\Michal Kot\Desktop\AdwCleaner.exe
Deleted : C:\Users\Michal Kot\Desktop\aswmbr.exe
Deleted : C:\Users\Michal Kot\Desktop\Fixlog.txt
Deleted : C:\Users\Michal Kot\Desktop\FRST64.exe
Deleted : C:\Users\Michal Kot\Desktop\JRT.exe
Deleted : C:\Users\Michal Kot\Desktop\MBR.dat
Deleted : C:\Users\Michal Kot\Desktop\RogueKillerX64.exe
Deleted : C:\Users\Michal Kot\Desktop\TFC.exe
Deleted : C:\Users\Michal Kot\Desktop\zoek.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Cleaning system restore ...

Deleted : RP #16 [Removed Apple Mobile Device Support | 10/26/2016 12:13:39]
Deleted : RP #17 [JRT Pre-Junkware Removal | 10/31/2016 17:12:03]
Deleted : RP #18 [Removed Sophos Virus Removal Tool. | 11/03/2016 18:19:50]

New restore point created !

########## - EOF - ##########