﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Petra (2016-04-21 19:20:38)
Running from C:\Users\Petra Svarcova\Desktop
Windows 10 Enterprise (X64) (2016-02-12 20:37:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3727496388-735248901-704022088-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3727496388-735248901-704022088-503 - Limited - Disabled)
Guest (S-1-5-21-3727496388-735248901-704022088-501 - Limited - Disabled)
Petra (S-1-5-21-3727496388-735248901-704022088-1001 - Administrator - Enabled) => C:\Users\Petra Svarcova
WmsControl (S-1-5-21-3727496388-735248901-704022088-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.374.1 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.374.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.260 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
ESET NOD32 Antivirus (HKLM\...\{AECC8921-23AC-4056-9953-205D83BFF65E}) (Version: 9.0.374.1 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 77 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Kaspersky Security Scan (HKLM-x32\...\InstallWIX_{D1282694-0693-41A8-ABC1-6D1FFC1F65C5}) (Version: 16.0.0.1344 - Kaspersky Lab)
Kaspersky Security Scan (x32 Version: 16.0.0.1344 - Kaspersky Lab) Hidden
K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)
Microsoft Office Professional Plus 2016 - cs-cz (HKLM\...\ProPlusRetail - cs-cz) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Project Professional 2016 - cs-cz (HKLM\...\ProjectProRetail - cs-cz) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Visio Professional 2016 - cs-cz (HKLM\...\VisioProRetail - cs-cz) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 cs) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 cs)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 2016  KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016  KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Podpora aplikací Apple (32bitová) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Podpora aplikací Apple (64bitová) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.3 - Power Software Ltd)
Product Key Reader version 1.0.2 (HKLM-x32\...\{110E5E44-03D5-4123-914B-AAA9B821C52A}_is1) (Version: 1.0.2 - Seriennummern.org)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 2.2.9.10728 - Medixant)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.0.0 - Azureus Software, Inc.)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
WinZip 20.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240EF}) (Version: 20.0.11659 - WinZip Computing, S.L. )
XMind 7 (Update 1) (v3.6.1) (HKLM-x32\...\XMind_is1) (Version: 3.6.1.201512240104 - XMind Ltd.)
Zoner Photo Studio 13 (HKLM\...\ZonerPhotoStudio13_CZ_is1) (Version: 13.0.1.3 - ZONER software)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3727496388-735248901-704022088-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Petra Svarcova\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3727496388-735248901-704022088-1001_Classes\CLSID\{BCAFD618-3FAE-4EFE-BF4E-4C43A7E1320B}\InprocServer32 -> C:\Program Files\Zoner\Photo Studio 13\Program64\SHELLEXT.DLL (ZONER software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {127E2569-49E7-45F2-A68A-E776FCBF3780} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {20E19587-B9BB-4D64-B07D-971BD0496F2D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-12] (Realtek Semiconductor)
Task: {2D38A668-39FB-43FF-90C0-5429BFA8F656} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-11] (Piriform Ltd)
Task: {3CED1C00-7D7C-414F-A8B9-CE023A4CDF2A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4200FC4B-5AFB-4457-B81B-DF8E536A37D8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {49F2E8F3-C74F-4130-8317-A831EF64E1F2} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2016-02-12] ()
Task: {4EC2DEFE-28F9-4A9D-9DFD-F5FFDEBEAAD0} - System32\Tasks\R@1n-KMS\Office16ProjectPro => wmic
Task: {648F0D37-EF9A-4C1A-B33D-C7A48E018DA8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {6C655D30-CD44-49AC-B502-833509822D8C} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2016-01-29] ()
Task: {7304C921-E839-47BF-932A-75C69939C3D9} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {7FD0418B-7F62-4006-B9A8-AE2FC52D8605} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-12] (Google Inc.)
Task: {87E564D7-F71D-408F-9AF8-81874EF83329} - System32\Tasks\R@1n-KMS\Office16ProPlus => wmic
Task: {90875CD7-4458-4A10-98FD-15FFB8361E47} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {A15F9F81-193A-4FAB-B70C-2442D65B6025} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {B71A3A63-BBB7-4BDB-B816-C043F2E68906} - System32\Tasks\AutoPico Daily Restart => C:\Users\PETRAS~1\AppData\Local\Temp\RarSFX0\AutoPico.exe <==== ATTENTION
Task: {BD7CA7D8-6ECC-44FC-862A-D0A4231D3744} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {CA2261F8-50CD-41B6-BB56-903DA2DDEA09} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {CFBD563B-C032-474B-8AFD-D91F4878CCA8} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {D1B7D9AF-00D6-4ADB-98B6-D236FFF3AA46} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {F7C4E269-D156-4867-8945-6F9C771EB5EA} - System32\Tasks\R@1n-KMS\Office16VisioPro => wmic
Task: {FA31C5AD-C142-468E-9709-828D6BB89C09} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-02-12] (Realtek Semiconductor)
Task: {FAA1F3A9-E023-4DDA-AA22-916DFC8F557B} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_213_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 13:00 - 2015-07-10 13:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-02-12 15:52 - 2015-07-15 04:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 19:38 - 2015-12-17 19:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-12 15:51 - 2015-08-11 11:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2016-02-12 18:36 - 2016-02-12 18:36 - 00026112 _____ () C:\Windows\KMS-R@1n.exe
2016-02-12 16:49 - 2016-04-03 04:34 - 00172224 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-04-13 17:06 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-12 22:41 - 2016-02-12 22:41 - 00413624 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-04-13 17:06 - 2016-03-16 06:55 - 02495768 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-12 15:50 - 2015-09-17 07:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-12 15:52 - 2015-11-25 06:20 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-12 15:52 - 2015-11-25 06:17 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-12 15:52 - 2015-11-25 06:17 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-12 15:52 - 2015-09-17 07:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 13:00 - 2015-07-10 15:28 - 00210432 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2016-02-12 18:36 - 2016-02-12 18:36 - 00005120 _____ () C:\WINDOWS\KMS-R@1nHook.exe
2016-02-12 18:36 - 2016-02-12 18:36 - 00004096 _____ () C:\WINDOWS\KMS-R@1nHook.dll
2015-12-15 13:38 - 2015-12-15 13:38 - 00326112 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\dblite.dll
2015-10-27 16:44 - 2015-10-27 16:44 - 00404952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\ipm_service.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 45077376 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libcef.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 01650560 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libglesv2.dll
2015-12-15 13:45 - 2015-12-15 13:45 - 00082304 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WmsSelfHealing => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WmsSelfHealing => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2016-02-12 17:59 - 00001224 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   lmlicenses.wip4.adobe.com
127.0.0.1                   lm.licenses.adobe.com
127.0.0.1                   na1r.services.adobe.com
128.199.121.125                  onhax.net
128.199.121.125                  www.onhax.net
127.0.0.1                   hlrcv.stage.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3727496388-735248901-704022088-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Petra Svarcova\Pictures\Saved Pictures\barb09_vystaviste.jpg
DNS Servers: 93.153.117.1 - 93.153.117.33
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{141A1C6E-74A9-43CC-B73C-6F41A8CC21BA}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{BFFF783E-E80E-4DC4-8AEE-3B9642E2485D}] => (Allow) C:\Program Files\Vuze\Azureus.exe
FirewallRules: [{6003BD92-9CF3-4C9A-ABF6-12D6EBD6792D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{459F198B-FE6B-4745-9E40-F1D7F94AE93F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C703FF3D-44E8-48F1-B5B9-47AABA69BBF8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2699437-FB2F-4225-97D7-1B0CB6766D9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6BDB6CF6-F8FE-43C2-948F-B2CFA7135CFF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{927EE193-CCFA-4A3D-BC30-C03F8B91EFFD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4AC401FC-2270-40DA-BC11-25609C0451D7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{73539CE3-5AE6-49AE-A8B5-E676F9C22F00}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe
FirewallRules: [{80E82E5E-8C68-4505-BDEF-FCEAD1D7707D}] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [WMS-Service] => (Allow) %ProgramFiles%\Windows MultiPoint Server\Wmssvc.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [WMS-Session-Agent] => (Allow) %ProgramFiles%\Windows MultiPoint Server\WmsSessionAgent.exe
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{1176BCF7-1733-4630-93F5-A46DFF2BA495}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E3CD1D28-D17E-47D0-AC06-6E15CC7BC43A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6C83680C-EB17-4DB8-A41F-7C9ED721920D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{0EC3A8ED-6A73-49E2-96FB-8D9F2E47C52E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{D89DBD4E-F91F-41FE-A68B-B61F1C86C0A9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{83D4E0CB-3A7B-4642-B833-102B7481DD87}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{7CB133B7-2296-4360-B171-27D77D8AE3D1}] => (Allow) C:\Windows\KMS-R@1n.exe
FirewallRules: [{1100871F-4AB1-4229-8860-02A8FFBFBE87}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C1D81032-E085-4626-A333-126D83EC0AA6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{032AB0C2-1EFA-4ED3-8D49-BEBA2744AED6}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe
FirewallRules: [{5D227F62-7BC3-4E51-85DB-CB5F7988B270}] => (Allow) C:\WINDOWS\AutoKMS\AutoKMS.exe

==================== Restore Points =========================

03-04-2016 12:03:17 Scheduled Checkpoint
12-04-2016 21:27:38 Scheduled Checkpoint
16-04-2016 17:32:41 F-Secure Ultralight updated

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/21/2016 07:11:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoKMS.exe, verze: 2.6.0.0, časové razítko: 0x562603f9
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10240.16766, časové razítko: 0x56e8d499
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000002a1c8
ID chybujícího procesu: 0x1688
Čas spuštění chybující aplikace: 0xAutoKMS.exe0
Cesta k chybující aplikaci: AutoKMS.exe1
Cesta k chybujícímu modulu: AutoKMS.exe2
ID zprávy: AutoKMS.exe3
Úplný název chybujícího balíčku: AutoKMS.exe4
ID aplikace související s chybujícím balíčkem: AutoKMS.exe5

Error: (04/21/2016 07:11:21 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..(System.String)
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(Boolean, ., System.String, System.String, Boolean, Int32, System.String, Boolean, Boolean, System.String, System.String, Boolean, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (04/21/2016 06:19:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1UJSR1)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/21/2016 03:18:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1UJSR1)
Description: Aplikaci microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 se nepovedlo aktivovat, protože došlo k chybě: -2147009284. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/21/2016 02:46:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoKMS.exe, verze: 2.6.0.0, časové razítko: 0x562603f9
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10240.16766, časové razítko: 0x56e8d499
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000002a1c8
ID chybujícího procesu: 0x12fc
Čas spuštění chybující aplikace: 0xAutoKMS.exe0
Cesta k chybující aplikaci: AutoKMS.exe1
Cesta k chybujícímu modulu: AutoKMS.exe2
ID zprávy: AutoKMS.exe3
Úplný název chybujícího balíčku: AutoKMS.exe4
ID aplikace související s chybujícím balíčkem: AutoKMS.exe5

Error: (04/21/2016 02:46:43 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..(System.String)
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(Boolean, ., System.String, System.String, Boolean, Int32, System.String, Boolean, Boolean, System.String, System.String, Boolean, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (04/20/2016 10:43:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1UJSR1)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (04/20/2016 10:06:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoKMS.exe, verze: 2.6.0.0, časové razítko: 0x562603f9
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10240.16766, časové razítko: 0x56e8d499
Kód výjimky: 0xe0434352
Posun chyby: 0x000000000002a1c8
ID chybujícího procesu: 0x1da8
Čas spuštění chybující aplikace: 0xAutoKMS.exe0
Cesta k chybující aplikaci: AutoKMS.exe1
Cesta k chybujícímu modulu: AutoKMS.exe2
ID zprávy: AutoKMS.exe3
Úplný název chybujícího balíčku: AutoKMS.exe4
ID aplikace související s chybujícím balíčkem: AutoKMS.exe5

Error: (04/20/2016 10:06:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AutoKMS.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
Stack:
   at System.IO.__Error.WinIOError(Int32, System.String)
   at System.IO.FileInfo.Delete()
   at ..(System.String)
   at ..()
   at ..(., System.String, Boolean, System.String, Int32, System.String, System.String, Boolean, Boolean, Boolean, Boolean, Boolean, Boolean, System.String, System.String)
   at ..(Boolean, ., System.String, System.String, Boolean, Int32, System.String, Boolean, Boolean, System.String, System.String, Boolean, Boolean, Boolean)
   at ..(.)
   at ..()

Error: (04/19/2016 10:30:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-N1UJSR1)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (04/21/2016 06:19:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-N1UJSR1)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (04/21/2016 06:19:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Access_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (04/21/2016 06:19:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Storage_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (04/21/2016 06:19:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Contact Data_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (04/21/2016 06:19:16 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Sync Host_Session2 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (04/21/2016 03:18:09 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-N1UJSR1)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6568.46361.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server193microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mcaUnavailableUnavailable

Error: (04/21/2016 02:39:19 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Při čekání na odezvu transakce služby ekrn bylo dosaženo časového limitu (30000 ms).

Error: (04/20/2016 10:43:07 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-N1UJSR1)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca

Error: (04/20/2016 10:43:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Access_Session3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.

Error: (04/20/2016 10:43:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba User Data Storage_Session3 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-04-21 19:20:44.551
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:20:44.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:16:51.286
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:16:51.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:16:20.718
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:16:20.704
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:15:50.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:15:50.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:15:39.758
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-21 19:15:39.726
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 51%
Total physical RAM: 3998.71 MB
Available physical RAM: 1919.5 MB
Total Virtual: 4702.71 MB
Available Virtual: 2411.15 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465 GB) (Free:214.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (VOJTA_FLASH) (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: A055124B)

Partition: GPT.

========================================================
Disk: 1 (Size: 3.8 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=3.8 GB) - (Type=0B)

==================== End of Addition.txt ============================