Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-06-2017
Ran by mail (11-06-2017 17:21:47)
Running from C:\Users\mail\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-05 03:10:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2200813541-2259368652-2116505398-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2200813541-2259368652-2116505398-503 - Limited - Disabled)
Guest (S-1-5-21-2200813541-2259368652-2116505398-501 - Limited - Disabled)
mail (S-1-5-21-2200813541-2259368652-2116505398-1001 - Administrator - Enabled) => C:\Users\mail

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-2200813541-2259368652-2116505398-1001\...\HearthstoneDeckTracker) (Version: 1.3.5 - HearthSim)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6503.0 - IDT)
League of Legends (HKLM-x32\...\League of Legends 4.2.1) (Version: 4.2.1 - Riot Games)
League of Legends (x32 Version: 4.2.1 - Riot Games) Hidden
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10230 - Realtek Semiconductor Corp.)
Lenovo Service Bridge (HKU\S-1-5-21-2200813541-2259368652-2116505398-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 4.0.5.2 - Lenovo)
Lenovo System Interface Foundation (HKLM\...\{C2E5CA37-C862-4A69-AC6D-24F450A20C16}) (Version: 1.0.076.00 - Lenovo)
Microsoft OneDrive (HKU\S-1-5-21-2200813541-2259368652-2116505398-1001\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 53.0.3 (x86 cs) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 cs)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0.3 - Mozilla)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.104.210.0 - Overwolf Ltd.)
Overwolf.Setup.VC100CRTx64.Dist (HKLM\...\{EC9D5554-6852-4A55-81BB-AC02C7A8CFED}) (Version: 1.0.0 - Overwolf)
Overwolf.Setup.VC100CRTx86.Dist (x32 Version: 1.0.0 - Overwolf) Hidden
Ovládací panel NVIDIA 382.33 (Version: 382.33 - NVIDIA Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\Windows\SYSTEM32\inputhost.dll
2016-11-02 00:05 - 2016-11-02 00:05 - 00401896 _____ () C:\Windows\system32\igfxTray.exe
2017-03-18 22:59 - 2017-03-20 06:45 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 12:30 - 2017-06-08 12:30 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-08 12:30 - 2017-06-08 12:30 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-08 12:30 - 2017-06-08 12:30 - 43318784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-08 12:30 - 2017-06-08 12:30 - 02427904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-05 14:31 - 2017-06-05 14:32 - 10601984 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-05 14:31 - 2017-06-05 14:32 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-05 14:31 - 2017-06-05 14:32 - 00765440 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-11 17:19 - 2017-06-11 17:19 - 00029696 _____ () C:\Users\mail\AppData\Local\MSGBOX.EXE

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-06-05 01:49 - 2017-06-05 01:45 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2200813541-2259368652-2116505398-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.94.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D9B19D10-F6F3-4F2F-8248-6039B4476463}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E768945E-CAB9-4CCE-B813-F7DC03A21A18}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{755102E9-7533-4259-B207-9CFA624B6D07}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{9EFBBE81-F64F-4A7D-9E88-21AD935CC27B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe

==================== Restore Points =========================

05-06-2017 14:02:38 Nainstalováno: Microsoft Visual C++ 2005 Redistributable (x64)
11-06-2017 02:52:01 Driver Booster : Alcor Micro USB 2.0 Card Reader

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/09/2017 10:35:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program Hearthstone.exe verze 8.2.0.19506 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 598

Čas spuštění: 01d2e14659cf6592

Čas ukončení: 8

Cesta k aplikaci: C:\Program Files (x86)\Hearthstone\Hearthstone.exe

ID hlášení: e17ece7e-03b5-4af7-a7af-5fe49366df4b

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (06/06/2017 01:52:43 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Systém Windows nemůže načíst knihovnu DLL rozšiřitelných čítačů rdyboost. První čtyři bajty (DWORD) datové sekce obsahují kód chyby systému Windows.

Error: (06/06/2017 01:52:43 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Procedura Open pro službu BITS v knihovně DLL C:\Windows\System32\bitsperf.dll se nezdařila. Výkonnostní data pro tuto službu nebudou k dispozici. Vrácený kód stavu představují první čtyři bajty (DWORD) datové části.

Error: (06/05/2017 10:55:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EEC3P4E)
Description: Balíček Microsoft.WindowsStore_11703.1001.45.0_x64__8wekyb3d8bbwe+App se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/05/2017 06:47:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EEC3P4E)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{000b1401-0001-0000-2f0f-6b0200000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/05/2017 06:47:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EEC3P4E)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00071402-0001-0000-2f0f-6b0200000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/05/2017 06:47:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EEC3P4E)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00031403-0001-0000-2f0f-6b0200000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/05/2017 06:47:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-EEC3P4E)
Description: Balíček Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe+ContentProcess#{00081401-0001-0000-2f0f-6b0200000000} se ukončil, protože jeho pozastavování trvalo moc dlouho.

Error: (06/05/2017 02:59:08 PM) (Source: COM) (EventID: 10031) (User: )
Description: Při zrušení zařazení vlastního zařazeného objektu byla provedena kontrola zásad zrušení zařazení a třída {41FD88F7-F295-4D39-91AC-A85F3149A05B} byla odmítnuta.

Error: (06/05/2017 02:47:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EEC3P4E)
Description: Aplikaci Microsoft.BingWeather_8wekyb3d8bbwe!App se nepovedlo aktivovat, protože došlo k chybě: -2144927148. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.


System errors:
=============
Error: (06/11/2017 01:33:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/11/2017 01:33:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (06/11/2017 01:33:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba CldFlt neuspěla při spuštění v důsledku následující chyby: 
Požadavek není podporován.

Error: (06/11/2017 01:31:58 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě: 
Instance této služby je již spuštěna.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SynTPEnh Caller Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Intel Bluetooth Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/11/2017 01:31:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba SuperBoost Software Updater byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
  Date: 2017-06-11 14:49:38.822
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_ed616d55e0bead92\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-07 10:49:18.400
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_ed616d55e0bead92\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-06-06 13:34:01.547
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_ed616d55e0bead92\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 35%
Total physical RAM: 8116.27 MB
Available physical RAM: 5248.95 MB
Total Virtual: 9396.27 MB
Available Virtual: 6295.43 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889 GB) (Free:817.05 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C201B125)

Partition: GPT.

==================== End of Addition.txt ============================