Nzev protokolu:Microsoft-Windows-AppModel-Runtime/Admin
Zdroj:         Microsoft-Windows-AppModel-Runtime
Datum:         17.11.2017 13:38:24
ID udlosti:   69
Kategorie lohy:Nen
rove:        Chyba
Klov slova: Process
Uivatel:      SYSTEM
Pota:       CAMprace
Popis:
Zmna stavu modulu AppModel Runtime pro balek Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe a uivatele CAMPRACE\PC selhala s chybou 0x490 (aktuln stav = 0x0, poadovan stav = 0x20).
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-AppModel-Runtime" Guid="{F1EF270A-0D32-4352-BA52-DBAB41E1D859}" />
    <EventID>69</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000001</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:38:24.348460200Z" />
    <EventRecordID>392</EventRecordID>
    <Correlation ActivityID="{5852BE24-5FA0-0003-FFCD-5258A05FD301}" />
    <Execution ProcessID="5376" ThreadID="1652" />
    <Channel>Microsoft-Windows-AppModel-Runtime/Admin</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="ErrorCode">1168</Data>
    <Data Name="PackageFullName">Microsoft.ZuneMusic_10.17085.22311.0_x64__8wekyb3d8bbwe</Data>
    <Data Name="User">S-1-5-21-4283329523-335918268-2077249598-1001</Data>
    <Data Name="DesiredStatus">32</Data>
    <Data Name="CurrentStatus">0</Data>
  </EventData>
</Event>

Nzev protokolu:Microsoft-Windows-User Device Registration/Admin
Zdroj:         Microsoft-Windows-User Device Registration
Datum:         17.11.2017 13:34:11
ID udlosti:   360
Kategorie lohy:Nen
rove:        Upozornn
Klov slova: 
Uivatel:      CAMPRACE\PC
Pota:       CAMprace
Popis:
Windows Hello for Business provisioning will not be launched. 
Device is AAD joined ( AADJ or DJ++ ): Not Tested 
User has logged on with AAD credentials: No 
Windows Hello for Business policy is enabled: Not Tested 
Local computer meets Windows hello for business hardware requirements: Not Tested 
User is not connected to the machine via Remote Desktop: Yes 
User certificate for on premise auth policy is enabled: Not Tested 
Machine is governed by none policy. 
See https://go.microsoft.com/fwlink/?linkid=832647 for more details.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-User Device Registration" Guid="{23B8D46B-67DD-40A3-B636-D43E50552C6D}" />
    <EventID>360</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:11.237485900Z" />
    <EventRecordID>92</EventRecordID>
    <Correlation />
    <Execution ProcessID="6568" ThreadID="6668" />
    <Channel>Microsoft-Windows-User Device Registration/Admin</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-21-4283329523-335918268-2077249598-1001" />
  </System>
  <EventData>
    <Data Name="Message">Windows Hello for Business provisioning will not be launched.</Data>
    <Data Name="DeviceIsJoined">Not Tested</Data>
    <Data Name="AADPrt">No</Data>
    <Data Name="NgcPolicyEnabled">Not Tested</Data>
    <Data Name="NgcHardwarePolicyMet">Not Tested</Data>
    <Data Name="UserIsRemote">Yes</Data>
    <Data Name="LogonCertRequired">Not Tested</Data>
    <Data Name="MachinePolicySource">none</Data>
  </EventData>
</Event>

Nzev protokolu:System
Zdroj:         Microsoft-Windows-DistributedCOM
Datum:         17.11.2017 13:34:10
ID udlosti:   10016
Kategorie lohy:Nen
rove:        Chyba
Klov slova: Klasick nastaven
Uivatel:      LOCAL SERVICE
Pota:       CAMprace
Popis:
Nastaven oprvnn specifick pro aplikaci neudluje oprvnn Mstn Aktivace pro serverovou aplikaci COM s identifiktorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uivateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomoc LRPC) bc v kontejneru aplikac Nen kdispozici  SID (Nen kdispozici). Toto oprvnn zabezpeen lze zmnit pomoc nstroje sprvy Sluba komponent.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:10.558583100Z" />
    <EventRecordID>15593</EventRecordID>
    <Correlation />
    <Execution ProcessID="624" ThreadID="1316" />
    <Channel>System</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="param1">specifick pro aplikaci</Data>
    <Data Name="param2">Mstn</Data>
    <Data Name="param3">Aktivace</Data>
    <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
    <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">LOCAL SERVICE</Data>
    <Data Name="param8">S-1-5-19</Data>
    <Data Name="param9">LocalHost (pomoc LRPC)</Data>
    <Data Name="param10">Nen kdispozici</Data>
    <Data Name="param11">Nen kdispozici</Data>
  </EventData>
</Event>

Nzev protokolu:System
Zdroj:         Microsoft-Windows-DistributedCOM
Datum:         17.11.2017 13:34:10
ID udlosti:   10016
Kategorie lohy:Nen
rove:        Chyba
Klov slova: Klasick nastaven
Uivatel:      LOCAL SERVICE
Pota:       CAMprace
Popis:
Nastaven oprvnn specifick pro aplikaci neudluje oprvnn Mstn Aktivace pro serverovou aplikaci COM s identifiktorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uivateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomoc LRPC) bc v kontejneru aplikac Nen kdispozici  SID (Nen kdispozici). Toto oprvnn zabezpeen lze zmnit pomoc nstroje sprvy Sluba komponent.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:10.553569700Z" />
    <EventRecordID>15592</EventRecordID>
    <Correlation />
    <Execution ProcessID="624" ThreadID="1316" />
    <Channel>System</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="param1">specifick pro aplikaci</Data>
    <Data Name="param2">Mstn</Data>
    <Data Name="param3">Aktivace</Data>
    <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
    <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">LOCAL SERVICE</Data>
    <Data Name="param8">S-1-5-19</Data>
    <Data Name="param9">LocalHost (pomoc LRPC)</Data>
    <Data Name="param10">Nen kdispozici</Data>
    <Data Name="param11">Nen kdispozici</Data>
  </EventData>
</Event>

Nzev protokolu:System
Zdroj:         Microsoft-Windows-DistributedCOM
Datum:         17.11.2017 13:34:10
ID udlosti:   10016
Kategorie lohy:Nen
rove:        Chyba
Klov slova: Klasick nastaven
Uivatel:      LOCAL SERVICE
Pota:       CAMprace
Popis:
Nastaven oprvnn specifick pro aplikaci neudluje oprvnn Mstn Aktivace pro serverovou aplikaci COM s identifiktorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uivateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomoc LRPC) bc v kontejneru aplikac Nen kdispozici  SID (Nen kdispozici). Toto oprvnn zabezpeen lze zmnit pomoc nstroje sprvy Sluba komponent.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:10.550561500Z" />
    <EventRecordID>15591</EventRecordID>
    <Correlation />
    <Execution ProcessID="624" ThreadID="2840" />
    <Channel>System</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="param1">specifick pro aplikaci</Data>
    <Data Name="param2">Mstn</Data>
    <Data Name="param3">Aktivace</Data>
    <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
    <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">LOCAL SERVICE</Data>
    <Data Name="param8">S-1-5-19</Data>
    <Data Name="param9">LocalHost (pomoc LRPC)</Data>
    <Data Name="param10">Nen kdispozici</Data>
    <Data Name="param11">Nen kdispozici</Data>
  </EventData>
</Event>

Nzev protokolu:System
Zdroj:         Microsoft-Windows-DistributedCOM
Datum:         17.11.2017 13:34:10
ID udlosti:   10016
Kategorie lohy:Nen
rove:        Chyba
Klov slova: Klasick nastaven
Uivatel:      LOCAL SERVICE
Pota:       CAMprace
Popis:
Nastaven oprvnn specifick pro aplikaci neudluje oprvnn Mstn Aktivace pro serverovou aplikaci COM s identifiktorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uivateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomoc LRPC) bc v kontejneru aplikac Nen kdispozici  SID (Nen kdispozici). Toto oprvnn zabezpeen lze zmnit pomoc nstroje sprvy Sluba komponent.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="0">10016</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:10.546550600Z" />
    <EventRecordID>15590</EventRecordID>
    <Correlation />
    <Execution ProcessID="624" ThreadID="1316" />
    <Channel>System</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-19" />
  </System>
  <EventData>
    <Data Name="param1">specifick pro aplikaci</Data>
    <Data Name="param2">Mstn</Data>
    <Data Name="param3">Aktivace</Data>
    <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data>
    <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data>
    <Data Name="param6">NT AUTHORITY</Data>
    <Data Name="param7">LOCAL SERVICE</Data>
    <Data Name="param8">S-1-5-19</Data>
    <Data Name="param9">LocalHost (pomoc LRPC)</Data>
    <Data Name="param10">Nen kdispozici</Data>
    <Data Name="param11">Nen kdispozici</Data>
  </EventData>
</Event>

Nzev protokolu:Microsoft-Windows-Kernel-EventTracing/Admin
Zdroj:         Microsoft-Windows-Kernel-EventTracing
Datum:         17.11.2017 13:34:06
ID udlosti:   2
Kategorie lohy:Session
rove:        Chyba
Klov slova: Session
Uivatel:      SYSTEM
Pota:       CAMprace
Popis:
Relaci  se nepodailo spustit, protoe dolo k nsledujc chyb: 0xC000003A.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>2</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>2</Task>
    <Opcode>12</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:06.326711100Z" />
    <EventRecordID>86</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="324" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">
    </Data>
    <Data Name="FileName">
    </Data>
    <Data Name="ErrorCode">3221225530</Data>
    <Data Name="LoggingMode">2424307714</Data>
  </EventData>
</Event>

Nzev protokolu:Microsoft-Windows-Kernel-EventTracing/Admin
Zdroj:         Microsoft-Windows-Kernel-EventTracing
Datum:         17.11.2017 13:34:06
ID udlosti:   1
Kategorie lohy:Logging
rove:        Upozornn
Klov slova: Session
Uivatel:      SYSTEM
Pota:       CAMprace
Popis:
Zlon soubor pro relaci v relnm ase DefenderApiLogger doshl maximln velikosti. Vsledkem je, e ne bude dostupn msto, nebudou pro tuto relaci protokolovny nov udlosti. Pinou tto chyby asto bv sputn relace trasovn v relnm ase, ani by existovali spotebitel v relnm ase.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Kernel-EventTracing" Guid="{B675EC37-BDB6-4648-BC92-F3FDC74D3CA2}" />
    <EventID>1</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1</Task>
    <Opcode>10</Opcode>
    <Keywords>0x8000000000000010</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:06.236623000Z" />
    <EventRecordID>85</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="116" />
    <Channel>Microsoft-Windows-Kernel-EventTracing/Admin</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="SessionName">DefenderApiLogger</Data>
    <Data Name="ErrorCode">3221225864</Data>
    <Data Name="LoggingMode">411042176</Data>
  </EventData>
</Event>

Nzev protokolu:System
Zdroj:         Microsoft-Windows-Directory-Services-SAM
Datum:         17.11.2017 13:34:05
ID udlosti:   16953
Kategorie lohy:Nen
rove:        Chyba
Klov slova: 
Uivatel:      SYSTEM
Pota:       CAMprace
Popis:
Nepodailo se zavst knihovnu DLL oznmen o heslech C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter kvli chyb 126. Ovte, zda cesta ke knihovn DLL oznmen definovan v registru (HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages) odkazuje na sprvnou absolutn cestu (<jednotka>:\<cesta>\<nzev_souboru>.<ppona>). Pokud je cesta ke knihovn DLL sprvn, ovte, zda jsou ve stejnm adresi umstny vechny podprn soubory a zda m systmov et pstup pro ten k cest knihovny DLL i vem podprnm souborm. O dal podporu mete podat poskytovatele knihovny DLL oznmen. Podrobnj informace najdete na adrese http://go.microsoft.com/fwlink/?LinkId=245898.
Kd XML udlosti:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Directory-Services-SAM" Guid="{0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE}" />
    <EventID>16953</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2017-11-17T12:34:05.939409000Z" />
    <EventRecordID>15577</EventRecordID>
    <Correlation ActivityID="{5852BE24-5FA0-0002-93BE-5258A05FD301}" />
    <Execution ProcessID="808" ThreadID="812" />
    <Channel>System</Channel>
    <Computer>CAMprace</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData Name="SAMMSG_NOTIFICATION_PACKAGE_REGISTRATION_FAILED">
    <Data Name="NotificationPackage:">C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter</Data>
    <Data Name="Registry key:">HKLM\System\CurrentControlSet\Control\Lsa\</Data>
    <Data Name="Registry value:">Notification Packages</Data>
    <Data Name="Error code:">126</Data>
  </EventData>
</Event>