VIRY.CZ

Prosím o pomoc, brutálně se mi zpomalil notebook a nevím si rady.

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Liba (2016-08-14 18:55:23)
Running from C:\Users\Liba\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-21 03:08:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-884147705-2334425009-4275635490-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-884147705-2334425009-4275635490-503 - Limited - Disabled)
Guest (S-1-5-21-884147705-2334425009-4275635490-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-884147705-2334425009-4275635490-1002 - Limited - Enabled)
Liba (S-1-5-21-884147705-2334425009-4275635490-1000 - Administrator - Enabled) => C:\Users\Liba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.351.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.376.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Ultimate 9 (64-bit) (HKLM\...\{97EE2327-B39E-429C-970B-0DB6CBBEC8E1}) (Version: 9.1.0.580 - ACD Systems International Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Aspell 0.6 Dictionary (Language: cs) (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\Aspell6-Dictionary-cs) (Version: - )
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)
ESET NOD32 Antivirus (HKLM\...\{6EF8A223-95F9-489E-98F6-BCC73DC3C5A4}) (Version: 9.0.351.2 - ESET, spol. s r.o.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Infix PDF Editor verze 6.1.3.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.1.3.0 - Iceni Technology)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.10.1005 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Lenovo Service Bridge (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Lighten PDF to Word Converter version 4.0.0 (HKLM-x32\...\{69923533-5E62-4B8C-95B5-9FF8365DE139}_is1) (Version: 4.0.0 - Lighten Software Limited)
Malwarebytes Anti-Malware verze 1.80.2.1012 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.80.2.1012 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - čeština (HKLM\...\{90150000-00BD-0405-1000-0000000FF1CE}) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 Language Pack (KB2817427) 64-Bit Edition (Version: - Microsoft) Hidden
SnapPea (HKLM-x32\...\Wandoujia2) (Version: - Wandou Labs)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.25.0 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Liba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02755DDC-9B06-43AC-8E43-9636C3C99E5C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0FE56368-B434-45A7-B34D-90D394D198B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {163DA717-AD23-4263-87B4-D21AD7520FEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1BA31C99-8B11-42C7-8735-2E0F514E0FA6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2446D35E-BC5D-4A4E-95A7-37C82A611E3A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15]
Task: {2B32CC5F-0EA5-48E7-87A1-33E7E9FC4F1A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {33A0A211-25DE-47D0-ABA6-687B7201A51B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Liba-PC-Liba Liba-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {34EAB48D-D38D-400D-ADC6-DF9E124000AA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording]
Task: {35D447D9-248F-4333-809E-D97F289BA056} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
Task: {425B285A-714F-4E96-8D5D-C71C18590166} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core1d1ebc06afd7527 => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {47FA68C8-7A2B-4CA2-9FC5-A027BB6002F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {4FFF7F5F-CCDF-461C-8D83-EF986874E877} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5162C871-764B-4AFB-99CA-8FCB27D61289} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {5FD76754-69DC-4D5B-A8DE-1E48AA3D4E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {5FF110AA-CBCF-4F26-BC09-476C07C4AECD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {67336318-2268-462C-8AFE-043541BC86C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {710CDC17-20E7-49C5-8229-57836AFFED18} - System32\Tasks\{E794A137-8467-4FE5-964F-A92797126B6C} => pcalua.exe -a C:\Users\Liba\Desktop\IN3VDO13WW6.exe -d C:\Users\Liba\Desktop
Task: {77CBC0B7-B314-4C0A-B4DB-BF92D216BCDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {7BE8AF00-1D57-430A-939F-5609248609B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7F609DC1-4215-41E4-B95D-A7DD1118A5B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA1d1ebc06b25859a => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {85993300-5845-4550-B50E-6E90988961DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8792EBC0-75B0-4983-B733-8B93F942A41E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {881C8AC6-C41C-4852-A0A7-C3CF19ABD83B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8FF32CB2-33D0-462E-A4C3-D13475E28E24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {94CD6ABC-C93F-4636-AC8E-222B04140297} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {96138370-EAF8-4C67-961C-65C9F6FB6C04} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {963C9DB0-B0DA-4A5E-B1A3-C1E283326FBC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9AC2CF18-4F88-4F14-A4F0-438391CEB0DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {B338A8A0-5937-42C2-98D2-A3F6137BAC68} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B4AD07FE-4C4D-4651-92BD-D0C020522132} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)]
Task: {C4CF88AB-6550-4204-A1BD-F1E7B705B6A1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4ECD358-189F-4E29-9A80-4D298349AF30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C5A4EAD2-B68E-4C66-95E7-BD645061D061} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D6B53174-2DC5-4DFD-A6BE-D0FF2D88E184} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DD35E340-E8E9-426D-9132-A75A9BFF43A5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DDC4A3C2-04FC-40A6-93B9-4004F449BC03} - \Lenovo\Lenovo Service Bridge\S-1-5-21-884147705-2334425009-4275635490-1000 -> No File <==== ATTENTION
Task: {DF183CE8-66C3-4E04-BF9D-DA48C5AF681A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E76E44A5-ABFC-4678-86EF-ECAB2C327CD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {EB635736-19F5-4399-942E-9347C8DCC73A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording]
Task: {F2F34DDB-C347-4DDD-BD51-372E0C8025AD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core1d1ebc06afd7527.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA1d1ebc06b25859a.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-21 09:00 - 2016-07-21 09:00 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-21 09:00 - 2016-07-21 09:00 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-21 05:15 - 2016-07-21 05:15 - 00959168 _____ () C:\Users\Liba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-25 08:17 - 2016-07-25 08:18 - 00017920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-07-25 08:17 - 2016-07-25 08:18 - 13105152 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-25 08:17 - 2016-07-25 08:18 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-07-25 08:17 - 2016-07-25 08:18 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 00258944 _____ () C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
2015-10-30 09:18 - 2015-10-30 09:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-07-21 09:01 - 2016-07-21 09:01 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 01139072 _____ () C:\Program Files (x86)\WandouLabs\adb_dev.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 37930368 _____ () C:\Program Files (x86)\WandouLabs\core.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll
2016-07-21 05:15 - 2016-07-21 05:15 - 00679624 _____ () C:\Users\Liba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2012-10-01 21:37 - 2012-10-01 21:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-12-21 13:12 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Liba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Liba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderUltimate9 => C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
MSCONFIG\startupreg: ACUW09EN => "C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{FA6D4A69-02BE-41B3-81A7-3CC31DB7D975}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{6588B4E5-D239-471D-93DE-79F8FD62B788}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{43C2F9D7-753A-4DE4-AA92-E8A8F0E565DC}] => (Allow) LPort=1688
FirewallRules: [{87208200-BC0B-4031-AA15-74D15F9468D5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{28385331-E1CF-456E-B1D3-7DA133EB474F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5A3A2D96-BC63-46F5-A06A-7A6380886C59}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7008C6D6-A692-4BD5-AE51-E1DF2CDF969B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C79BF6FC-2D22-443D-BA2C-21B733BE891B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B8EDDAAB-CD03-4151-9F4B-7567AFFACA98}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [UDP Query User{5604D054-B233-4E07-B3E4-267DCAA2707C}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{46845708-0D7F-49BD-9BEC-E64B0303592E}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A90F5B6E-2786-4D38-8E98-F9D0E9278C87}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BA2ACD83-CA5A-40D7-B4A1-B58AB0A7CC02}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BA933B39-EC83-4C8B-A974-9FA14D9E7585}] => (Allow) C:\Users\Liba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{91C779BA-6785-4FFB-B92A-E76827E23A55}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{7F4D4457-0D3B-4094-AA6E-ED75FBAB5273}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{94E54696-4117-4A89-AD10-43BED82EBA46}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9BFE2E5A-8518-49B9-A5FB-B03CC0137681}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{B1248301-0763-440E-AEF3-050C169A7C37}] => (Allow) C:\Program Files (x86)\WandouLabs\Wandoujia2.exe
FirewallRules: [UDP Query User{BCA66B9D-C3D3-4612-B833-DF8203909B49}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B771D1D4-65D7-4CF7-BAB6-FC0030BD553F}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{399B3653-6D89-473F-80EB-ED753AADAB53}C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe] => (Allow) C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe
FirewallRules: [UDP Query User{FB11D120-B4D4-4020-9ADA-9E0945E0616E}C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe] => (Allow) C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe
FirewallRules: [{8A9E8827-28EA-458F-94EA-5A67BDD04D99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/14/2016 05:30:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoPico.exe, verze: 12.3.0.0, časové razítko: 0x53b06ef5
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.494, časové razítko: 0x5775e4c5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000071f28
ID chybujícího procesu: 0x13a8
Čas spuštění chybující aplikace: 0xAutoPico.exe0
Cesta k chybující aplikaci: AutoPico.exe1
Cesta k chybujícímu modulu: AutoPico.exe2
ID zprávy: AutoPico.exe3
Úplný název chybujícího balíčku: AutoPico.exe4
ID aplikace související s chybujícím balíčkem: AutoPico.exe5

Error: (08/14/2016 05:30:11 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: AutoPico.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Net.Sockets.SocketException
na System.Net.Sockets.Socket.EndReceive(System.IAsyncResult)
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)

Informace o výjimce: System.IO.IOException
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)
na AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult)
na System.Net.LazyAsyncResult.Complete(IntPtr)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.ContextAwareResult.Complete(IntPtr)
na System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
na System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (08/09/2016 11:39:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Liba-PC)
Description: Aplikaci Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen se nepovedlo aktivovat, protože došlo k chybě: -2144927142. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/09/2016 11:39:24 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program LockApp.exe verze 0.0.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1884

Čas spuštění: 01d1f18784b4c185

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

ID hlášení: 216dbce2-5e15-11e6-a91a-90004ef5ab17

Úplný název balíčku s chybou: Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy

ID aplikace související s balíčkem s chybou: WindowsDefaultLockScreen

Error: (08/08/2016 07:27:13 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Liba-PC)
Description: Aplikaci Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/05/2016 08:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: wandoujia_helper.exe, verze: 0.0.0.0, časové razítko: 0x53a1621f
Název chybujícího modulu: ntdll.dll, verze: 10.0.10586.306, časové razítko: 0x571afb7f
Kód výjimky: 0xc0000374
Posun chyby: 0x000dc7c9
ID chybujícího procesu: 0x145c
Čas spuštění chybující aplikace: 0xwandoujia_helper.exe0
Cesta k chybující aplikaci: wandoujia_helper.exe1
Cesta k chybujícímu modulu: wandoujia_helper.exe2
ID zprávy: wandoujia_helper.exe3
Úplný název chybujícího balíčku: wandoujia_helper.exe4
ID aplikace související s chybujícím balíčkem: wandoujia_helper.exe5

Error: (08/04/2016 11:59:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoPico.exe, verze: 12.3.0.0, časové razítko: 0x53b06ef5
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.494, časové razítko: 0x5775e4c5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000071f28
ID chybujícího procesu: 0x100c
Čas spuštění chybující aplikace: 0xAutoPico.exe0
Cesta k chybující aplikaci: AutoPico.exe1
Cesta k chybujícímu modulu: AutoPico.exe2
ID zprávy: AutoPico.exe3
Úplný název chybujícího balíčku: AutoPico.exe4
ID aplikace související s chybujícím balíčkem: AutoPico.exe5

Error: (08/04/2016 11:59:16 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: AutoPico.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Net.Sockets.SocketException
na System.Net.Sockets.Socket.EndReceive(System.IAsyncResult)
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)

Informace o výjimce: System.IO.IOException
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)
na AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult)
na System.Net.LazyAsyncResult.Complete(IntPtr)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.ContextAwareResult.Complete(IntPtr)
na System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
na System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (08/04/2016 10:30:22 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 7.5.6.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1cf4

Čas spuštění: 01d1ee27715c79fe

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlášení: ae7f69c0-5a1d-11e6-a91a-90004ef5ab17

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (08/04/2016 10:08:26 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program TOTALCMD.EXE verze 7.5.6.1 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 1ce0

Čas spuštění: 01d1ee26d17b983e

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Program Files (x86)\totalcmd\TOTALCMD.EXE

ID hlášení: 9e42dfef-5a1a-11e6-a91a-90004ef5ab17

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:


System errors:
=============
Error: (08/13/2016 09:05:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (08/09/2016 06:53:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (08/09/2016 05:13:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Hostitel synchronizace_25b4309 bylo dosaženo časového limitu (30000 ms).

Error: (08/09/2016 05:13:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_25b4309 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (08/09/2016 05:13:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (08/09/2016 04:24:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (08/09/2016 11:40:54 AM) (Source: DCOM) (EventID: 10016) (User: Liba-PC)
Description: výchozí pro počítačMístníAktivace{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Liba-PCLibaS-1-5-21-884147705-2334425009-4275635490-1000LocalHost (pomocí LRPC)Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewyS-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795

Error: (08/08/2016 05:14:10 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: specifické pro aplikaciMístníAktivace{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (pomocí LRPC)Není k dispoziciNení k dispozici

Error: (08/08/2016 12:11:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.

Kód: 8 0x0 0x0

Error: (08/08/2016 12:11:06 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Služba Automatická konfigurace sítě WLAN zjistila při resetování nebo zotavení adaptéru omezené připojení.

Kód: 2 0xdeaddeed 0xeeec


CodeIntegrity:
===================================
Date: 2016-08-14 17:29:59.597
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-08-02 16:08:58.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:08:58.406
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:08:33.423
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:08:33.409
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:08:33.285
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:08:33.117
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:01:39.021
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:01:38.910
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-02 16:00:23.955
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 82%
Total physical RAM: 2934.85 MB
Available physical RAM: 520.4 MB
Total Virtual: 5878.85 MB
Available Virtual: 2502.18 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:213.52 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1DFDF181)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

Teď spusťte tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Proběhlo skenování a při kliku na clean totálně zamrzla ntb.
Log se nevytvořil

Zkuste to v nouz. režimu.

# AdwCleaner v6.000 - *Logfile created 18/08/2016 *at 20:53:08
# *Updated on 12/08/2016 by ToolsLib
# *Database : 2016-08-15.2 [*Local]
# *Operating System : Windows 10 Pro (X64)
# *Username : Liba - LIBA-PC
# *Running from : C:\Users\Liba\Desktop\adwcleaner_6.000.exe
# *Mode: Clean
# *Support : https://toolslib.net/forum



***** [ *Services ] *****



***** [ *Folders ] *****

[-] *Folder deleted: C:\Users\Liba\AppData\Local\FileViewPro
[-] *Folder deleted: C:\Users\Liba\AppData\Roaming\Solvusoft
[-] *Folder deleted: C:\ProgramData\SlimWare Utilities, Inc
[#] *Folder deleted on reboot: C:\ProgramData\Application Data\SlimWare Utilities, Inc
[-] *Folder deleted: C:\Users\Public\Documents\Downloaded Installers


***** [ *Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ *Shortcuts ] *****



***** [ *Scheduled Tasks ] *****



***** [ *Registry ] *****

[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.bmp
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.dib
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.emf
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.exif
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.gif
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.ico
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.jfif
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.jpe
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.jpeg
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.jpg
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.png
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.tif
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.tiff
[-] *Key deleted: HKLM\SOFTWARE\Classes\MTview.wmf
[-] *Key deleted: HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Software\Conduit
[-] *Key deleted: HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Software\IM
[-] *Key deleted: HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Software\INSTALLPATH\STATUS
[#] *Key deleted on reboot: HKCU\Software\Conduit
[#] *Key deleted on reboot: HKCU\Software\IM
[#] *Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS


***** [ *Browsers ] *****



*************************

:: *"Tracing" keys deleted
:: *Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1587 *Bytes] - [09/02/2016 18:58:48]
C:\AdwCleaner\AdwCleaner[C4].txt - [4024 *Bytes] - [16/11/2015 15:28:56]
C:\AdwCleaner\AdwCleaner[C5].txt - [755 *Bytes] - [18/11/2015 19:38:21]
C:\AdwCleaner\AdwCleaner[C6].txt - [2465 *Bytes] - [18/08/2016 20:53:08]
C:\AdwCleaner\AdwCleaner[R0].txt - [25392 *Bytes] - [18/05/2015 20:25:52]
C:\AdwCleaner\AdwCleaner[R1].txt - [8935 *Bytes] - [04/08/2015 09:19:18]
C:\AdwCleaner\AdwCleaner[R2].txt - [1022 *Bytes] - [04/08/2015 13:02:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [21971 *Bytes] - [18/05/2015 20:27:24]
C:\AdwCleaner\AdwCleaner[S10].txt - [3503 *Bytes] - [18/08/2016 20:52:47]
C:\AdwCleaner\AdwCleaner[S1].txt - [7370 *Bytes] - [04/08/2015 09:26:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1085 *Bytes] - [04/08/2015 13:08:08]
C:\AdwCleaner\AdwCleaner[S4].txt - [3710 *Bytes] - [16/11/2015 15:26:11]
C:\AdwCleaner\AdwCleaner[S5].txt - [663 *Bytes] - [18/11/2015 19:11:50]
C:\AdwCleaner\AdwCleaner[S6].txt - [3168 *Bytes] - [16/08/2016 10:42:06]
C:\AdwCleaner\AdwCleaner[S7].txt - [3280 *Bytes] - [16/08/2016 10:50:13]
C:\AdwCleaner\AdwCleaner[S8].txt - [3354 *Bytes] - [16/08/2016 11:04:50]
C:\AdwCleaner\AdwCleaner[S9].txt - [3428 *Bytes] - [16/08/2016 13:33:03]

########## EOF - C:\AdwCleaner\AdwCleaner[C6].txt - [3503 *Bytes] ##########

Dejte nový log FRST (logy jsou 2, FRST a Additional).

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Liba (18-08-2016 21:25:10)
Running from C:\Users\Liba\Desktop
Windows 10 Pro Version 1511 (X64) (2016-07-21 03:08:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-884147705-2334425009-4275635490-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-884147705-2334425009-4275635490-503 - Limited - Disabled)
Guest (S-1-5-21-884147705-2334425009-4275635490-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-884147705-2334425009-4275635490-1002 - Limited - Enabled)
Liba (S-1-5-21-884147705-2334425009-4275635490-1000 - Administrator - Enabled) => C:\Users\Liba

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.351.2 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.376.1 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSee Ultimate 9 (64-bit) (HKLM\...\{97EE2327-B39E-429C-970B-0DB6CBBEC8E1}) (Version: 9.1.0.580 - ACD Systems International Inc.)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Aspell 0.6 Dictionary (Language: cs) (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\Aspell6-Dictionary-cs) (Version: - )
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.69.1079 - AB Team, d.o.o.)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.0.8 - Lenovo)
ESET NOD32 Antivirus (HKLM\...\{6EF8A223-95F9-489E-98F6-BCC73DC3C5A4}) (Version: 9.0.351.2 - ESET, spol. s r.o.)
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Infix PDF Editor verze 6.1.3.0 (HKLM-x32\...\83FFB914-6FA7-4F1F-807E-E0FFBA2E49E1_is1) (Version: 6.1.3.0 - Iceni Technology)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.10.1005 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
KMSpico v9.3.1 (HKLM\...\KMSpico_is1) (Version: 9.3.1 - )
Lenovo Service Bridge (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\cbe8636f7dd0cf1d) (Version: 1.6.3.1 - Lenovo)
Lighten PDF to Word Converter version 4.0.0 (HKLM-x32\...\{69923533-5E62-4B8C-95B5-9FF8365DE139}_is1) (Version: 4.0.0 - Lighten Software Limited)
Malwarebytes Anti-Malware verze 1.80.2.1012 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.80.2.1012 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office ScreenTip Language 2013 - čeština (HKLM\...\{90150000-00BD-0405-1000-0000000FF1CE}) (Version: 15.0.4454.1004 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Opera 12.15 (HKLM-x32\...\Opera 12.15.1748) (Version: 12.15.1748 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.6 - PowerISO Computing, Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.73.618.2013 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 Language Pack (KB2817427) 64-Bit Edition (Version: - Microsoft) Hidden
SnapPea (HKLM-x32\...\Wandoujia2) (Version: - Wandou Labs)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.25.0 - Synaptics Incorporated)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-884147705-2334425009-4275635490-1000\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Liba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-884147705-2334425009-4275635490-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Liba\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02755DDC-9B06-43AC-8E43-9636C3C99E5C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {0FE56368-B434-45A7-B34D-90D394D198B4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {163DA717-AD23-4263-87B4-D21AD7520FEF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {1BA31C99-8B11-42C7-8735-2E0F514E0FA6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2446D35E-BC5D-4A4E-95A7-37C82A611E3A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2B32CC5F-0EA5-48E7-87A1-33E7E9FC4F1A} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {33A0A211-25DE-47D0-ABA6-687B7201A51B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Liba-PC-Liba Liba-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {34EAB48D-D38D-400D-ADC6-DF9E124000AA} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {35D447D9-248F-4333-809E-D97F289BA056} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-06-29] (@ByELDI)
Task: {425B285A-714F-4E96-8D5D-C71C18590166} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core1d1ebc06afd7527 => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {47FA68C8-7A2B-4CA2-9FC5-A027BB6002F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {4FFF7F5F-CCDF-461C-8D83-EF986874E877} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {5162C871-764B-4AFB-99CA-8FCB27D61289} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {5FD76754-69DC-4D5B-A8DE-1E48AA3D4E8A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {5FF110AA-CBCF-4F26-BC09-476C07C4AECD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {67336318-2268-462C-8AFE-043541BC86C1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {710CDC17-20E7-49C5-8229-57836AFFED18} - System32\Tasks\{E794A137-8467-4FE5-964F-A92797126B6C} => pcalua.exe -a C:\Users\Liba\Desktop\IN3VDO13WW6.exe -d C:\Users\Liba\Desktop
Task: {77CBC0B7-B314-4C0A-B4DB-BF92D216BCDB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-26] (Google Inc.)
Task: {7BE8AF00-1D57-430A-939F-5609248609B0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {7F609DC1-4215-41E4-B95D-A7DD1118A5B3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA1d1ebc06b25859a => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {85993300-5845-4550-B50E-6E90988961DB} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {8792EBC0-75B0-4983-B733-8B93F942A41E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {881C8AC6-C41C-4852-A0A7-C3CF19ABD83B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8FF32CB2-33D0-462E-A4C3-D13475E28E24} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
Task: {94CD6ABC-C93F-4636-AC8E-222B04140297} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {96138370-EAF8-4C67-961C-65C9F6FB6C04} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {963C9DB0-B0DA-4A5E-B1A3-C1E283326FBC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {9AC2CF18-4F88-4F14-A4F0-438391CEB0DB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {B338A8A0-5937-42C2-98D2-A3F6137BAC68} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {B4AD07FE-4C4D-4651-92BD-D0C020522132} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {C4CF88AB-6550-4204-A1BD-F1E7B705B6A1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {C4ECD358-189F-4E29-9A80-4D298349AF30} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {C5A4EAD2-B68E-4C66-95E7-BD645061D061} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D6B53174-2DC5-4DFD-A6BE-D0FF2D88E184} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {DD35E340-E8E9-426D-9132-A75A9BFF43A5} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {DDC4A3C2-04FC-40A6-93B9-4004F449BC03} - \Lenovo\Lenovo Service Bridge\S-1-5-21-884147705-2334425009-4275635490-1000 -> No File <==== ATTENTION
Task: {DF183CE8-66C3-4E04-BF9D-DA48C5AF681A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E76E44A5-ABFC-4678-86EF-ECAB2C327CD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe [2015-12-05] (Google Inc.)
Task: {EB635736-19F5-4399-942E-9347C8DCC73A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {F2F34DDB-C347-4DDD-BD51-372E0C8025AD} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core1d1ebc06afd7527.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA1d1ebc06b25859a.job => C:\Users\Liba\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-21 09:00 - 2016-07-21 09:00 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-21 09:00 - 2016-07-21 09:00 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-21 05:15 - 2016-07-21 05:15 - 00959168 _____ () C:\Users\Liba\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-16 12:02 - 2015-10-16 12:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-04-27 08:10 - 2016-04-27 08:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-21 09:01 - 2016-07-21 09:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-21 18:16 - 2009-07-15 16:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2015-12-21 18:16 - 2009-07-15 16:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 00258944 _____ () C:\Program Files (x86)\WandouLabs\wandoujia_helper.exe
2016-08-16 08:12 - 2016-08-16 08:13 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-16 08:12 - 2016-08-16 08:13 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-07-25 08:17 - 2016-07-25 08:18 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-07-25 08:17 - 2016-07-25 08:18 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 01139072 _____ () C:\Program Files (x86)\WandouLabs\adb_dev.dll
2014-06-18 12:00 - 2014-06-18 12:00 - 37930368 _____ () C:\Program Files (x86)\WandouLabs\core.dll
2015-12-16 19:40 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00835584 _____ () C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00093696 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00094208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00057344 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00096256 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00062976 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00067072 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00158208 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00312832 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00038912 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00073728 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll
2015-11-30 10:37 - 2015-11-30 10:37 - 00101888 _____ () C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2015-12-21 13:12 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-884147705-2334425009-4275635490-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Liba\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 213.46.172.37 - 213.46.172.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Liba^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^wandoujia_helper.lnk => C:\Windows\pss\wandoujia_helper.lnk.Startup
MSCONFIG\startupreg: ACDSeeCommanderUltimate9 => C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
MSCONFIG\startupreg: ACUW09EN => "C:\Program Files\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{FA6D4A69-02BE-41B3-81A7-3CC31DB7D975}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{6588B4E5-D239-471D-93DE-79F8FD62B788}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{43C2F9D7-753A-4DE4-AA92-E8A8F0E565DC}] => (Allow) LPort=1688
FirewallRules: [{87208200-BC0B-4031-AA15-74D15F9468D5}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{28385331-E1CF-456E-B1D3-7DA133EB474F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{5A3A2D96-BC63-46F5-A06A-7A6380886C59}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{7008C6D6-A692-4BD5-AE51-E1DF2CDF969B}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C79BF6FC-2D22-443D-BA2C-21B733BE891B}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{B8EDDAAB-CD03-4151-9F4B-7567AFFACA98}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [UDP Query User{5604D054-B233-4E07-B3E4-267DCAA2707C}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{46845708-0D7F-49BD-9BEC-E64B0303592E}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{A90F5B6E-2786-4D38-8E98-F9D0E9278C87}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BA2ACD83-CA5A-40D7-B4A1-B58AB0A7CC02}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{BA933B39-EC83-4C8B-A974-9FA14D9E7585}] => (Allow) C:\Users\Liba\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{91C779BA-6785-4FFB-B92A-E76827E23A55}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{7F4D4457-0D3B-4094-AA6E-ED75FBAB5273}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{94E54696-4117-4A89-AD10-43BED82EBA46}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{9BFE2E5A-8518-49B9-A5FB-B03CC0137681}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{B1248301-0763-440E-AEF3-050C169A7C37}] => (Allow) C:\Program Files (x86)\WandouLabs\Wandoujia2.exe
FirewallRules: [UDP Query User{BCA66B9D-C3D3-4612-B833-DF8203909B49}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{B771D1D4-65D7-4CF7-BAB6-FC0030BD553F}C:\users\liba\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\liba\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{399B3653-6D89-473F-80EB-ED753AADAB53}C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe] => (Allow) C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe
FirewallRules: [UDP Query User{FB11D120-B4D4-4020-9ADA-9E0945E0616E}C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe] => (Allow) C:\program files (x86)\elcomsoft\distributed password recovery\esdprs.exe
FirewallRules: [{8A9E8827-28EA-458F-94EA-5A67BDD04D99}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{4B39E232-AEE6-4EB1-A7F6-3BA8A6824948}] => (Allow) LPort=1688

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2016 08:54:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.3.0.0, časové razítko: 0x53b06ef6
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.494, časové razítko: 0x5775e4c5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000071f28
ID chybujícího procesu: 0x848
Čas spuštění chybující aplikace: 0xService_KMS.exe0
Cesta k chybující aplikaci: Service_KMS.exe1
Cesta k chybujícímu modulu: Service_KMS.exe2
ID zprávy: Service_KMS.exe3
Úplný název chybujícího balíčku: Service_KMS.exe4
ID aplikace související s chybujícím balíčkem: Service_KMS.exe5

Error: (08/18/2016 08:54:31 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: Service_KMS.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Net.Sockets.SocketException
na System.Net.Sockets.Socket.EndReceive(System.IAsyncResult)
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)

Informace o výjimce: System.IO.IOException
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)
na Service_KMS.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult)
na System.Net.LazyAsyncResult.Complete(IntPtr)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.ContextAwareResult.Complete(IntPtr)
na System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
na System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (08/18/2016 08:51:00 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Liba-PC)
Description: Aplikaci Microsoft.Getstarted_4.0.9.0_x64__8wekyb3d8bbwe:App.AppX7mv0s3r0wanj0n66dy6vax24ps6avzvz.mca se nepovedlo aktivovat, protože došlo k chybě: -2144927149. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/18/2016 08:39:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program explorer.exe verze 10.0.10586.494 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: ed0

Čas spuštění: 01d1f97fd25ca0b2

Čas ukončení: 0

Cesta k aplikaci: C:\Windows\explorer.exe

ID hlášení: 2214ec92-6573-11e6-a91f-90004ef5ab17

Úplný název balíčku s chybou:

ID aplikace související s balíčkem s chybou:

Error: (08/18/2016 08:39:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 13.3.0.0, časové razítko: 0x53b06ef6
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x00007ff981350668
ID chybujícího procesu: 0x824
Čas spuštění chybující aplikace: 0xService_KMS.exe0
Cesta k chybující aplikaci: Service_KMS.exe1
Cesta k chybujícímu modulu: Service_KMS.exe2
ID zprávy: Service_KMS.exe3
Úplný název chybujícího balíčku: Service_KMS.exe4
ID aplikace související s chybujícím balíčkem: Service_KMS.exe5

Error: (08/18/2016 05:29:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoPico.exe, verze: 12.3.0.0, časové razítko: 0x53b06ef5
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.494, časové razítko: 0x5775e4c5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000071f28
ID chybujícího procesu: 0x1c0c
Čas spuštění chybující aplikace: 0xAutoPico.exe0
Cesta k chybující aplikaci: AutoPico.exe1
Cesta k chybujícímu modulu: AutoPico.exe2
ID zprávy: AutoPico.exe3
Úplný název chybujícího balíčku: AutoPico.exe4
ID aplikace související s chybujícím balíčkem: AutoPico.exe5

Error: (08/18/2016 05:29:12 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: AutoPico.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Net.Sockets.SocketException
na System.Net.Sockets.Socket.EndReceive(System.IAsyncResult)
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)

Informace o výjimce: System.IO.IOException
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)
na AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult)
na System.Net.LazyAsyncResult.Complete(IntPtr)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.ContextAwareResult.Complete(IntPtr)
na System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
na System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)

Error: (08/16/2016 09:03:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Liba-PC)
Description: Aplikaci Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI se nepovedlo aktivovat, protože došlo k chybě: -2144927141. Další informace najdete v protokolu Microsoft-Windows-TWinUI/Operational.

Error: (08/16/2016 05:29:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: AutoPico.exe, verze: 12.3.0.0, časové razítko: 0x53b06ef5
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.10586.494, časové razítko: 0x5775e4c5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000071f28
ID chybujícího procesu: 0x1388
Čas spuštění chybující aplikace: 0xAutoPico.exe0
Cesta k chybující aplikaci: AutoPico.exe1
Cesta k chybujícímu modulu: AutoPico.exe2
ID zprávy: AutoPico.exe3
Úplný název chybujícího balíčku: AutoPico.exe4
ID aplikace související s chybujícím balíčkem: AutoPico.exe5

Error: (08/16/2016 05:29:17 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: AutoPico.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.Net.Sockets.SocketException
na System.Net.Sockets.Socket.EndReceive(System.IAsyncResult)
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)

Informace o výjimce: System.IO.IOException
na System.Net.Sockets.NetworkStream.EndRead(System.IAsyncResult)
na AutoPico.KMSEmulator.TCPServer.ReadCallback(System.IAsyncResult)
na System.Net.LazyAsyncResult.Complete(IntPtr)
na System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
na System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
na System.Net.ContextAwareResult.Complete(IntPtr)
na System.Net.LazyAsyncResult.ProtectedInvokeCallback(System.Object, IntPtr)
na System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)
na System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32, UInt32, System.Threading.NativeOverlapped*)


System errors:
=============
Error: (08/18/2016 08:54:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (08/18/2016 08:54:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Služba NetTcpActivator závisí na službě NetTcpPortSharing, která neuspěla při spuštění v důsledku následující chyby:
%%1058 = Zvolenou službu nelze spustit, protože není povolena nebo s ní není spojeno žádné povolené zařízení.

Error: (08/18/2016 08:53:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsNení k dispozici{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (08/18/2016 08:53:22 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsNení k dispozici{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (08/18/2016 08:53:03 PM) (Source: DCOM) (EventID: 10005) (User: Liba-PC)
Description: 1084WSearchNení k dispozici{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/18/2016 08:53:03 PM) (Source: DCOM) (EventID: 10005) (User: Liba-PC)
Description: 1084WSearchNení k dispozici{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/18/2016 08:53:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsNení k dispozici{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (08/18/2016 08:53:02 PM) (Source: DCOM) (EventID: 10005) (User: Liba-PC)
Description: 1084WSearchNení k dispozici{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (08/18/2016 08:53:02 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084dpsNení k dispozici{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (08/18/2016 08:53:02 PM) (Source: DCOM) (EventID: 10005) (User: Liba-PC)
Description: 1084WSearchNení k dispozici{9E175B6D-F52A-11D8-B9A5-505054503030}


CodeIntegrity:
===================================
Date: 2016-08-18 20:54:58.317
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:54:58.070
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:54:19.251
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:54:19.234
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:54:19.211
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:54:19.201
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\eelam\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:39:20.100
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:39:20.079
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\ESET\ESET NOD32 Antivirus\Drivers\ehdrv\ehdrv.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:39:07.398
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-18 20:39:07.389
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\eelam.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU P6200 @ 2.13GHz
Percentage of memory in use: 60%
Total physical RAM: 2934.85 MB
Available physical RAM: 1153.56 MB
Total Virtual: 5878.85 MB
Available Virtual: 3598.65 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:209.85 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.63 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 1DFDF181)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================

Opět jste dal pouze Addition log. Kde je FRST?

FRST

Otevřte poznámkový blok a zkopírujte do něj:

Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core
C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.dll
C:\Program Files\KMSpico
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Liba\AppData\Local\Temp
End

Uložte na plochu jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-08-2016
Ran by Liba (18-08-2016 21:58:47) Run:1
Running from C:\Users\Liba\Desktop
Loaded Profiles: Liba (Available Profiles: Liba)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - No File
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - No File
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - No File
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core
C:\WINDOWS\SECOH-QAD.exe
C:\WINDOWS\SECOH-QAD.dll
C:\Program Files\KMSpico
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\Users\Liba\AppData\Local\Temp
End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
"HKCR\PROTOCOLS\Handler\mso-minsb-roaming.16" => key removed successfully
HKCR\CLSID\{83C25742-A9F7-49FB-9138-434302C88D07} => key not found.
"HKCR\PROTOCOLS\Handler\mso-minsb.16" => key removed successfully
HKCR\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => key not found.
"HKCR\PROTOCOLS\Handler\osf-roaming.16" => key removed successfully
HKCR\CLSID\{42089D2D-912D-4018-9087-2B87803E93FB} => key not found.
"HKCR\PROTOCOLS\Handler\osf.16" => key removed successfully
HKCR\CLSID\{5504BE45-A83B-4808-900A-3A5C36E7F77A} => key not found.
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000UA => moved successfully
C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-884147705-2334425009-4275635490-1000Core => moved successfully
C:\WINDOWS\SECOH-QAD.exe => moved successfully
C:\WINDOWS\SECOH-QAD.dll => moved successfully
C:\Program Files\KMSpico => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Users\Liba\AppData\Local\Temp => moved successfully

==== End of Fixlog 21:58:59 ====

Smazáno. Nastala nějaká změna?

nenastala