﻿Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-05-2016
Ran by Administrator (2016-05-17 19:19:15)
Running from C:\Users\Administrator\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-12 09:55:29)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-117443375-1578915762-3449914361-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-117443375-1578915762-3449914361-503 - Limited - Disabled)
Guest (S-1-5-21-117443375-1578915762-3449914361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-117443375-1578915762-3449914361-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"BioShock Infinite" (HKLM-x32\...\{D081C29C-1DDC-4C55-BCBF-DF8519636331}_is1) (Version: 1.1.25.5165 - )
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.3.183 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{66AFB595-BC05-2913-7696-6D58F9B733E1}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork)
Call of Duty - Advanced Warfare v.версия 1.22.01 (HKLM-x32\...\Call of Duty - Advanced Warfare_is1) (Version:  - )
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Cryostasis Sleep of Reason (HKLM-x32\...\Cryostasis Sleep of Reason_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.2.0.0112 - Disc Soft Ltd)
Dead Island Riptide (HKLM-x32\...\Dead Island Riptide_is1) (Version:  - )
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
FlatOut 2 (HKLM-x32\...\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}) (Version: 1.00.0000 - Empire Interactive)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.)
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2013 – čeština (HKLM-x32\...\{90150000-001F-0405-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
NVIDIA PhysX v8.10.17 (HKLM-x32\...\{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}) (Version: 8.10.17 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.94.107.0 - Overwolf Ltd.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Ŕíŕáčîç. Ńîí đŕçóěŕ (HKLM-x32\...\{97A8C4B4-2B50-42D1-AFE6-5E8433185436}_is1) (Version: 1.0.2.608 - Ôčđěŕ 1C)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Slovenská lokalizácia hry Call of Duty: Advanced Warfare (HKLM-x32\...\Lokalizacia CoDAW) (Version: 1.0 - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKU\S-1-5-21-117443375-1578915762-3449914361-500\...\TeamSpeak 3 Client) (Version: 3.0.19 - TeamSpeak Systems GmbH)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.56083 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Thrustmaster Force Feedback Driver (HKLM-x32\...\{8F5A0981-5CDC-41D0-BCA2-AD3B777FC358}) (Version: 1.FFD.2009 - Thrustmaster)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update for Skype for Business 2015 (KB3039776) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{9F6B3627-AF9E-40A5-AAD5-3497C4327616}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
War Thunder Launcher 1.0.1.629 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version:  - Gaijin Entertainment)
WinRAR 5.30 beta 6 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.6 - win.rar GmbH)
World of Tanks (HKU\S-1-5-21-117443375-1578915762-3449914361-500\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
Xpadder version 5.7 (HKLM-x32\...\{0DCE54A9-7256-4132-9D4E-1A64AE35E9B1}_is1) (Version: 5.7 - Xpadder, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-117443375-1578915762-3449914361-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2700E69F-B71D-449F-8F8B-3BFDD05F056F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {2A5767D4-4678-47A5-929B-55831089E2E6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {38E2C903-8C65-4480-8EC8-F2BCB592154F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {641F41CD-8CA6-4742-8BDE-AEE5F6D72778} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {6513D567-F0F3-4D36-8C11-E5D72FC0A6D6} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2016-05-08] (Overwolf LTD)
Task: {6AE419DA-462B-4AF3-AC68-43833104DB80} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {7E74D3AF-9D04-43C8-A79A-91E520AD8D2A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-11] (Microsoft Corporation)
Task: {DA0CD0D7-AF02-4639-B53A-1333A93A345E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperia Online\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1360,768
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Imperia Online.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxp://www.imperiaonline.org/?ref_ad=src123 --app-window-size=1360,768

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-11-28 08:44 - 2015-11-28 08:44 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-04-13 17:30 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 17:30 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-26 16:16 - 2016-04-26 16:16 - 00959176 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll
2015-11-10 16:45 - 2015-11-10 16:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-04-19 00:05 - 2016-04-19 00:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 21:17 - 2015-12-07 06:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-11 13:17 - 2016-04-23 06:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-11 13:18 - 2016-04-23 06:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-11 13:18 - 2016-04-23 05:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-11 13:18 - 2016-04-23 05:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-11 13:18 - 2016-04-23 06:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-04 17:43 - 2015-11-04 17:43 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2016-01-15 22:44 - 2016-01-15 22:44 - 00047616 _____ () C:\Program Files\CCleaner\lang\lang-1029.dll
2016-04-19 00:05 - 2016-04-19 00:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 00:05 - 2016-04-19 00:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-04-26 16:16 - 2016-04-26 16:16 - 00679624 _____ () C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll
2016-05-13 02:58 - 2016-05-11 13:48 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 02:58 - 2016-05-11 13:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-11-26 17:49 - 2010-04-05 10:04 - 00001084 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 activate.adobe.com
127.0.0.1       static3.cdn.ubi.com
127.0.0.1       ubisoft-orbit.s3.amazonaws.com
127.0.0.1       onlineconfigservice.ubi.com
127.0.0.1       orbitservice.ubi.com
127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117443375-1578915762-3449914361-500\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 89.190.65.200 - 89.190.64.20
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-117443375-1578915762-3449914361-500\...\StartupApproved\Run: => "cz.seznam.software.szndesktop"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{771E0CA2-601C-4D4F-9CC6-16A7222153EF}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [TCP Query User{D0F01A9B-8533-4036-937E-78BC4DF0B379}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Allow) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [{7006AC7A-27C8-4B97-A5C2-02D7D2F9A245}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{7AAC61EA-619D-4753-9D5D-33BDD1028878}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe
FirewallRules: [{61E4BC8C-B71B-46D3-89F2-14C08D246435}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{C2D20C15-5184-4C4A-B235-1B711FEE596F}] => (Allow) C:\Windows\syswow64\PnkBstrB.exe
FirewallRules: [{A65DA94A-8609-4954-9D6F-217622BF369E}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [{71B9B502-CF62-4DF1-930D-991580DF5D9A}] => (Allow) C:\Windows\syswow64\PnkBstrA.exe
FirewallRules: [UDP Query User{9F234B1F-9FE2-4F83-A69C-97F5E3E5B76B}C:\program files\bitcomet\plugin_emule\plugin_emule.exe] => (Allow) C:\program files\bitcomet\plugin_emule\plugin_emule.exe
FirewallRules: [TCP Query User{E063DFEE-12E1-4405-8286-D9AE353EF40A}C:\program files\bitcomet\plugin_emule\plugin_emule.exe] => (Allow) C:\program files\bitcomet\plugin_emule\plugin_emule.exe
FirewallRules: [UDP Query User{12B084C3-A3AE-44FB-B3BF-4F8884C78390}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [TCP Query User{EFB7A3EB-5420-409C-8D88-9CCBA18603D0}C:\program files\bitcomet\bitcomet.exe] => (Allow) C:\program files\bitcomet\bitcomet.exe
FirewallRules: [TCP Query User{D57C6D2C-9E12-40D6-887D-6811A6D388E1}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [UDP Query User{AC934702-56AB-49DA-AAEE-119C252FCC40}C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe] => (Allow) C:\program files (x86)\dmc devi may cry\binaries\win32\dmc-devilmaycry.exe
FirewallRules: [TCP Query User{2A88EB29-CD6F-405D-B799-AA04A34FA11B}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{04B32FDA-FE96-4327-B565-F33EBED61E66}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{3D0609F6-0B7A-4DA3-82B7-1C5E1066FF09}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{B5E6FDCC-C395-43B1-9264-B31111B3D908}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [{4B538DDA-241B-4C32-8CFC-451D1B656965}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{D769C755-E02A-464B-9D2A-E3C38BCEC8E1}] => (Allow) C:\Games\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [TCP Query User{CF8E7B8C-3F0D-45B5-9CFD-BFCEDFE1FC10}C:\dead island\deadislandgame.exe] => (Block) C:\dead island\deadislandgame.exe
FirewallRules: [UDP Query User{9B1BCCD5-D7F9-4D44-854A-C47660164105}C:\dead island\deadislandgame.exe] => (Block) C:\dead island\deadislandgame.exe
FirewallRules: [TCP Query User{04FA3F23-EEF9-4B47-B298-D04BFCC60B5F}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [UDP Query User{3CF6DF94-FAC4-430D-8C4D-B130B9FE50D4}D:\easysetupassistant\easysetupassistant.exe] => (Allow) D:\easysetupassistant\easysetupassistant.exe
FirewallRules: [{A6D49EE3-21D0-4B28-A8FC-B2F923477AD6}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{AE907379-48DC-453B-839F-A6D46FC593FC}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D829D8CE-027E-4E41-B31D-E54707FFF52C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{9AF85A10-0C90-4D44-98DE-3FC620019985}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{72AD9E5D-1269-436C-B96F-47055BEAE9B5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CEDEF398-9E18-4423-AD59-459917BC16EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FB927EC5-799E-4354-8E60-B83F5B9C6EE9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EB9A4E2E-CFEE-4415-B869-F29886924A8B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{96C71A52-0158-4CC3-8BC3-8CB9C345DB43}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{FF0B3633-4360-4284-B9A9-6C7A776EB472}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [TCP Query User{AEF708EB-DE2C-42DF-8DE5-0F7E46267183}C:\program files (x86)\techland\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\techland\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [UDP Query User{64C194F8-EDA2-40E4-8A5D-F7010D2F0C07}C:\program files (x86)\techland\dead island riptide\deadislandgame_x86_rwdi.exe] => (Block) C:\program files (x86)\techland\dead island riptide\deadislandgame_x86_rwdi.exe
FirewallRules: [{3FEDCDAA-4C67-4ACD-8520-0C39593BE4BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8245E637-4E3C-41FE-8EB2-B081CF575B55}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{28EBE4F7-0BBA-416C-914A-96F201B10443}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B50CA7CD-17CC-4E6E-A3EC-AE44F88D4EDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{94E2F1E1-811E-423E-ADBF-8FAADD690CC3}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{1DF1C5CD-10CB-4370-B8A1-08BA18370BBD}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{CE8EB4C8-0FAF-4CF6-8CAF-E696220198A6}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{572BE050-8388-4013-9C85-E400B4035B11}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{AE8421C7-C3FB-4D19-8481-CF606574AB42}] => (Allow) LPort=80
FirewallRules: [{7BC3F04C-4324-445F-9C5E-A0495BAC1092}] => (Allow) LPort=443
FirewallRules: [{9D6D73A1-7FEE-4461-AB73-5D645C0A05F6}] => (Allow) LPort=20010
FirewallRules: [{69D662D0-B503-43C3-B390-D5741B5E4838}] => (Allow) LPort=3478
FirewallRules: [{7670D7B9-0AD8-4329-82C5-8D62F2760FB1}] => (Allow) LPort=7850
FirewallRules: [{DFF910A5-D019-4A4F-809E-CFDF2A4543B4}] => (Allow) LPort=7852
FirewallRules: [{565E0F6B-6C1D-4AA3-ACDB-7B285C00D901}] => (Allow) LPort=7853
FirewallRules: [{C938D27E-B37A-4A8B-9A17-B45A27C8716C}] => (Allow) LPort=27022
FirewallRules: [{F3197857-26BF-46A2-A596-27B8837F914B}] => (Allow) LPort=6881
FirewallRules: [{27881FBB-8B42-4B14-AB83-2AB2C622D4A5}] => (Allow) LPort=33333
FirewallRules: [{BDE31002-7D24-43CF-A7DF-3D2FDBC5FF09}] => (Allow) LPort=20443
FirewallRules: [{6C38E5AA-61FD-49B7-8669-3716D73ACD0C}] => (Allow) LPort=8090
FirewallRules: [TCP Query User{4B2EE2BF-2F89-48FF-859B-3883590744C6}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [UDP Query User{4B23BC01-2C48-4468-983D-5279C1E2E22D}C:\warthunder\aces.exe] => (Allow) C:\warthunder\aces.exe
FirewallRules: [{81F3F957-A4AF-4891-9CF7-D3A86481369F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

14-05-2016 17:20:21 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/17/2016 07:01:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SystemSettingsBroker.exe, verze: 10.0.10586.0, časové razítko: 0x5632d7b4
Název chybujícího modulu: SettingsHandlers_Notifications.dll, verze: 10.0.10586.0, časové razítko: 0x5632d70b
Kód výjimky: 0xc0000005
Posun chyby: 0x000000000002b7d1
ID chybujícího procesu: 0x29a4
Čas spuštění chybující aplikace: 0xSystemSettingsBroker.exe0
Cesta k chybující aplikaci: SystemSettingsBroker.exe1
Cesta k chybujícímu modulu: SystemSettingsBroker.exe2
ID zprávy: SystemSettingsBroker.exe3
Úplný název chybujícího balíčku: SystemSettingsBroker.exe4
ID aplikace související s chybujícím balíčkem: SystemSettingsBroker.exe5

Error: (05/17/2016 05:30:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SkypeHost.exe, verze: 10.1.2123.36, časové razítko: 0x56eb679c
Název chybujícího modulu: SkyWrap.dll, verze: 10.1.2123.36, časové razítko: 0x56eb6787
Kód výjimky: 0xc0000005
Posun chyby: 0x00b063c8
ID chybujícího procesu: 0x15ec
Čas spuštění chybující aplikace: 0xSkypeHost.exe0
Cesta k chybující aplikaci: SkypeHost.exe1
Cesta k chybujícímu modulu: SkypeHost.exe2
ID zprávy: SkypeHost.exe3
Úplný název chybujícího balíčku: SkypeHost.exe4
ID aplikace související s chybujícím balíčkem: SkypeHost.exe5

Error: (05/17/2016 01:37:14 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/16/2016 02:20:58 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/16/2016 02:18:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Generování kontextu aktivace pro UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1 se nezdařilo. Chyba v souboru manifestu nebo zásady UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2 na řádku UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Identita komponenty nalezená v manifestu nesouhlasí s identitou požadované komponenty.
Odkaz je UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definice je UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (05/14/2016 05:20:36 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.

Error: (05/13/2016 07:07:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: microsoftedgecp.exe, verze: 11.0.10586.20, časové razítko: 0x56540c35
Název chybujícího modulu: EMODEL.dll, verze: 11.0.10586.306, časové razítko: 0x571af463
Kód výjimky: 0xc0000409
Posun chyby: 0x0000000000129b5f
ID chybujícího procesu: 0x195c
Čas spuštění chybující aplikace: 0xmicrosoftedgecp.exe0
Cesta k chybující aplikaci: microsoftedgecp.exe1
Cesta k chybujícímu modulu: microsoftedgecp.exe2
ID zprávy: microsoftedgecp.exe3
Úplný název chybujícího balíčku: microsoftedgecp.exe4
ID aplikace související s chybujícím balíčkem: microsoftedgecp.exe5

Error: (05/13/2016 02:45:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program setup.tmp verze 51.1052.0.0 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Zabezpečení a údržba.

ID procesu: 2754

Čas spuštění: 01d1acfb99c375ab

Čas ukončení: 4294967295

Cesta k aplikaci: C:\Users\ADMINI~1\AppData\Local\Temp\is-12BL5.tmp\setup.tmp

ID hlášení: a23efc9e-1908-11e6-b37a-6c626d9ecde3

Úplný název balíčku s chybou: 

ID aplikace související s balíčkem s chybou:

Error: (05/13/2016 02:44:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: s1_sp64_ship.exe, verze: 1.22.0.1, časové razítko: 0x5637c131
Název chybujícího modulu: s1_sp64_ship.exe, verze: 1.22.0.1, časové razítko: 0x5637c131
Kód výjimky: 0xc0000005
Posun chyby: 0x0000000000598b40
ID chybujícího procesu: 0x2218
Čas spuštění chybující aplikace: 0xs1_sp64_ship.exe0
Cesta k chybující aplikaci: s1_sp64_ship.exe1
Cesta k chybujícímu modulu: s1_sp64_ship.exe2
ID zprávy: s1_sp64_ship.exe3
Úplný název chybujícího balíčku: s1_sp64_ship.exe4
ID aplikace související s chybujícím balíčkem: s1_sp64_ship.exe5

Error: (05/13/2016 01:16:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Protokol Microsoft LLDP (Link-Layer Discovery Protocol).

System Error:
Přístup byl odepřen.
.


System errors:
=============
Error: (05/17/2016 07:03:16 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Tento počítač je nakonfigurován jako člen pracovní skupiny, nikoliv jako
člen domény. Přihlašovací služba Netlogon nepotřebuje být spuštěna v této
konfiguraci.

Error: (05/17/2016 07:01:43 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě: 
%%1056

Error: (05/17/2016 07:01:36 PM) (Source: DCOM) (EventID: 10010) (User: DOMA-PC)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (05/17/2016 07:01:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Přístup k uživatelským datům_3920a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (05/17/2016 07:01:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Úložiště uživatelských dat_3920a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (05/17/2016 07:01:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Data kontaktů_3920a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (05/17/2016 07:01:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Hostitel synchronizace_3920a byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 10000 milisekund: Restartovat službu.

Error: (05/17/2016 07:01:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba BitComet Disk Boost Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/17/2016 07:01:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Steam Client Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (05/17/2016 07:01:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


CodeIntegrity:
===================================
  Date: 2016-05-15 12:54:48.374
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-15 04:56:49.375
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-14 12:05:24.938
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-13 03:38:40.507
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-12 15:31:35.631
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-11 14:49:58.464
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-05-08 13:13:40.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-05-07 21:45:33.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.94.19.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-07 21:45:33.491
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.94.19.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.

  Date: 2016-05-06 21:05:18.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Overwolf\0.94.19.0\x64\OWExplorer.dll that did not meet the Store signing level requirements.


==================== Memory info =========================== 

Processor: AMD Athlon(tm) II X4 640 Processor
Percentage of memory in use: 49%
Total physical RAM: 4095.24 MB
Available physical RAM: 2087.75 MB
Total Virtual: 4799.24 MB
Available Virtual: 2517.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:297.55 GB) (Free:44.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 1DD61DD5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=297.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================