Additional scan result of Farbar Recovery Scan Tool (x86) Version: 29-06-2017
Ran by Admin (29-06-2017 19:05:39)
Running from C:\Users\Admin\Desktop
Microsoft Windows 8.1 (Update) (X86) (2015-12-13 17:14:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-2317573975-763022036-3324800814-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-2317573975-763022036-3324800814-500 - Administrator - Disabled)
Guest (S-1-5-21-2317573975-763022036-3324800814-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2317573975-763022036-3324800814-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Disabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Install Manager (HKLM\...\{6D0F2ABB-E30F-9F89-6022-E3D581CB4155}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.27.34 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM\...\{14d00649-a178-473f-bf48-eec016dc4bfa}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM\...\{271D5399-34AF-4611-BCD9-B09185B2BBE0}) (Version: 1.2.89.29905 - Avira Operations GmbH & Co. KG) Hidden
Ball 3D: Soccer Online (HKLM\...\Steam App 485610) (Version:  - Unusualsoft)
Bloody6 (HKLM\...\Bloody3) (Version: 17.01.0002 - Bloody)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Crossout Launcher 1.0.3.15 (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\CrossOutLauncher_is1) (Version:  - )
Discord (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Euro Truck Simulator 2 (HKLM\...\{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1) (Version: 1.3.1 - SCS Software)
Evolve (HKLM\...\{670B1B49-9FD3-4827-9B41-471EFF580AA8}) (Version: 1.8.18 - Echobit, LLC)
FlatOut2 (HKLM\...\{D4006E71-FF32-44FF-AD5A-B5EE4389B825}_is1) (Version: 1.0 - US - ACTION, s.r.o.)
Google Chrome (HKLM\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Happy Room (HKLM\...\Steam App 550010) (Version:  - Mana Potion Studios)
Java 7 Update 21 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Malwarebytes verze 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minecraft1.7.2 (HKLM\...\Minecraft1.7.2) (Version:  - )
NVIDIA PhysX (HKLM\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Opera Stable 45.0.2552.898 (HKLM\...\Opera 45.0.2552.898) (Version: 45.0.2552.898 - Opera Software)
Origin (HKLM\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.)
ROBLOX Player (HKLM\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Player for Admin (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for Admin (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Robocraft Launcher version 0.4 (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.4 - Freejam Games)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix)
Star Stable (HKLM\...\{2B03B553-4983-4005-99C4-31DFC25B4BB9}) (Version: 1.00.0000 - Star Stable Entertainment AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tanki Online version 1.0 (HKLM\...\{F3FB53B4-47A2-4C94-B5CC-D430234912E6}_is1) (Version: 1.0 - AlternativaGame Ltd)
TankiX (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\TankiX) (Version:  - )
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.2 - TeamSpeak Systems GmbH)
TeamViewer 12 (HKLM\...\TeamViewer) (Version: 12.0.78313 - TeamViewer)
World of Tanks (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812eu}_is1) (Version:  - Wargaming.net)
World of Tanks (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1) (Version:  - Wargaming.net)
World of Warships (HKU\S-1-5-21-2317573975-763022036-3324800814-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {29AAEB28-E099-4BBC-8624-ED04B7CF025E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2017-06-14] (Microsoft Corporation)
Task: {3D85ED65-FE9C-4C16-A714-1B4BB6639FCE} - System32\Tasks\Norton Product InstallerIdle => C:\Users\Admin\AppData\Local\Temp\in364BB553\1927CDD6_stp\SymInstallStub.exe <==== ATTENTION
Task: {623876C6-874D-4E1A-A310-BBB5D96696A3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {65FA1BCB-CA73-48A1-9D26-E2B02B27F904} - System32\Tasks\Avira\System Speedup\SpeedupSysTray => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe
Task: {7067D9CC-5F78-48B3-816B-9D295A06DE56} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {71E26DD1-6BC0-48DB-8D98-265AD72DA8A5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-12-13] (Google Inc.)
Task: {913208C3-DC68-4D3F-8990-4B5921C8246F} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
Task: {F24DBDDE-DB9E-4A1E-BD85-D02D9B7543FD} - System32\Tasks\Norton Security Scan for Admin => C:\PROGRA~1\NORTON~2\Engine\430~1.44\Nss.exe
Task: {F49528C0-F668-4259-98A1-32755C4FE134} - System32\Tasks\Opera scheduled Autoupdate 1451160839 => C:\Program Files\Opera\launcher.exe [2017-06-12] (Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Norton Product InstallerIdle.job => C:\Users\Admin\AppData\Local\Temp\in364BB553\1927CDD6_stp\SymInstallStub.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-02-17 21:55 - 2017-01-23 10:39 - 19337216 _____ () C:\Program Files\Bloody6\Bloody6\Bloody6.exe
2013-08-22 01:55 - 2013-06-18 14:17 - 00364544 _____ () C:\Windows\System32\msjetoledb40.dll
2017-02-17 21:55 - 2013-10-11 09:43 - 00085504 _____ () C:\Program Files\Bloody6\Bloody6\DLL\DLL_ZoomControl.dll
2017-02-17 21:55 - 2016-05-26 15:28 - 04672512 _____ () C:\Program Files\Bloody6\Bloody6\Data\RES\Forms\Internet_Advertisement\Internet_Advertisement_DLL.dll
2017-03-22 19:03 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\Admin\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-03-22 19:03 - 2017-03-22 19:03 - 01082880 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-03-22 19:03 - 2017-03-22 19:03 - 03750400 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-03-22 19:03 - 2017-03-22 19:03 - 00914432 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-03-22 19:03 - 2017-03-22 19:03 - 01127424 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-29 16:31 - 2017-06-29 16:31 - 00148992 _____ () \\?\C:\Users\Admin\AppData\Local\Temp\A128.tmp.node
2017-03-22 19:03 - 2017-04-27 13:39 - 02658296 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-03-22 19:04 - 2017-03-24 15:05 - 02665976 _____ () \\?\C:\Users\Admin\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2016-03-07 21:38 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files\Steam\SDL2.dll
2016-03-07 21:38 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files\Steam\v8.dll
2016-03-07 21:38 - 2017-06-08 07:42 - 02485536 _____ () C:\Program Files\Steam\video.dll
2016-03-07 21:38 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files\Steam\icui18n.dll
2016-03-07 21:38 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files\Steam\icuuc.dll
2016-03-07 21:38 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files\Steam\libavcodec-56.dll
2016-03-07 21:38 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files\Steam\libavformat-56.dll
2016-03-07 21:38 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files\Steam\libavresample-2.dll
2016-03-07 21:38 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files\Steam\libavutil-54.dll
2016-03-07 21:38 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files\Steam\libswscale-3.dll
2016-03-07 21:38 - 2017-06-08 07:42 - 00877856 _____ () C:\Program Files\Steam\bin\chromehtml.DLL
2016-03-12 15:00 - 2016-07-05 00:17 - 00266560 _____ () C:\Program Files\Steam\openvr_api.dll
2016-12-15 14:18 - 2017-05-08 21:45 - 69516064 _____ () C:\Program Files\Steam\bin\cef\cef.win7\libcef.dll
2017-06-08 15:04 - 2017-05-17 03:54 - 00678176 _____ () C:\Program Files\Steam\bin\cef\cef.win7\SDL2.dll
2016-03-07 21:38 - 2017-06-08 07:42 - 00385312 _____ () C:\Program Files\Steam\steam.dll
2016-03-07 21:38 - 2015-09-25 01:52 - 00119208 _____ () C:\Program Files\Steam\winh264.dll
2017-06-28 12:18 - 2017-06-23 04:21 - 02877272 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 12:18 - 2017-06-23 04:21 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\59.0.3071.115\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Admin:Heroes & Generals [38]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:13 - 2017-02-24 10:54 - 00002024 ____N C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

There are 4 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2317573975-763022036-3324800814-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8178DBDE-3298-4B70-8B0A-ED28CDDCB7B6}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A62CCB67-FEA4-4113-919E-21B6F43B0DC9}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{228B7798-4730-47A5-BE81-335625F330F9}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{6913498C-BB9F-492A-BB06-628660778889}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{C37D0A9A-50ED-424B-9A1A-3EEE61570448}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F21234B1-7CA0-4787-8029-E977E18E4B08}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{32261056-00FE-4EBC-9E84-FA6A876EA4D6}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{992AB196-1B7C-4ED0-8E58-5A1977A0F938}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0569ED51-02E7-4153-BF01-1550761EAD12}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{46751841-A3D2-40AA-88BA-FFCC5E2CC686}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{BB2183A8-BE3C-4D83-8356-4FC743CFFD96}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F2943FAB-85CF-4945-B764-015F3796625F}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{FF0B823F-742B-4D0F-8570-B53670457B68}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{24738AEC-CAA4-4D43-93F3-8F1C3F0CC19F}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [TCP Query User{7698CA97-3102-48AB-9758-B9B21124D9B6}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [UDP Query User{EE805211-020C-4889-BC61-B9477F82F6E0}C:\windows\system32\javaw.exe] => (Block) C:\windows\system32\javaw.exe
FirewallRules: [{35FDB715-90D5-4636-B151-14299001B71C}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{DC0F468D-891A-422B-9FF0-3A9D784E8FC5}] => (Allow) C:\WarThunder\launcher.exe
FirewallRules: [{977968DF-48D3-4EE1-921A-EE03B01E30A8}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [{59808A09-354B-4139-8ED1-54913FC1EA54}] => (Allow) C:\WarThunder\bpreport.exe
FirewallRules: [TCP Query User{6CF72E37-589C-43E2-B8CA-EEF46E5FE733}C:\warthunder\aces.exe] => (Block) C:\warthunder\aces.exe
FirewallRules: [UDP Query User{6E8A008E-ABF7-4CE0-B1AE-7BD9C841CBC1}C:\warthunder\aces.exe] => (Block) C:\warthunder\aces.exe
FirewallRules: [TCP Query User{FE4E984E-3C6D-4A97-8CA9-98F858CD2DAD}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [UDP Query User{E315DF89-6453-4830-A327-5542B54C832D}C:\warthunder\launcher.exe] => (Block) C:\warthunder\launcher.exe
FirewallRules: [TCP Query User{0D7C5132-A073-48A7-B882-37B41E1E9018}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{E99E3E43-83DE-4586-A30B-A9943C0BDF8C}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{F61C3BD5-25BB-4D7E-9B00-5468C63CCFF9}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{2FA4D18F-5F19-4AC7-A330-E48155F6FE6B}] => (Allow) C:\Program Files\Steam\Steam.exe
FirewallRules: [{98791FAB-0C7D-4BC4-8316-9649D51CD961}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [{4E51CDDD-472C-4394-BD2D-91D7579EE93A}] => (Allow) C:\Program Files\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{B8E981B5-BB85-439B-8C18-BFB4D1A6D5FF}C:\warthunder\win32\aces.exe] => (Block) C:\warthunder\win32\aces.exe
FirewallRules: [UDP Query User{011B0F51-7BE3-41CB-B77B-C5C7DF49348C}C:\warthunder\win32\aces.exe] => (Block) C:\warthunder\win32\aces.exe
FirewallRules: [{576CCF09-B57D-4594-A1B8-65D2DC60385E}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe
FirewallRules: [{3749259B-BA06-4E07-BCAB-47F2FF841F77}] => (Allow) C:\Program Files\Heroes & Generals\live\hng.exe
FirewallRules: [{AAC91DC0-F1F2-4093-891C-3B425F669D1A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{9B3328B2-79F5-46D9-8F92-0942356910F9}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{1F8BB0A6-9A63-4154-BBDE-BEA93D9F4A44}] => (Allow) C:\ProgramData\Outlose\Outlose.exe
FirewallRules: [{E35A27B7-39E6-4F0B-94FB-0BA8542E930E}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{F44A92EA-F5F0-48D2-B89D-6F3776DE6628}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{E6049A08-892F-4D78-A2C5-6FEBC8FD5CBB}] => (Allow) C:\Program Files\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{51E9F958-629D-4162-A382-7900DF7B5849}] => (Allow) C:\Program Files\Origin Games\Need for Speed(TM) Most Wanted\NFS13.exe
FirewallRules: [{B9915E19-707F-4325-8865-C027C1E5439B}] => (Allow) C:\Program Files\Gunbean\Application\chrome.exe
FirewallRules: [{F8F65750-2E32-4873-A195-70C0C6DB45C0}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CFDC28E9-0B80-405D-BE4A-E7166F59503E}] => (Allow) C:\Program Files\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A5BF29D4-59D6-43BF-9693-CF9B70F6D254}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{18BFAE0C-2351-462E-941A-3F95716C2E90}] => (Allow) C:\Program Files\Steam\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{645EE6AD-0E4E-425B-A7E3-5B5C60DEBDD3}] => (Allow) C:\Program Files\Steam\steamapps\common\SNOW\Bin32\playSNOW.exe
FirewallRules: [{FF5EE516-5CE0-46BF-AE81-A0575938315E}] => (Allow) C:\Program Files\Steam\steamapps\common\SNOW\Bin32\playSNOW.exe
FirewallRules: [{8EBEE62A-5CB1-4B9E-8E8B-4C7FC78DF599}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{78B6E7E5-DAFB-451C-96A8-94A41C64FA8F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{30519396-686D-4644-8DF4-EF2D41149412}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DA2428D8-D9AB-45F9-8DE0-9E09FD44CF54}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{26A3E6E0-3981-4772-9234-8C6A7F9069D2}] => (Allow) C:\Program Files\Firefox\Firefox.exe
FirewallRules: [TCP Query User{2B78D687-8F08-4257-8C2A-B071D3C0638C}C:\program files\steam\steamapps\common\happywars\happywars.exe] => (Block) C:\program files\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [UDP Query User{7F0BAAC9-53D3-479E-8D4A-498E7E822033}C:\program files\steam\steamapps\common\happywars\happywars.exe] => (Block) C:\program files\steam\steamapps\common\happywars\happywars.exe
FirewallRules: [{78BE0613-9CAB-4124-AF84-FED691054BA5}] => (Allow) C:\Program Files\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{08A1F609-1857-49E7-ACBB-FB840ECED257}] => (Allow) C:\Program Files\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{0B0BE37F-AED0-4D03-8289-ED6CA5F270F9}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [UDP Query User{C9E185C9-E865-4F20-AB41-AE3B4C8C348E}C:\games\world_of_warships\wowslauncher.exe] => (Block) C:\games\world_of_warships\wowslauncher.exe
FirewallRules: [{F108D385-D36C-4D94-AA20-6A88BBA37B79}] => (Allow) C:\Program Files\Steam\steamapps\common\Ball 3D\Ball 3D.exe
FirewallRules: [{D7DE660B-EC1F-420A-BEC0-BEC85663A51D}] => (Allow) C:\Program Files\Steam\steamapps\common\Ball 3D\Ball 3D.exe
FirewallRules: [{D7D8A8CE-098F-4C79-A4DF-271E03215581}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{B5A9BCC7-2363-42F9-9E93-1D1D2CF16E58}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [TCP Query User{5FAA4650-4578-4630-9A0F-B189F75B8E0C}C:\warthunder\win32\aces.exe] => (Block) C:\warthunder\win32\aces.exe
FirewallRules: [UDP Query User{77007447-A692-415B-B75D-48558F0A970A}C:\warthunder\win32\aces.exe] => (Block) C:\warthunder\win32\aces.exe
FirewallRules: [TCP Query User{95720FBD-8BDB-48E4-9C8B-E92082A958A1}C:\games\crossout\launcher.exe] => (Allow) C:\games\crossout\launcher.exe
FirewallRules: [UDP Query User{9AA360E4-9D23-411A-B018-A0B4A2E2AB9F}C:\games\crossout\launcher.exe] => (Allow) C:\games\crossout\launcher.exe
FirewallRules: [{30BDEF5B-EFE0-41A0-A33D-90E92958D60E}] => (Block) C:\games\crossout\launcher.exe
FirewallRules: [{3B015826-6E50-41FC-94D8-DD3C3D17FCB1}] => (Block) C:\games\crossout\launcher.exe
FirewallRules: [{E8925D5C-DB01-447B-A20D-EF642A6994DD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{27F584B8-F2DC-4F59-A6F1-BC7A2EE0D199}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{64430D58-88CE-40D3-AD7E-3B4139A29AF4}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{226CAB66-6715-4252-A0B7-2260DF4243CE}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{42AC33D6-D9B9-49FE-BE59-ED3D61C9ADCC}] => (Allow) C:\Program Files\Opera\45.0.2552.888\opera.exe
FirewallRules: [{7E18A779-DBA9-4ABC-AAD7-FE6AA3E7F622}] => (Allow) C:\Program Files\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{1BC927AE-0A10-4D2D-B8AE-57A62395FEA3}] => (Allow) C:\Program Files\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{99BBE992-D6C2-46BD-A91F-F92A21BF7E74}] => (Allow) C:\Program Files\Avira\Scout\Application\scout.exe
FirewallRules: [{0226578E-CD21-4A16-A0D3-01078EA739C3}] => (Allow) C:\Program Files\Opera\45.0.2552.898\opera.exe
FirewallRules: [{D19A0873-9E91-4654-A620-3C8222B0F327}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{43D05C11-955C-494C-B00E-ABB5284E5D38}] => (Allow) C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{115CEC3B-F235-4E24-AFFD-F8378CF01925}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{437664F6-A371-4555-A36E-3C3CAF52651A}] => (Allow) C:\Program Files\Steam\steamapps\common\Happy Room\Happy Room.exe
FirewallRules: [{FC5B6ED9-2962-4005-80F8-AA0E456DD7D3}] => (Allow) C:\Program Files\Steam\steamapps\common\Happy Room\Happy Room.exe

==================== Restore Points =========================

17-06-2017 18:21:00 Avira System Speedup 1.0.0
24-06-2017 18:21:45 Naplánovaný kontrolní bod
27-06-2017 14:21:24 Nainstalováno rozhraní DirectX

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/29/2017 04:34:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\users\admin\documents\ati.ace\core-static\SLSTaskbar64.exe se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (06/29/2017 04:27:53 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database

Error: (06/29/2017 04:16:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: Service_KMS.exe, verze: 11.0.0.0, časové razítko: 0x52a8d15d
Název chybujícího modulu: unknown, verze: 0.0.0.0, časové razítko: 0x00000000
Kód výjimky: 0x00000000
Posun chyby: 0x015c01a0
ID chybujícího procesu: 0xd78
Čas spuštění chybující aplikace: 0x01d2f0e22ed2dcc2
Cesta k chybující aplikaci: C:\Program Files\KMSpico\Service_KMS.exe
Cesta k chybujícímu modulu: unknown
ID zprávy: 7ae9dd93-5cd5-11e7-9793-001cc073b75c
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (06/29/2017 04:12:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Program adwcleaner_6.047.exe verze 6.0.4.7 přestal spolupracovat se systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID procesu: 2700

Čas spuštění: 01d2f0e0e7428a23

Čas ukončení: 13

Cesta k aplikaci: C:\Users\Admin\Desktop\adwcleaner_6.047.exe

ID hlášení: f80fa193-5cd4-11e7-9792-001cc073b75c

Úplný název chybujícího balíčku: 

ID aplikace související s chybujícím balíčkem:

Error: (06/29/2017 03:48:36 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\users\admin\documents\ati.ace\core-static\SLSTaskbar64.exe se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (06/28/2017 06:01:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: avguard.exe, verze: 15.0.27.30, časové razítko: 0x592fe302
Název chybujícího modulu: MSVCR120.dll, verze: 12.0.21005.1, časové razítko: 0x524f7ce6
Kód výjimky: 0xc0000409
Posun chyby: 0x000a46a9
ID chybujícího procesu: 0x218c
Čas spuštění chybující aplikace: 0x01d2f026275c30e2
Cesta k chybující aplikaci: C:\Program Files\Avira\Antivirus\avguard.exe
Cesta k chybujícímu modulu: C:\Program Files\Avira\Antivirus\MSVCR120.dll
ID zprávy: 17ac643b-5c1b-11e7-9792-001cc073b75c
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (06/28/2017 05:49:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: avguard.exe, verze: 15.0.27.30, časové razítko: 0x592fe302
Název chybujícího modulu: MSVCR120.dll, verze: 12.0.21005.1, časové razítko: 0x524f7ce6
Kód výjimky: 0xc0000409
Posun chyby: 0x000a46a9
ID chybujícího procesu: 0x1874
Čas spuštění chybující aplikace: 0x01d2eea6e35c9051
Cesta k chybující aplikaci: C:\Program Files\Avira\Antivirus\avguard.exe
Cesta k chybujícímu modulu: C:\Program Files\Avira\Antivirus\MSVCR120.dll
ID zprávy: 63aa47da-5c19-11e7-9792-001cc073b75c
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (06/28/2017 12:16:49 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Svazek Rezervováno systémem nebyl optimalizován, protože byla zjištěna chyba: Parametr není správný. (0x80070057).

Error: (06/28/2017 12:09:17 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Generování kontextu aktivace pro c:\users\admin\documents\ati.ace\core-static\SLSTaskbar64.exe se nezdařilo.
Závislé sestavení Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" nelze najít.
Podrobnější diagnostické údaje získáte pomocí programu sxstrace.exe.

Error: (06/27/2017 09:11:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: csgo.exe, verze: 0.0.0.0, časové razítko: 0x5923a690
Název chybujícího modulu: tier0.dll, verze: 0.0.0.0, časové razítko: 0x59442c29
Kód výjimky: 0xc0000409
Posun chyby: 0x00028704
ID chybujícího procesu: 0x11cc
Čas spuštění chybující aplikace: 0x01d2ef787be5d780
Cesta k chybující aplikaci: C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
Cesta k chybujícímu modulu: C:\Program Files\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll
ID zprávy: 7730dd14-5b6c-11e7-9792-001cc073b75c
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:


System errors:
=============
Error: (06/29/2017 05:41:56 PM) (Source: DCOM) (EventID: 10010) (User: Deti)
Description: Server {1B1F472E-3221-4826-97DB-2C2324D389AE} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/29/2017 04:31:19 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (06/29/2017 04:31:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: Server {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A} se v daném časovém limitu neregistroval u služby DCOM.

Error: (06/29/2017 04:31:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba Origin Web Helper Service neuspěla při spuštění v důsledku následující chyby: 
Služba neodpověděla na řídicí nebo zahajovací požadavek dostatečně včas.

Error: (06/29/2017 04:31:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Při čekání na připojení služby Origin Web Helper Service bylo dosaženo časového limitu (120000 ms).

Error: (06/29/2017 04:28:56 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby při nečinnosti jsou u logického procesoru Hyper-V 1 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (06/29/2017 04:28:56 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 34) (User: NT AUTHORITY)
Description: Funkce řízení spotřeby při nečinnosti jsou u logického procesoru Hyper-V 0 zakázány z důvodu potíží s firmwarem. Požádejte výrobce počítače o aktualizovaný firmware.

Error: (06/29/2017 04:23:32 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Správce služeb se pokusil o opravnou akci (Restartovat službu) po nečekaném ukončení služby Windows Search, ale tato akce selhala kvůli následující chybě: 
Instance této služby je již spuštěna.

Error: (06/29/2017 04:23:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.

Error: (06/29/2017 04:23:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund: Restartovat službu.


CodeIntegrity:
===================================
  Date: 2017-02-16 16:43:53.362
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-16 13:06:44.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-15 13:08:21.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-14 14:06:34.408
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-14 13:20:52.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-11 08:31:05.192
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-11 08:16:35.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-10 20:45:03.335
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-10 19:45:16.463
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.

  Date: 2017-02-10 19:17:18.245
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume2\Program Files\Elex-tech\YAC\iSafeSrvMon.dll that did not meet the Windows signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
Percentage of memory in use: 54%
Total physical RAM: 3324.9 MB
Available physical RAM: 1519.41 MB
Total Virtual: 4668.9 MB
Available Virtual: 1873.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.13 GB) (Free:124.05 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 3674E3B4)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================