Additional scan result of Farbar Recovery Scan Tool (x64) Version:08-06-2015 Ran by Pepe at 2015-06-10 18:45:30 Running from D:\Download\POMOC Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3830420742-2577819057-3274834747-500 - Administrator - Disabled) Gość (S-1-5-21-3830420742-2577819057-3274834747-501 - Limited - Disabled) Pepe (S-1-5-21-3830420742-2577819057-3274834747-1000 - Administrator - Enabled) => C:\Users\Pepe ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.144 - Adobe Systems Incorporated) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated) Adobe Flash Player 16 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) Arma Cold War Assault Uninstall (HKLM-x32\...\Arma Cold War Assault) (Version: - ) Astroburn Lite (HKLM-x32\...\Astroburn Lite) (Version: 1.8.0.0183 - Disc Soft Ltd) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software) BitSpirit v3.6.0.550 Stable (HKLM-x32\...\BitSpirit_is1) (Version: - LANSPIRIT.NET) Dangerous Waters (HKLM-x32\...\{DCFF5D9C-C618-45C9-A61E-14A6981F28C6}) (Version: - ) e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.3 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 7.0.3 - Ministerstwo Finansow) Hidden foobar2000 v1.3.1 (HKLM-x32\...\foobar2000) (Version: 1.3.1 - Peter Pawlowski) Freemake Video Converter wersja 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation) Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.3 - Ellora Assets Corporation) Game of Thrones - A Telltale Games Series (HKLM-x32\...\Game of Thrones - A Telltale Games Series_is1) (Version: - Telltale Games) Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version: - ) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle) K-Lite Codec Pack 10.8.0 Standard (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - ) LOOT (HKLM-x32\...\LOOT) (Version: 0.6.1 - LOOT Development Team) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) NEC Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}) (Version: 1.0.19.0 - NEC Electronics Corporation) NEC Electronics USB 3.0 Host Controller Driver (x32 Version: 1.0.19.0 - NEC Electronics Corporation) Hidden Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.53.2 - Black Tree Gaming) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.5 - Notepad++ Team) NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Oolite 1.80.0.5831-140629-07cbf8f (HKLM-x32\...\Oolite) (Version: - ) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenTTD 1.5.0 (HKLM-x32\...\OpenTTD) (Version: 1.5.0 - OpenTTD) Opera Stable 29.0.1795.60 (HKLM-x32\...\Opera 29.0.1795.60) (Version: 29.0.1795.60 - Opera Software ASA) Opera Stable 30.0.1835.59 (HKLM-x32\...\Opera 30.0.1835.59) (Version: 30.0.1835.59 - Opera Software) Order of Battle: Pacific (HKLM-x32\...\T3JkZXJvZkJhdHRsZVBhY2lmaWM=_is1) (Version: 1 - ) Pillars of Eternity (HKLM-x32\...\1207666813_is1) (Version: 2.0.0.1 - GOG.com) Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek) Space Hulk Ascension (HKLM-x32\...\Space Hulk Ascension_is1) (Version: - ) Spolszczenie do Game of Thrones Sezon I (HKLM-x32\...\Spolszczenie do Game of Thrones) (Version: 1.0 - GrajPoPolsku) STAR WARS® - Knights of the Old Republic™ (HKLM-x32\...\1207666283_is1) (Version: 2.0.0.3 - GOG.com) STAR WARS® Jedi Knight - Dark Forces 2 (HKLM-x32\...\1422286819_is1) (Version: 2.0.0.3 - GOG.com) Steel Armor (HKLM-x32\...\Steel Armor_is1) (Version: Steel Armor - Strategy First) Steel Armor (HKU\S-1-5-21-3830420742-2577819057-3274834747-1000\...\Steel Armor) (Version: - UIG Entertainment) Steel Armor Blaze of War Update 581 (aug12) (HKLM-x32\...\Steel Armor Blaze of War Update 581 (aug12)) (Version: - ) Steel Panthers World At War v8.20 (HKLM-x32\...\spwawv820Public) (Version: - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH) The Elder Scrolls V Skyrim Dragonborn (c) Bethesda Softworks version 1 (HKLM-x32\...\The Elder Scrolls V Skyrim Dragonborn (c) Bethes~300CD4A2_is1) (Version: 1 - ) War Thunder Launcher 1.0.1.502 (HKLM-x32\...\{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1) (Version: - Gaijin Entertainment) WinRAR 5.10 (64-bitowy) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH) Worms Revolution (HKLM-x32\...\Worms Revolution_is1) (Version: - ) Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.5 - Wrye & Wrye Bash Development Team) Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.1.0 - Ministerstwo Finansów) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= 10-06-2015 17:32:23 Removed Skype™ 7.5 10-06-2015 17:47:03 Installed Microsoft Fix it 50884 ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {29FE0F02-3BF9-4430-802E-80303285959E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {2C683FF4-863C-4555-A3BB-3A114B5B6C34} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {3A706C94-7E09-4091-A0A9-4837DA4E3129} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-03-07] (Adobe Systems Incorporated) Task: {5A6F2DA0-C63F-4F5F-A42D-6013576FC1FA} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {680E2BDE-B89A-4924-994C-044766E472FD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.) Task: {68FCA40B-6589-40AD-BEDD-23DCF099B0A4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-05-26] (Avast Software s.r.o.) Task: {7A92CAFD-DDA3-4D23-A3AF-B4A1F85D2AF2} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {A1DE7F67-9EE1-469D-B4A1-20AD3013477C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {A3868083-2B82-4A67-A737-06C7DB2A024C} - System32\Tasks\Opera scheduled Autoupdate 1411478667 => C:\Program Files (x86)\Opera\launcher.exe [2015-06-10] (Opera Software) Task: {C3FBB935-6523-41FA-AD39-F4BA31B7D99A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-11] (Google Inc.) Task: {C96A4DC8-007B-4080-972B-AC479A45D13E} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {CF034D55-ACA1-4075-9B0E-584A3C80C949} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2014-09-24] (Microsoft Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll 2014-11-20 22:23 - 2014-11-20 22:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll 2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll 2014-11-20 22:23 - 2014-11-20 22:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2015-05-26 16:12 - 2015-05-26 16:12 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll 2015-05-26 16:12 - 2015-05-26 16:12 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2015-06-10 16:44 - 2015-06-10 16:44 - 02953216 _____ () C:\Program Files\AVAST Software\Avast\defs\15061000\algo.dll 2015-03-28 11:52 - 2015-03-28 11:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2015-06-10 16:35 - 2015-06-10 11:45 - 01649272 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libglesv2.dll 2015-06-10 16:35 - 2015-06-10 11:45 - 00081016 _____ () C:\Program Files (x86)\Opera\30.0.1835.59\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3830420742-2577819057-3274834747-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pepe\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 217.113.224.35 - 217.113.224.135 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: avast! Antivirus => 2 MSCONFIG\Services: AvastVBoxSvc => 3 MSCONFIG\Services: BFE => 2 MSCONFIG\startupreg: AvastUI.exe => "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{EED13A56-F1B4-4922-B060-AC423DC0B907}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [TCP Query User{6B9669D2-28CF-4643-BF82-8725CC9831E4}D:\games\freeorion\freeoriond.exe] => (Allow) D:\games\freeorion\freeoriond.exe FirewallRules: [UDP Query User{D554ADE6-54D9-4B81-9611-931523BD4ABF}D:\games\freeorion\freeoriond.exe] => (Allow) D:\games\freeorion\freeoriond.exe FirewallRules: [{321E58D9-EAFD-437A-857F-C640A653CE30}] => (Allow) C:\Program Files (x86)\BitSpirit\BitSpirit.exe FirewallRules: [{9D424BAD-85F2-429C-9679-C9F7C299F092}] => (Allow) C:\Program Files (x86)\BitSpirit\BitSpirit.exe FirewallRules: [{3C6E7198-5842-4A82-BDDD-34AAFFA0A9E1}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{442F26E3-589C-4A13-9E7A-BD67845E0726}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{3802AA6B-36EB-4D79-8376-842D39CF74E0}] => (Allow) D:\games\Arma Cold War Assault\ColdWarAssault.exe FirewallRules: [{5C20EFB2-4460-45BF-8B75-17008607C46E}] => (Allow) D:\games\Arma Cold War Assault\ColdWarAssault.exe FirewallRules: [{8844B3DE-E5C3-4C82-8894-CE1D8D3F9404}] => (Allow) D:\games\Arma Cold War Assault\ColdWarAssault_Server.exe FirewallRules: [{661655F0-A457-4625-AA34-8C6359808D8F}] => (Allow) D:\games\Arma Cold War Assault\ColdWarAssault_Server.exe FirewallRules: [TCP Query User{2476E03D-558D-4EE4-A4FB-97D9503E9CCC}D:\teamspeak server\ts3server_win64.exe] => (Allow) D:\teamspeak server\ts3server_win64.exe FirewallRules: [UDP Query User{9AAEDC4D-7CD1-4E01-8E41-DF9B0CF01C6D}D:\teamspeak server\ts3server_win64.exe] => (Allow) D:\teamspeak server\ts3server_win64.exe FirewallRules: [TCP Query User{DDA67594-B9D0-4AF1-B653-5BD54B0464F8}D:\iso\the ship\data\the ship\ship.exe] => (Allow) D:\iso\the ship\data\the ship\ship.exe FirewallRules: [UDP Query User{A2055B0A-EF06-492E-9B4C-2B64F4CC1E2D}D:\iso\the ship\data\the ship\ship.exe] => (Allow) D:\iso\the ship\data\the ship\ship.exe FirewallRules: [TCP Query User{35DCACFB-1FE5-4409-A05F-74CF522821E5}D:\games\i.g.i 3 - the mark\themark.exe] => (Allow) D:\games\i.g.i 3 - the mark\themark.exe FirewallRules: [UDP Query User{C5F5BFDA-F439-4695-B699-0CE2B8A38F55}D:\games\i.g.i 3 - the mark\themark.exe] => (Allow) D:\games\i.g.i 3 - the mark\themark.exe FirewallRules: [TCP Query User{BC341A50-952C-4121-A2A1-FEF48A0A8AEB}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe FirewallRules: [UDP Query User{5F06D383-D1EC-4C61-AFD3-976ABCD0CF4C}C:\windows\syswow64\dpnsvr.exe] => (Allow) C:\windows\syswow64\dpnsvr.exe FirewallRules: [TCP Query User{28D94E62-BB69-46DD-BFC2-070EF9962F23}D:\games\outlaws\outlaws.exe] => (Allow) D:\games\outlaws\outlaws.exe FirewallRules: [UDP Query User{555065ED-A96E-49A9-A03F-407A50E9326C}D:\games\outlaws\outlaws.exe] => (Allow) D:\games\outlaws\outlaws.exe FirewallRules: [TCP Query User{DD7913EA-CEBF-4314-B5CB-A415B686845A}D:\games\igi 2\pc\igi2.exe] => (Allow) D:\games\igi 2\pc\igi2.exe FirewallRules: [UDP Query User{A69F211C-ADD6-4C3F-AFD7-3556AAFC7B78}D:\games\igi 2\pc\igi2.exe] => (Allow) D:\games\igi 2\pc\igi2.exe FirewallRules: [TCP Query User{AADD2E3E-850B-4A1C-B464-B36A1CB1102A}D:\games\delta force xtreme\dfx.exe] => (Allow) D:\games\delta force xtreme\dfx.exe FirewallRules: [UDP Query User{6725F766-2B81-416A-9235-8B56A127A2E3}D:\games\delta force xtreme\dfx.exe] => (Allow) D:\games\delta force xtreme\dfx.exe FirewallRules: [{1E0CACAB-FEE0-404F-90BF-7B8175466541}] => (Allow) LPort=80 FirewallRules: [{EBE117DF-B975-4731-A3A2-AF183846E26E}] => (Allow) LPort=443 FirewallRules: [{A85EC5E9-1478-4383-A5E5-4A30F7E2C79F}] => (Allow) LPort=20010 FirewallRules: [{A6EA1717-5026-4D22-8212-E7493B456954}] => (Allow) LPort=3478 FirewallRules: [{400E339B-1FD6-4470-AC15-E4CA9E9BDB10}] => (Allow) LPort=7850 FirewallRules: [{FC537A3C-7FE6-49B1-9952-0B3826C2C56D}] => (Allow) LPort=7852 FirewallRules: [{5F8D27C0-174F-4704-A2BE-D48F1A09C169}] => (Allow) LPort=7853 FirewallRules: [{F68152E0-841A-4C80-90E4-8B5CC4577437}] => (Allow) LPort=27022 FirewallRules: [{8E8186B1-B9FF-4635-8AF0-BB8DCF5503FD}] => (Allow) LPort=6881 FirewallRules: [{596842EB-C0CE-462A-AB4D-62BE3D25BB1C}] => (Allow) LPort=33333 FirewallRules: [{7BC78D7F-5031-41A9-9FAC-77250156DD2A}] => (Allow) LPort=20443 FirewallRules: [{9DEBEB28-2B6B-4B4D-AA47-BA1BE359FCB3}] => (Allow) LPort=8090 FirewallRules: [{2550A241-57B4-425F-8180-692C89D32958}] => (Allow) D:\games\WarThunder\launcher.exe FirewallRules: [{4B5FDE2B-BD20-43A2-81FF-17092A28A0FF}] => (Allow) D:\games\WarThunder\launcher.exe FirewallRules: [TCP Query User{1890908C-AC72-4F59-912A-EDACBBAF9811}D:\games\warthunder\aces.exe] => (Allow) D:\games\warthunder\aces.exe FirewallRules: [UDP Query User{0172C951-8DFD-4A64-97F9-7F418749A0EB}D:\games\warthunder\aces.exe] => (Allow) D:\games\warthunder\aces.exe FirewallRules: [{85FE0423-79C3-441D-B2F5-D8DB7ED8F6EB}] => (Allow) D:\games\WarThunder\bpreport.exe FirewallRules: [{B1E98852-FFED-4EDE-B30D-7E55642C9584}] => (Allow) D:\games\WarThunder\bpreport.exe FirewallRules: [TCP Query User{AC3DC537-3A60-4F62-8196-401C6183635E}D:\games\dangerous waters\dangerouswaters.exe] => (Allow) D:\games\dangerous waters\dangerouswaters.exe FirewallRules: [UDP Query User{BC2E9FA0-1A4E-4A39-B4F2-B005BE189E83}D:\games\dangerous waters\dangerouswaters.exe] => (Allow) D:\games\dangerous waters\dangerouswaters.exe FirewallRules: [{0FF29B4B-69B2-45E4-B594-A1ECEBE5148A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{52D14D9A-2062-4871-B3D5-D5FC9C57494A}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe FirewallRules: [{4D425A7C-A9ED-4F5F-BC59-E3C534286E82}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe ==================== Faulty Device Manager Devices ============= Name: Standardowa klawiatura PS/2 Description: Standardowa klawiatura PS/2 Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Klawiatury standardowe) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (06/10/2015 03:26:39 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Wystąpił nieokreślony błąd podczas przywracania systemu: (Instalator modułów systemu Windows). Informacje dodatkowe: 0x80070057. Error: (06/10/2015 02:29:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe_SysMain, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: sysmain.dll, wersja: 6.1.7601.17514, sygnatura czasowa: 0x4ce7c9db Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000017ef1 Identyfikator procesu powodującego błąd: 0x760 Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe_SysMain0 Ścieżka aplikacji powodującej błąd: svchost.exe_SysMain1 Ścieżka modułu powodującego błąd: svchost.exe_SysMain2 Identyfikator raportu: svchost.exe_SysMain3 Error: (06/10/2015 02:26:27 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll (4412) SUS20ClientDataStore: Odzyskiwanie/przywracanie bazy danych nie powiodło się z powodu nieoczekiwanego błędu: -501. Error: (06/10/2015 02:26:27 PM) (Source: ESENT) (EventID: 465) (User: ) Description: wuaueng.dll (4412) SUS20ClientDataStore: Podczas odzyskiwania programowego wykryto uszkodzenie w pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Rekord z nieprawidłową sumą kontrolną znajduje się na pozycji END. Dane niezgodne ze wzorem wypełnienia pliku dziennika pojawiły się najpierw w sektorze 1192 (0x000004A8). Plik dziennika został uszkodzony i jest nieużyteczny. Error: (06/10/2015 02:26:25 PM) (Source: ESENT) (EventID: 465) (User: ) Description: wuaueng.dll (4412) SUS20ClientDataStore: Podczas odzyskiwania programowego wykryto uszkodzenie w pliku dziennika C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log. Rekord z nieprawidłową sumą kontrolną znajduje się na pozycji END. Dane niezgodne ze wzorem wypełnienia pliku dziennika pojawiły się najpierw w sektorze 1192 (0x000004A8). Plik dziennika został uszkodzony i jest nieużyteczny. Error: (06/10/2015 02:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe_wuauserv, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: msxml3.dll, wersja: 8.110.7601.18782, sygnatura czasowa: 0x54fe637a Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0000000000001c44 Identyfikator procesu powodującego błąd: 0x110 Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe_wuauserv0 Ścieżka aplikacji powodującej błąd: svchost.exe_wuauserv1 Ścieżka modułu powodującego błąd: svchost.exe_wuauserv2 Identyfikator raportu: svchost.exe_wuauserv3 Error: (06/10/2015 02:21:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: CCC.exe, wersja: 4.5.0.0, sygnatura czasowa: 0x53ad0dcc Nazwa modułu powodującego błąd: clr.dll, wersja: 4.0.30319.34209, sygnatura czasowa: 0x5348a1ef Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x00000000001f31b5 Identyfikator procesu powodującego błąd: 0x70c Godzina uruchomienia aplikacji powodującej błąd: 0xCCC.exe0 Ścieżka aplikacji powodującej błąd: CCC.exe1 Ścieżka modułu powodującego błąd: CCC.exe2 Identyfikator raportu: CCC.exe3 Error: (06/10/2015 02:21:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Aplikacja: CCC.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu błędu wewnętrznego w środowisku wykonawczym .NET pod adresem IP 000007FEF2EA31B5 (000007FEF2CB0000), kod zakończenia: 80131506. Error: (06/10/2015 02:18:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: svchost.exe_NlaSvc, wersja: 6.1.7600.16385, sygnatura czasowa: 0x4a5bc3c1 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18869, sygnatura czasowa: 0x556366f2 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000000000004ada4 Identyfikator procesu powodującego błąd: 0x488 Godzina uruchomienia aplikacji powodującej błąd: 0xsvchost.exe_NlaSvc0 Ścieżka aplikacji powodującej błąd: svchost.exe_NlaSvc1 Ścieżka modułu powodującego błąd: svchost.exe_NlaSvc2 Identyfikator raportu: svchost.exe_NlaSvc3 Error: (06/10/2015 02:09:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: AdobeARM.exe, wersja: 1.821.13.2315, sygnatura czasowa: 0x54fab3e1 Nazwa modułu powodującego błąd: ntdll.dll, wersja: 6.1.7601.18869, sygnatura czasowa: 0x55636317 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x0002e283 Identyfikator procesu powodującego błąd: 0x988 Godzina uruchomienia aplikacji powodującej błąd: 0xAdobeARM.exe0 Ścieżka aplikacji powodującej błąd: AdobeARM.exe1 Ścieżka modułu powodującego błąd: AdobeARM.exe2 Identyfikator raportu: AdobeARM.exe3 System errors: ============= Error: (06/10/2015 06:06:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 06:06:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Moduły obsługi kluczy IPsec IKE i AuthIP zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 06:06:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 06:06:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Agent zasad IPsec zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 06:05:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 06:05:59 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: Wywołanie ScRegSetValueExW dla Start nie powiodło się i wystąpił następujący błąd: %%5. Error: (06/10/2015 05:58:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 05:58:02 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 05:57:50 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Error: (06/10/2015 05:52:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Usługa Zapora systemu Windows zależy od usługi Podstawowy aparat filtrowania, której nie można uruchomić z powodu następującego błędu: %%1058 Microsoft Office: ========================= Error: (06/10/2015 03:26:39 PM) (Source: System Restore) (EventID: 8210) (User: ) Description: Instalator modułów systemu Windows0x80070057 Error: (06/10/2015 02:29:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_SysMain6.1.7600.163854a5bc3c1sysmain.dll6.1.7601.175144ce7c9dbc00000050000000000017ef176001d0a3778449db84C:\Windows\system32\svchost.exec:\windows\system32\sysmain.dll45d5cb21-0f6c-11e5-99bb-0025226fd62d Error: (06/10/2015 02:26:27 PM) (Source: ESENT) (EventID: 454) (User: ) Description: wuaueng.dll4412SUS20ClientDataStore: -501 Error: (06/10/2015 02:26:27 PM) (Source: ESENT) (EventID: 465) (User: ) Description: wuaueng.dll4412SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.logEND1192 (0x000004A8) Error: (06/10/2015 02:26:25 PM) (Source: ESENT) (EventID: 465) (User: ) Description: wuaueng.dll4412SUS20ClientDataStore: C:\Windows\SoftwareDistribution\DataStore\Logs\edb.logEND1192 (0x000004A8) Error: (06/10/2015 02:25:21 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_wuauserv6.1.7600.163854a5bc3c1msxml3.dll8.110.7601.1878254fe637ac00000050000000000001c4411001d0a3777bfe9011C:\Windows\system32\svchost.exeC:\Windows\System32\msxml3.dllc2b378d0-0f6b-11e5-99bb-0025226fd62d Error: (06/10/2015 02:21:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: CCC.exe4.5.0.053ad0dccclr.dll4.0.30319.342095348a1efc000000500000000001f31b570c01d0a377bb8b8ef9C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll2dbda831-0f6b-11e5-99bb-0025226fd62d Error: (06/10/2015 02:21:10 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Aplikacja: CCC.exe Wersja architektury: v4.0.30319 Opis: proces został przerwany z powodu błędu wewnętrznego w środowisku wykonawczym .NET pod adresem IP 000007FEF2EA31B5 (000007FEF2CB0000), kod zakończenia: 80131506. Error: (06/10/2015 02:18:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: svchost.exe_NlaSvc6.1.7600.163854a5bc3c1ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada448801d0a3777e6251b7C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dllc72dca5d-0f6a-11e5-99bb-0025226fd62d Error: (06/10/2015 02:09:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: AdobeARM.exe1.821.13.231554fab3e1ntdll.dll6.1.7601.1886955636317c00000050002e28398801d0a37645207ca3C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Windows\SysWOW64\ntdll.dll82e01286-0f69-11e5-bbcc-0025226fd62d CodeIntegrity Errors: =================================== Date: 2014-09-27 10:28:46.311 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-27 10:28:46.217 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\win32k.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-27 10:28:46.030 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-27 10:28:45.952 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\HdAudio.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-27 10:28:45.874 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\portcls.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-09-27 10:28:45.780 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\portcls.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom(tm) II X2 550 Processor Percentage of memory in use: 40% Total physical RAM: 4095.24 MB Available physical RAM: 2439.52 MB Total Pagefile: 8188.69 MB Available Pagefile: 6065.86 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:50 GB) (Free:16.41 GB) NTFS Drive d: (MAIN) (Fixed) (Total:400 GB) (Free:63.62 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: AB7694B5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=15.7 GB) - (Type=05) ==================== End of log ============================