Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-03-2021
Ran by Koltmen (22-03-2021 19:15:00)
Running from C:\Users\Koltmen\Desktop
Windows 10 Home Version 2004 19041.867 (X64) (2020-11-28 00:12:09)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-128453223-1902492851-2738235570-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-128453223-1902492851-2738235570-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-128453223-1902492851-2738235570-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-128453223-1902492851-2738235570-501 - Limited - Disabled)
Koltmen (S-1-5-21-128453223-1902492851-2738235570-1001 - Administrator - Enabled) => C:\Users\Koltmen
WDAGUtilityAccount (S-1-5-21-128453223-1902492851-2738235570-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 21.001.20145 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_0) (Version: 18.0.0 - Adobe Systems Incorporated)
Age of Empires II Definitive Edition (HKLM-x32\...\Age of Empires II Definitive Edition_is1) (Version:  - )
AIDA64 Extreme v5.90 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 5.90 - FinalWire Ltd.)
Autodesk Material Library Base Resolution Image Library 2018 (HKLM-x32\...\{FCDED119-A969-4E48-8A32-D21AD6B03253}) (Version: 16.11.1.0 - Autodesk)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 20.1.2397 - AVAST Software)
Bloody6 (HKLM-x32\...\Bloody3) (Version: 17.04.0003 - Bloody)
Cities Skylines Mass Transit (HKLM-x32\...\Cities Skylines Mass Transit_is1) (Version:  - )
Corel Graphics - Windows Shell Extension (HKLM\...\_{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.0.491 - Corel Corporation)
Corel Graphics - Windows Shell Extension (HKLM\...\{4AB916EE-ABA8-4079-9889-745798B6D809}) (Version: 17.0.491 - Corel Corporation) Hidden
Corel Graphics - Windows Shell Extension 32 Bit (HKLM\...\{FD4A43CE-ABAE-4161-83AC-314A3C804F42}) (Version: 17.0.491 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM Content (x64) (HKLM\...\{EF44BCCD-13F9-4974-862C-CCFAF43EE082}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - IPM T (x64) (HKLM\...\{13179AB2-69FD-459B-800F-81865A501AD4}) (Version: 17.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 - Writing Tools (x64) (HKLM\...\{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}) (Version: 17.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.0.0.491 - Corel Corporation)
Cossacks 3 (HKLM-x32\...\Cossacks 3_is1) (Version:  - )
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.4.0.0190 - Disc Soft Ltd)
Dolby Audio X2 Windows API SDK (HKLM\...\{8738A898-221B-4279-BC87-FEF7938022C1}) (Version: 0.8.8.87 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{D765CF7F-14F9-4C80-B06C-10E68F10EBCC}) (Version: 0.7.2.62 - Dolby Laboratories, Inc.)
DraftSight 2018 SP0 x64 (HKLM\...\{99275069-64ED-476E-A87B-756DC6C8BA59}) (Version: 18.0.2051 - Dassault Systemes)
Euro Truck Simulator 2 v.1.31.1s (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version:  - )
Fallout 4 - Čeština (HKLM-x32\...\{BA700CA0-A940-43A5-9779-560DADB0C245}) (Version: 0.11.0 - prekladyher.eu)
Fallout 4: Game of the Year Edition (HKLM-x32\...\Fallout 4: Game of the Year Edition_is1) (Version: 1.10.89.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.90 - Google LLC)
Heroes of Might & Magic V: Hammers of Fate (HKLM-x32\...\{07BE4679-4318-4413-9701-B3D91354F10C}) (Version:  - )
Heroes of Might and Magic V - Tribes of the East (HKLM-x32\...\{66FF4C48-0083-4E60-8556-B883AB200092}) (Version:  - )
Heroes of Might and Magic V (HKLM-x32\...\{8829DAD4-8F07-4A96-B995-15498EBB8045}) (Version:  - )
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1039 - Intel Corporation)
Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{4FA94F64-1A00-4426-BF58-D08EB592CE1B}) (Version: 3.4.2095 - Intel Corporation) Hidden
Java 8 Update 231 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JetBrains PhpStorm 2017.3 (HKLM-x32\...\PhpStorm 2017.3) (Version: 173.3727.138 - JetBrains s.r.o.)
Lenovo App Explorer (HKU\S-1-5-21-128453223-1902492851-2738235570-1000\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Nerve Sense (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 2.6.11.8 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.5.27.0 - Lenovo Group Ltd.)
Manager (HKLM-x32\...\{8DED36D9-54D6-4127-A112-5A1BA1CDD66B}) (Version: 5.0.26.33533 - 2017 pdfforge GmbH. All rights reserved) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.57 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-128453223-1902492851-2738235570-1001\...\OneDriveSetup.exe) (Version: 21.030.0211.0002 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.23.27820 (HKLM-x32\...\{852adda4-4c78-4a38-b583-c0b360a329d6}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Modus Wils 6.4.1 (13.6.2017) obrázky (HKLM-x32\...\Modus Wils 6.4.1 obrázky_is1) (Version:  - )
MODUS Wils 6.4.1.6, data 2017.6.12.1 (HKLM-x32\...\MODUS Wils 6.4.1 - výpočet umělého osvětlení_is1) (Version:  - ASTRA MS Software s.r.o.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA GeForce Experience 3.7.0.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.7.0.81 - NVIDIA Corporation)
NVIDIA Ovladač 3D Vision 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 391.25 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 391.25 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 391.25 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.5.2 - pdfforge GmbH)
Pomocník při upgradu na Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation)
PuTTY release 0.70 (64-bit) (HKLM\...\{45B3032F-22CC-40CD-9E97-4DA7095FA5A2}) (Version: 0.70.0.0 - Simon Tatham)
qBittorrent 4.1.9.1 (HKLM-x32\...\qBittorrent) (Version: 4.1.9.1 - The qBittorrent project)
SnowRunner (HKLM-x32\...\SnowRunner_is1) (Version:  - )
Speciální aplikace Autodesk 2016-2018 (HKLM-x32\...\{384C4B74-B749-4AB6-9367-4D51A6AA9CB8}) (Version: 2.4.0 - Autodesk)
The Sims 4 v. 1.69.57.1020 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
ToneMaker 1 (HKLM-x32\...\BloodyToneMaker) (Version: 17.10.0006 - Bloody)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.0 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.8 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-3) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-4) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-5) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-128453223-1902492851-2738235570-1001\...\WhatsApp) (Version: 2.2108.8 - WhatsApp)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
XAMPP (HKLM-x32\...\xampp) (Version: 7.1.6-0 - Bitnami)

Packages:
=========
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.181.400.0_x86__kgqvnymyfvs32 [2020-11-13] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_5.6.10.0_x86__h6adky7gbf63m [2020-12-16] (Gameloft SE)
Doplněk multimediálního modulu pro aplikaci Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-12-06] (Microsoft Corporation)
KONICA MINOLTA Print Experience -> C:\Program Files\WindowsApps\KONICAMINOLTAINC.KONICAMINOLTAPrintExperience_1.4.1.0_neutral__s63fsn2sety0r [2020-10-31] (KONICA MINOLTA INC)
KYOCERA Print Center -> C:\Program Files\WindowsApps\A97ECD55.KYOCERAPrintCenter_2.4.31103.0_x64__kqmhh0ktdt7dg [2020-11-13] (KYOCERA Document Solutions Inc)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-25] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2011.20.0_x64__k1h2ywk1493x8 [2020-11-27] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-11-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-25] (Microsoft Studios) [MS Ad]
Royal Revolt 2 -> C:\Program Files\WindowsApps\flaregamesGmbH.RoyalRevolt2_6.4.0.0_x86__g0q0z3kw54rap [2020-12-10] (flaregames GmbH)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.Twitter_6.1.4.1000_neutral__wgeqdkkx372wm [2018-09-09] (Twitter Inc.)
Uživatelský portál Lenovo -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-06-09] (LENOVO INCORPORATED.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-128453223-1902492851-2738235570-1001_Classes\CLSID\{9AAF0EB6-42D8-46C1-A2EF-679511B37A0D}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe /Automation => No File
CustomCLSID: HKU\S-1-5-21-128453223-1902492851-2738235570-1001_Classes\CLSID\{B6EB585B-B467-4E46-A9C7-48D7D6FD26CB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2018\acad.exe => No File
CustomCLSID: HKU\S-1-5-21-128453223-1902492851-2738235570-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2018\cs-CZ\acadficn.dll => No File
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-06-18] (Notepad++ -> )
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-01-31] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-18] (Avast Software s.r.o. -> AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9dc776be3e13ad6d\igfxDTCM.dll [2017-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-03-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2020-03-18] (Avast Software s.r.o. -> AVAST Software)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Koltmen\Desktop\Nová složka\(64х)Euro Truck Simulator 2.lnk -> E:\Hry\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software) <==== Cyrillic
ShortcutWithArgument: C:\Users\Koltmen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2017-06-10 04:19 - 2017-04-29 08:55 - 000075776 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-11-28 01:05 - 2018-03-16 08:47 - 000343728 _____ (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\NvStereo\_nvstapisvr64.dll
2017-06-15 18:12 - 2017-06-15 18:12 - 000116224 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`27hfm [0]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-128453223-1902492851-2738235570-1001\Software\Classes\.scr: AutoCADScriptFile => 

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-128453223-1902492851-2738235570-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-128453223-1902492851-2738235570-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-128453223-1902492851-2738235570-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-128453223-1902492851-2738235570-1001 -> DefaultScope {5C4B48B4-90EA-4CC6-A4D6-846F8531BA12} URL = 
SearchScopes: HKU\S-1-5-21-128453223-1902492851-2738235570-1001 -> {5C4B48B4-90EA-4CC6-A4D6-846F8531BA12} URL = 
SearchScopes: HKU\S-1-5-21-128453223-1902492851-2738235570-1001 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10454__180623__yaie&p={searchTerms}
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_231\bin\jp2ssv.dll [2019-10-19] (Oracle America, Inc. -> Oracle Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-128453223-1902492851-2738235570-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2019-01-04 17:56 - 000000833 _____ C:\WINDOWS\system32\drivers\etc\hosts

2017-09-23 20:28 - 2017-12-09 13:32 - 000000508 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
192.168.137.1 LAPTOP-IOPB4Q9E.mshome.net # 2022 12 4 8 12 32 16 646
192.168.137.98 LGwebOSTV.mshome.net # 2017 12 6 16 12 32 16 645

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\PuTTY\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-128453223-1902492851-2738235570-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-128453223-1902492851-2738235570-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

Network Binding:
=============
Ethernet: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled) 
Wi-Fi: Intel(R) Technology Access Filter Driver -> nt_ndisrd (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
HKLM\...\StartupApproved\Run: => "NerveCenterTray"
HKLM\...\StartupApproved\Run32: => "Autodesk Desktop App"
HKU\S-1-5-21-128453223-1902492851-2738235570-1001\...\StartupApproved\Run: => "AvastBrowserAutoLaunch_93999FABEA234F06C7B01020C0A36A80"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{831BBCC2-8B7A-438C-8CA9-935961C62D67}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [TCP Query User{37138700-7393-4850-93D5-1999537C2AAC}C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{9F81709E-7C13-4DB4-A515-2E82D96E6BF1}E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe () [File not signed]
FirewallRules: [TCP Query User{7702EA67-9FAD-4905-B48B-63AC5467B450}E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe () [File not signed]
FirewallRules: [UDP Query User{08B5E40D-29A0-465D-A4EC-4369ACEDE1E5}E:\hry\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\hry\age of empires ii definitive edition\aoe2de_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9CA9AFE3-0BC3-4A2F-80D8-B991BDDC916C}E:\hry\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\hry\age of empires ii definitive edition\aoe2de_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3D4A62FA-8583-48A3-AC08-5635816AC0FD}E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe () [File not signed]
FirewallRules: [TCP Query User{BD4BB813-D9AB-4955-B417-75A09110670D}E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe] => (Block) E:\hry\age of empires ii definitive edition\battleserver\battleserver.exe () [File not signed]
FirewallRules: [UDP Query User{0E630316-5406-49AF-87F9-D7097FB5BEFB}E:\hry\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\hry\age of empires ii definitive edition\aoe2de_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DB41C3CB-538E-480F-8DE1-A17D30826DEB}E:\hry\age of empires ii definitive edition\aoe2de_s.exe] => (Block) E:\hry\age of empires ii definitive edition\aoe2de_s.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{1A769EA4-319F-408B-BA0B-4241D6548987}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [TCP Query User{1254E1DE-93DD-4F6A-A094-70C7F977F241}C:\program files\qbittorrent\qbittorrent.exe] => (Block) C:\program files\qbittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{BA60EAAC-C861-4BA1-B4D7-6368ED42540A}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{8618EBE4-D1E3-4AE5-B8BF-BDD9C6064CCF}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe () [File not signed]
FirewallRules: [{90AB5324-5F45-4895-B16A-3B11CD226658}] => (Allow) C:\Users\Koltmen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{2517F4A8-231C-4529-9FE1-DE1499F7BD92}] => (Allow) C:\Users\Koltmen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [UDP Query User{61F029A0-1218-45F2-81D6-8B30AAAF9C03}E:\hry\far cry 4\bin\farcry4.exe] => (Block) E:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{66AB788F-4A66-4E89-B535-E6E841A1828B}E:\hry\far cry 4\bin\farcry4.exe] => (Block) E:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{7396B96B-AF78-4D19-9B06-84FE3F5C9509}E:\hry\far cry 4\bin\farcry4.exe] => (Block) E:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [TCP Query User{FF7B3B0B-3BD9-47B7-8D92-A052927CE892}E:\hry\far cry 4\bin\farcry4.exe] => (Block) E:\hry\far cry 4\bin\farcry4.exe => No File
FirewallRules: [UDP Query User{BB8A98E1-74F1-479C-BD62-F8FB2B08A758}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [TCP Query User{1B5F9DE4-E418-4BAF-91A5-812DA97DE5AE}C:\totalcmd\totalcmd64.exe] => (Allow) C:\totalcmd\totalcmd64.exe (Ghisler Software GmbH -> Ghisler Software GmbH)
FirewallRules: [UDP Query User{3BEAEB64-0E74-474A-BC61-C4D830740146}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{8E9E63F7-3C4A-40DA-B0A7-9C2DE57C34A6}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{1F0D74BD-CD31-41CA-B000-4B300F3E386C}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{0D9D7737-38A6-4755-B064-A4C462E4CD68}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{89EA4278-8D28-4AEE-A765-2BC09DA942C2}E:\hry\dead island definitive edition\deadislandgame.exe] => (Allow) E:\hry\dead island definitive edition\deadislandgame.exe => No File
FirewallRules: [TCP Query User{C785A2F1-18B0-4FBD-B6B7-79AA671DCBD5}E:\hry\dead island definitive edition\deadislandgame.exe] => (Allow) E:\hry\dead island definitive edition\deadislandgame.exe => No File
FirewallRules: [UDP Query User{B797195E-7620-4B3A-976C-818BE102EBF9}C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe => No File
FirewallRules: [TCP Query User{A60D2EC3-ECFC-48E3-95AD-CDAF399D7C8C}C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe] => (Allow) C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe => No File
FirewallRules: [UDP Query User{47EC974A-5437-4446-9706-DDADD4429320}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [TCP Query User{74FC1FE6-4B9C-4BEF-8F68-7022CBE6F1FD}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe (MariaDB Corporation Ab -> )
FirewallRules: [UDP Query User{93A0FF13-AA45-40DC-9325-952757982310}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [TCP Query User{5C098133-EE24-4F90-95DA-BB9311401323}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe (Apache Software Foundation) [File not signed]
FirewallRules: [UDP Query User{09032C54-DEB8-4997-8839-2C21E8C44DCC}C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe] => (Block) C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe => No File
FirewallRules: [TCP Query User{B03440A9-F26D-4B81-9558-E8B355B7292E}C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe] => (Block) C:\program files (x86)\sniper ghost warrior 3\win_x64\sgw3.exe => No File
FirewallRules: [UDP Query User{C21D3B8B-BCE7-480A-B9E7-AF41DE825A7A}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Block) C:\program files (x86)\far cry primal\bin\fcprimal.exe => No File
FirewallRules: [TCP Query User{ACC1906E-FC0F-491D-8983-9EAD254B0BD3}C:\program files (x86)\far cry primal\bin\fcprimal.exe] => (Block) C:\program files (x86)\far cry primal\bin\fcprimal.exe => No File
FirewallRules: [{FAB2F1C1-DE10-4219-B509-23728B647504}] => (Allow) C:\Users\Koltmen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{002A751B-B180-4C1C-9AB1-93963445B9CA}] => (Allow) C:\Users\Koltmen\AppData\Roaming\uTorrent\uTorrent.exe => No File
FirewallRules: [{34079105-3F42-4892-9F97-FEE555D15B54}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{19CAE667-0588-4906-BD80-98BB4CA8E9F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{44BEEB68-5CBB-48A7-8BCE-B2E959F6778B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{62CF49B9-FBB3-40EA-AB61-A54293719959}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FA5ACBC3-EB86-4975-86D7-F58709E9AAAC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{C2EF41CB-89F5-4492-BC34-EA6511D37992}E:\hry\spintires\igg-spintires.build 25.12.2015\client\spintires.exe] => (Allow) E:\hry\spintires\igg-spintires.build 25.12.2015\client\spintires.exe => No File
FirewallRules: [UDP Query User{E9AAEDA3-157D-4AEE-87EE-BBF324AE14DB}E:\hry\spintires\igg-spintires.build 25.12.2015\client\spintires.exe] => (Allow) E:\hry\spintires\igg-spintires.build 25.12.2015\client\spintires.exe => No File
FirewallRules: [TCP Query User{2A56D011-5A3E-4799-9165-427319288AC7}E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [UDP Query User{0FBF22B5-370A-482B-BA6F-2DAF492D9CDF}E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [TCP Query User{33256473-5E53-42DB-BE34-71A6141F0940}E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [UDP Query User{56F15FBD-633E-4419-BA74-333A5586D99F}E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe] => (Allow) E:\hry\might and magic heroes vii\binaries\win64\mmh7game-win64-shipping.exe => No File
FirewallRules: [{9EF0DF0C-320B-4416-BBF4-3BB503A5479C}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [{044DB6F8-2537-4749-84CD-5F0A23737AC9}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X7\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation)
FirewallRules: [TCP Query User{B6B487E1-81B0-4566-A23D-917E35D59491}E:\hry\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4 seasons\game\bin\ts4_x64.exe => No File
FirewallRules: [UDP Query User{8F791966-E582-4442-B12A-72F7146D578E}E:\hry\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4 seasons\game\bin\ts4_x64.exe => No File
FirewallRules: [TCP Query User{815BAD04-7DE4-46FC-BCE3-BCE1E0CDCAFA}E:\hry\the sims 4 seasons\game\bin\ts4.exe] => (Allow) E:\hry\the sims 4 seasons\game\bin\ts4.exe => No File
FirewallRules: [UDP Query User{57F29949-5451-4DC7-8ED6-61D3600BB2B2}E:\hry\the sims 4 seasons\game\bin\ts4.exe] => (Allow) E:\hry\the sims 4 seasons\game\bin\ts4.exe => No File
FirewallRules: [{041B8505-C684-4540-BF80-18C2E0122EFB}] => (Block) E:\Hry\Fallout 4\Fallout4.exe (Bethesda Softworks) [File not signed]
FirewallRules: [{8BEDA50C-B621-4152-A43C-60BA97837FE8}] => (Block) E:\Hry\Fallout 4\Fallout4.exe (Bethesda Softworks) [File not signed]
FirewallRules: [TCP Query User{BB876082-D134-4BE5-8F0D-64B97CFF7464}E:\hry\the sims 4\game\bin\ts4.exe] => (Block) E:\hry\the sims 4\game\bin\ts4.exe => No File
FirewallRules: [UDP Query User{E400FC3E-7B1E-4B15-82FD-8F0820D8E89A}E:\hry\the sims 4\game\bin\ts4.exe] => (Block) E:\hry\the sims 4\game\bin\ts4.exe => No File
FirewallRules: [TCP Query User{E266D258-2217-471C-9B9C-9B4D987857A1}E:\hry\the sims 4\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{7EC031EB-A047-4000-A836-CB92671653EA}E:\hry\the sims 4\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{0B211B02-6E5A-4B56-A7B6-06A9EEA4BF05}E:\hry\the sims 4\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{6999B7FA-AD05-4903-89A4-D57053151701}E:\hry\the sims 4\game\bin\ts4_x64.exe] => (Block) E:\hry\the sims 4\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [TCP Query User{C5ED53E7-F443-4727-ACE1-57E8BA2BECBF}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [UDP Query User{6EF3352D-F3B9-4363-AF62-BE448E0AC6D2}C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_211\bin\javaw.exe => No File
FirewallRules: [TCP Query User{929EA27B-0C58-413C-AD79-30D41F327671}C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{85C87285-C6CF-463E-97DD-995F95AFE955}C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Allow) C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe
FirewallRules: [TCP Query User{ED28CA53-C803-42E7-9EC6-A31B7A17253E}C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe
FirewallRules: [UDP Query User{13175525-67CA-473D-9A61-D1A6BE9A59F4}C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe] => (Block) C:\users\koltmen\appdata\roaming\.tlauncher\jvms\jre1.8.0_51\bin\javaw.exe
FirewallRules: [{5E4DEFA5-A2A9-4625-94B9-A44A6FFD5D31}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

07-03-2021 07:14:17 Removed Command & Conquer™ Red Alert™ 3
12-03-2021 20:35:11 Instalační služba modulů systému Windows
21-03-2021 11:39:29 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/21/2021 08:25:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Místní  disk (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/21/2021 08:25:37 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit konsolidace bloků úložiště na Místní  disk (E:), protože: Konsolidace bloků úložiště byla přerušena, protože nebylo možné uvolnit dostatečný počet bloků úložiště (na základě limitu určeného v registru). (0x89000028)

Error: (03/21/2021 06:37:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: adwcleaner_7.0.2.1.exe, verze: 7.0.2.1, časové razítko: 0x59a5f25e
Název chybujícího modulu: adwcleaner_7.0.2.1.exe, verze: 7.0.2.1, časové razítko: 0x59a5f25e
Kód výjimky: 0xc0000005
Posun chyby: 0x0004c7aa
ID chybujícího procesu: 0x3fc8
Čas spuštění chybující aplikace: 0x01d71e1441ef59a2
Cesta k chybující aplikaci: C:\Users\Koltmen\Desktop\adwcleaner_7.0.2.1.exe
Cesta k chybujícímu modulu: C:\Users\Koltmen\Desktop\adwcleaner_7.0.2.1.exe
ID zprávy: ab507d55-c88b-4928-b4e9-ce31b2ee4e67
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/14/2021 07:05:28 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Optimalizátor úložiště nemohl dokončit opakovat operaci trim na Místní  disk (E:), protože: Požadovaná operace není podporována hardwarem, který zálohuje svazek. (0x8900002A)

Error: (03/12/2021 03:21:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.546, časové razítko: 0xc404ae05
Název chybujícího modulu: ConstraintIndex.Search.dll, verze: 10.0.19041.746, časové razítko: 0xd439ca93
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b50a1
ID chybujícího procesu: 0xc60
Čas spuštění chybující aplikace: 0x01d7174af0436287
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ConstraintIndex.Search.dll
ID zprávy: 4e27c08b-20df-44b6-a668-13b268c7cbb6
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (03/12/2021 03:21:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.546, časové razítko: 0xc404ae05
Název chybujícího modulu: ConstraintIndex.Search.dll, verze: 10.0.19041.746, časové razítko: 0xd439ca93
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b50a1
ID chybujícího procesu: 0x1c5c
Čas spuštění chybující aplikace: 0x01d7174aedb04c8d
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ConstraintIndex.Search.dll
ID zprávy: cdaee17b-b611-49f4-94d5-68df8fe87729
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (03/12/2021 03:20:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.546, časové razítko: 0xc404ae05
Název chybujícího modulu: ConstraintIndex.Search.dll, verze: 10.0.19041.746, časové razítko: 0xd439ca93
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b50a1
ID chybujícího procesu: 0x2968
Čas spuštění chybující aplikace: 0x01d7174aeb0b8837
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ConstraintIndex.Search.dll
ID zprávy: 01164751-1b9e-488d-aaa0-b012dae13e44
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI

Error: (03/12/2021 03:20:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: SearchApp.exe, verze: 10.0.19041.546, časové razítko: 0xc404ae05
Název chybujícího modulu: ConstraintIndex.Search.dll, verze: 10.0.19041.746, časové razítko: 0xd439ca93
Kód výjimky: 0xc0000005
Posun chyby: 0x00000000000b50a1
ID chybujícího procesu: 0x228c
Čas spuštění chybující aplikace: 0x01d7174ae60b0b06
Cesta k chybující aplikaci: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Cesta k chybujícímu modulu: C:\Windows\System32\ConstraintIndex.Search.dll
ID zprávy: c11eaaa7-8f59-4f30-96e3-ecb57fd392b0
Úplný název chybujícího balíčku: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
ID aplikace související s chybujícím balíčkem: CortanaUI


System errors:
=============
Error: (03/22/2021 06:58:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/22/2021 06:11:08 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/22/2021 04:54:44 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/22/2021 06:14:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/22/2021 05:15:24 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/21/2021 08:39:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/21/2021 07:22:52 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll

Error: (03/21/2021 02:10:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: Rozšiřující modul sítě WLAN byl neočekávaně ukončen.

Cesta k modulu: C:\WINDOWS\system32\IntelWifiIhv06.dll


Windows Defender:
================
Date: 2021-03-22 18:11:10
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {0B3ED036-3E16-4B3F-B5FB-3EF750917F5E}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-22 06:18:33
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {061C6D06-1053-464C-BF34-04D1B2ADB9E1}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-21 08:25:31
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {90B502C9-EC91-4701-B6C1-224BC716398A}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-19 19:04:47
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {6F8CD1D0-88DE-4D9A-B71D-83266814DB68}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-03-19 12:36:08
Description: 
Prohledávání Antivirová ochrana v programu Microsoft Defender bylo zastaveno před dokončením.
ID prohledávání: {444B0C5C-1C29-4701-A565-5677F41528F2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2021-02-08 12:47:18
Description: 
Antivirová ochrana v programu Microsoft Defender narazil na chybu při pokusu o aktualizaci bezpečnostních informací.
Nová verze bezpečnostních informací: 
Předchozí verze bezpečnostních informací: 1.331.443.0
Zdroj aktualizace: Server Microsoft Update
Typ bezpečnostních informací: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.17800.5
Kód chyby: 0x8024402c
Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. 

CodeIntegrity:
===============
Date: 2021-03-22 19:09:01
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\snxhk.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO 4KCN23WW 01/12/2017
Motherboard: LENOVO Provence-5R1
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 54%
Total physical RAM: 8033.66 MB
Available physical RAM: 3676.65 MB
Total Virtual: 19809.66 MB
Available Virtual: 13357.11 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:107.45 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.84 GB) NTFS
Drive e: (Místní  disk) (Fixed) (Total:929.87 GB) (Free:215.31 GB) NTFS

\\?\Volume{d06ddd89-a467-4b07-a378-4178f4bd0b45}\ () (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{66fe5714-d412-4370-93d5-1580eab134b7}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==========================================================
Disk: 1 (Size: 238.5 GB) (Disk ID: 094D4D42)

Partition: GPT.
Attempted reading MBR returned 0 bytes.
 Could not read MBR for disk 2.

==================== End of Addition.txt =======================