Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-03-2020
Ran by admin-kosacek (29-03-2020 17:27:23)
Running from C:\Users\admin\Desktop
Windows 10 Pro Version 1709 16299.1087 (X64) (2018-04-23 16:09:55)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

admin-kosacek (S-1-5-21-407287996-4117368936-2895187249-1004 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-407287996-4117368936-2895187249-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-407287996-4117368936-2895187249-503 - Limited - Disabled)
Guest (S-1-5-21-407287996-4117368936-2895187249-501 - Limited - Disabled)
kosacek (S-1-5-21-407287996-4117368936-2895187249-1003 - Limited - Enabled) => C:\Users\kosacek
q (S-1-5-21-407287996-4117368936-2895187249-1002 - Administrator - Enabled) => C:\Users\q
WDAGUtilityAccount (S-1-5-21-407287996-4117368936-2895187249-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: ESET Security (Enabled - Up to date) {333C65BB-8923-0EAA-C47E-C486E687BEFD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

0- Metrans a.s. CA pack version 1.0.10 (HKLM-x32\...\0- Metrans a.s. CA pack_is1) (Version: 1.0.10 - )
0- Metrans a.s. FF Policy version 1.0.4 (HKLM-x32\...\0- Metrans a.s. FF Policy_is1) (Version: 1.0.4 - )
0- Metrans a.s. VPN IKEv2 version 1.0.9 (HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760\...\0- Metrans a.s. VPN IKEv2_is1) (Version: 1.0.9 - )
0- Metrans a.s. VPN IKEv2 version 1.0.9 (HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848\...\0- Metrans a.s. VPN IKEv2_is1) (Version: 1.0.9 - )
0- Metrans a.s. VPN IKEv2 version 1.0.9 (HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794\...\0- Metrans a.s. VPN IKEv2_is1) (Version: 1.0.9 - )
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 18.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1800-000001000000}) (Version: 18.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 20.006.20042 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 3.4 - Google LLC)
Aplikace Intel® PROSet/Wireless (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Blender (HKLM\...\{F343C69A-4ABA-434C-9C73-12A519D269CD}) (Version: 2.80.0 - Blender Foundation)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
Community Modpack for Mafia: The City of Lost Heaven (HKLM-x32\...\Community Modpack for Mafia: The City of Lost Heaven_is1) (Version:  - Rimsky)
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.232.1 - Conexant)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.12.0.1152 - Disc Soft Ltd)
DemoForge Mirage Driver for TightVNC 2.0 (HKLM\...\DemoForge Mirage Driver for TightVNC_is1) (Version: 2.0 - DemoForge LLC)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
ESET Endpoint Security (HKLM\...\{96402769-F07F-4636-9D99-E2782BA22484}) (Version: 7.2.2055.0 - ESET, spol. s r.o.)
ESET Management Agent (HKLM\...\{0FFDA57E-3DF5-44D4-974E-86D866A923B6}) (Version: 7.1.717.0 - ESET, spol. s r.o.)
GameRanger (HKU\S-1-5-21-407287996-4117368936-2895187249-1004\...\GameRanger) (Version:  - GameRanger Technologies)
GIMP 2.10.8 (HKLM\...\GIMP-2_is1) (Version: 2.10.8 - The GIMP Team)
Google Earth Pro (HKLM\...\{70A0F34E-564B-4F93-ADD6-3BAEC6E44075}) (Version: 7.3.2.5776 - Google)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.149 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
GSmartControl (HKLM-x32\...\GSmartControl) (Version: 1.1.3 - Alexander Shaduri)
HP 3D DriveGuard (HKLM-x32\...\{1289A5C3-C900-45CB-877D-C3D87ADE018C}) (Version: 6.0.43.1 - HP)
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 9.3.5.2453 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.8.0 - HP Inc.)
HP Device Access Manager (HKLM\...\{77ACDCD1-A6A9-49A2-9F73-76AAF425EA5C}) (Version: 8.4.9.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.3.1 - HP)
HP Hotkey Support (HKLM-x32\...\{963F09EA-0B0A-4CFC-B04F-AD9B6614794C}) (Version: 6.2.39.1 - HP)
HP SoftPaq Download Manager (HKLM-x32\...\{fc153673-e23b-4908-93b9-164cc056a3c4}) (Version: 4.3.19.0 - HP)
HP Software Setup (HKLM-x32\...\{C968E860-054F-490F-95C6-C9A29601459E}) (Version: 9.2.3 - HP)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.4.14.41 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{04442D89-B941-4C8C-B20D-625233B78BB0}) (Version: 12.6.14.19 - HP Inc.)
HP System Default Settings (HKLM-x32\...\{A66E1AC5-F4A9-4DB0-ACB0-90419A8F98D5}) (Version: 1.2.11.2 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10205.4743 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7263 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1724.2 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{520F0634-40C0-453F-8C84-4EFAE89989A8}) (Version: 19.60.0 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{7516A945-5FC4-4563-8F5E-EECDBF61E84F}) (Version: 7.5.1 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel(R) Corporation) Hidden
Java 8 Update 181 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180181F0}) (Version: 8.0.1810.13 - Oracle Corporation)
Kerio Outlook Connector (Offline Edition) (HKLM-x32\...\{4A365C62-0B2C-4A5F-ACED-4F059BDDAC59}) (Version: 9.2.3336 - Kerio Technologies Inc.)
Kerio Updater Service (HKLM-x32\...\{c5ca4ec3-10b2-4447-b323-8448aae57a0b}) (Version: 2.0.176 - Kerio Technologies, Inc.) <==== ATTENTION
K-Lite Mega Codec Pack 13.7.5 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 13.7.5 - KLCP)
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
Microsoft .NET Compact Framework 3.5 (HKLM-x32\...\{291B3A3B-F808-45B8-8113-DF232FCB6C82}) (Version: 3.5.7283 - Microsoft Corporation)
Microsoft Office 2016 pre podnikateľov - sk-sk (HKLM\...\HomeBusinessRetail - sk-sk) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft Office 2016 pro podnikatele - cs-cz (HKLM\...\HomeBusinessRetail - cs-cz) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.12527.20278 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-407287996-4117368936-2895187249-1004\...\OneDriveSetup.exe) (Version: 19.232.1124.0010 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{421B88F8-D7C9-44CB-8B73-166D65B18DCC}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MIT App Inventor Tools 2.3.0 (HKLM-x32\...\MIT App Inventor Tools) (Version: 2.3.0 - Massachusetts Institute of Technology)
Mozilla Firefox 59.0.2 (x64 cs) (HKLM\...\Mozilla Firefox 59.0.2 (x64 cs)) (Version: 59.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 59.0.2 - Mozilla)
Nox APP Player (HKLM-x32\...\Nox) (Version: 6.2.8.5 - Duodian Technology Co. Ltd.)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0405-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.12527.20278 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenVPN 2.4.4-I601  (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.2.0 - pdfforge GmbH)
Pomocník s aktualizací Windows 10 (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22899 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.154 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
RW_Tools version 8.1.16 (HKLM-x32\...\{91668F27-E5CD-42F7-97DD-D7E38E6818AA}_is1) (Version: 8.1.16 - Mike Simpson)
Sailaway version 2.00 (HKLM-x32\...\{3C419200-462C-4BCE-B704-B79267CF08A0}_is1) (Version: 2.00 - Orbcreation BV)
Simt Simulator verze 1.4.90 (HKLM-x32\...\{2BFDE121-8E65-484E-8E5D-EAB57B62C801}_is1) (Version: 1.4.90 - Tomas Faina)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
smartmontools for Windows version 6.5-1 (HKLM\...\{487E2D86-AB76-467B-8EC0-0AF89EC38F5C}_is1) (Version: 6.5-1 - Orsiris de Jong)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sweet Home 3D version 6.2 (HKLM\...\Sweet Home 3D_is1) (Version: 6.2 - eTeks)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.4.3.23 - Synaptics Incorporated)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.4.4445 - TeamViewer)
TightVNC (HKLM\...\{8B9896FC-B4F2-44CD-8B6E-78A0B1851B59}) (Version: 2.8.5.0 - GlavSoft LLC.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{2E8B8BDD-03DF-4C1C-8C99-E6A4BCBF43CE}) (Version: 2.51.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
Vietcong (HKLM-x32\...\Vietcong) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )

Packages:
=========
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2017-11-16] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-20] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.1224.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-25] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554169_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172136927_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172554320_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-407287996-4117368936-2895187249-1004_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> C:\WINDOWS\system32\oleaut32.dll (Microsoft Windows -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2017-10-19] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2020-03-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_862bac15d0efb48d\igfxDTCM.dll [2019-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-10] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2019-10-31] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-29] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32: [VIDC.X264] => C:\WINDOWS\system32\x264vfw64.dll [3799552 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\WINDOWS\system32\lagarith.dll [148992 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\WINDOWS\system32\xvidvfw.dll [309248 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\ac3acm.acm [180736 2012-07-21] (fccHandler) [File not signed]
HKLM\...\Drivers32: [VIDC.X264] => C:\Windows\SysWOW64\x264vfw.dll [3850240 2017-07-30] (x264vfw project) [File not signed]
HKLM\...\Drivers32: [VIDC.LAGS] => C:\Windows\SysWOW64\lagarith.dll [216064 2011-12-07] ( ) [File not signed]
HKLM\...\Drivers32: [VIDC.XVID] => C:\Windows\SysWOW64\xvidvfw.dll [282112 2015-12-18] () [File not signed]
HKLM\...\Drivers32: [VIDC.FFDS] => C:\Windows\SysWOW64\ff_vfw.dll [112128 2015-10-24] () [File not signed]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\Windows\SysWOW64\ac3acm.acm [122880 2012-07-21] (fccHandler) [File not signed]

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-06-16 11:16 - 2019-06-12 15:14 - 003327416 _____ () [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\icudt53.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 003758827 _____ () [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\icuin53.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 002093901 _____ () [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\icuuc53.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 000117262 _____ () [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\libgcc_s_dw2-1.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 001026574 _____ () [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\libstdc++-6.dll
2018-05-15 12:34 - 2014-08-06 13:25 - 000375296 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2019-05-06 21:23 - 2018-12-12 11:54 - 001367040 _____ (Conexant Systems, Inc.) [File not signed] C:\Program Files\Conexant\SA3\HP-NB-AIO\CxHDAudioAPI.dll
2017-06-20 12:40 - 2017-06-20 12:40 - 000382464 _____ (Crossmatch, Inc.) [File not signed] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPCPFelica.dll
2017-06-20 12:39 - 2017-06-20 12:39 - 000338432 _____ (Crossmatch, Inc.) [File not signed] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice2.dll
2017-06-20 12:40 - 2017-06-20 12:40 - 000456192 _____ (Crossmatch, Inc.) [File not signed] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPDevice5.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 004830208 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\Qt5Core.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 001513472 _____ (Digia Plc and/or its subsidiary(-ies)) [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\Qt5Network.dll
2013-11-14 23:47 - 2013-11-14 23:47 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-11-14 23:47 - 2013-11-14 23:47 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2019-06-16 11:16 - 2019-06-12 15:14 - 000049152 _____ (MingW-W64 Project. All rights reserved.) [File not signed] C:\Users\admin\AppData\Roaming\NoxSrv\libwinpthread-1.dll
2018-04-24 07:19 - 2018-04-24 07:19 - 000117248 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
2017-06-20 12:28 - 2017-06-20 12:28 - 000348672 _____ (RFIDeas) [File not signed] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\pcProxAPI.dll
2019-05-06 21:23 - 2017-09-06 11:30 - 001431552 _____ (Robert Simpson, et al.) [File not signed] C:\Program Files\CONEXANT\Flow\x64\SQLite.Interop.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\kosacek:Heroes & Generals [38]
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554760\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_SNOW_3840x2160.jpg
HKU\S-1-5-21-407287996-4117368936-2895187249-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03292020172135848\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP\HP_SNOW_3840x2160.jpg
HKU\S-1-5-21-407287996-4117368936-2895187249-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-03292020172554794\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-407287996-4117368936-2895187249-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{ADF9BEB4-9674-44D6-B111-0BF9290AD711}] => (Allow) C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC -> GlavSoft LLC.)
FirewallRules: [{4BD7E3E4-D68D-4564-8AFF-F0F2246F7F4B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{F5AA026F-670A-412C-8394-64E2B3D30A9F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File
FirewallRules: [{6F318F58-078D-4E37-A028-BF56ADA46A9A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{5523AF1B-0B43-4D81-B4B7-64CE2585D576}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{1F8CDF8B-8D74-4AD6-AE05-E667EEB94F8C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{54F3E74C-D259-443D-B115-1534CFAB5D5A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6D096D1B-D321-4987-BDA7-BE8BCC4EDE01}] => (Allow) LPort=25322
FirewallRules: [{290CF790-15F9-480A-B6BD-20BDB791F0FF}] => (Allow) LPort=25322
FirewallRules: [{CE7D33DC-397B-480B-B5D2-A7857526DDF5}] => (Allow) LPort=5900
FirewallRules: [{BAA020A6-02AB-4FCD-B466-8CAFD1BC0C9E}] => (Allow) LPort=11000
FirewallRules: [{A0D9CFBA-99DA-4755-A015-AD3C1F6866CB}] => (Allow) LPort=138
FirewallRules: [{2FFDA00B-AC01-42E0-A138-4A7BF27D6889}] => (Allow) LPort=445
FirewallRules: [{BEB97BF8-1858-4501-8456-F387B452B94A}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{B767F29F-186B-411E-BA5A-B7DE7A1662B5}] => (Allow) E:\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{05F53780-1D30-4EA0-8AB9-DB1ADC6F939C}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{A199474A-1620-48B3-9A82-93C97444575B}] => (Allow) E:\Steam\bin\cef\cef.win7\steamwebhelper.exe No File
FirewallRules: [{11BC579C-2E97-4EA1-AC0D-6ED0998C7802}] => (Allow) E:\Steam\steamapps\common\OMSI 2\Omsi.exe (MR-Software) [File not signed]
FirewallRules: [{32E81C59-9F62-4B3D-972F-B5095C649306}] => (Allow) E:\Steam\steamapps\common\OMSI 2\Omsi.exe (MR-Software) [File not signed]
FirewallRules: [{23427FB4-A13C-4E68-BE5B-086722280C7B}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe No File
FirewallRules: [{04CE970D-9511-470F-B721-51F302772458}] => (Allow) E:\Steam\steamapps\common\Grand Theft Auto V\GTAVLauncher.exe No File
FirewallRules: [{01C5311B-59C3-447E-9EC9-CC654FD6CE40}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{A55D85AA-E187-456F-8A8E-44946DF45483}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x64\FarmingSimulator2017Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{BACF44A7-1572-4E7B-ADC0-CD1FD1BF8969}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{56BDCC92-4438-4943-9218-2A68759CD4A0}] => (Allow) E:\Steam\steamapps\common\Farming Simulator 17\x86\FarmingSimulator2017Game.exe (GIANTS Software GmbH -> GIANTS Software GmbH)
FirewallRules: [{51E09A4E-142C-488E-8C55-B891753716E2}] => (Allow) E:\Steam\steamapps\common\Stronghold 2\FFLauncher.exe () [File not signed]
FirewallRules: [{688F78A2-C93E-4BD3-AB25-5181C0256136}] => (Allow) E:\Steam\steamapps\common\Stronghold 2\FFLauncher.exe () [File not signed]
FirewallRules: [{259CFBB7-7C26-4AED-8B9B-D41BCF97619F}] => (Allow) E:\Steam\steamapps\common\Stronghold Legends\FFLauncher.exe () [File not signed]
FirewallRules: [{D836884E-3C00-4E12-8AB9-B88DFC1B0A08}] => (Allow) E:\Steam\steamapps\common\Stronghold Legends\FFLauncher.exe () [File not signed]
FirewallRules: [{A29FBF80-D5F0-4AD3-8AC8-F945A99DB7DB}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe () [File not signed]
FirewallRules: [{8ED93765-3533-44E8-A8B4-3C4FFA635935}] => (Allow) E:\Steam\steamapps\common\Stronghold\Stronghold.exe () [File not signed]
FirewallRules: [{FB6E079B-AC0A-43AD-97CC-114A41AFF927}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe ( ) [File not signed]
FirewallRules: [{AE98FC36-963E-4389-95F7-2C8F34E7790C}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold Crusader.exe ( ) [File not signed]
FirewallRules: [{485CB11E-14A6-4D2F-BCAF-6F6FAF023F0F}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe ( ) [File not signed]
FirewallRules: [{755967B9-6F44-4FC0-A27E-988E3554E8FF}] => (Allow) E:\Steam\steamapps\common\Stronghold Crusader Extreme\Stronghold_Crusader_Extreme.exe ( ) [File not signed]
FirewallRules: [{A4D885C3-3280-44A2-9558-87BE30012B9D}] => (Allow) E:\Steam\steamapps\common\Stronghold 2\Stronghold2.exe (Firefly Studios) [File not signed]
FirewallRules: [{973C70DE-03AE-4E77-AA2E-A4AB62A29F10}] => (Allow) E:\Steam\steamapps\common\Stronghold 2\Stronghold2.exe (Firefly Studios) [File not signed]
FirewallRules: [TCP Query User{BA569B91-CA42-4667-A601-3457608D932F}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{F08B40FE-E6D2-4C4F-A005-F977AE9704E2}E:\steam\steamapps\common\war thunder\win64\aces.exe] => (Allow) E:\steam\steamapps\common\war thunder\win64\aces.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [TCP Query User{948485DE-8E4B-4543-BDFA-AFBEC9D09E0A}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [UDP Query User{DAAE2F15-BEA5-4DD8-B250-504A1E8A0929}C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_181\bin\jp2launcher.exe (Oracle America, Inc. -> Oracle Corporation)
FirewallRules: [{9F8E1E7A-92F1-4531-B543-2330D20D6A2C}] => (Allow) C:\Program Files\AVAST Software\Avast Business\AvastEmUpdate.exe No File
FirewallRules: [{59F3547C-5982-40E1-93C6-F80403A5B6E4}] => (Allow) C:\Program Files\AVAST Software\Avast Business\AvastEmUpdate.exe No File
FirewallRules: [{E81B33B0-F1FA-460B-9F22-30F61B91D735}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{9FA51EAF-5837-498E-8D23-1A9469CB0D04}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{D6D5B378-AE03-4F8D-BE54-9AC8A6C2B756}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{C6924979-6AFA-4DE9-B81C-9E3F02F276E9}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{0D3B956F-2ED8-48A3-A1DF-69221BE57BD9}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{6BDA48EB-31D3-4AB9-A54A-623D5B1E93EC}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{3B96A5BE-D293-4AA5-80EC-F3D0922D7B3E}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe () [File not signed]
FirewallRules: [{3B741040-97BB-43B5-85EE-015743780233}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks.exe () [File not signed]
FirewallRules: [{9C1AB37A-EB2E-424F-9FE8-281579F9A510}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{B9C70FDD-48AA-417F-AF21-F9C47B005C88}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{457F1797-F431-42AE-A760-0399D0713928}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5829BB4E-F99B-4507-858F-9E0AFEEAA8D9}] => (Allow) E:\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x86\eurotrucks2.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{0B386CCF-04DE-41B2-A66D-6512627E38B3}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{8687297C-5DF9-4171-8AFB-EB08304E6538}] => (Allow) E:\Steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe (SCS Software s.r.o. -> SCS Software)
FirewallRules: [{5FDA68FB-BE7F-4F01-98D7-D7FC8EE8E302}] => (Allow) E:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{8052EEFE-8D6D-4BFF-827A-925579233004}] => (Allow) E:\Steam\steamapps\common\Path of Exile\PathOfExileSteam.exe (Grinding Gear Games Limited -> )
FirewallRules: [{E4BF8FA7-55AC-4780-BC52-07637DAD2B5D}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{D339D065-1F06-4E37-A6BC-5916C3EFE344}] => (Allow) E:\Steam\steamapps\common\Mafia II\pc\mafia2.exe (Valve Corp. -> 2K Czech) [File not signed]
FirewallRules: [{BA2BDECD-455F-4BA8-BDEA-43797FFC7582}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks64.exe () [File not signed]
FirewallRules: [{D031B542-0C91-4EC8-BB09-2F63C1510F28}] => (Allow) E:\Steam\steamapps\common\RailWorks\RailWorks64.exe () [File not signed]
FirewallRules: [{D9D6F87F-3C92-421F-9221-4E1FD5D4A017}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{F520742E-79B7-461E-ADA4-5807C311844B}] => (Allow) E:\Steam\steamapps\common\Arma 2\arma2.exe (Bohemia Interactive a.s. -> Bohemia Interactive) [File not signed]
FirewallRules: [{94301218-2378-4BD5-83C8-EB58861DE09B}] => (Allow) E:\Steam\steamapps\common\Call of Duty 4\iw3sp.exe () [File not signed]
FirewallRules: [{6E2BF361-020B-4C60-8D13-A61BD3844603}] => (Allow) E:\Steam\steamapps\common\Call of Duty 4\iw3sp.exe () [File not signed]
FirewallRules: [{2965C808-1645-4456-B1F7-4BC3BA030631}] => (Allow) E:\Steam\steamapps\common\Call of Duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{B8A79267-437A-4A11-AEFE-DE51F5C9CB47}] => (Allow) E:\Steam\steamapps\common\Call of Duty 4\iw3mp.exe () [File not signed]
FirewallRules: [{C559C815-B8FB-4A79-AEA1-C9BCE153F625}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [{DA982F83-BF97-4147-BE7B-DFDDEEDA727B}] => (Allow) E:\Steam\steamapps\common\Call of Duty Modern Warfare 2\iw4sp.exe (Valve Corp. -> ) [File not signed]
FirewallRules: [TCP Query User{DFA62699-DFF6-4E76-A740-56ED74F40A04}E:\steam\steamapps\common\war thunder\launcher.exe] => (Block) E:\steam\steamapps\common\war thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [UDP Query User{3376307C-B249-4B60-A524-7A3F58F34E61}E:\steam\steamapps\common\war thunder\launcher.exe] => (Block) E:\steam\steamapps\common\war thunder\launcher.exe (Gaijin Network LTD -> Gaijin Entertainment)
FirewallRules: [{F72CA205-6340-4A09-A1E8-27575D31D375}] => (Allow) E:\Steam\steamapps\common\World Ship Simulator\WSS.exe () [File not signed]
FirewallRules: [{E88A9979-2A37-46E2-99B3-6BE81A83921D}] => (Allow) E:\Steam\steamapps\common\World Ship Simulator\WSS.exe () [File not signed]
FirewallRules: [{0BA74FB7-EBAD-41EA-8C0F-D8ACF0952732}] => (Allow) E:\Steam\steamapps\common\Mafia\Mafia\Game.exe (Illusion Softworks) [File not signed]
FirewallRules: [{52422563-98F0-40D1-9ED8-8FB0597ADE94}] => (Allow) E:\Steam\steamapps\common\Mafia\Mafia\Game.exe (Illusion Softworks) [File not signed]
FirewallRules: [{F30C27DA-66E7-4F23-965B-D3AC59FA4A6B}] => (Allow) E:\Steam\steamapps\common\Mafia\Mafia\Setup.exe () [File not signed]
FirewallRules: [{88CD8532-507D-427E-A663-07FA2F4434E7}] => (Allow) E:\Steam\steamapps\common\Mafia\Mafia\Setup.exe () [File not signed]
FirewallRules: [{9D390EAC-4D40-4905-AA11-B558A33B247E}] => (Allow) E:\Steam\steamapps\common\European Ship Simulator\ess.exe () [File not signed]
FirewallRules: [{247D2C76-08B8-4431-9FEF-54FDD89B1485}] => (Allow) E:\Steam\steamapps\common\European Ship Simulator\ess.exe () [File not signed]
FirewallRules: [{3D46B6A1-689F-4A60-A66D-41EFF2548FE2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [TCP Query User{B083751C-E598-4E85-816B-177D55849487}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [UDP Query User{CD2C2A6E-9DC8-4653-B6FC-17115F5A4C56}C:\program files\android\android studio\jre\bin\java.exe] => (Allow) C:\program files\android\android studio\jre\bin\java.exe
FirewallRules: [{B70551E1-D344-4C58-93CB-AC2412AA0F1D}] => (Allow) D:\Program Files\Nox\bin\Nox.exe (Nox Limited -> Duodian Technology Co. Ltd.)
FirewallRules: [{37C3DA11-8B4E-45DD-BC60-A26A869834B6}] => (Allow) C:\Program Files (x86)\\Bignox\\BigNoxVM\\RT\NoxVMHandle.exe (Nox Limited -> BigNox Corporation)
FirewallRules: [{72415E61-2719-4B7F-B3C7-936CA2252542}] => (Allow) E:\Steam\steamapps\common\Stronghold Legends\StrongholdLegends.exe (Firefly Studios) [File not signed]
FirewallRules: [{7A0DE795-FEC0-454C-BF85-38B8B36DD56B}] => (Allow) E:\Steam\steamapps\common\Stronghold Legends\StrongholdLegends.exe (Firefly Studios) [File not signed]
FirewallRules: [{E584153D-9EAC-4514-8FB9-EAA2AF375252}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DBFE85FF-67DB-44A8-8E3D-8F59AB61FB9A}] => (Allow) E:\Steam\steamapps\common\World of Subways 2 – Berlin Line 7\WoS.exe (TML-Edition) [File not signed]
FirewallRules: [{ADF9C780-8E05-434D-8399-E436FC5D6548}] => (Allow) E:\Steam\steamapps\common\World of Subways 2 – Berlin Line 7\WoS.exe (TML-Edition) [File not signed]
FirewallRules: [{017922F2-974E-4AB2-BF84-7AF71DF34C3A}] => (Allow) E:\Steam\steamapps\common\eSail\eSail.exe () [File not signed]
FirewallRules: [{DC3FF4C0-CE0E-4FD0-BD37-020FCF747D89}] => (Allow) E:\Steam\steamapps\common\eSail\eSail.exe () [File not signed]
FirewallRules: [{8E90429E-F518-4728-BB0B-00727D1ACFD3}] => (Allow) E:\Steam\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe () [File not signed]
FirewallRules: [{35244DA5-8920-4892-B1B9-352D0B64F18B}] => (Allow) E:\Steam\steamapps\common\The Pirate Caribbean Hunt\ThePirate.exe () [File not signed]
FirewallRules: [{B44C2CCB-6BAA-4F3A-ABD6-088F51951877}] => (Allow) E:\Steam\steamapps\common\The Pirate Plague of the Dead\ThePirate2.exe () [File not signed]
FirewallRules: [{13ED073A-79A2-465B-8330-2AD54C26398C}] => (Allow) E:\Steam\steamapps\common\The Pirate Plague of the Dead\ThePirate2.exe () [File not signed]
FirewallRules: [{38B3D1DA-072A-4BD8-8B04-30949E731EFD}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{40273F28-64C6-455E-BF16-B10944CF022B}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{4915335C-EC3F-412D-98BE-3D4F2BBF7FAD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{ABD5E27E-62D8-48DB-BD0A-D63B99B32B05}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{37254630-472C-4871-9292-22B88C7D52D0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A544BE26-DFA5-4C00-B477-79D164C063C7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5E6DC68C-C8D6-4092-88B5-F3EF9750ECA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)

==================== Restore Points =========================

11-03-2020 19:59:47 Windows Update
18-03-2020 10:56:55 Windows Update
27-03-2020 13:17:22 Naplánovaný kontrolní bod

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (03/29/2020 05:10:04 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthProperties.ini has been tampered with, resetting it

Error: (03/29/2020 05:10:04 PM) (Source: HP Active Health) (EventID: 88) (User: )
Description: -- SECURITY WARNING -- ActiveHealthState.ini has been tampered with, resetting it

Error: (03/29/2020 05:10:04 PM) (Source: HP Active Health) (EventID: 80) (User: )
Description: -- SECURITY WARNING -- Unable to deserialize super secret file hashes. Will assume evil is afoot - all Validate() calls will return DOESNT_MATCH
   at HP.ActiveHealth.Commons.Security.HashStore.LoadHashesFromFile()

Error: (03/29/2020 04:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HPSF.exe, verze: 8.4.14.41, časové razítko: 0x58e71513
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.16299.1004, časové razítko: 0x24dfd7d5
Kód výjimky: 0xc000041d
Posun chyby: 0x0000000000045518
ID chybujícího procesu: 0x465c
Čas spuštění chybující aplikace: 0x01d605d90b5ac865
Cesta k chybující aplikaci: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: 7a443afc-49fd-4df0-ad78-dc8ebce4d4fa
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/29/2020 04:48:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Název chybující aplikace: HPSF.exe, verze: 8.4.14.41, časové razítko: 0x58e71513
Název chybujícího modulu: KERNELBASE.dll, verze: 10.0.16299.1004, časové razítko: 0x24dfd7d5
Kód výjimky: 0xe0434352
Posun chyby: 0x0000000000045518
ID chybujícího procesu: 0x465c
Čas spuštění chybující aplikace: 0x01d605d90b5ac865
Cesta k chybující aplikaci: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Cesta k chybujícímu modulu: C:\WINDOWS\System32\KERNELBASE.dll
ID zprávy: cd6e2a2d-5294-4f85-bdc1-6601e6d3e751
Úplný název chybujícího balíčku: 
ID aplikace související s chybujícím balíčkem:

Error: (03/29/2020 04:48:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Aplikace: HPSF.exe
Verze Framework: v4.0.30319
Popis: Proces byl ukončen z důvodu neošetřené výjimky.
Informace o výjimce: System.ArgumentException
   na HP.SupportFramework.Common.AppProperties.SharedCommon+IAppVisibility.GetAppVisibilityOnMonitor(IntPtr, MONITOR_APP_VISIBILITY ByRef)
   na HP.SupportFramework.Common.AppProperties.SharedCommon.(IntPtr, IntPtr, RECT ByRef, IntPtr)

Error: (03/29/2020 04:48:01 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.NullReferenceException: Odkaz na objekt není nastaven na instanci objektu.
   v _HPCommRecovery.HPAHLogger.CheckSession()
   v _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   v System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).

Error: (03/29/2020 04:48:01 PM) (Source: HP Comm Recovery) (EventID: 0) (User: )
Description: Zpracování události PowerEvent se nezdařilo. Chyba, ke které došlo: System.NullReferenceException: Odkaz na objekt není nastaven na instanci objektu.
   v _HPCommRecovery.HPAHLogger.CheckSession()
   v _HPCommRecovery.HPCommRecovery.OnPowerEvent(PowerBroadcastStatus powerStatus)
   v System.ServiceProcess.ServiceBase.DeferredPowerEvent(Int32 eventType, IntPtr eventData).


System errors:
=============
Error: (03/29/2020 05:22:58 PM) (Source: IntcOED) (EventID: 387) (User: )
Description: Event-ID 387

Error: (03/29/2020 05:22:37 PM) (Source: DCOM) (EventID: 10016) (User: MTR-N1049)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli MTR-N1049\admin-kosacek (SID: S-1-5-21-407287996-4117368936-2895187249-1004) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:22:16 PM) (Source: DCOM) (EventID: 10016) (User: MTR-N1049)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 a APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 uživateli MTR-N1049\admin-kosacek (SID: S-1-5-21-407287996-4117368936-2895187249-1004) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:21:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:21:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:21:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:21:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.

Error: (03/29/2020 05:21:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Nastavení oprávnění specifické pro aplikaci neuděluje oprávnění Místní Aktivace pro serverovou aplikaci COM s identifikátorem CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 a APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 uživateli NT AUTHORITY\LOCAL SERVICE (SID: S-1-5-19) z adresy LocalHost (pomocí LRPC) běžící v kontejneru aplikací Není k dispozici – SID (Není k dispozici). Toto oprávnění zabezpečení lze změnit pomocí nástroje správy Služba komponent.


Windows Defender:
===================================
Date: 2020-03-17 08:39:10.648
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {6E73ECBF-FB28-49C4-8914-39F13549891D}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-17 08:33:34.522
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {986DCB72-CAD6-4235-84D7-039E6AB36700}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-14 19:25:55.669
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B5EE032B-6212-4E9D-92C1-A1B86362A7D6}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-14 18:42:28.413
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {B8C8A7D5-7374-4E75-9A82-134566C3B5B7}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-03-14 18:38:21.080
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {8ED18732-24B8-43A9-85C7-FA95A1F1BE47}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2020-01-30 20:15:35.012
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender zjistilo chybu při pokusu o aktualizaci podpisů.
Nová verze podpisu: 
Předchozí verze podpisu: 1.307.2369.0
Zdroj aktualizace: Server Microsoft Update
Typ podpisu: Antivirový program
Typ aktualizace: Úplné
Uživatel: NT AUTHORITY\SYSTEM
Aktuální verze modulu: 
Předchozí verze modulu: 1.1.16600.7
Kód chyby: 0x80240017
Popis chyby :Při zjišťování aktualizací došlo k neočekávaným potížím. Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a podpoře. 

CodeIntegrity:
===================================

Date: 2020-03-29 17:23:00.312
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\ac3acm.acm that did not meet the Microsoft signing level requirements.

Date: 2020-03-29 14:23:01.768
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\ac3acm.acm that did not meet the Microsoft signing level requirements.

Date: 2020-03-29 11:12:14.641
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-28 19:46:26.387
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-28 19:30:33.765
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-28 19:27:53.700
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-28 10:00:59.219
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

Date: 2020-03-28 09:58:06.205
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\chrome_elf.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: HP Q85 Ver. 01.01.07 10/17/2017
Motherboard: HP 837D
Processor: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 55%
Total physical RAM: 8087.2 MB
Available physical RAM: 3573.34 MB
Total Virtual: 10519.2 MB
Available Virtual: 5990.42 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:217.55 GB) (Free:23.16 GB) NTFS
Drive d: (Recovery Image) (Fixed) (Total:18.77 GB) (Free:0.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (DATADRIVE1) (Fixed) (Total:931.39 GB) (Free:681.46 GB) NTFS

\\?\Volume{009318c6-d322-4a75-94ff-526e5fcc4875}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.28 GB) FAT32
\\?\Volume{4331cb5b-142f-4534-a13a-ff98698a50ee}\ (Windows RE tools) (Fixed) (Total:1.68 GB) (Free:1.2 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 3F35A503)

Partition: GPT.

==================== End of Addition.txt =======================