Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2021
Ran by Zdenka (25-11-2021 16:45:35)
Running from C:\Users\Zdenka\Downloads
Microsoft Windows 10 Home Version 21H2 19044.1348 (X64) (2020-12-31 09:22:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================


(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2935849915-2414251437-2821027110-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2935849915-2414251437-2821027110-503 - Limited - Disabled)
Guest (S-1-5-21-2935849915-2414251437-2821027110-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2935849915-2414251437-2821027110-504 - Limited - Disabled)
Zdenka (S-1-5-21-2935849915-2414251437-2821027110-1001 - Administrator - Enabled) => C:\Users\Zdenka

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {4FC75CA5-1654-5411-7CFB-1893D506BCF4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F4A6BD41-306E-5B9F-464B-23E1AE81F649}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC - Slovak (HKLM-x32\...\{AC76BA86-7AD7-1051-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
doPDF (HKLM\...\{A73C8195-BA5D-4F80-A8C0-2D4940C4F41E}) (Version: 8.9.954 - Softland) Hidden
doPDF (HKLM\...\{B53752C5-1954-49E8-97E3-70871B8E6E42}) (Version: 10.6.121 - Softland) Hidden
doPDF 10 (HKLM-x32\...\{5401627b-3796-494d-aefe-85806263665a}) (Version: 10.6.121 - Softland)
doPDF 10 add-in for Microsoft Office (x64) (HKLM\...\{4C76C177-F384-4CC0-9FA1-343A94A78DC2}) (Version: 10.6.121 - Softland)
doPDF 10 add-in for Microsoft Office (x86) (HKLM-x32\...\{9D97C820-FA2A-4D2E-9205-3F7497DC6D87}) (Version: 10.6.121 - Softland)
doPDF 10 Printer Driver (HKLM\...\{E7D3833D-BFCA-4D71-8DDB-AF88C4B46718}) (Version: 10.6.121 - Softland)
doPDF 8 (HKLM-x32\...\{fef92eb6-78fb-4a76-a6d8-4bda96483b31}) (Version: 8.9.954 - Softland)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Google Workspace Migration for Microsoft Outlook® 4.3.10.0 (HKLM-x32\...\{15772F26-E9D5-449E-BD60-3AA236B36D21}) (Version: 4.3.10.0 - Google, Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.30 - Irfan Skiljan)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.29 - Microsoft Corporation)
Microsoft Office 2016 Professional Plus (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\...\f9a89bd2a46a7606) (Version: 17.0.4058.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 65.0.2 (x86 sk) (HKLM-x32\...\Mozilla Firefox 65.0.2 (x86 sk)) (Version: 65.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 64.0 - Mozilla)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{7683DF2A-3A13-43A9-8A74-008E2F6E73F8}) (Version: 8.9.954 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{AF88289C-9E22-4210-BAA7-458799489851}) (Version: 8.9.954 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{8940FF4E-E757-4A45-9163-8F4131E87305}) (Version: 8.9.954 - Softland)
Outlook Migrator (HKLM-x32\...\Outlook Migrator_is1) (Version:  - Outlook Migrator)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.23.9 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM-x32\...\Totalcmd64) (Version: 8.52a - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\...\ZoomUMX) (Version: 5.4.7 (59784.1220) - Zoom Video Communications, Inc.)

Packages:
=========
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20500.501.0_x64__rz1tebttyb220 [2019-12-26] (Dolby Laboratories)
Doplnok mediálneho nástroja pre Fotografie -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-02-14] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.3.262.0_x64__v10z8vjag6ke6 [2021-11-17] (HP Inc.)
Indian Garden by Akshay Patil -> C:\Program Files\WindowsApps\Microsoft.IndianGardenbyAkshayPatil_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-17] (Microsoft Corporation)
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.2.15.0_x64__5grkq8ppsgwt4 [2021-11-20] (LENOVO INC) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-18] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-12-31] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.12518.0_x86__m916jedk64snt [2021-06-18] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.3901.0_x86__m916jedk64snt [2021-11-09] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.10.216.0_x64__dt26b99r8h8gj [2020-06-20] (Realtek Semiconductor Corp)
Rozšírenie pre video MPEG-2 -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-19] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2012-06-09] (Alexander Roshal) [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2012-06-09] (Alexander Roshal) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Zdenka\Desktop\Zoznam.sk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpbkpomlocbdcfiahifnfegakaginaki
ShortcutWithArgument: C:\Users\Zdenka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Zoznam.sk.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=hpbkpomlocbdcfiahifnfegakaginaki
ShortcutWithArgument: C:\Users\Zdenka\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d249d9ddd424b688\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default

==================== Loaded Modules (Whitelisted) =============

2021-11-25 16:15 - 2021-11-25 16:17 - 000004096 _____ () [File not signed] C:\WINDOWS\KMS-R@1nHook.dll
2019-02-09 12:01 - 2012-06-09 19:20 - 000196096 _____ (Alexander Roshal) [File not signed] C:\Program Files\WinRAR\rarext.dll
2019-12-12 11:57 - 2019-12-12 11:57 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn10.dll
2018-12-12 12:33 - 2018-12-12 12:33 - 000018944 _____ (Softland) [File not signed] C:\WINDOWS\System32\novamn8.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\avgSP.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\avgSP.sys => ""="Driver"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

2019-02-18 13:37 - 2020-02-06 12:32 - 000000445 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Zdenka\AppData\Local\Microsoft\Windows\Themes\Indian Ga\DesktopBackground\1_akshaypatil_indianflowers.jpg
DNS Servers: 10.20.248.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: avg => 2
MSCONFIG\Services: AVG Tools => 2
MSCONFIG\Services: avgm => 3
MSCONFIG\Services: AVGSecureBrowserElevationService => 3
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: FMAPOService => 2
MSCONFIG\Services: KMS-R@1n => 2
MSCONFIG\Services: MozillaMaintenance => 3
HKU\S-1-5-21-2935849915-2414251437-2821027110-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{5FF0AD68-7BF2-408E-ACE2-F6A85BA9B0E2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.13426.20404.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DEE2DD7F-0F28-4F5F-B350-0A1185CF607C}] => (Allow) LPort=8502
FirewallRules: [{259F0BB3-4309-40E3-8B4F-1C1EDE3FD2B1}] => (Allow) LPort=8502
FirewallRules: [{E28D76AA-C505-4D1A-917C-9B6296E2A77C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{31055121-E524-49E0-B1DD-0A57F7DD4B7E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E6841C1-E8FC-409A-AEA9-55519F8C2B54}] => (Allow) LPort=8501
FirewallRules: [{4243CF83-41FE-4720-9648-A4B829A0EE14}] => (Allow) LPort=8501
FirewallRules: [{0FC3812C-EBBF-4170-904D-FB63DB537AD0}] => (Allow) C:\Users\Zdenka\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D601025B-9F3F-4238-B499-BFFD0ECD9CDC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{E1FA440D-EDF1-4BA0-A9DB-27AB2C7F26E1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{62EDA750-5BF2-4EA8-B459-E1ECC7D2EC83}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F5B68178-E635-49E8-9063-A5BCA96ACB7F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7C27130D-4C60-465B-96D0-8AC5149B0719}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{158B3FF4-773C-4907-B9E9-55479FBE1CAB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63709727-4B5C-4EA3-9E47-0764EB67C7A5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{69EE594B-5417-4B6C-8302-9366FB03EE55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{46C14A65-0C40-4C5B-BCAC-34196425452E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9D97F2DB-68A3-4AEF-B819-F6540A43F2DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{9E9B259C-482E-46FD-808B-6A74494F9BDE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B48917A2-75AB-4D4D-81A2-88197C1F57B0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{C2F7AA91-8D2C-4A21-88DB-ADEACFCF34EF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{61930B19-F8B1-4245-A673-22C141DE6020}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2C9F8638-DC20-4A68-9840-9EFA706772D6}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B7C7387-A912-4AB7-8A3B-6A9CDA2918D5}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2EBEE9BF-54C6-416B-82E5-865A699FF675}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{40E53F04-E705-4DE6-BE0B-59653172469C}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]
FirewallRules: [{7F3720CB-5383-4BE5-8847-3ABA253579B5}] => (Allow) C:\Windows\KMS-R@1n.exe () [File not signed]

==================== Restore Points =========================

18-11-2021 15:52:48 Scheduled Checkpoint
25-11-2021 10:41:50 Inštalátor modulov systému Windows
25-11-2021 11:26:47 AdwCleaner_BeforeCleaning_25/11/2021_11:26:33
25-11-2021 11:32:11 Inštalátor modulov systému Windows
25-11-2021 12:17:03 OMUI.CS-CZ
25-11-2021 12:21:14 PROPLUSR
25-11-2021 12:30:59 Removed Windows Kontrola stavu počítača
25-11-2021 13:00:05 Odstránené Microsoft Update Health Tools
25-11-2021 15:36:44 Installed Microsoft Office 2016 Professional Plus
25-11-2021 15:38:58 PROPLUS

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/25/2021 04:32:37 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-M0S9OJP7$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(1531ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/25/2021 04:14:16 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {AF51753C-D3D0-4C4B-AA76-0E676D5D694A}

Error: (11/25/2021 03:13:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: ESETOnlineScanner.exe, verzia: 10.23.28.0, časová značka: 0x6176c73b
Názov chybujúceho modulu: WININET.dll, verzia: 11.0.19041.1320, časová značka: 0xa655850a
Kód výnimky: 0xc0000005
Odstup chyby: 0x00314148
Identifikácia chybujúceho procesu: 0xfa0
Čas spustenia chybujúcej aplikácie: 0x01d7e20695c5b28b
Cesta chybujúcej aplikácie: C:\Users\Zdenka\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe
Cesta chybujúceho modulu: C:\WINDOWS\SYSTEM32\WININET.dll
Identifikácia hlásenia: 5b0c0450-416b-4060-95d0-0c91a09e3f34
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/25/2021 02:12:09 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-M0S9OJP7$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(31ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/25/2021 01:22:48 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-M0S9OJP7$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(1406ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/25/2021 12:42:06 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-M0S9OJP7$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(2360ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (11/25/2021 11:29:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: wuauclt.exe, verzia: 10.0.19041.1288, časová značka: 0x17884906
Názov chybujúceho modulu: KERNELBASE.dll, verzia: 10.0.19041.1348, časová značka: 0x76fcd692
Kód výnimky: 0xc0000409
Odstup chyby: 0x000000000010b302
Identifikácia chybujúceho procesu: 0x2144
Čas spustenia chybujúcej aplikácie: 0x01d7e1e739143c3f
Cesta chybujúcej aplikácie: C:\WINDOWS\system32\wuauclt.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\KERNELBASE.dll
Identifikácia hlásenia: 5fa1683c-4af8-47a6-a98c-7941e1e85b01
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (11/25/2021 11:12:08 AM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: SCEP Certificate enrollment initialization for WORKGROUP\LAPTOP-M0S9OJP7$ via https://AMD-KeyId-578c545f796951421221a4a578acdb5f682f89c8.microsoftaik.azure.net/templates/Aik/scep failed:

GetCACaps

Method: GET(2797ms)
Stage: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)


System errors:
=============
Error: (11/25/2021 04:34:38 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby System Interface Foundation Service zlyhalo kvôli nasledujúcej chybe: 
The system cannot find the file specified.

Error: (11/25/2021 04:32:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spustenie služby HPPrintScanDoctorService zlyhalo kvôli nasledujúcej chybe: 
The service did not respond to the start or control request in a timely fashion.

Error: (11/25/2021 04:32:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Počas čakania na pripojenie služby HPPrintScanDoctorService bol dosiahnutý časový limit (45000 ms).

Error: (11/25/2021 04:22:21 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-M0S9OJP7)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

Error: (11/25/2021 04:19:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Search sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 30000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/25/2021 04:19:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Office Software Protection Platform sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/25/2021 04:19:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba KMS-R@1n sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/25/2021 04:19:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba novaPDF Server sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 2 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Windows Defender:
================
Date: 2021-11-25 16:15:34
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.SA!MSR&threatid=2147741757&enterprise=0
Name: HackTool:Win32/AutoKMS.SA!MSR
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\KMS-R@1n.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: E:\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Security intelligence Version: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 16:15:33
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: E:\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Security intelligence Version: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 16:15:23
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/Patcher&threatid=224840&enterprise=0
Name: PUA:Win32/Patcher
Severity: Nízka
Category: Potenciálne nežiaduci softvér
Path: amsi:_\Device\CdRom0\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: AMSI
Process Name: E:\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Security intelligence Version: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 16:03:14
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS.SA!MSR&threatid=2147741757&enterprise=0
Name: HackTool:Win32/AutoKMS.SA!MSR
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\KMS-R@1n.exe; service:_KMS-R@1n
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: E:\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Security intelligence Version: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4

Date: 2021-11-25 16:02:20
Description: 
Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\KMS-R@1nHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: E:\MS OFFICE 2016 SK\Re-LoaderByR@1n\Re-LoaderByR@1n.exe
Security intelligence Version: AV: 1.353.1553.0, AS: 1.353.1553.0, NIS: 1.353.1553.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
﻿Event[0]:

Date: 2021-11-10 17:32:31
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.353.701.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-11-10 17:32:31
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.353.701.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-11-08 13:14:01
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.353.634.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80070102
Error description: The wait operation timed out. 

Date: 2021-11-03 12:47:52
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.353.326.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.18700.4
Error code: 0x80240438
Error description: Počas vyhľadávania aktualizácií sa vyskytol neočakávaný problém. Informácie o inštalácii aktualizácií a riešení problémov s aktualizáciami nájdete v Pomoci a technickej podpore. 

CodeIntegrity:
===============
Date: 2021-11-25 16:51:28
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-11-25 16:51:27
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2021-11-25 16:51:15
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVG\Antivirus\AVGSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2021-04-11 15:24:33
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: LENOVO 8UCN06WW 04/10/2018
Motherboard: LENOVO LNVNB161216
Processor: AMD A6-9225 RADEON R4, 5 COMPUTE CORES 2C+3G 
Percentage of memory in use: 76%
Total physical RAM: 3903.98 MB
Available physical RAM: 903.58 MB
Total Virtual: 5439.98 MB
Available Virtual: 2338.45 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:905.27 GB) (Free:745.86 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.97 GB) NTFS
Drive e: (OFFICE 2016 SK) (CDROM) (Total:0.95 GB) (Free:0 GB) UDF
Drive f: () (Removable) (Total:28.64 GB) (Free:5.69 GB) FAT32

\\?\Volume{dbe7c519-18fa-431a-8e8a-2c4fae281259}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.49 GB) NTFS
\\?\Volume{b00eea7b-3c52-4922-a9fa-e8b1152b7616}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FD861042)

Partition: GPT.

==========================================================
Disk: 1 (Protective MBR) (Size: 28.7 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================