Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2019
Ran by Hladk (14-12-2019 09:00:31)
Running from C:\Users\Hladk\Desktop
Windows 10 Home Version 1903 18362.535 (X64) (2019-08-29 19:50:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1001266131-2733610755-3133150411-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1001266131-2733610755-3133150411-503 - Limited - Disabled)
Guest (S-1-5-21-1001266131-2733610755-3133150411-501 - Limited - Disabled)
Hladk (S-1-5-21-1001266131-2733610755-3133150411-1001 - Administrator - Enabled) => C:\Users\Hladk
WDAGUtilityAccount (S-1-5-21-1001266131-2733610755-3133150411-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - emc, uTorrent.CZ)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat Reader DC - Czech (HKLM-x32\...\{AC76BA86-7AD7-1029-7B44-AC0F074E4100}) (Version: 19.021.20058 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.303 - Adobe)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bullzip PDF Printer 11.9.0.2735 (HKLM\...\Bullzip PDF Printer_is1) (Version: 11.9.0.2735 - Bullzip)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0948 - Disc Soft Ltd)
Divinity Original Sin 2 MULTi5 (HKLM-x32\...\Divinity Original Sin 2 MULTi5_is1) (Version:  - )
Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.37.7694_kr3 - GOG.com)
EMCO Ping Monitor Free 6.3 (HKLM\...\{71897DBE-7D98-47FC-88E7-73246EDB829E}) (Version: 6.3.0.5014 - EMCO Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.421 - Google LLC) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\...\HearthstoneDeckTracker) (Version: 1.9.6 - HearthSim)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 9.1.0.309 - )
Java 8 Update 231 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180231F0}) (Version: 8.0.2310.11 - Oracle Corporation)
JDownloader 2 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Logitech Options (HKLM\...\LogiOptions) (Version: 7.12.43 - Logitech)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Ovladač 3D Vision 419.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 419.72 - NVIDIA Corporation)
NVIDIA Ovladače grafiky 430.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 430.86 - NVIDIA Corporation)
Opera Stable 65.0.3467.62 (HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\...\Opera 65.0.3467.62) (Version: 65.0.3467.62 - Opera Software)
Ovládací panel NVIDIA 419.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 419.72 - NVIDIA Corporation) Hidden
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.0.8397 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.22a - Ghisler Software GmbH)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)

Packages:
=========
BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.3.9.0_x86__ffd303wmbhcjt [2019-11-09] (BreeZip) [MS Ad]
IrfanView64 -> C:\Program Files\WindowsApps\30067IrfanSkiljanIrfanVie.IrfanView64_4.5.3.0_x64__psgec73n2n7ne [2019-06-30] (Irfan Skiljan (IrfanView))
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-04-13] (Microsoft Corporation) [MS Ad]
Microsoft Midi gm.dls -> C:\Program Files\WindowsApps\Microsoft.Midi.GmDls_1.0.1.0_neutral__8wekyb3d8bbwe [2019-04-27] (Microsoft Platform Extensions)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-13] (Microsoft Studios) [MS Ad]
MSN Počasí -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13253.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-01] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0 [2019-12-06] (Spotify AB) [Startup Task]
WPS Office for Free -> C:\Program Files\WindowsApps\ZhuhaiKingsoftOfficeSoftw.WPSOfficeforFree_10.2.7636.0_x86__924xes6e8q1tw [2019-04-27] (Zhuhai Kingsoft Office Software Co.,Ltd)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1001266131-2733610755-3133150411-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Hladk\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1001266131-2733610755-3133150411-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Hladk\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-1001266131-2733610755-3133150411-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Hladk\AppData\Local\Microsoft\OneDrive\19.033.0218.0011\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-10-03] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvmd.inf_amd64_91da6d9092d2907a\nvshext.dll [2019-06-10] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2017-08-13] (Ivaylo Beltchev -> IvoSoft) [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-04-25 18:29 - 2019-02-15 16:13 - 000221696 _____ (Bullzip) [File not signed] C:\Program Files\Common Files\Bullzip\PDF Printer\Ports\BULLZIP\bzpdf.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 003664184 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2017-08-13 07:49 - 2017-08-13 07:49 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-09-15 08:31 - 2018-09-15 08:31 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 213.46.172.36 - 213.46.172.37
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\...\StartupApproved\Run: => "Zoner Photo Studio Autoupdate"
HKU\S-1-5-21-1001266131-2733610755-3133150411-1001\...\StartupApproved\Run: => "utweb"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{849A800C-FADA-4368-B463-4CA0AF49AC97}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [TCP Query User{2D79C30D-BB7F-4D34-BF86-D9682FD6E80F}C:\program files\java\jre1.8.0_221\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_221\bin\javaw.exe No File
FirewallRules: [{2DE037A7-01D4-45E5-A1A4-DF76F111F791}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{D9197196-9980-453A-AFB2-67F94269D10D}C:\program files (x86)\utorrent.exe] => (Allow) C:\program files (x86)\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [TCP Query User{F42F9F03-7347-4E1A-AEC6-FFCD080CCFD4}C:\program files (x86)\utorrent.exe] => (Allow) C:\program files (x86)\utorrent.exe (uTorrent.CZ -> BitTorrent, Inc.) [File not signed]
FirewallRules: [{5233E68C-3582-46D9-A6E1-40B09C49F909}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe No File
FirewallRules: [{5B68CDC7-3BFF-40ED-8502-E91BB11F713B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe No File
FirewallRules: [UDP Query User{A7E9158F-D429-4B37-97C8-8BDAF0E08F8C}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [TCP Query User{35B12E08-13D8-4621-901C-A47EE7E42F6B}C:\program files\java\jre1.8.0_211\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_211\bin\javaw.exe No File
FirewallRules: [{33AD07A3-9CDD-4FE2-9547-1380D9B44B1E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{537ECD41-1A17-4530-A8B9-8BC143CC2445}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A5DC32B9-D0EB-4CCD-88F0-C7668B67E69A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{D2247CA7-CF3D-4B68-A6DF-B895CA833728}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [UDP Query User{407893BF-943B-4F17-B04F-00F258680FB1}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [TCP Query User{5EF78676-80DB-487C-9757-1562BF45A950}C:\program files\java\jre1.8.0_201\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_201\bin\javaw.exe No File
FirewallRules: [UDP Query User{8870A970-7BB9-49CC-BA25-BC47DCB5C2C1}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [TCP Query User{42FFCE23-8ABF-42CB-8EED-BFE8B47302A3}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{77F15D8E-B478-4C82-AA6F-8C4CCBF1ABB1}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [{2BC1F1A8-B422-456C-9F41-F2341EE9EA85}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe (AVB Disc Soft, SIA -> Disc Soft Ltd)
FirewallRules: [TCP Query User{A279A69B-E698-4EC3-B9E4-9BBE1EAF73D9}C:\users\hladk\downloads\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) C:\users\hladk\downloads\divinity original sin 2 multi5\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{EDC27545-5BF3-4D0E-BF64-7A2E88E38ADD}C:\users\hladk\downloads\divinity original sin 2 multi5\bin\eocapp.exe] => (Allow) C:\users\hladk\downloads\divinity original sin 2 multi5\bin\eocapp.exe (Larian Studios -> )
FirewallRules: [TCP Query User{AEF95643-E1DD-4F0E-8E71-2FFFBC253EA0}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [UDP Query User{797FE114-DC6F-449F-8BA2-305AE3CE12A5}C:\program files\java\jre1.8.0_231\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_231\bin\javaw.exe
FirewallRules: [{523F79FE-4F03-4990-BBCE-6DE26688F0A9}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{648ABAE2-65AE-467C-9F48-81304EB5A9F7}C:\users\hladk\appdata\local\programs\opera\65.0.3467.48\opera.exe] => (Allow) C:\users\hladk\appdata\local\programs\opera\65.0.3467.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{83FFB050-CD4F-4511-9E9C-7C7189F928CC}C:\users\hladk\appdata\local\programs\opera\65.0.3467.48\opera.exe] => (Allow) C:\users\hladk\appdata\local\programs\opera\65.0.3467.48\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{F1A0AE11-78D8-4D47-B251-28D5480E670D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B3620E5B-79D8-4371-BA1F-B5B6EDE9BBD3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{AF97A727-3B97-41F4-AD61-AC423AB582CB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{493CC86B-2CBF-4020-ADCC-27C2E17203BE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{B4F765F6-D1B8-4AFB-9F72-5BDCDB64AA0F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{285CC095-A3B0-415F-BB3E-1FE6D6072FBB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7EB424F6-92C3-4738-8E57-6A7EF38F5272}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{592815AE-A0DE-4127-ACEA-C80F51136DF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B76D22DF-0410-4AF4-965C-8FCF0477A8D2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B9470617-1FDA-47B9-90B6-8F00DBD56078}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CC822473-0984-44F2-980D-E777DC77FBBE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{08A70411-B1FA-4BE6-AB05-02AC96BADD12}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.121.1654.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{C598D783-777A-4EBF-85C7-646BF25CAE1E}C:\users\hladk\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\hladk\appdata\local\programs\opera\65.0.3467.62\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{17521C2F-AD1B-461C-9C1B-F8D501E52505}C:\users\hladk\appdata\local\programs\opera\65.0.3467.62\opera.exe] => (Allow) C:\users\hladk\appdata\local\programs\opera\65.0.3467.62\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{56F37981-C9BC-4AA1-AE8B-F9CAF543E069}C:\gog games\divinity - original sin 2\classic\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\classic\eocapp.exe (Larian Studios -> )
FirewallRules: [UDP Query User{E7EF39A2-3D9F-43E8-B981-99566F76651B}C:\gog games\divinity - original sin 2\classic\eocapp.exe] => (Allow) C:\gog games\divinity - original sin 2\classic\eocapp.exe (Larian Studios -> )

==================== Restore Points =========================

02-12-2019 07:39:28 Naplánovaný kontrolní bod
05-12-2019 16:12:50 Windows Update
11-12-2019 21:16:40 Windows Update
13-12-2019 20:53:28 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030

==================== Faulty Device Manager Devices ============

Name: AMD Radeon(TM) Vega 8 Graphics
Description: AMD Radeon(TM) Vega 8 Graphics
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: ========================

Application errors:
==================
Error: (12/14/2019 08:30:34 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6496,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/14/2019 08:19:37 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5632,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/14/2019 08:14:09 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1020) (User: NT AUTHORITY)
Description: Velikost požadované vyrovnávací paměti je větší než velikost vyrovnávací paměti předané do funkce Collect knihovny DLL rozšiřitelných čítačů C:\Windows\System32\perfts.dll pro službu LSM. Velikost dané vyrovnávací paměti: 26456; požadovaná velikost: 26968.

Error: (12/13/2019 09:08:07 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4804,R,98) TILEREPOSITORYS-1-5-18: Při otevírání souboru protokolu C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log došlo k chybě -1023 (0xfffffc01).

Error: (12/13/2019 08:53:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service Avast Antivirus since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (12/13/2019 08:53:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddWin32ServiceFiles: Unable to back up image of service aswbIDSAgent since QueryServiceConfig API failed

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (12/13/2019 08:53:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswVmm.

System Error:
Systém nemůže nalézt uvedený soubor.
.

Error: (12/13/2019 08:53:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Služba Šifrování selhala při volání OnIdentity() v objektu System Writer.

Details:
AddLegacyDriverFiles: Unable to back up image of binary aswSP.

System Error:
Systém nemůže nalézt uvedený soubor.
.


System errors:
=============
Error: (12/14/2019 08:57:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Služba McAfee WebAdvisor neuspěla při spuštění v důsledku následující chyby: 
Systém nemůže nalézt uvedený soubor.

Error: (12/14/2019 08:56:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Windows Presentation Foundation Font Cache 3.0.0.0 byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error: (12/14/2019 08:56:26 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba McAfee WebAdvisor byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1 milisekund: Restartovat službu.

Error: (12/14/2019 08:56:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Telemetry Container byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 1000 milisekund: Restartovat službu.

Error: (12/14/2019 08:56:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS byla nečekaně ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 6000 milisekund: Restartovat službu.

Error: (12/14/2019 08:56:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba HuaweiHiSuiteService64.exe byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/14/2019 08:56:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Disc Soft Lite Bus Service byla neočekávaně ukončena. Tento stav nastal již 1krát.

Error: (12/14/2019 08:56:25 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Adobe Acrobat Update Service byla neočekávaně ukončena. Tento stav nastal již 1krát.


Windows Defender:
===================================
Date: 2019-12-13 19:39:39.501
Description: 
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Název: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Hladk\Downloads\Divinity Original Sin 2 MULTi5\French.exe; file:_C:\Users\Hladk\Downloads\Divinity Original Sin 2 MULTi5\German.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1T75NO9\Hladk
Název procesu: C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
Verze bezpečnostních informací: AV: 1.307.390.0, AS: 1.307.390.0, NIS: 1.307.390.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-13 19:39:39.448
Description: 
Antivirová ochrana v programu Windows Defender zjistil malware nebo jiný potenciálně nežádoucí software.
Další informace:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Název: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Závažnost: Vážné
Kategorie: Trojský kůň
Cesta: file:_C:\Users\Hladk\Downloads\Divinity Original Sin 2 MULTi5\French.exe
Původ detekce: Místní počítač
Typ detekce: Konkrétní
Zdroj detekce: Ochrana v reálném čase
Uživatel: DESKTOP-1T75NO9\Hladk
Název procesu: C:\Program Files (x86)\totalcmd\TOTALCMD64.EXE
Verze bezpečnostních informací: AV: 1.307.390.0, AS: 1.307.390.0, NIS: 1.307.390.0
Verze modulu: AM: 1.1.16600.7, NIS: 1.1.16600.7

Date: 2019-12-13 18:40:51.737
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {E6A49C47-1D1E-409D-BA72-D14FF5757BEA}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-13 18:34:20.993
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {2F23ACE2-0E61-4832-A517-2BBADFE2FCE2}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

Date: 2019-12-13 18:18:20.970
Description: 
Prohledávání Antivirová ochrana v programu Windows Defender bylo zastaveno před dokončením.
ID prohledávání: {885FCEF6-B845-48B4-9D01-B5E816821634}
Typ prohledávání: Antimalwarový program
Parametry prohledávání: Rychlé prohledávání
Uživatel: NT AUTHORITY\SYSTEM

CodeIntegrity:
===================================

Date: 2019-12-13 18:51:32.194
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 18:51:32.183
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 18:51:32.165
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 18:51:32.023
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-12-13 18:51:31.997
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume1\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. P4.70 02/09/2018
Motherboard: ASRock AB350M Pro4
Processor: AMD Ryzen 3 2200G with Radeon Vega Graphics 
Percentage of memory in use: 21%
Total physical RAM: 15289.96 MB
Available physical RAM: 12058.57 MB
Total Virtual: 17593.96 MB
Available Virtual: 12936.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.53 GB) (Free:74.67 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Verbatim) (Fixed) (Total:465.76 GB) (Free:93.24 GB) NTFS

\\?\Volume{03d1bb58-0000-0000-0000-30c437000000}\ () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 03D1BB58)
Partition 1: (Active) - (Size=222.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=515 MB) - (Type=27)

==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 7DF46744)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================