Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by lysov (25-02-2018 08:50:50)
Running from C:\Users\lysov\Desktop
Windows 10 Home Version 1709 16299.125 (X64) (2018-02-25 07:43:46)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2994255237-3946984938-1703718942-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2994255237-3946984938-1703718942-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2994255237-3946984938-1703718942-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2994255237-3946984938-1703718942-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2994255237-3946984938-1703718942-1003 - Limited - Enabled)
lysov (S-1-5-21-2994255237-3946984938-1703718942-1001 - Administrator - Enabled) => C:\Users\lysov
WDAGUtilityAccount (S-1-5-21-2994255237-3946984938-1703718942-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Microsoft Office Proofing Tools 2016“ – lietuvių k. (HKLM\...\{90160000-001F-0427-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Alati za jezičnu provjeru u sustavu Microsoft Office 2016 - hrvatski (HKLM\...\{90160000-001F-041A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Công cụ Soát lỗi Microsoft Office 2016 - Tiếng Việt (HKLM\...\{90160000-001F-042A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
eDANE – aplikácia sekcie daňovej FR SR pre podávanie daňových dokumentov  (HKU\S-1-5-21-2994255237-3946984938-1703718942-1001\...\6471891987962ff1) (Version: 1.2.0.6 - Finančné riaditeľstvo SR - Sekcia daňová)
Eines de correcció del Microsoft Office 2016: català (HKLM\...\{90160000-001F-0403-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de Verificação do Microsoft Office 2016 - Português (HKLM\...\{90160000-001F-0816-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2016 - Galego (HKLM\...\{90160000-001F-0456-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
I-Microsoft Office Proofing Tools 2016 - IsiZulu (HKLM\...\{90160000-001F-0435-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Innealan-dearbhaidh Microsoft Office 2016 - Gàidhlig (HKLM\...\{90160000-001F-0491-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Instrumente de verificare Microsoft Office 2016 - Română (HKLM\...\{90160000-001F-0418-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturredskaber til Microsoft Office 2016 - Dansk (HKLM\...\{90160000-001F-0406-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (bokmål) (HKLM\...\{90160000-001F-0414-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Korrekturverktøy for Microsoft Office 2016 – norsk (nynorsk) (HKLM\...\{90160000-001F-0814-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Microsoft Office 2016 Professional Plus (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft Office Proofing Tools Kit Compilation 2016 (HKLM\...\Office16.PROOFKIT) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2994255237-3946984938-1703718942-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Narzędzia sprawdzające pakietu Microsoft Office 2016 — polski (HKLM\...\{90160000-001F-0415-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA Grafický ovládač 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
Opera Stable 50.0.2762.67 (HKLM-x32\...\Opera 50.0.2762.67) (Version: 50.0.2762.67 - Opera Software)
Orodja za preverjanje za Microsoft Office 2016 – angleščina (HKLM\...\{90160000-001F-0424-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Ovládací panel NVIDIA 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 342.01 - NVIDIA Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.320.0 - Tracker Software Products Ltd)
PotPlayer-64 bit (HKLM\...\PotPlayer64) (Version: 1.7.7150 - Kakao Corp.)
Revisores de Texto do Microsoft Office 2016 – Português (Brasil) (HKLM\...\{90160000-001F-0416-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Strumenti di correzione di Microsoft Office 2016 - Italiano (HKLM\...\{90160000-001F-0410-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Taalprogramma's voor Microsoft Office 2016 - Nederlands (HKLM\...\{90160000-001F-0413-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Uirlisí Profála Microsoft Office 2016 - Gaeilge (HKLM\...\{90160000-001F-083C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
Veglat e kontrollit gjuhësor të Microsoft Office 2016 - shqip (HKLM\...\{90160000-001F-041C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)
Εργαλεία γλωσσικού ελέγχου του Microsoft Office 2016 - Ελληνικά (HKLM\...\{90160000-001F-0408-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Засоби перевірки правопису Microsoft Office 2016 – українська (HKLM\...\{90160000-001F-0422-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Средства проверки правописания Microsoft Office 2016 — русский (HKLM\...\{90160000-001F-0419-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
כלי ההגהה של Microsoft Office 2016 - עברית (HKLM\...\{90160000-001F-040D-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
ابزارهای تصحیح Microsoft Office 2016 - فارسی (HKLM\...\{90160000-001F-0429-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-11-14] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {085F776C-9F52-481E-B346-62AE8EB8497C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-15] (Google Inc.)
Task: {128DC5AE-C306-4F93-A6B8-C44B19609C6A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {25022915-98E7-4029-86A5-4B812138D3EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {3785BBF6-BB67-435B-AA3D-6DB8CD601FCA} - System32\Tasks\Backup => D:\backup.bat [2018-02-21] () <==== ATTENTION
Task: {41EE8B00-C6B2-4FF6-85D0-51077C9E647D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-15] (Google Inc.)
Task: {44ABB5C9-5F6F-48DE-A5F8-34EA11549C8B} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {5393061B-43A0-4B81-84AF-BE4AE174D000} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {633DB2F7-3E61-435B-916B-F47B83C93A08} - System32\Tasks\Opera scheduled Autoupdate 1487497385 => C:\Program Files\Opera\launcher.exe [2018-01-22] (Opera Software)
Task: {74F087A0-454D-4B3F-A5F4-2619DD9C4F64} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {8828CB00-E07F-48BF-9625-B91C86AF1013} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {A7D4C461-3A9F-41B4-B1BA-D8703BF8AC75} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {BFBCDFAF-D93C-4495-8932-8E8C5F069C0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {CF4D5C80-23E2-4FBE-BF9A-6B1139EF793A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2017-02-19] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-02-24 09:30 - 2016-11-14 12:15 - 000135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-02-25 08:25 - 2018-02-25 08:25 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-25 08:25 - 2018-02-25 08:25 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 004173824 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 003634176 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2994255237-3946984938-1703718942-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lysov\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{d393bd89-4165-4eaf-b310-73871fe88af8}.jpg
DNS Servers: 192.168.17.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D537CAB4-45A0-4E70-8BA3-2F73EAD969E2}] => (Allow) C:\Program Files\Opera\50.0.2762.67\opera.exe
FirewallRules: [{BD242C47-837C-487E-ACD2-057F3D3D7B3E}] => (Allow) C:\Program Files\Opera\50.0.2762.58\opera.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/25/2018 08:45:08 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3001) (User: NT AUTHORITY)
Description: The performance counter name string value in the registry is not formatted correctly. The malformed string is 9100. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

Error: (02/25/2018 08:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Názov chybujúcej aplikácie: remsh.exe, verzia: 10.0.14393.10020, časová značka: 0x5a872db0
Názov chybujúceho modulu: ucrtbase.dll, verzia: 10.0.16299.125, časová značka: 0x70f70cc4
Kód výnimky: 0xc0000005
Odstup chyby: 0x0000000000022c71
Identifikácia chybujúceho procesu: 0x1028
Čas spustenia chybujúcej aplikácie: 0x01d3ae0c5e41f192
Cesta chybujúcej aplikácie: C:\Program Files\rempl\remsh.exe
Cesta chybujúceho modulu: C:\WINDOWS\System32\ucrtbase.dll
Identifikácia hlásenia: 4503ab91-fd61-4559-a2b3-1ba8bf5c8027
Celé meno chybujúceho balíka: 
Identifikácia chybujúcej aplikácie vzhľadom na balík:

Error: (02/25/2018 08:41:44 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/25/2018 08:40:49 AM) (Source: ESENT) (EventID: 455) (User: )
Description: mighost (952,R,0) TILEREPOSITORYS-1-0-0: Error -1023 (0xfffffc01) occurred while opening logfile C:\Users\Default\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (02/25/2018 08:40:28 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/25/2018 08:40:28 AM) (Source: MSDTC 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

Error: (02/25/2018 08:40:28 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A


System errors:
=============
Error: (02/25/2018 08:48:59 AM) (Source: DCOM) (EventID: 10016) (User: LIDKA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LIDKA\lysov SID (S-1-5-21-2994255237-3946984938-1703718942-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2018 08:48:48 AM) (Source: DCOM) (EventID: 10016) (User: LIDKA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LIDKA\lysov SID (S-1-5-21-2994255237-3946984938-1703718942-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2018 08:46:39 AM) (Source: DCOM) (EventID: 10016) (User: LIDKA)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LIDKA\lysov SID (S-1-5-21-2994255237-3946984938-1703718942-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/25/2018 08:42:48 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (02/25/2018 08:41:48 AM) (Source: WinRM) (EventID: 10142) (User: )
Description: The WinRM service cannot migrate the listener with Address * and Transport HTTP. A listener that has the same Address and Transport configuration already exists.

Error: (02/25/2018 08:38:09 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Služba Background Intelligent Transfer Service bola ukončená s nasledujúcou chybou služby: 
Server execution failed

Error: (02/25/2018 08:38:09 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2148007941.

Error: (02/25/2018 08:38:07 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {A47979D2-C419-11D9-A5B4-001185AD2B89} did not register with DCOM within the required timeout.


Windows Defender:
===================================
Date: 2018-02-25 08:46:04.985
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Stredná
Category: Nástroj
Path: file:_C:\Windows\Temp\SppExtComObjHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.1595.0, AS: 1.261.1595.0, NIS: 118.1.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-25 08:45:50.846
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Tiggre!rfn&threatid=2147723625&enterprise=0
Name: Trojan:Win32/Tiggre!rfn
ID: 2147723625
Severity: Závažná
Category: Trójsky kôň
Path: file:_C:\OneDriveTemp\S-1-5-21-2994255237-3946984938-1703718942-1001\74542D44FDE242A5!110-74542D44FDE242A5!1800-74542D44FDE242A5!1809-f16634262dd43354d6ce8f6d7f0c05b6.temp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\lysov\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Signature Version: AV: 1.261.1595.0, AS: 1.261.1595.0, NIS: 118.1.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-25 08:45:40.661
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Stredná
Category: Nástroj
Path: file:_C:\Windows\Temp\SppExtComObjHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.1595.0, AS: 1.261.1595.0, NIS: 118.1.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-25 08:45:16.524
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/AutoKMS&threatid=2147685180&enterprise=0
Name: HackTool:Win32/AutoKMS
ID: 2147685180
Severity: Stredná
Category: Nástroj
Path: file:_C:\Windows\Temp\SppExtComObjHook.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SppExtComObj.Exe
Signature Version: AV: 1.261.1595.0, AS: 1.261.1595.0, NIS: 118.1.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-25 08:44:28.823
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:MSIL/AutoKMS&threatid=2147711767&enterprise=0
Name: HackTool:MSIL/AutoKMS
ID: 2147711767
Severity: Stredná
Category: Nástroj
Path: file:_C:\Windows\AutoKMS\AutoKMS.exe;file:_C:\WINDOWS\System32\Tasks\AutoKMS;process:_pid:3752,ProcessStart:131640182305731294;regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF4D5C80-23E2-4FBE-BF9A-6B1139EF793A};regkey:_HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS;taskscheduler:_C:\WINDOWS\System32\Tasks\AutoKMS
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: C:\Windows\AutoKMS\AutoKMS.exe
Signature Version: AV: 1.261.1595.0, AS: 1.261.1595.0, NIS: 118.1.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz
Percentage of memory in use: 22%
Total physical RAM: 8190.49 MB
Available physical RAM: 6335.65 MB
Total Virtual: 10110.49 MB
Available Virtual: 8378.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:122.74 GB) (Free:74.15 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:100 GB) (Free:57.53 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:230.4 GB) NTFS

\\?\Volume{363b9990-0000-0000-0000-70af1e000000}\ () (Fixed) (Total:0.83 GB) (Free:0.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 363B9990)
Partition 1: (Active) - (Size=122.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=847 MB) - (Type=27)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: C3A132DE)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================