Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2019
Ran by STEPKA (23-11-2019 16:52:49)
Running from C:\Users\STEPKA\Desktop
Windows 10 Home Version 1903 18362.476 (X64) (2019-09-18 21:49:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3735186611-2719331182-3020661568-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3735186611-2719331182-3020661568-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3735186611-2719331182-3020661568-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3735186611-2719331182-3020661568-501 - Limited - Disabled)
STEPKA (S-1-5-21-3735186611-2719331182-3020661568-1001 - Administrator - Enabled) => C:\Users\STEPKA
WDAGUtilityAccount (S-1-5-21-3735186611-2719331182-3020661568-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

aScAgenda (HKLM-x32\...\ImageMaker) (Version:  - )
Assassin's Creed Revelations (HKLM-x32\...\{33A22B2D-55BA-4508-B767-BF2E9C21A73F}) (Version: 1.00 - Ubisoft)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 418.91 - NVIDIA Corporation) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Foxit PhantomPDF (HKLM-x32\...\{1668067E-BD47-11E7-B267-000C296BF29B}) (Version: 9.0.0.29935 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 78.0.3904.108 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.341 - Google LLC) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{738276A2-92E7-4313-9E4D-D090F7DA98EC}) (Version: 79.0.3945.10 - Google Inc.)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Matematika pre druhákov verzia CD.035.V1.L2020 (HKU\S-1-5-21-3735186611-2719331182-3020661568-1001\...\{95DC9153-FEF8-45C9-8381-E88B65B1B3E2}_is1) (Version: CD.035.V1.L2020 - Aitec, s.r.o.)
Microsoft Office 2016 Professional Plus (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3735186611-2719331182-3020661568-1001\...\OneDriveSetup.exe) (Version: 19.174.0902.0013 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Nástroje kontroly pravopisu pro Microsoft Office 2016 – čeština (HKLM\...\{90160000-001F-0405-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Nástroje korektúry balíka Microsoft Office 2016 - slovenčina (HKLM\...\{90160000-001F-041B-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
NVIDIA 3D Vision radič ovládača 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Softvér systému s podporou technológie PhysX 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
Odinštalovať tlačiareň EPSON SX110 Series (HKLM\...\EPSON SX110 Series) (Version:  - SEIKO EPSON Corporation)
Ovládací panel NVIDIA 436.48 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 436.48 - NVIDIA Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.2 - Power Software Ltd)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Tombraider (HKLM-x32\...\Tombraider_is1) (Version:  - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.0 - CrystalIDEA Software, Inc.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
WinRAR archivátor (HKLM\...\WinRAR archiver) (Version:  - )

Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-06] (Autodesk Inc.)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.151.300.0_x86__kgqvnymyfvs32 [2019-11-02] (king.com)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-20] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-13] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.11052.0_x64__8wekyb3d8bbwe [2019-11-09] (Microsoft Studios) [MS Ad]
MSN Počasie -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.33.13094.0_x64__8wekyb3d8bbwe [2019-11-20] (Microsoft Corporation) [MS Ad]
News from Slovakia -> C:\Program Files\WindowsApps\15020BruceDulion.NewsfromSlovakia_1.1.3.0_x64__f0xmam1ybj8kw [2019-02-20] (Bruce Dulion) [MS Ad]
Polar Animals -> C:\Program Files\WindowsApps\Microsoft.PolarAnimals_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-22] (Microsoft Corporation)
Pošta a kalendár -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20206.0_x64__8wekyb3d8bbwe [2019-11-23] (Microsoft Corporation) [MS Ad]
Pravda -> C:\Program Files\WindowsApps\Pravda.Pravda_1.3.6.0_x64__z3frst1m792wm [2019-02-20] (P E R E X  a. s.)
Rhymes with Orange -> C:\Program Files\WindowsApps\Microsoft.RhymeswithOrange_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-22] (Microsoft Corporation)
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.15.61.0_x64__kx24dqmazqk8j [2019-06-24] (Random Salad Games LLC) [MS Ad]
WhatsApp Desktop -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_0.3.5618.0_x64__cv1g1gvanyjgm [2019-11-23] (WhatsApp Inc.)
Winter Garden by Hayley Elizabeth -> C:\Program Files\WindowsApps\Microsoft.WinterGardenbyHayleyElizabeth_1.0.0.0_neutral__8wekyb3d8bbwe [2019-02-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-05-31] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-02-10] () [File not signed]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-02-10] () [File not signed]
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-05-31] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-02-10] () [File not signed]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-02-10] () [File not signed]
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-09-27] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-10-21] (Foxit Software Incorporated -> Foxit Software Inc.)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files (x86)\PowerISO\PWRISOSH.DLL [2012-05-31] (Power Software Ltd -> Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2010-02-10] () [File not signed]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2010-02-10] () [File not signed]

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\STEPKA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplikácie Chrome\Vzdialená plocha Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp

==================== Loaded Modules (Whitelisted) =============

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3735186611-2719331182-3020661568-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKU\S-1-5-21-3735186611-2719331182-3020661568-1001\...\StartupApproved\Run: => "Epson Stylus SX110"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{43D72A20-1638-482E-B96C-674152D171D6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{63383A41-20B9-4DCC-91EF-D5A73793EA24}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{5F1AE7DC-0E31-4323-A5CD-65FE0F53C5EC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{333D5FE3-0BDE-4A17-BC34-E10ACDBD7B1A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{E1E50830-D21C-4A72-B398-29DAA22C3480}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{9D7B2BCA-6BBD-45B6-B709-15CBD92F7132}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Massive -> )
FirewallRules: [{F7B7849B-FC60-4ACA-8617-68E443FA30DF}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe () [File not signed]
FirewallRules: [{41CCFA2F-3D28-4BE6-B589-CF87FFFDD953}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRSP.exe () [File not signed]
FirewallRules: [{335E9E1E-CB3E-47F1-8AED-7F378271BC95}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe () [File not signed]
FirewallRules: [{3D48BE10-6926-46B4-859B-D322ED6EF9B0}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\ACRMP.exe () [File not signed]
FirewallRules: [{623286F5-9D00-413C-9CD5-59F37FC3B191}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe (Ubisoft) [File not signed]
FirewallRules: [{AFB99D97-E1AA-4874-9207-3569032E27B9}] => (Allow) C:\Program Files (x86)\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe (Ubisoft) [File not signed]
FirewallRules: [{3A0C2EF2-BB53-4F3A-B554-23693A15B1EE}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\79.0.3945.10\remoting_host.exe (Google LLC -> Spoločnosť Google Inc.)
FirewallRules: [{4627F1AC-504F-44CC-8C9D-3D83E7B6C0E4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

10-11-2019 11:10:58 Scheduled Checkpoint
13-11-2019 14:47:56 Windows Update
18-11-2019 22:49:28 Installed Chrome Remote Desktop Host

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (11/23/2019 03:48:34 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (10904,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 02:51:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5284,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 01:48:21 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6360,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 12:51:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4396,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 11:47:20 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9008,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 11:11:10 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5468,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 10:49:42 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7652,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (11/23/2019 09:58:13 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (296,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.


System errors:
=============
Error: (11/23/2019 04:51:33 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"2147942625"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (11/23/2019 04:51:33 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:
"2147942625"
Happened while starting this command:
C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba Service KMSELDI sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba WMI Performance Adapter sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 120000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Služba FoxitPhantomService sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1-krát.

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba Služba Vzdialená plocha Chrome sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 60000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Display Container LS sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 6000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.

Error: (11/23/2019 04:39:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Služba NVIDIA Telemetry Container sa neočakávane ukončila. Služba sa týmto spôsobom ukončila už 1 krát. O 1000 ms bude vykonaná nasledujúca opravná akcia: Reštartovať službu.


Windows Defender:
===================================
Date: 2019-11-23 16:52:04.874
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\STEPKA\Desktop\FRST64.exe
Security intelligence Version: AV: 1.305.2664.0, AS: 1.305.2664.0, NIS: 1.305.2664.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-23 16:51:40.303
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\STEPKA\Desktop\FRST64.exe
Security intelligence Version: AV: 1.305.2664.0, AS: 1.305.2664.0, NIS: 1.305.2664.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-23 16:51:40.185
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\STEPKA\Desktop\FRST64.exe
Security intelligence Version: AV: 1.305.2664.0, AS: 1.305.2664.0, NIS: 1.305.2664.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-23 16:51:31.370
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\SECOH-QAD.dll; file:_C:\Windows\SECOH-QAD.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Security intelligence Version: AV: 1.305.2664.0, AS: 1.305.2664.0, NIS: 1.305.2664.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-23 16:51:30.956
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win64/AutoKMS&threatid=2147723334&enterprise=0
Name: HackTool:Win64/AutoKMS
ID: 2147723334
Severity: Vysoká
Category: Nástroj
Path: file:_C:\Windows\SECOH-QAD.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Program Files\KMSpico\Service_KMS.exe
Security intelligence Version: AV: 1.305.2664.0, AS: 1.305.2664.0, NIS: 1.305.2664.0
Engine Version: AM: 1.1.16500.1, NIS: 1.1.16500.1

Date: 2019-11-18 17:25:39.473
Description: 
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Backup
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence version: 1.305.2271.0;1.305.2271.0
Engine version: 1.1.16500.1

Date: 2019-11-18 17:25:37.620
Description: 
Windows Defender Antivirus has encountered an error trying to load security intelligence and will attempt reverting back to a known-good version.
Security intelligence Attempted: Current
Error Code: 0x80004004
Error description: Operation aborted 
Security intelligence version: 1.305.2289.0;1.305.2289.0
Engine version: 1.1.16500.1

==================== Memory info =========================== 

BIOS: Award Software International, Inc. F2 12/30/2008
Motherboard: Gigabyte Technology Co., Ltd. M61PME-S2P
Processor: AMD Athlon(tm) X4 620 Processor
Percentage of memory in use: 49%
Total physical RAM: 4095.55 MB
Available physical RAM: 2061.63 MB
Total Virtual: 5119.55 MB
Available Virtual: 2812.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:96.71 GB) (Free:36.58 GB) NTFS
Drive d: () (Fixed) (Total:368.1 GB) (Free:39.06 GB) NTFS

\\?\Volume{d3733c3b-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{d3733c3b-0000-0000-0000-a04c18000000}\ () (Fixed) (Total:0.46 GB) (Free:0.04 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D3733C3B)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=96.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=470 MB) - (Type=27)
Partition 4: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================