FRST
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by Katka (administrator) on SAMSUNG (05-12-2018 21:24:09)
Running from C:\Users\Katka\Desktop
Loaded Profiles: Katka (Available Profiles: Katka)
Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SAMSUNG Electronics co., LTD.) C:\ProgramData\Samsung\ShutdownEvent.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\System32\GManager.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
(Digital Delivery Networks, Inc.) C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungSystemConfiguration.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\USBControlWrapper\UsbControlWrapper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SamsungSystemConfiguration\IdleStateFanCtrl.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
() C:\Windows\System32\Windows.WARP.JITService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\MCTDUtil.exe
(Magic Control Technology Corporation) C:\Program Files (x86)\Common Files\DesktopUtil\FDispPos.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(© 2015 Microsoft Corporation) C:\Users\Katka\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.281_none_eada712a1d8142be\TiWorker.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [393200 2017-10-20] ()
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242200 2016-11-11] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [MCTDUtil] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [FDispPos] => C:\Program Files (x86)\Common Files\DesktopUtil\Util-Desktop.exe [195200 2011-05-03] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-29] (Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\ecmds.exe [177928 2018-11-10] (ESET)
HKLM-x32\...\Run: [YoukuMediaCenter] => C:\Users\Katka\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3142224 2016-05-10] (youku.com)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-09-05] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\Run: [BingSvc] => C:\Users\Katka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-04-01] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\Run: [iKu] => "C:\Program Files (x86)\YouKu\YoukuClient\YoukuDesktop.exe" iku://|reg|
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\Run: [YoukuMediaCenter] => C:\Users\Katka\AppData\Roaming\ytmediacenter\YoukuMediaCenter.exe [3142224 2016-05-10] (youku.com)
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\RunOnce: [Application Restart #5] => C:\ProgramData\Samsung\ShutdownEvent.exe [1715592 2013-09-17] (SAMSUNG Electronics co., LTD.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe [1779008 2014-03-18] (Samsung Electronics CO., LTD.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe [1779008 2014-03-18] (Samsung Electronics CO., LTD.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #6] => C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe [1779008 2014-03-18] (Samsung Electronics CO., LTD.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #5] => C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe [1779008 2014-03-18] (Samsung Electronics CO., LTD.)
HKU\S-1-5-18\...\RunOnce: [Application Restart #3] => C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungConfigurationMonitor.exe [1779008 2014-03-18] (Samsung Electronics CO., LTD.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1495427291-3234877040-1227290694-1001] => 94.190.56.127:8080
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8462E79D-31EE-4EA8-974F-2FB268E33229}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://www.google.com
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.sk/
SearchScopes: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001 -> DefaultScope {71AABCB2-D0C4-4F6C-B40D-83785C24C76C} URL =
SearchScopes: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001 -> {71AABCB2-D0C4-4F6C-B40D-83785C24C76C} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2018-10-07] (Microsoft Corporation)
BHO: YoukuEyeOnIE64 Class -> {509DC5B8-F673-4102-B86E-5BF20BF4EE54} -> C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\ykcool64.dll [2015-12-25] (Youku.com)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-09-11] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll [2017-11-25] (Oracle Corporation)
BHO-x32: YoukuEyeOnIE Class -> {7DC4B5B6-C122-44C4-825C-B310513A47CB} -> C:\Users\Katka\AppData\Roaming\ytmediacenter\ykcool.dll [2015-12-25] (Youku.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll [2017-11-25] (Oracle Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-10-07] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default [2018-12-05]
FF Homepage: Mozilla\Firefox\Profiles\ep6c55vh.default -> google.sk
FF Extension: (Bing Search) - C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default\Extensions\
bingsearch.full@microsoft.com.xpi [2016-04-01] [Legacy]
FF Extension: (English (GB) Language Pack) - C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default\Extensions\
langpack-en-GB@firefox.mozilla.org.xpi [2018-11-13]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default\Extensions\
marcoagpinto@mail.telepac.pt.xpi [2018-11-29]
FF Extension: (Adblock Plus) - C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-12-03]
FF SearchPlugin: C:\Users\Katka\AppData\Roaming\Mozilla\Firefox\Profiles\ep6c55vh.default\searchplugins\bing-.xml [2016-04-01]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll [2017-11-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.151.2 -> C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll [2017-11-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)
FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [No File]
FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [No File]
FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.2.1\Bin\npSSOAxCtrlForPTLogin.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin HKU\S-1-5-21-1495427291-3234877040-1227290694-1001: youku.com/YoukuAgent -> C:\Users\Katka\AppData\Roaming\ytmediacenter\npYoukuAgent.dll [2015-12-09] (Youku)
FF Plugin HKU\S-1-5-21-1495427291-3234877040-1227290694-1001: youku.com/YoukuAgent_x86_64 -> C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll [2015-12-09] (Youku)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9680472 2018-09-26] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2302152 2018-11-10] (ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2302152 2018-11-10] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [129752 2016-11-11] (ELAN Microelectronics Corp.)
R2 GManager; C:\windows\system32\GManager.exe [313432 2012-08-28] ()
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MCTDesktopSvr; C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe [199296 2011-05-03] ()
R2 Oasis2Service (Smart Advisor); C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\Oasis2Service.exe [72000 2015-06-20] (Digital Delivery Networks, Inc.)
R2 SamsungSystemConfiguration; C:\ProgramData\Samsung\SamsungSystemConfiguration\SamsungSystemConfiguration.exe [23872 2014-03-18] (Samsung Electronics CO., LTD.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [1594176 2014-04-22] (Samsung Electronics CO., LTD.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3298208 2017-10-11] (Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6634224 2018-02-02] (TeamViewer GmbH)
R2 USBControlWrapperSvc; C:\ProgramData\Samsung\USBControlWrapper\UsbControlWrapper.exe [37736 2015-01-30] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-21] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 Apowersoft_AudioDevice; C:\WINDOWS\system32\drivers\Apowersoft_AudioDevice.sys [31920 2014-04-09] (Wondershare)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [143448 2018-11-10] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [251632 2015-07-13] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15872 2018-04-27] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188832 2018-11-10] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [109864 2018-11-10] (ESET)
R3 ETDSMBus; C:\WINDOWS\system32\DRIVERS\ETDSMBus.sys [41024 2015-09-23] (ELAN Microelectronic Corp.)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-06-05] (Intel Mobile Communications)
R3 mctkmd; C:\WINDOWS\system32\drivers\mctkmd64.sys [159024 2014-03-13] (Magic Control Technology Corporation)
R0 mctkmdldr; C:\WINDOWS\System32\drivers\mctkmdldr64.sys [19584 2011-04-08] (Magic Control Technology Corporation)
S3 MctUsbAudio; C:\WINDOWS\system32\DRIVERS\MctFlt.sys [17176 2013-08-23] (Windows (R) Win 7 DDK provider)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
S3 pmxdrv; C:\windows\system32\drivers\pmxdrv.sys [31152 2014-09-30] ()
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\WINDOWS\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [429568 2017-07-13] (Realsil Semiconductor Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-06-05] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-06-05] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-06-05] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-06-05] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-06-05] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [203672 2013-06-05] (DEVGURU Co., LTD.(
http://www.devguru.co.kr))
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [203672 2013-06-05] (DEVGURU Co., LTD.(
http://www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [67864 2013-06-05] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [165504 2016-09-04] (Samsung Electronics Co., Ltd.)
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-06-05] (MCCI Corporation)
S3 t5usb64; C:\WINDOWS\system32\drivers\t5usb64.sys [136728 2013-09-14] (Magic Control Technology Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-05 21:24 - 2018-12-05 21:24 - 000023167 _____ C:\Users\Katka\Desktop\FRST.txt
2018-12-05 19:49 - 2018-12-05 19:50 - 000075437 ____H C:\Users\Katka\Downloads\~WRL0003.tmp
2018-12-05 19:33 - 2018-12-05 19:33 - 000000000 ____D C:\Users\Katka\AppData\Roaming\youku
2018-12-05 19:17 - 2018-12-05 19:17 - 007321808 _____ (Malwarebytes) C:\Users\Katka\Downloads\adwcleaner_7.2.5.0(1).exe
2018-12-04 20:34 - 2018-12-04 20:34 - 000043056 _____ C:\Users\Katka\Downloads\Addition.txt
2018-12-04 20:33 - 2018-12-04 20:37 - 000029775 _____ C:\Users\Katka\Downloads\FRST.txt
2018-12-04 20:32 - 2018-12-05 21:24 - 000000000 ___DC C:\FRST
2018-12-04 20:32 - 2018-12-04 20:32 - 002417152 _____ (Farbar) C:\Users\Katka\Desktop\FRST64.exe
2018-12-02 17:21 - 2018-12-02 17:21 - 000000000 ____D C:\Users\Katka\AppData\Local\mbamtray
2018-12-02 17:21 - 2018-12-02 17:21 - 000000000 ____D C:\Users\Katka\AppData\Local\mbam
2018-12-02 17:13 - 2018-12-02 17:20 - 080557120 _____ (Malwarebytes ) C:\Users\Katka\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.8025.exe
2018-12-02 17:02 - 2018-12-02 17:04 - 000000000 ___DC C:\AdwCleaner
2018-12-02 17:00 - 2018-12-02 17:01 - 007321808 _____ (Malwarebytes) C:\Users\Katka\Desktop\adwcleaner_7.2.5.0.exe
2018-12-02 16:52 - 2018-12-02 16:52 - 000000000 ____D C:\Users\Katka\AppData\Local\D3DSCache
2018-11-11 18:14 - 2018-11-11 18:15 - 000106427 _____ C:\Users\Katka\Downloads\littlemermaid.pdf
2018-11-10 12:52 - 2018-11-10 12:53 - 000000000 ____D C:\Users\Katka\Desktop\Snowden (2016) [YTS.AG]
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-12-05 21:20 - 2018-08-07 19:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-12-05 21:20 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-05 19:50 - 2014-11-09 09:08 - 000000000 ___DC C:\Users\Katka\AppData\Local\Packages
2018-12-05 19:26 - 2016-11-18 14:54 - 000000000 ___DC C:\Users\Katka\AppData\LocalLow\Mozilla
2018-12-05 19:25 - 2018-08-07 19:43 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-12-05 19:25 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-12-05 19:25 - 2014-12-06 18:06 - 000000000 ___DC C:\ProgramData\Malwarebytes
2018-12-05 19:24 - 2014-05-26 01:18 - 000000000 ___DC C:\ProgramData\WinClon
2018-12-05 19:21 - 2018-08-07 19:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-12-05 19:21 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-12-05 19:21 - 2017-11-25 20:58 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-12-05 19:21 - 2015-02-06 16:49 - 000002810 _____ C:\WINDOWS\system32\GManager.ini
2018-12-05 19:13 - 2018-08-07 19:44 - 000004572 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-12-05 19:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-12-05 19:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-12-04 20:05 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-12-03 18:34 - 2018-08-07 19:34 - 000002367 _____ C:\Users\Katka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-03 18:34 - 2017-11-25 21:20 - 000000000 ___RD C:\Users\Katka\OneDrive
2018-12-03 18:18 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-12-02 19:18 - 2014-12-06 16:50 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2018-12-02 19:18 - 2014-12-06 16:50 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2018-12-02 19:18 - 2014-12-06 16:50 - 000000000 ___DC C:\Program Files (x86)\TeamViewer
2018-12-02 16:57 - 2016-05-11 13:02 - 000000000 ___DC C:\ProgramData\boost_interprocess
2018-12-02 16:37 - 2014-12-06 17:47 - 000000000 ___DC C:\Users\Katka\AppData\Local\ESET
2018-12-02 16:33 - 2016-12-11 09:33 - 000000000 ____D C:\Users\Katka\Documents\WeChat Files
2018-12-02 16:32 - 2016-12-14 12:09 - 000000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2018-12-02 16:32 - 2014-12-06 17:00 - 000000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-27 18:00 - 2014-12-06 17:00 - 000001175 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-17 20:50 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-13 18:40 - 2018-08-07 19:44 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-11-12 20:28 - 2014-12-08 12:41 - 000000000 ____D C:\Users\Katka\AppData\Roaming\vlc
2018-11-10 12:46 - 2018-04-12 15:26 - 000109864 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2018-11-10 12:46 - 2016-10-07 14:31 - 000188832 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2018-11-10 12:46 - 2016-10-07 14:31 - 000143448 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
==================== Files in the root of some directories =======
2016-05-11 13:02 - 2016-05-11 13:02 - 000000032 ____C () C:\Users\Katka\AppData\Local\temp.tmp
2016-03-06 05:26 - 2016-03-06 05:26 - 000000000 ____C () C:\Users\Katka\AppData\Local\{B6B52398-A34F-4C61-8480-7704EDFF05AF}
Some files in TEMP:
====================
2016-03-18 10:11 - 2016-03-18 10:11 - 002457000 _____ () C:\Users\Katka\AppData\Local\Temp\360ini.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-08-07 19:31
==================== End of FRST.txt ============================
Addition
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by Katka (05-12-2018 21:25:16)
Running from C:\Users\Katka\Desktop
Windows 10 Home Version 1803 17134.345 (X64) (2018-08-07 17:44:56)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1495427291-3234877040-1227290694-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1495427291-3234877040-1227290694-503 - Limited - Disabled)
Guest (S-1-5-21-1495427291-3234877040-1227290694-501 - Limited - Disabled)
Katka (S-1-5-21-1495427291-3234877040-1227290694-1001 - Administrator - Enabled) => C:\Users\Katka
WDAGUtilityAccount (S-1-5-21-1495427291-3234877040-1227290694-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.101 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Apple Application Support (64-bit) (HKLM\...\{BB109E24-EE90-485B-A28B-ADDEFB40540B}) (Version: 5.6 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CharisSIL 5.000 (HKLM-x32\...\CharisSIL) (Version: - )
DoulosSIL 5.000 (HKLM-x32\...\DoulosSIL) (Version: - )
ELAN Touchpad driver X64 15.7.9.2_WHQL (HKLM\...\Elantech) (Version: 15.7.9.2 - ELAN Microelectronic Corp.)
Elements 11 Organizer (HKLM-x32\...\{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
ESET Security (HKLM\...\{BEFBE0CD-6723-4D98-8263-9A2C376BC6CD}) (Version: 11.1.54.0 - ESET, spol. s r.o.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
j5 USB DISPLAY ADAPTER 14.01.0328.3179 (HKLM-x32\...\{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}) (Version: 14.01.0328.3179 - j5create)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Microsoft Office 2016 Professional Plus - sk-sk (HKLM\...\ProPlusRetail - sk-sk) (Version: 16.0.10827.20138 - Microsoft Corporation)
Microsoft OneDrive (HKU\.DEFAULT\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 sk) (HKLM\...\Mozilla Firefox 63.0.3 (x64 sk)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 63.0.3.6892 - Mozilla)
Oasis2Service (Smart Advisor) (HKLM-x32\...\Oasis2Service (Smart Advisor)) (Version: 2.0.675.7 - DDNi)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10827.20138 - Microsoft Corporation) Hidden
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
PSE11 STI Installer (HKLM-x32\...\{98CE8819-87AA-4814-8167-ADDDD513485F}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.1.0.3 - Samsung Electronics CO., LTD.)
S Agent (HKLM\...\{061881E0-653B-41CA-839E-2BA6569B5FEE}) (Version: 1.1.69 - Samsung Electronics Co., Ltd.) Hidden
Samsung Survey (HKLM-x32\...\{F1F6B58E-CF23-475C-AA96-EC658E9E50F3}) (Version: 2.0.1 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{05068BA6-4AAB-4A47-8BAD-2141F4E9C15D}) (Version: 2.2.52 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Settings (HKLM-x32\...\{3BB58176-B3A7-47FD-9F18-C3576431D193}) (Version: 2.2.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.25 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.93450 - TeamViewer)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{479E8CC7-CD68-4EB4-BB04-34A5C2C74102}) (Version: 2.46.0.0 - Microsoft Corporation)
Video Download Capture version 5.1.7 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 5.1.7 - APOWERSOFT LIMITED)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
WeChat (HKLM-x32\...\WeChat) (Version: 1.5.0.22 - 腾讯科技(深圳)有限公司)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22256 - Microsoft Corporation)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Katka\AppData\Local\Microsoft\OneDrive\17.3.6998.0830\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001_Classes\CLSID\{5ed339e2-e6a7-576a-be70-fb9cdbdce50e}\InprocServer32 -> C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\npYoukuAgent_x64.dll (Youku)
ShellIconOverlayIdentifiers: [ Report64] -> {C7D0BD5D-B11A-47DB-BB14-7F930B3F7705} => C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\report64.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers: [ YoukuModShlExt64] -> {314711D6-6B45-4AF7-83D8-DCD8537FD241} => C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\coreplay64.dll [2015-12-08] (Youku.com)
ShellIconOverlayIdentifiers-x32-x32: [ Report] -> {32C50D96-7A9E-4F3E-8763-F74D86AFEDC2} => C:\Users\Katka\AppData\Roaming\ytmediacenter\report.dll [2015-10-10] (Youku.com)
ShellIconOverlayIdentifiers-x32-x32-x32: [ YoukuModShlExt] -> {9071723E-9F41-4A8C-9CC2-EB6F94BA9B9E} => C:\Users\Katka\AppData\Roaming\ytmediacenter\coreplay.dll [2015-12-08] (Youku.com)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-11-10] (ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-02] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-02] (Alexander Roshal)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-11-10] (ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} => -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-19] (Igor Pavlov)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} => -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll [2018-11-10] (ESET)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-02] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-02] (Alexander Roshal)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {046C9B1F-21F6-4D1D-8BF0-DB0F5033121F} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-29] (Realtek Semiconductor)
Task: {1063FE02-4142-4B9A-B797-B7EE0F81B82F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2017-04-26] (Samsung Electronics Co., Ltd.)
Task: {1FD13002-1DDC-4B5D-98BD-8927F754C20F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-06-21] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {35782928-F1B3-4BF5-861F-DAC1DC7590AB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {67716EFE-DE57-4682-A7EF-764B21C1826A} - System32\Tasks\Trigger KMS Activation => C:\Program Files (x86)\KMSPico\TriggerKMS.exe
Task: {67AE5FAB-11E7-445B-8117-DC804DD986CA} - System32\Tasks\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2014-04-22] ()
Task: {69C2866C-610A-412D-972E-CC06BEBAAAC9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {77ECC811-A06D-49D6-8BD8-F95956B61AAB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {7E666B1B-9A48-4A47-A3EF-88FA2D50CF95} - System32\Tasks\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2014-04-22] (Samsung Electronics CO., LTD.)
Task: {963A393D-F23C-4A9E-B102-5DDCC25C0A5A} - System32\Tasks\IAHPKQU => C:\Users\Katka\AppData\Roaming\IAHPKQU.exe <==== ATTENTION
Task: {98CF2F87-96B5-481D-B730-407C1352279C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-07] (Microsoft Corporation)
Task: {98DE1FC6-78D1-4321-9DB7-D2D8FEEB5145} - System32\Tasks\ShutdownOpt => C:\ProgramData\Samsung\ShutdownEvent.exe [2013-09-17] (SAMSUNG Electronics co., LTD.)
Task: {AF485DED-10D0-4F04-8ED0-80E271C3AB3B} - System32\Tasks\IdleStateFanCtrl => C:\ProgramData\Samsung\SamsungSystemConfiguration\IdleStateFanCtrl.exe [2014-03-18] (Samsung Electronics CO., LTD.)
Task: {C0F8412B-52B1-4B4C-8190-C19C7639731E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-07] (Microsoft Corporation)
Task: {C163A093-3BB3-4916-B974-17EF6A46CEBD} - System32\Tasks\SettingsEventHandlerMonitor => C:\Program Files (x86)\Samsung\Settings\CmdServer\RSSettingEventHandler.exe [2014-04-22] (Samsung Electronics CO., LTD.)
Task: {EC3AAC65-FB63-405F-B4DD-7193C5B601B0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_Plugin.exe [2018-12-05] (Adobe Systems Incorporated)
Task: {EC8A8FEE-2D59-4969-BB14-9794CF28E762} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-10-07] (Microsoft Corporation)
Task: {F03100E3-920D-4D06-B5FE-C7227A1D56A2} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2016-08-12] (Intel Corporation)
Task: {F3F53E6B-7CD2-4BDF-BA15-526D1A4E0A68} - System32\Tasks\JBYUOXF => C:\Users\Katka\AppData\Roaming\JBYUOXF.exe <==== ATTENTION
Task: {F6A7EE52-107F-4A91-83E7-6AEA8DF510BC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-09-26] (Microsoft Corporation)
Task: {F959CB86-027E-44C0-B5BF-2DF8E982AFF3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [2018-10-07] (Microsoft Corporation)
Task: {F97E18DC-7039-4E1B-9146-FEF2BEF658C3} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2016-07-05] (SEC)
Task: {FD36EA51-DF6A-4217-8EAA-530EAD19E214} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2018-10-07] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\IAHPKQU.job => C:\Users\Katka\AppData\Roaming\IAHPKQU.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\JBYUOXF.job => C:\Users\Katka\AppData\Roaming\JBYUOXF.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-02-06 16:49 - 2012-08-28 13:20 - 000313432 _____ () C:\windows\system32\GManager.exe
2015-02-06 16:48 - 2011-05-03 17:13 - 000199296 _____ () C:\Program Files (x86)\Common Files\DesktopUtil\MCTDesktopSvr.exe
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-05-11 13:02 - 2015-10-10 07:00 - 000707624 _____ () C:\Users\Katka\AppData\Roaming\ytmediacenter\X64\cmc64.dll
2018-10-12 09:12 - 2018-09-20 05:38 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-09-12 15:11 - 2018-09-12 15:14 - 035124736 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-09-12 15:11 - 2018-09-12 15:13 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-09-12 15:11 - 2018-09-12 15:11 - 006417408 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-11-25 21:51 - 2017-11-25 21:51 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-09-12 15:11 - 2018-09-12 15:12 - 009010176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.10311.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-07-19 10:37 - 2018-07-19 12:32 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-19 10:37 - 2018-07-19 12:32 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-19 10:37 - 2018-07-19 12:35 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-19 10:37 - 2018-07-19 12:32 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-19 10:37 - 2018-07-19 12:23 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000031232 _____ () C:\WINDOWS\system32\Windows.WARP.JITService.exe
2018-09-28 09:49 - 2018-09-28 09:58 - 000479232 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-09-28 09:49 - 2018-09-28 09:58 - 069128192 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-11-25 21:53 - 2017-11-25 21:54 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-09-28 09:49 - 2018-09-28 09:59 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-07-08 17:30 - 2018-07-08 18:04 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-08-31 11:48 - 2018-08-31 11:51 - 003699200 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-08-31 11:48 - 2018-08-31 11:57 - 000035328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-08-23 12:38 - 2018-08-23 12:48 - 002280960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_core320.dll
2018-08-23 12:38 - 2018-08-23 12:48 - 002480640 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\opencv_imgproc320.dll
2018-07-08 17:30 - 2018-07-08 18:17 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-09-28 09:49 - 2018-09-28 09:59 - 014171648 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-08-31 11:48 - 2018-08-31 11:51 - 003544576 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-09-28 09:49 - 2018-09-28 09:50 - 002866176 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-08-31 11:48 - 2018-08-31 11:57 - 000973312 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-27 17:53 - 2018-07-27 17:58 - 004584960 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-10-04 13:32 - 2018-10-07 21:13 - 000375896 ____C () C:\Program Files\Microsoft Office\Root\Office16\IEAWSDC.DLL
2014-04-22 02:42 - 2014-04-22 02:42 - 000211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2017-11-25 22:41 - 2015-06-20 23:45 - 000045888 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\OasisCloudModel.dll
2017-11-25 22:41 - 2015-06-20 23:45 - 000017216 ____N () C:\Program Files (x86)\DDNi\Oasis2Service (Smart Advisor)\OasisCloudClient.dll
2014-05-26 01:10 - 2014-03-18 02:10 - 000022920 _____ () C:\ProgramData\Samsung\SamsungSystemConfiguration\wsabi.dll
2014-05-26 01:01 - 2013-09-16 21:20 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\banktown.com -> hxxp://cjb.banktown.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\bccard.com -> hxxp://
www.bccard.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\citibank.co.kr -> hxxp://
www.citibank.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\cu.co.kr -> hxxp://
www.cu.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\daegubank.co.kr -> hxxp://banking.daegubank.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\epostbank.go.kr -> hxxp://
www.epostbank.go.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hanabank.com -> hxxp://
www.hanabank.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hanaskcard.com -> hxxp://
www.hanaskcard.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hksb.co.kr -> hxxp://
www.hksb.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hometax.go.kr -> hxxp://
www.hometax.go.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hsb.co.kr -> hxxp://banking.hsb.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\hyundaicard.com -> hxxp://
www.hyundaicard.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\ibk.co.kr -> hxxp://mybank.ibk.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\jbbank.co.kr -> hxxp://
www.jbbank.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\jeilbank.co.kr -> hxxp://banking.jeilbank.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\kbstar.com -> hxxp://kbstar.com
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\kdb.co.kr -> hxxp://
www.kdb.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\keb.co.kr -> hxxp://ebank.keb.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\kfcc.co.kr -> hxxp://ibs.kfcc.co.kr
IE trusted site: HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\kjbank.com -> hxxp://
www.kjbank.com
There are 19 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
If an entry is included in the fixlist, it will be removed.
HKLM\...\StartupApproved\Run32: => "YoukuMediaCenter"
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\StartupApproved\Run: => "iKu"
HKU\S-1-5-21-1495427291-3234877040-1227290694-1001\...\StartupApproved\Run: => "YoukuMediaCenter"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{56EBF191-6AA3-421E-9B72-93F3E49AE76D}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{F0776C0D-80B2-41B8-A693-5EA958A00F64}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{B7DA2B96-29BA-4BC0-8E93-634329A8EC56}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{433AC09A-E7AA-47D7-A849-42BEC4F4F390}] => (Allow) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
FirewallRules: [{96A6004D-604A-455D-B58A-ABE24658E5E6}] => (Allow) LPort=8743
FirewallRules: [{29808BFF-D795-47B8-B4DC-5A09D83178CC}] => (Allow) LPort=8643
FirewallRules: [{A730513D-BFB7-4B92-822B-64537369D9B2}] => (Allow) LPort=7676
FirewallRules: [{792435BF-1AE7-4EFA-98D0-E53B78550715}] => (Allow) LPort=7679
FirewallRules: [{0BDF4FF1-2932-4460-AE53-29F767E880D6}] => (Allow) LPort=24234
FirewallRules: [{AFB8A514-661C-476E-8AF2-10930ECFFD31}] => (Allow) LPort=7900
FirewallRules: [{2A31C7F0-97AF-4272-A679-800B2AF2427A}] => (Allow) LPort=1900
FirewallRules: [{3634F287-8B26-47F6-89C9-97F32B2F0F4B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{BA191F34-5BD7-4F43-84C0-8DAAE6009645}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2C3CFD64-A390-4153-AAE2-F411B2060721}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{AD434568-2F12-4A45-BC52-35658876EDDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{D2CF1EBF-CAC9-441A-A020-A345DF5B4A3D}C:\program files (x86)\samsung\sidesync\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync\sidesync.exe
FirewallRules: [UDP Query User{7267C5DE-CE3E-4337-9F3C-A1E936DEDF68}C:\program files (x86)\samsung\sidesync\sidesync.exe] => (Block) C:\program files (x86)\samsung\sidesync\sidesync.exe
FirewallRules: [{13EB4D0A-7A88-46CE-ACAF-CA4A45363226}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2F25F685-DD65-4DE0-A281-6F839E21A8F3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{8D66D84B-F858-485F-8399-A91E5A58F00F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{054E131F-1609-4391-A2B4-409252B1C164}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{14C957D3-F0C5-461E-9AAD-1451D5E28308}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{3B5B569B-62A8-423F-9BE6-64531CFDD00C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{0E5B8CFE-EC83-45DD-A474-E7D4AA411479}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{30C5D97E-0C1D-4E29-83E5-48D3531DBF68}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D2993398-EFE5-4814-9D32-1FD10E1341C6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{4562FD3C-B510-43B6-916E-0991B8195E92}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F1F03C96-C308-47D3-8293-7A1C4EBFDAD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1703EED-6879-4D60-AA6D-0EC818E986C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E8E30DDE-F942-49BE-BD33-72A2E53CF5A5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{07F1095F-EE7D-4A07-8A44-BA8E07CE2742}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\Video Download Capture.exe
FirewallRules: [{6C36EFAD-555B-4FC3-9E77-45B6E2A1806B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{D2789583-98C1-4938-B214-47881CE7C7B2}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftSrv.dll
FirewallRules: [{441371ED-F827-4E2C-B93E-C77B9C94F73E}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{B8D9F7DD-D97B-4768-85F6-56DFBA9696E5}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDump.dll
FirewallRules: [{5997535E-5FCE-4CAE-A77C-7CD2199C7160}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{8CD13E60-22BD-4AC2-9B5C-C5B7C3CF53C6}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftAC.dll
FirewallRules: [{921D2CF0-C556-44AF-B37D-C3405BFA3C8B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{68A0F3FA-21A4-432F-82F6-E7B91274A38D}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftPlayer.dll
FirewallRules: [{608D1AF9-B6E5-48B5-AEBE-344697029034}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{5E916C4C-691C-48E3-B9E5-984A0AB19BE8}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftDownloaderHelp.dll
FirewallRules: [{6F482461-B755-4967-B109-7BCB4ECA2784}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{2D13A815-5A12-4F5D-A465-B85FD3FE310B}] => (Allow) C:\Program Files (x86)\Apowersoft\Video Download Capture\ApowersoftHDSDump.dll
FirewallRules: [{9D8DFE45-6A40-4643-9241-AB0CE41E1D21}] => (Allow) C:\Users\Katka\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [{BAE184D0-63A7-48EC-A7A0-FB06AC887060}] => (Allow) C:\Users\Katka\AppData\Roaming\youku\..\ytmediacenter\ikuacc.exe
FirewallRules: [TCP Query User{8646F965-507A-4B24-A1E8-3D46D26A96CD}C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Block) C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [UDP Query User{CBAB39CE-7ADB-4DE1-85B9-17CE93885445}C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Block) C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [TCP Query User{99527212-8D2B-4738-82F6-3C64F63CECF7}C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Allow) C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [UDP Query User{B4A1A21F-F665-49BC-AD4A-FBC2BECE2AC1}C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe] => (Allow) C:\users\katka\appdata\roaming\youku\ikucmc\cmc\ikuacc.exe
FirewallRules: [{66F9B05F-7BA0-41A6-96BD-D2BD379F0265}] => (Allow) C:\Users\Katka\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{4E13B58B-2389-4844-8A4C-3BF5C94DA8CA}] => (Allow) C:\Users\Katka\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{DCEE5048-C081-4292-8E3E-F44418EC32FA}] => (Allow) C:\Users\Katka\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{8642162D-5C0E-4F3C-8F24-F838563FBE99}] => (Allow) C:\Users\Katka\AppData\Local\Temp\KMSnano\qemu-system-i386.exe
FirewallRules: [{CBCF7765-E702-4A5A-AD76-5E8693FA807C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B7F87383-7A90-49D5-92CB-C45BBEF5E97A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EC7F7261-8680-44B1-A1FE-0A15E478C2B0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{34DE96EA-1BA0-4118-8FC3-420718A4D65C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADCB85E1-A183-4833-AE2F-3DC30E4F87E6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{23EE89AD-4714-4280-B42A-CC75395FF048}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{8E4AAA40-D2E3-4E1A-9A07-5F9A728021E7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{0F1B8541-AE5F-451A-9364-97E0B274DB81}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{AD6582F0-8A95-444F-BD4F-697F78CB078B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{57911528-2FC1-4EBF-9FFF-BD2F3B7BE284}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{80123BF4-ACDA-48E3-AC9D-FDCC441CDAA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7970F4ED-4721-44F6-AEF2-82B0084A09ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{7B5B8A8B-A016-4317-BD48-5B2735E7DD09}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
Name: Intel(R) HD Graphics Family
Description: Intel(R) HD Graphics Family
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/04/2018 08:13:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program egui.exe version 10.6.205.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: e64
Start Time: 01d48beff9df8ad3
Termination Time: 65
Application Path: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
Report Id: 77e5448c-ff92-48a3-8c6a-e73e66e1117f
Faulting package full name:
Faulting package-relative application ID:
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname samsung.local already in use; will try samsung-2.local instead
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 16 samsung.local. AAAA FE80:0000:0000:0000:9DB9:68F3:375D:FA31
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:9DB9:68F3:375D:FA31:5353 4 samsung.local. Addr 192.168.1.128
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 samsung.local. AAAA FE80:0000:0000:0000:9DB9:68F3:375D:FA31
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 samsung.local. AAAA FE80:0000:0000:0000:9DB9:68F3:375D:FA31
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 samsung.local. AAAA FE80:0000:0000:0000:9DB9:68F3:375D:FA31
Error: (11/29/2018 04:02:39 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 samsung.local. AAAA FE80:0000:0000:0000:9DB9:68F3:375D:FA31
System errors:
=============
Error: (12/05/2018 08:08:50 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.
Error: (12/05/2018 07:23:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The USBControlWrapper Service service terminated unexpectedly. It has done this 1 time(s).
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Settings Launcher service terminated unexpectedly. It has done this 1 time(s).
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Oasis2Service (Smart Advisor) service terminated unexpectedly. It has done this 1 time(s).
Error: (12/05/2018 07:20:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SamsungSystemConfiguration service terminated unexpectedly. It has done this 1 time(s).
CodeIntegrity:
===================================
Date: 2018-12-05 19:21:46.453
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-04 20:47:38.681
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-04 20:47:38.500
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-04 20:47:38.274
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-04 18:39:33.307
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-04 18:39:33.051
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-03 18:17:52.701
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-12-03 18:17:52.686
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-4020Y CPU @ 1.50GHz
Percentage of memory in use: 36%
Total physical RAM: 8106.81 MB
Available physical RAM: 5123.84 MB
Total Virtual: 9386.81 MB
Available Virtual: 6304.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:102.67 GB) (Free:48.22 GB) NTFS
Drive d: (KOFILA) (Fixed) (Total:931.28 GB) (Free:361.31 GB) FAT32
\\?\Volume{91e348b5-66bf-43e9-8043-0c253021a311}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.24 GB) NTFS
\\?\Volume{3167f1b7-a0e3-4236-bdb1-cf4855e8c0cb}\ () (Fixed) (Total:0.78 GB) (Free:0.33 GB) NTFS
\\?\Volume{481d22eb-0f20-4c50-a86d-bc7dbe7fd22c}\ (SAMSUNG_REC2) (Fixed) (Total:13.88 GB) (Free:0.3 GB) NTFS
\\?\Volume{10e2bb51-3c2c-43ae-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.33 GB) FAT32
\\?\Volume{887a98f1-0228-4325-90f8-2e01b00d6390}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 4B510462)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 09D2D324)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
==================== End of Addition.txt ============================
Přispějete na provoz fóra?