Jump to content

cometrue

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. ~ ZHPCleaner v2015.9.12.346 by Nicolas Coolman (2015/09/12) ~ Run by 재원 (Administrator) (14/09/2015 21:49:34) ~ Site : http://www.nicolascoolman.fr ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Scan ~ Report : C:\Users\재원\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\재원\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 8.1, 64-bit (Build 9600) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [bad : pfs.nprotect.com] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (8) FOUND file: C:\Windows\Prefetch\SH_INSTALLER.EXE-04FEBFDD.pf =>.Superfluous.SpyHunter FOUND folder: C:\windows\Installer\MSI100A.tmp- =>Empty FOUND folder: C:\windows\Installer\MSI4EBC.tmp- =>Empty FOUND folder: C:\windows\Installer\MSI52D4.tmp- =>Empty FOUND folder: C:\windows\Installer\MSI962.tmp- =>Empty FOUND folder: C:\windows\Installer\MSIC0D0.tmp- =>Empty FOUND folder: C:\windows\Installer\MSIC342.tmp- =>Empty FOUND folder: C:\windows\Installer\MSIC537.tmp- =>Empty ---\\ Registry ( Key, Value, Data) (1) FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window] =>PUP.Optional.CrossBrowse ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 69595 ~ Items found : 10 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 2 minutes =================== ZHPCleaner--14092015-21_51_39.txt
  2. # AdwCleaner v5.007 - Logfile created 14/09/2015 at 21:39:21 # Updated 08/09/2015 by Xplode # Database : 2015-09-10.1 [server] # Operating system : Windows 8.1 (x64) # Username : 재원 - X250-JAEWON # Running from : C:\Users\재원\Downloads\AdwCleaner.exe # Option : Cleaning # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** ************************* :: Winsock settings cleared ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [599 bytes] ##########
  3. It's been a long time. Thank you for giving a favor. ************************************************************************ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.6.1 (09.08.2015:1)OS: Windows 8.1 x64Ran by 재원 on 2015-09-14 at 21:30:58.70~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [service] omaha [Reboot required]Successfully deleted: [service] omaham [Reboot required] ~~~ Tasks ~~~ Registry Values Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446 ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] C:\Program Files (x86)\kakaoSuccessfully deleted: [Folder] C:\Users\재원\Appdata\Local\kakao ~~~ Chrome [C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 2015-09-14 at 21:34:11.35End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. Malwarebytes' Anti-Malware log ************************************************************** Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 2015-09-04 Scan Time: 오전 6:50 Logfile: Administrator: Yes Version: 2.1.8.1057 Malware Database: v2015.09.03.07 Rootkit Database: v2015.08.16.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 8.1 CPU: x64 File System: NTFS User: 재원 Scan Type: Threat Scan Result: Completed Objects Scanned: 355058 Time Elapsed: 7 min, 8 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)
  5. FRST log *********************************************************** Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015Ran by 재원 (2015-09-04 06:43:29) Run:1Running from C:\Users\재원\DownloadsLoaded Profiles: 재원 & (Available Profiles: 재원)Boot Mode: Normal============================================== fixlist content:*****************startCreateRestorePoint:CloseProcesses:HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)C:\Windows\System32\drivers\mfeelamk.sysRemoveProxy:CMD: bitsadmin /reset /allusersEmptyTemp:end***************** Restore point was successfully created.Processes closed successfully."HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfullyHKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfullyHKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. mfeelamk => service removed successfullyC:\Windows\System32\drivers\mfeelamk.sys => moved successfully ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 362 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 06:43:56 ====
  6. Step 1 ************************************************************** Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015Ran by 재원 (2015-09-04 06:43:29) Run:1Running from C:\Users\재원\DownloadsLoaded Profiles: 재원 & (Available Profiles: 재원)Boot Mode: Normal============================================== fixlist content:*****************startCreateRestorePoint:CloseProcesses:HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)C:\Windows\System32\drivers\mfeelamk.sysRemoveProxy:CMD: bitsadmin /reset /allusersEmptyTemp:end***************** Restore point was successfully created.Processes closed successfully."HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfullyHKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfullyHKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfullyHKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. mfeelamk => service removed successfullyC:\Windows\System32\drivers\mfeelamk.sys => moved successfully ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfullyHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= ========= bitsadmin /reset /allusers ========= BITSADMIN version 3.0 [ 7.7.9600 ]BITS administration utility.© Copyright 2000-2006 Microsoft Corp. BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets. 0 out of 0 jobs canceled. ========= End of CMD: ========= EmptyTemp: => 362 MB temporary data Removed. The system needed a reboot.. ==== End of Fixlog 06:43:56 ====
  7. I'm ready. ************************************************************************************* Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015Ran by 재원 (administrator) on X250-JAEWON (01-09-2015 18:03:44)Running from C:\Users\재원\DownloadsLoaded Profiles: 재원 (Available Profiles: 재원)Platform: Windows 8.1 (X64) Language: 영어(미국)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Hancom Inc.) C:\Program Files (x86)\Hnc\HOffice9\Bin\Hwp.exe(Hancom Inc.) C:\Program Files (x86)\Hnc\HOffice9\Bin\HimTrayIcon.exe(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FcContextMenu64.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Google Inc.) C:\Users\재원\AppData\Local\Google\Update\Install\{11F2E4F1-3E11-402A-BA63-5035EA382C69}\GoogleUpdateSetup.exe(Google Inc) C:\Users\재원\AppData\Local\Temp\GUM2C56.tmp\GoogleUpdate.exe() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcessesHKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStartHKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDropHKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2 Internet Explorer:==================HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJBHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.comSearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cabDPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cabDPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cabDPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cabDPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.comFF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] Chrome: =======CHR StartupUrls: Default -> "hxxp://www.google.com/"CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-31] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-01 17:53 - 2015-09-01 18:03 - 00035807 _____ C:\Users\재원\Downloads\FRST.txt2015-09-01 17:53 - 2015-09-01 17:53 - 00000000 ____D C:\Users\재원\Downloads\FRST-OlderVersion2015-08-31 20:23 - 2015-08-31 20:40 - 00000600 _____ C:\Users\재원\AppData\Local\PUTTY.RND2015-08-31 20:21 - 2015-08-31 20:21 - 00524288 _____ (Simon Tatham) C:\Users\재원\Downloads\putty.exe2015-08-31 19:08 - 2015-08-31 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer2015-08-31 19:08 - 2015-08-31 19:08 - 00000000 ____D C:\Program Files (x86)\ImageWriter2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\Program Files (x86)\KCP2015-08-26 16:35 - 2015-08-26 16:35 - 00392839 _____ ( ) C:\Users\재원\Downloads\KCPPluginSetup.exe2015-08-26 16:30 - 2015-08-26 16:30 - 00001320 _____ C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Calculator.lnk2015-08-25 19:55 - 2015-08-25 19:56 - 00040811 _____ C:\Users\재원\Downloads\Addition.txt2015-08-25 19:54 - 2015-09-01 18:03 - 00000000 ____D C:\FRST2015-08-25 19:52 - 2015-09-01 17:53 - 02188800 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll2015-08-24 15:32 - 2015-08-31 21:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk2015-08-23 20:43 - 2015-08-31 19:06 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS612015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-09-01 18:03 - 2015-05-29 22:48 - 00003646 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA2015-09-01 18:03 - 2015-05-29 22:48 - 00003266 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core2015-09-01 18:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job2015-09-01 18:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job2015-09-01 18:02 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru2015-09-01 18:01 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell2015-09-01 17:57 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job2015-09-01 17:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job2015-09-01 17:53 - 2015-04-24 12:13 - 01161770 _____ C:\windows\WindowsUpdate.log2015-09-01 17:52 - 2015-05-20 22:52 - 00003452 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c2015-09-01 17:52 - 2015-05-07 21:47 - 00003688 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec2015-09-01 17:48 - 2015-04-24 12:21 - 01740284 _____ C:\windows\SysWOW64\Gms.log2015-09-01 10:53 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat2015-09-01 10:53 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat2015-09-01 10:53 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI2015-09-01 10:27 - 2013-08-22 23:46 - 00067493 _____ C:\windows\setupact.log2015-08-31 19:36 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-10012015-08-31 19:16 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness2015-08-31 15:32 - 2015-05-26 01:58 - 00000000 ____D C:\Users\재원\Documents\반디카메라2015-08-28 22:57 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI2015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo ==================== Files in the root of some directories ======= 2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-08-31 20:23 - 2015-08-31 20:40 - 0000600 _____ () C:\Users\재원\AppData\Local\PUTTY.RND2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some zero byte size files/folders:==========================C:\Windows\SysWOW64\dlumd10.dllC:\Windows\SysWOW64\dlumd11.dllC:\Windows\SysWOW64\dlumd9.dllC:\Windows\System32\dlumd10.dllC:\Windows\System32\dlumd11.dllC:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-31 20:44 ==================== End of FRST.txt ============================
  8. Hello, Borislav. I uninstalled qtorrent. I generated new fresh FRST log files. ************************************************************************** Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015Ran by 재원 (administrator) on X250-JAEWON (28-08-2015 21:34:52)Running from C:\Users\재원\DownloadsLoaded Profiles: 재원 & (Available Profiles: 재원)Platform: Windows 8.1 (X64) Language: 영어(미국)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe(Adarian Software, LLC) C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\calc.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcessesHKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStartHKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDropHKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJBHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.comHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJBHKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.comSearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cabDPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cabDPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cabDPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cabDPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2 FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.comFF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] Chrome: =======CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\Program Files (x86)\KCP2015-08-26 16:35 - 2015-08-26 16:35 - 00392839 _____ ( ) C:\Users\재원\Downloads\KCPPluginSetup.exe2015-08-26 16:30 - 2015-08-26 16:30 - 00001320 _____ C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Calculator.lnk2015-08-25 19:55 - 2015-08-25 19:56 - 00040811 _____ C:\Users\재원\Downloads\Addition.txt2015-08-25 19:54 - 2015-08-28 21:34 - 00039161 _____ C:\Users\재원\Downloads\FRST.txt2015-08-25 19:54 - 2015-08-28 21:34 - 00000000 ____D C:\FRST2015-08-25 19:52 - 2015-08-25 19:52 - 02186752 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe2015-08-24 20:47 - 2015-08-24 20:47 - 00015320 _____ C:\Users\재원\Downloads\28주후_28.Weeks.Later.2007.720p.BrRip.264.YIFY.torrent2015-08-24 20:46 - 2015-08-24 20:46 - 00023138 _____ C:\Users\재원\Downloads\에너미_오브_스테이트_Enemy.Of.The.State.1998.1080p.BluRay.x264.AC3_ONe.torrent2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe2015-08-24 19:28 - 2015-08-24 19:28 - 00013978 _____ C:\Users\재원\Downloads\어벤져스_에이지_오브_울트론_한글_avengers_age_of_ultron_2015_1080p_web_dl_6ch_2_5gb_shaanig_액션.torrent2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll2015-08-24 15:32 - 2015-08-27 17:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk2015-08-23 20:43 - 2015-08-28 21:29 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat2015-08-23 19:59 - 2015-08-23 19:59 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\재원\Downloads\SpyHunter-Installer.exe2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2015-08-12 17:02 - 2015-08-12 17:02 - 00018387 _____ C:\Users\재원\Downloads\EBS 스페셜 프로젝트.E04.150806.소셜 다이어트 내 몸 혁명 4부.HDTV.H264.720p-WITH.mp4.torrent2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-12 15:07 - 2015-08-12 15:07 - 00016582 _____ C:\Users\재원\Downloads\The.Classified.File.2015.720p.HDRip.H264.AAC-iMrel.mp4.torrent2015-08-09 15:28 - 2015-08-09 15:28 - 00016492 _____ C:\Users\재원\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.DTS.x264-KAGA.torrent2015-08-09 15:17 - 2015-08-09 15:17 - 00013225 _____ C:\Users\재원\Downloads\The.SpongeBob.Movie.Sponge.Out.of.Water.2015.1080p.BRRip.x264.AC3-JYK.torrent2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS612015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe2015-07-31 21:27 - 2015-07-31 21:27 - 00027749 _____ C:\Users\재원\Downloads\7번방의.선물.2012.AVCHD.1080i.VOD.DirectStreamCopy-OHE.ts.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-28 21:32 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell2015-08-28 21:32 - 2015-04-24 12:21 - 01139908 _____ C:\windows\SysWOW64\Gms.log2015-08-28 21:29 - 2013-08-22 23:46 - 00065954 _____ C:\windows\setupact.log2015-08-27 18:00 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru2015-08-27 17:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job2015-08-27 17:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job2015-08-27 16:17 - 2015-04-24 12:13 - 01873041 _____ C:\windows\WindowsUpdate.log2015-08-27 10:38 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat2015-08-27 10:38 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat2015-08-27 10:38 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI2015-08-26 16:54 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-10012015-08-26 16:09 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness2015-08-25 22:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job2015-08-25 21:57 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브2015-08-24 20:30 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI2015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo ==================== Files in the root of some directories ======= 2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some zero byte size files/folders:==========================C:\Windows\SysWOW64\dlumd10.dllC:\Windows\SysWOW64\dlumd11.dllC:\Windows\SysWOW64\dlumd9.dllC:\Windows\System32\dlumd10.dllC:\Windows\System32\dlumd11.dllC:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-22 16:36 ==================== End of FRST.txt ============================
  9. Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015 Ran by 재원 (2015-08-25 19:55:31) Running from C:\Users\재원\Downloads Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-593337814-833741486-1504065185-500 - Administrator - Disabled) Guest (S-1-5-21-593337814-833741486-1504065185-501 - Limited - Disabled) 재원 (S-1-5-21-593337814-833741486-1504065185-1001 - Administrator - Enabled) => C:\Users\재원 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) (x32 Version: 1.00.0000 - Hancom) Hidden Adarian Money for Windows (HKLM-x32\...\Adarian Money for Windows) (Version: 5.3.0.0 - Adarian Software, LLC) Atom (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\atom) (Version: 0.207.0 - GitHub Inc.) Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 5.4.40-0) (Version: 5.4.40-0 - Bitnami) Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.) Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft) Daum 라이브 에이전트 (HKLM-x32\...\DaumLiveAgent) (Version: - Daum Communications Corp.) Daum 팟플레이어 (HKLM-x32\...\PotPlayer) (Version: - Daum Kakao Corp.) Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - ) DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.) Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc) Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.) FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community) Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.) Google Photos Backup (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.) Google Update Helper (x32 Version: 1.3.27.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.36 - SunplusIT) Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation) Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation) Intel® Technology Access (HKLM-x32\...\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}) (Version: 1.3.2.1030 - Intel Corporation) Intel® Update Manager (HKLM-x32\...\{4A8C6512-8784-4B77-A815-CAC7FA64102E}) (Version: 2.6.1645 - Intel Corporation) Intel® WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation) Intel® Wireless Bluetooth® (HKLM-x32\...\{72059B36-031F-495E-B1A6-5346A905386E}) (Version: 17.1.1434.02 - Intel Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden LastPass (제거 전용) (HKLM-x32\...\LastPass) (Version: - LastPass) Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - ) Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited) Lenovo Fingerprint Manager Pro (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.42(x64) - Lenovo) Lenovo Fingerprint Manager Pro (Version: 8.01.42(x64) - Lenovo) Hidden Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo) Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation) Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo) Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.02 - ) Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited) Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation) Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited) Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.37 - Lenovo Group Limited) Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.88 - Lenovo) Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.10 - Lenovo Group Limited) Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited) Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited) Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo) Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo) Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo) Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited) Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo) Malwarebytes Anti-Malware 버전 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Multifactor Authentication Client (HKLM\...\{89F955AF-7274-4C60-B5ED-3530AFB88163}) (Version: 1.3.2.3008 - Nok Nok Labs) Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro) Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team) nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2015.7.24.1 - INCA Internet Co., Ltd.) On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.44.00 - ) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.198.0 - Tracker Software Products Ltd) Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation) qBittorrent 3.2.1 (HKLM-x32\...\qBittorrent) (Version: 3.2.1 - The qBittorrent project) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.) Ruby 2.2.2-p95-x64 (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.2-p95 - RubyInstaller Team) SourceTree (HKLM-x32\...\SourceTree 1.6.14) (Version: 1.6.14 - Atlassian) SourceTree (x32 Version: 1.6.14 - Atlassian) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.27.26 - Synaptics Incorporated) Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.285.0 - ) Synaptics WBF DDK 5011 (HKLM\...\{D6FED322-4EA0-48AE-A5AC-BC381D7048CF}) (Version: 4.5.285.0 - Synaptics) Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.18.923.2014 - Lenovo) ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.03.00 - Lenovo) Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation) Windows Driver Package - Intel (e1dexpress) Net (09/29/2014 12.12.80.19) (HKLM\...\8C1187DE2DED27E2043DC3ACEB6DCBCCE2F1E831) (Version: 09/29/2014 12.12.80.19 - Intel) Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo) Windows Driver Package - Synaptics (SmbDrv) System (11/18/2014 18.1.27.14) (HKLM\...\706FA340710376D8FBA10CF75C37A24846787B52) (Version: 11/18/2014 18.1.27.14 - Synaptics) Windows Driver Package - Synaptics (SynTP) Mouse (11/18/2014 18.1.27.14) (HKLM\...\04C8B1B4379AB123816C6F1849A5525D79A4A0DF) (Version: 11/18/2014 18.1.27.14 - Synaptics) XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version: - ) 꿀뷰 (HKLM\...\Honeyview) (Version: 5.12 - 반디소프트) 리디북스 PC뷰어 1.5.8 (HKLM-x32\...\{C6B843D0-7592-442E-A0A6-25F919223257}_is1) (Version: 1.5.8 - RIDI Corporation) 반디집 (HKLM\...\Bandizip) (Version: 5.06 - 반디소프트) 반디카메라 (HKLM-x32\...\Bandicamera) (Version: 2.03 - Bandisoft.com) 인텔® PROSet/무선 소프트웨어 (HKLM-x32\...\{3ebb66ee-dcfa-4ac4-987b-ef1f5bd0284d}) (Version: 17.16.1 - Intel Corporation) 카카오톡 (HKLM-x32\...\KakaoTalk) (Version: 2.0.7.918 - Daum Kakao Corp) 한컴 타자연습 (HKLM-x32\...\{FAB5E347-A6B0-44BB-A876-34E7EE6E52CF}) (Version: 1.00.0000 - Hancom) 한컴오피스 2014 VP (HKLM-x32\...\{42DE9F0E-4BC9-414B-8520-F07587B3F16F}) (Version: 9.0.9.0 - Hancom) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com) CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll () CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.) ==================== Restore Points ========================= 24-08-2015 20:15:03 zoek.exe restore point ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 22:25 - 2013-08-22 22:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CEA827A-CB80-4F0D-A7AF-6BFC58834340} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] () Task: {1D25B132-4D9F-4E65-8362-EA1A1E65C3A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc) Task: {221C746E-699D-4ED0-8B7B-17933AF0F680} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo) Task: {2689558A-A198-4770-BBFD-BA5576375DC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc) Task: {26CCF782-400D-497F-B188-44FFFEF6B4B5} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07] (Realtek Semiconductor) Task: {2D614EF5-2E43-48AC-BFC5-EADCEA6AD0CD} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07] (Realtek Semiconductor) Task: {394C1A1E-751F-48F6-8BFF-932E2DE665AE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-03-10] (Synaptics Incorporated) Task: {461599B8-76DE-4DCB-A32D-F7A9FD56849A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] () Task: {46524A51-5754-4E69-AD91-1DA5E3C9A821} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-14] (Microsoft Corporation) Task: {49A04251-2644-45A8-AB60-AEEE7A617F1C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo) Task: {65E8ED9E-B179-48E7-AB3E-6FFB06CA1626} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor Task: {8218E095-8C78-4CE3-80F3-507A8F2D640B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc) Task: {84FD3994-71E7-4086-8F6E-1E137D15C107} - System32\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc) Task: {8C991B98-40E0-4BD9-B825-43BBD139576A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-07-01] () Task: {99890DB0-8768-47B3-A2FD-D644DFBDDF07} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-07-11] () Task: {B37C511F-AAE9-458C-BE15-3835302FF45A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe Task: {B6C3A79D-0E71-4B47-9C7D-F7444CDBCFAC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-11] (Lenovo) Task: {BCF50AE1-228F-4CB1-A78C-7A434ADE2204} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe Task: {C28DA552-F722-4607-AD69-034FC2D0A8F8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-10-23] (Realtek Semiconductor) Task: {D2AFCB6A-BC82-4DE3-ADFB-063881679B63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc) Task: {E49ADC6A-50C1-423D-93A8-BAB27C5A41BF} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] () Task: {E73CA589-402C-40B0-A2A9-0B5952E31165} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo) Task: {F830018B-176B-42B8-938B-6C1EE5A45968} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-07-11] () Task: {FE4AE6B2-083A-4994-8112-AC4EAF905952} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (Whitelisted) ============== 2015-04-24 12:45 - 2015-01-16 23:49 - 00083968 ____N () C:\Program Files (x86)\ThinkPad\Utilities\KR\PWMRT64V.dll 2015-01-24 08:42 - 2015-01-24 08:42 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll 2015-01-24 08:58 - 2015-01-24 08:58 - 01795976 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll 2015-01-24 08:58 - 2015-01-24 08:58 - 00357768 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll 2014-05-16 10:39 - 2014-05-16 10:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe 2015-06-03 00:18 - 2015-06-03 00:18 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2015-05-17 03:10 - 2015-03-19 23:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll 2015-05-08 21:17 - 2015-01-07 06:52 - 08148480 _____ () C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe 2015-04-24 12:45 - 2015-01-16 23:49 - 00083968 ____N () C:\Program Files (x86)\ThinkPad\Utilities\KR\PWMRT64V.DLL 2014-12-09 12:41 - 2014-12-09 12:41 - 00223984 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0412\TpShocks.dll 2015-04-24 12:46 - 2015-01-10 07:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe 2015-04-24 12:46 - 2015-01-10 07:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe 2015-07-12 00:05 - 2015-07-12 00:05 - 14725120 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe 2015-05-08 21:17 - 2015-01-30 19:44 - 00404480 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\pcre.dll 2015-05-08 21:17 - 2013-06-30 04:15 - 00067584 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\zlib1.dll 2015-05-08 21:17 - 2015-04-16 04:49 - 00097792 _____ () C:\Bitnami\wampstack-5.4.40-0\php\libpq.dll 2015-05-08 21:17 - 2015-04-18 18:19 - 00025088 _____ () C:\Bitnami\wampstack-5.4.40-0\php\php5apache2_4.dll 2015-05-08 21:27 - 2015-04-16 04:49 - 00166400 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\libssh2.dll 2015-05-07 14:25 - 2015-05-07 14:25 - 01282048 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bd9568d53459ad96625ccca026823507\Windows.Devices.ni.dll 2015-07-23 13:27 - 2015-07-23 13:27 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\833b8df73b9caf0c73759a6d4b85c6be\Windows.Foundation.ni.dll 2015-08-24 20:30 - 2015-08-24 20:30 - 00098816 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32api.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00110080 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pywintypes27.dll 2015-08-24 20:30 - 2015-08-24 20:30 - 00364544 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pythoncom27.dll 2015-08-24 20:30 - 2015-08-24 20:30 - 00045568 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_socket.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 01161216 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_ssl.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00320512 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32com.shell.shell.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00713216 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_hashlib.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 01176576 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._core_.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00806400 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._gdi_.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00816128 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._windows_.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 01067008 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._controls_.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00733184 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._misc_.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00682496 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pysqlite2._sqlite.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00087552 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_ctypes.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00119808 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32file.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00108544 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32security.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00007168 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\hashobjs_ext.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00068096 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\usb_ext.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00167936 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32gui.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00018432 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32event.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00128512 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_elementtree.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00127488 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pyexpat.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00013824 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\common.time34.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00036864 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_psutil_windows.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00038912 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32inet.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00011264 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32crypt.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00077312 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._html2.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00027136 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_multiprocessing.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00020480 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_yappi.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00035840 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32process.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00686080 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\unicodedata.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00123392 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._wizard.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00024064 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32pipe.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00010240 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\select.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00025600 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32pdh.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00525640 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\windows._lib_cacheinvalidation.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00017408 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32profile.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00022528 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32ts.pyd 2015-08-24 20:30 - 2015-08-24 20:30 - 00078848 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._animate.pyd 2015-07-11 03:38 - 2015-07-11 03:38 - 03481600 _____ () C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll 2015-06-03 00:18 - 2015-06-03 00:18 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll 2015-08-21 22:53 - 2015-08-18 14:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll 2015-08-21 22:53 - 2015-08-18 14:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll 2015-07-01 17:35 - 2015-07-01 17:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll 2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll 2014-11-11 04:12 - 2014-11-11 04:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2015-04-24 12:46 - 2015-01-08 01:29 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll 2015-04-24 12:46 - 2015-01-08 01:29 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll 2015-04-16 07:11 - 2015-04-16 07:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll 2015-04-16 07:11 - 2015-04-16 07:11 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences AlternateDataStreams: C:\Users\재원\OneDrive:ms-properties ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-593337814-833741486-1504065185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\재원\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\StartupApproved\StartupFolder: => "OneNote(으)로 보내기.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{07B3EF51-49F3-4784-9050-B26839DDE896}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{391357AB-F9DD-409D-AA9A-37C4837E9370}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe FirewallRules: [{829B8561-8AB8-4953-B0A1-80509297393B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [{0CB61DC2-DC4B-45FE-B2E2-C9B3E4E963CD}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe FirewallRules: [{D32121EA-13C9-4760-8B13-FADCC9C625F1}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumLiveAgent.exe FirewallRules: [{AE70F90C-ECDC-40F8-B814-6217D65F5162}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DLiveStreamer.exe FirewallRules: [{ACF438FB-F2DD-405F-BFCB-5C47C28F403A}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe FirewallRules: [{24EDC4EE-0642-4422-82CA-AD4D299CA84E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{82185331-DEF3-4CF4-84DC-D68B032F51A8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{3647E54F-10F9-48A6-B92F-32785A35B29B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{FBA93460-99F3-4AA0-86DF-F0C349EC5EAB}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{0D83F4E3-DC01-428C-B22B-359E185BED0A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe FirewallRules: [{0C04F9C8-8BB0-416D-9560-010A9B0C77D9}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe FirewallRules: [{AF006213-BB0F-4B30-BF41-B2C0855B9B6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/24/2015 12:37:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation, 설명 = Scheduled Checkpoint, 오류 = 0x80070422). Error: (08/23/2015 02:27:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057) Error: (08/22/2015 04:49:45 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation, 설명 = Scheduled Checkpoint, 오류 = 0x80070422). Error: (08/22/2015 04:36:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057) Error: (08/21/2015 10:19:19 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding, 설명 = Windows Modules Installer, 오류 = 0x80070422). Error: (08/21/2015 10:19:16 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422). Error: (08/19/2015 10:31:46 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding, 설명 = Windows Modules Installer, 오류 = 0x80070422). Error: (08/19/2015 10:31:45 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422). Error: (08/15/2015 03:44:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057) Error: (08/14/2015 09:42:56 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422). System errors: ============= Error: (08/25/2015 09:59:18 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat Error: (08/25/2015 09:59:08 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat Error: (08/24/2015 08:26:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다. Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다. Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다. Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다. Error: (08/24/2015 08:26:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다. Error: (08/24/2015 06:48:40 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat Error: (08/24/2015 06:48:34 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON) Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat Error: (08/24/2015 03:32:28 PM) (Source: KLIF) (EventID: 0) (User: ) Description: Сonnection is not established Microsoft Office: ========================= Error: (08/24/2015 12:37:26 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422 Error: (08/23/2015 02:27:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: WINRE_DRVThe parameter is incorrect. (0x80070057) Error: (08/22/2015 04:49:45 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422 Error: (08/22/2015 04:36:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: WINRE_DRVThe parameter is incorrect. (0x80070057) Error: (08/21/2015 10:19:19 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422 Error: (08/21/2015 10:19:16 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422 Error: (08/19/2015 10:31:46 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422 Error: (08/19/2015 10:31:45 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422 Error: (08/15/2015 03:44:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: ) Description: WINRE_DRVThe parameter is incorrect. (0x80070057) Error: (08/14/2015 09:42:56 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422 ==================== Memory info =========================== Processor: Intel® Core i5-5200U CPU @ 2.20GHz Percentage of memory in use: 74% Total physical RAM: 3975.17 MB Available physical RAM: 1022.02 MB Total Virtual: 6663.17 MB Available Virtual: 1722.25 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:218.99 GB) (Free:77.94 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of FRST.txt ============================
  10. Thank you, Borislav.. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015Ran by 재원 (administrator) on X250-JAEWON (25-08-2015 19:54:48)Running from C:\Users\재원\DownloadsLoaded Profiles: 재원 (Available Profiles: 재원)Platform: Windows 8.1 (X64) Language: 영어(미국)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe(Intel Corporation) C:\Windows\System32\igfxCUIService.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe(Lenovo.) C:\Windows\System32\TpShocks.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe(Adarian Software, LLC) C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\qBittorrent\qbittorrent.exe(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe(Tracker Software Products Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcessesHKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStartHKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDropHKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetchHKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJBHKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.comSearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cabDPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cabDPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cabDPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2 FireFox:========FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddonFF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.comFF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.comFF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] Chrome: =======CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbhoCHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crxCHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-25] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-25 19:54 - 2015-08-25 19:55 - 00035420 _____ C:\Users\재원\Downloads\FRST.txt2015-08-25 19:54 - 2015-08-25 19:54 - 00000000 ____D C:\FRST2015-08-25 19:52 - 2015-08-25 19:52 - 02186752 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe2015-08-24 20:47 - 2015-08-24 20:47 - 00015320 _____ C:\Users\재원\Downloads\28주후_28.Weeks.Later.2007.720p.BrRip.264.YIFY.torrent2015-08-24 20:46 - 2015-08-24 20:46 - 00023138 _____ C:\Users\재원\Downloads\에너미_오브_스테이트_Enemy.Of.The.State.1998.1080p.BluRay.x264.AC3_ONe.torrent2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe2015-08-24 19:28 - 2015-08-24 19:28 - 00013978 _____ C:\Users\재원\Downloads\어벤져스_에이지_오브_울트론_한글_avengers_age_of_ultron_2015_1080p_web_dl_6ch_2_5gb_shaanig_액션.torrent2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll2015-08-24 15:32 - 2015-08-25 14:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk2015-08-23 20:43 - 2015-08-25 18:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat2015-08-23 19:59 - 2015-08-23 19:59 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\재원\Downloads\SpyHunter-Installer.exe2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf2015-08-12 17:02 - 2015-08-12 17:02 - 00018387 _____ C:\Users\재원\Downloads\EBS 스페셜 프로젝트.E04.150806.소셜 다이어트 내 몸 혁명 4부.HDTV.H264.720p-WITH.mp4.torrent2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll2015-08-12 15:07 - 2015-08-12 15:07 - 00016582 _____ C:\Users\재원\Downloads\The.Classified.File.2015.720p.HDRip.H264.AAC-iMrel.mp4.torrent2015-08-09 15:28 - 2015-08-09 15:28 - 00016492 _____ C:\Users\재원\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.DTS.x264-KAGA.torrent2015-08-09 15:17 - 2015-08-09 15:17 - 00013225 _____ C:\Users\재원\Downloads\The.SpongeBob.Movie.Sponge.Out.of.Water.2015.1080p.BRRip.x264.AC3-JYK.torrent2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS612015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe2015-07-31 21:27 - 2015-07-31 21:27 - 00027749 _____ C:\Users\재원\Downloads\7번방의.선물.2012.AVCHD.1080i.VOD.DirectStreamCopy-OHE.ts.torrent ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-08-25 19:51 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell2015-08-25 19:40 - 2015-04-24 12:21 - 00735478 _____ C:\windows\SysWOW64\Gms.log2015-08-25 19:18 - 2015-04-24 12:13 - 01766430 _____ C:\windows\WindowsUpdate.log2015-08-25 19:00 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru2015-08-25 18:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job2015-08-25 15:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job2015-08-25 10:01 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat2015-08-25 10:01 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat2015-08-25 10:01 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI2015-08-25 09:58 - 2013-08-22 23:46 - 00065358 _____ C:\windows\setupact.log2015-08-24 20:49 - 2015-06-01 22:07 - 00000000 ____D C:\Users\재원\AppData\Roaming\qBittorrent2015-08-24 20:30 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브2015-08-24 20:30 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI2015-08-24 15:41 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-10012015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP2015-08-23 22:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp2015-08-19 22:10 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo ==================== Files in the root of some directories ======= 2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some zero byte size files/folders:==========================C:\Windows\SysWOW64\dlumd10.dllC:\Windows\SysWOW64\dlumd11.dllC:\Windows\SysWOW64\dlumd9.dllC:\Windows\System32\dlumd10.dllC:\Windows\System32\dlumd11.dllC:\Windows\System32\dlumd9.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signedC:\windows\system32\wininit.exe => File is digitally signedC:\windows\explorer.exe => File is digitally signedC:\windows\SysWOW64\explorer.exe => File is digitally signedC:\windows\system32\svchost.exe => File is digitally signedC:\windows\SysWOW64\svchost.exe => File is digitally signedC:\windows\system32\services.exe => File is digitally signedC:\windows\system32\User32.dll => File is digitally signedC:\windows\SysWOW64\User32.dll => File is digitally signedC:\windows\system32\userinit.exe => File is digitally signedC:\windows\SysWOW64\userinit.exe => File is digitally signedC:\windows\system32\rpcss.dll => File is digitally signedC:\windows\system32\dnsapi.dll => File is digitally signedC:\windows\SysWOW64\dnsapi.dll => File is digitally signedC:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-08-22 16:36 ==================== End of FRST.txt ============================
  11. Hello. I have seen this post. https://forums.malwarebytes.org/index.php?/topic/171668-tradeadexchange-infection/ I have same problems. So I downloaded and ran the zoek.exe as requested. I need your help. **************************************************************************************************************** Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by 재원 on 2015-08-24 at 20:13:00.69.Microsoft Windows 8.1 K 6.3.9600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\재원\Downloads\zoek.exe [scan all users] [script inserted] ==== System Restore Info ====================== 2015-08-24 오후 8:15:12 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\재원\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\재원\AppData\Local\EmieSiteList deleted successfullyC:\Users\재원\AppData\Local\EmieUserList deleted successfullyC:\Users\재원\AppData\Local\PackageStaging deleted successfullyC:\Users\재원\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== Windows IP 구성 DNS 확인자 캐시를 플러시했습니다. ==== Deleting Files \ Folders ====================== C:\Users\Public\Pokki deletedC:\install.exe deletedC:\Users\재원\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deletedC:\Users\재원\AppData\Roaming\ProductData deletedC:\Users\재원\AppData\Roaming\GetRightToGo deletedC:\PROGRA~3\ProductData deletedC:\PROGRA~3\Package Cache deletedC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deletedC:\windows\wininit.ini deletedC:\windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job deletedC:\windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]"FIDOaddon@noknok.com"="C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon" [2015-04-24 오후 12:42][HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [2015-08-24 오후 03:32] ==== Chromium Look ====================== Google Chrome Version: 44.0.2403.157 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsdbhjdbfgekjfcfkkfjjmlmojhbllhbho - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho[]hdokiejnpimakedhajhdlcegeplioahd - No path found[]mbgbpjganndfjjmlamggkkkjafblbahl - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx[2014-10-17 오전 05:25] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionslmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[] LastPass - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahdChrome Hotword Shared Module - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkgLastPass - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahdChrome Hotword Shared Module - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg ==== Chromium Startpages ====================== C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Preferences5226EA226E759AD0929BF2942EBADA97E68CEAC721B5","gfdkimpbcpahaombhbimeihdjnejgicl":"C6CD754C048CC1DE48F1578D19546741D74111D8E1A843F70EC1820DB8C8F587","hdokiejnpimakedhajhdlcegeplioahd":"D9EFFC49C7A20F35439B57131B8362DD6ADD98041ADE7FF8FB7BE9E82FD524FA","kmendfapggjehodndflmmgagdbamhnfd":"4F52BECD1CC34DB19C89A2F6031DB225E9ED34FE74D74744E840F8672B4BCF14","knebimhcckndhiglamoabbnifdkijidd":"AD6CF552FE5C613C0CF443589246BFABD2FA2DC83181E837C28B8E542B3BEC8C","lccekmodgklaepjeofjdjpbminllajkg":"E57995E2B82F6B6AE17DD42B1F1F74BEAB3F80579953A67BCE4EBC9F09630820","lmjegmlicamnimmfhcmpkclmigmmcbeh":"3B2BF064409E8A717B6F02477E2B430683F4009AB4DE13E3D29E5EFA7E92F16D","mbgbpjganndfjjmlamggkkkjafblbahl":"23572159D5A4C04BB4F00D86A84EC1EF36B513565A451CD67E82D4994BB1B075","mfehgcgbbipciphmccgaenjidiccnmng":"1F473BF0452B0C1E06CDEED76B32C63660A94A53878E7703FAD9BC3B0A6C53CA","mfffpogegjflfpflabcdkioaeobkgjik":"401D980983E3B50656DF5D23355AC760C6969C48ECAA9E0032933014277FAFBE","mgndgikekgjfcpckkfioiadnlibdjbkf":"696C963629DD7374AF174A23B32652F4F35486E7EE06BF36DB6CDEBD643A4E67","mhjfbmdgcfjbbpaeojofohoefgiehjai":"70D2338C95084797007022623365467314870B1E2F19CAA0907800BA343B7A39","nbpagnldghgfoolbancepceaanlmhfmd":"7D14FE694D2BC0B02590F601697F179FC70F0E0A92476B98AB9AC5D6F5547E61","neajdppkdcdipfabeoofebfddakdcjhd":"5A63F2F62C36DEFAC05736000342AD3E202FC2C86BFDB1EA16B75B4F108E0DFF","nkeimhogjdpnpccoofpliimaahmaaome":"8EBA455B2FD409A81A52DB9B0839E8E0683DCC2461BA8D0F6C15E7F6CF6703F1","nmmhkkegccagdldgiimedpiccmgmieda":"C4C9A157D294A2A905DEFB9CD497F942A14CBBAB1FECDA8C10BF58EAE6967813","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"592949D6C7098DE5A02D10EE4CA2F70E5643BDFD0BF4C2777932E7F71D117911","pjkljhegncpnkpknbcohdijeoejaedia":"BA7A905EEED5F5916CC8BE5FB5A8B954BA0B45F3E1D70AC0AB31C192B1046761"}},"google":{"services":{"account_id":"01A4DDA4853EB89C4D059D1FFDD178F6A783B7575DACCA505A163FBA62D98D89","last_username":"14BA23A3B1A848C69A7E540FD75F8103B7F464D34AEFD6DB1CCEBA6AD85081E5","username":"A7F96F563A60C7A0AB61061FC51704A2D4F3CB328B0BD26E71E93D10F61454E9"}},"homepage":"86F99BB17833A2C3627232C56BC7C81155A9336B5F3C45B0FF857D62643FD79F","homepage_is_newtabpage":"5868B75AFB5F5B5D3B5081029A57578F99A49DB4432868D4A1799A302CDD1D3F","pinned_tabs":"748EB777BC5A8079580D4B85A63BAACAD9F4CDED43C818699E4F083906B48B80","prefs":{"preference_reset_time":"C7EAD987A75067469128F49BED42FAEE128AEB7D71A99DAAAC64813463D8D8A3"},"profile":{"reset_prompt_memento":"E94EA1906FEC16E40355B9E31D91D4DAD172C2CFD4A586DDEE841DD16DC54929"},"safebrowsing":{"incidents_sent":"448E35D8B9F5FD7E96BE7A361ADBBA3C993FC59FBE94EB56B068BBA7C3D52AD0"},"search_provider_overrides":"E7D9963C09DAD2DEC93BC97492347295FBF5855F5CF418EE67797D3FA930B5AB","session":{"restore_on_startup":"65CC5C5482FA2EBB1D0926CA3C0CD4827A01C4D2EEE6E7F0FA3C44D702E6294A","startup_urls":"163EC4FF92DC85D78CCBD0C149698B26E396342ACF30A64D53C0C72D0CBE931E"},"software_reporter":{"prompt_reason":"24049FD10992BA5E8FA8B310E74D8BC4AFF88A614C16268782E7ACA28D8CF40B","prompt_seed":"DD12BF4B9B0B58428C23487829C5BF17A8BE7BF8952F2A2099F86BFB26A63EAF","prompt_version":"305A78995838A142504B088A37CC74F4CD39620DB6282F87D1E0D41AF4DE7F19"},"sync":{"remaining_rollback_tries":"5D7744DDE8C0D205292EE58282F28317D710965F9E2975E2D2E0A438F829854E"}},"super_mac":"6E1307BA09FBAB5407EC8F1C02D93865F49C43ADE4E4BA1EBC430B73726304F4"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/]},"sync":{"remaining_rollback_tries":0}} C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Preferences5226EA226E759AD0929BF2942EBADA97E68CEAC721B5","gfdkimpbcpahaombhbimeihdjnejgicl":"C6CD754C048CC1DE48F1578D19546741D74111D8E1A843F70EC1820DB8C8F587","hdokiejnpimakedhajhdlcegeplioahd":"D9EFFC49C7A20F35439B57131B8362DD6ADD98041ADE7FF8FB7BE9E82FD524FA","kmendfapggjehodndflmmgagdbamhnfd":"4F52BECD1CC34DB19C89A2F6031DB225E9ED34FE74D74744E840F8672B4BCF14","knebimhcckndhiglamoabbnifdkijidd":"AD6CF552FE5C613C0CF443589246BFABD2FA2DC83181E837C28B8E542B3BEC8C","lccekmodgklaepjeofjdjpbminllajkg":"E57995E2B82F6B6AE17DD42B1F1F74BEAB3F80579953A67BCE4EBC9F09630820","lmjegmlicamnimmfhcmpkclmigmmcbeh":"3B2BF064409E8A717B6F02477E2B430683F4009AB4DE13E3D29E5EFA7E92F16D","mbgbpjganndfjjmlamggkkkjafblbahl":"23572159D5A4C04BB4F00D86A84EC1EF36B513565A451CD67E82D4994BB1B075","mfehgcgbbipciphmccgaenjidiccnmng":"1F473BF0452B0C1E06CDEED76B32C63660A94A53878E7703FAD9BC3B0A6C53CA","mfffpogegjflfpflabcdkioaeobkgjik":"401D980983E3B50656DF5D23355AC760C6969C48ECAA9E0032933014277FAFBE","mgndgikekgjfcpckkfioiadnlibdjbkf":"696C963629DD7374AF174A23B32652F4F35486E7EE06BF36DB6CDEBD643A4E67","mhjfbmdgcfjbbpaeojofohoefgiehjai":"70D2338C95084797007022623365467314870B1E2F19CAA0907800BA343B7A39","nbpagnldghgfoolbancepceaanlmhfmd":"7D14FE694D2BC0B02590F601697F179FC70F0E0A92476B98AB9AC5D6F5547E61","neajdppkdcdipfabeoofebfddakdcjhd":"5A63F2F62C36DEFAC05736000342AD3E202FC2C86BFDB1EA16B75B4F108E0DFF","nkeimhogjdpnpccoofpliimaahmaaome":"8EBA455B2FD409A81A52DB9B0839E8E0683DCC2461BA8D0F6C15E7F6CF6703F1","nmmhkkegccagdldgiimedpiccmgmieda":"C4C9A157D294A2A905DEFB9CD497F942A14CBBAB1FECDA8C10BF58EAE6967813","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"592949D6C7098DE5A02D10EE4CA2F70E5643BDFD0BF4C2777932E7F71D117911","pjkljhegncpnkpknbcohdijeoejaedia":"BA7A905EEED5F5916CC8BE5FB5A8B954BA0B45F3E1D70AC0AB31C192B1046761"}},"google":{"services":{"account_id":"01A4DDA4853EB89C4D059D1FFDD178F6A783B7575DACCA505A163FBA62D98D89","last_username":"14BA23A3B1A848C69A7E540FD75F8103B7F464D34AEFD6DB1CCEBA6AD85081E5","username":"A7F96F563A60C7A0AB61061FC51704A2D4F3CB328B0BD26E71E93D10F61454E9"}},"homepage":"86F99BB17833A2C3627232C56BC7C81155A9336B5F3C45B0FF857D62643FD79F","homepage_is_newtabpage":"5868B75AFB5F5B5D3B5081029A57578F99A49DB4432868D4A1799A302CDD1D3F","pinned_tabs":"748EB777BC5A8079580D4B85A63BAACAD9F4CDED43C818699E4F083906B48B80","prefs":{"preference_reset_time":"C7EAD987A75067469128F49BED42FAEE128AEB7D71A99DAAAC64813463D8D8A3"},"profile":{"reset_prompt_memento":"E94EA1906FEC16E40355B9E31D91D4DAD172C2CFD4A586DDEE841DD16DC54929"},"safebrowsing":{"incidents_sent":"448E35D8B9F5FD7E96BE7A361ADBBA3C993FC59FBE94EB56B068BBA7C3D52AD0"},"search_provider_overrides":"E7D9963C09DAD2DEC93BC97492347295FBF5855F5CF418EE67797D3FA930B5AB","session":{"restore_on_startup":"65CC5C5482FA2EBB1D0926CA3C0CD4827A01C4D2EEE6E7F0FA3C44D702E6294A","startup_urls":"163EC4FF92DC85D78CCBD0C149698B26E396342ACF30A64D53C0C72D0CBE931E"},"software_reporter":{"prompt_reason":"24049FD10992BA5E8FA8B310E74D8BC4AFF88A614C16268782E7ACA28D8CF40B","prompt_seed":"DD12BF4B9B0B58428C23487829C5BF17A8BE7BF8952F2A2099F86BFB26A63EAF","prompt_version":"305A78995838A142504B088A37CC74F4CD39620DB6282F87D1E0D41AF4DE7F19"},"sync":{"remaining_rollback_tries":"5D7744DDE8C0D205292EE58282F28317D710965F9E2975E2D2E0A438F829854E"}},"super_mac":"6E1307BA09FBAB5407EC8F1C02D93865F49C43ADE4E4BA1EBC430B73726304F4"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/]},"sync":{"remaining_rollback_tries":0}} ==== Chromium Fix ====================== C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage deleted successfullyC:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.naver.com/"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE}" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.naver.com/"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} Unknown Url="Not_Found" ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully ==== Empty IE Cache ====================== C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfullyC:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfullyC:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=58 folders=40 103260071 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\재원\AppData\Local\Temp will be emptied at rebootC:\Users\재원\AppData\Local\Temp will be emptied at rebootC:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\windows\Temp successfully emptiedC:\Users\재원\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 2015-08-24 at 20:30:09.97 ====================== ****************************************************************************************************************
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.