Jump to content

tradeadexchage infection

cometrue

By cometrue
in Resolved Malware Removal Logs

 Share

Recommended Posts

cometrue

cometrue

Posted
Posted

Hello.

 

I have seen this post.

 

https://forums.malwarebytes.org/index.php?/topic/171668-tradeadexchange-infection/

 

I have same problems.

 

So I downloaded and ran the zoek.exe as requested.

 

I need your help.

 

 

****************************************************************************************************************

 
Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by 재원 on 2015-08-24 at 20:13:00.69.
Microsoft Windows 8.1 K 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\재원\Downloads\zoek.exe [scan all users] [script inserted] 
 
==== System Restore Info ======================
 
2015-08-24 오후 8:15:12 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\Users\재원\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\재원\AppData\Local\EmieSiteList deleted successfully
C:\Users\재원\AppData\Local\EmieUserList deleted successfully
C:\Users\재원\AppData\Local\PackageStaging deleted successfully
C:\Users\재원\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
Windows IP 구성
 
DNS 확인자 캐시를 플러시했습니다.
 
==== Deleting Files \ Folders ======================
 
C:\Users\Public\Pokki deleted
C:\install.exe deleted
C:\Users\재원\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Start Menu.lnk deleted
C:\Users\재원\AppData\Roaming\ProductData deleted
C:\Users\재원\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\wininit.ini deleted
C:\windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job deleted
C:\windows\tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job deleted
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"FIDOaddon@noknok.com"="C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon" [2015-04-24 오후 12:42]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com" [2015-08-24 오후 03:32]
 
==== Chromium Look ======================
 
Google Chrome Version: 44.0.2403.157
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
hdokiejnpimakedhajhdlcegeplioahd - No path found[]
mbgbpjganndfjjmlamggkkkjafblbahl - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx[2014-10-17 오전 05:25]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
LastPass - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Chrome Hotword Shared Module - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
LastPass - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd
Chrome Hotword Shared Module - 재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
 
==== Chromium Startpages ======================
 
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Preferences
5226EA226E759AD0929BF2942EBADA97E68CEAC721B5","gfdkimpbcpahaombhbimeihdjnejgicl":"C6CD754C048CC1DE48F1578D19546741D74111D8E1A843F70EC1820DB8C8F587","hdokiejnpimakedhajhdlcegeplioahd":"D9EFFC49C7A20F35439B57131B8362DD6ADD98041ADE7FF8FB7BE9E82FD524FA","kmendfapggjehodndflmmgagdbamhnfd":"4F52BECD1CC34DB19C89A2F6031DB225E9ED34FE74D74744E840F8672B4BCF14","knebimhcckndhiglamoabbnifdkijidd":"AD6CF552FE5C613C0CF443589246BFABD2FA2DC83181E837C28B8E542B3BEC8C","lccekmodgklaepjeofjdjpbminllajkg":"E57995E2B82F6B6AE17DD42B1F1F74BEAB3F80579953A67BCE4EBC9F09630820","lmjegmlicamnimmfhcmpkclmigmmcbeh":"3B2BF064409E8A717B6F02477E2B430683F4009AB4DE13E3D29E5EFA7E92F16D","mbgbpjganndfjjmlamggkkkjafblbahl":"23572159D5A4C04BB4F00D86A84EC1EF36B513565A451CD67E82D4994BB1B075","mfehgcgbbipciphmccgaenjidiccnmng":"1F473BF0452B0C1E06CDEED76B32C63660A94A53878E7703FAD9BC3B0A6C53CA","mfffpogegjflfpflabcdkioaeobkgjik":"401D980983E3B50656DF5D23355AC760C6969C48ECAA9E0032933014277FAFBE","mgndgikekgjfcpckkfioiadnlibdjbkf":"696C963629DD7374AF174A23B32652F4F35486E7EE06BF36DB6CDEBD643A4E67","mhjfbmdgcfjbbpaeojofohoefgiehjai":"70D2338C95084797007022623365467314870B1E2F19CAA0907800BA343B7A39","nbpagnldghgfoolbancepceaanlmhfmd":"7D14FE694D2BC0B02590F601697F179FC70F0E0A92476B98AB9AC5D6F5547E61","neajdppkdcdipfabeoofebfddakdcjhd":"5A63F2F62C36DEFAC05736000342AD3E202FC2C86BFDB1EA16B75B4F108E0DFF","nkeimhogjdpnpccoofpliimaahmaaome":"8EBA455B2FD409A81A52DB9B0839E8E0683DCC2461BA8D0F6C15E7F6CF6703F1","nmmhkkegccagdldgiimedpiccmgmieda":"C4C9A157D294A2A905DEFB9CD497F942A14CBBAB1FECDA8C10BF58EAE6967813","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"592949D6C7098DE5A02D10EE4CA2F70E5643BDFD0BF4C2777932E7F71D117911","pjkljhegncpnkpknbcohdijeoejaedia":"BA7A905EEED5F5916CC8BE5FB5A8B954BA0B45F3E1D70AC0AB31C192B1046761"}},"google":{"services":{"account_id":"01A4DDA4853EB89C4D059D1FFDD178F6A783B7575DACCA505A163FBA62D98D89","last_username":"14BA23A3B1A848C69A7E540FD75F8103B7F464D34AEFD6DB1CCEBA6AD85081E5","username":"A7F96F563A60C7A0AB61061FC51704A2D4F3CB328B0BD26E71E93D10F61454E9"}},"homepage":"86F99BB17833A2C3627232C56BC7C81155A9336B5F3C45B0FF857D62643FD79F","homepage_is_newtabpage":"5868B75AFB5F5B5D3B5081029A57578F99A49DB4432868D4A1799A302CDD1D3F","pinned_tabs":"748EB777BC5A8079580D4B85A63BAACAD9F4CDED43C818699E4F083906B48B80","prefs":{"preference_reset_time":"C7EAD987A75067469128F49BED42FAEE128AEB7D71A99DAAAC64813463D8D8A3"},"profile":{"reset_prompt_memento":"E94EA1906FEC16E40355B9E31D91D4DAD172C2CFD4A586DDEE841DD16DC54929"},"safebrowsing":{"incidents_sent":"448E35D8B9F5FD7E96BE7A361ADBBA3C993FC59FBE94EB56B068BBA7C3D52AD0"},"search_provider_overrides":"E7D9963C09DAD2DEC93BC97492347295FBF5855F5CF418EE67797D3FA930B5AB","session":{"restore_on_startup":"65CC5C5482FA2EBB1D0926CA3C0CD4827A01C4D2EEE6E7F0FA3C44D702E6294A","startup_urls":"163EC4FF92DC85D78CCBD0C149698B26E396342ACF30A64D53C0C72D0CBE931E"},"software_reporter":{"prompt_reason":"24049FD10992BA5E8FA8B310E74D8BC4AFF88A614C16268782E7ACA28D8CF40B","prompt_seed":"DD12BF4B9B0B58428C23487829C5BF17A8BE7BF8952F2A2099F86BFB26A63EAF","prompt_version":"305A78995838A142504B088A37CC74F4CD39620DB6282F87D1E0D41AF4DE7F19"},"sync":{"remaining_rollback_tries":"5D7744DDE8C0D205292EE58282F28317D710965F9E2975E2D2E0A438F829854E"}},"super_mac":"6E1307BA09FBAB5407EC8F1C02D93865F49C43ADE4E4BA1EBC430B73726304F4"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/]},"sync":{"remaining_rollback_tries":0}}
 
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Preferences
5226EA226E759AD0929BF2942EBADA97E68CEAC721B5","gfdkimpbcpahaombhbimeihdjnejgicl":"C6CD754C048CC1DE48F1578D19546741D74111D8E1A843F70EC1820DB8C8F587","hdokiejnpimakedhajhdlcegeplioahd":"D9EFFC49C7A20F35439B57131B8362DD6ADD98041ADE7FF8FB7BE9E82FD524FA","kmendfapggjehodndflmmgagdbamhnfd":"4F52BECD1CC34DB19C89A2F6031DB225E9ED34FE74D74744E840F8672B4BCF14","knebimhcckndhiglamoabbnifdkijidd":"AD6CF552FE5C613C0CF443589246BFABD2FA2DC83181E837C28B8E542B3BEC8C","lccekmodgklaepjeofjdjpbminllajkg":"E57995E2B82F6B6AE17DD42B1F1F74BEAB3F80579953A67BCE4EBC9F09630820","lmjegmlicamnimmfhcmpkclmigmmcbeh":"3B2BF064409E8A717B6F02477E2B430683F4009AB4DE13E3D29E5EFA7E92F16D","mbgbpjganndfjjmlamggkkkjafblbahl":"23572159D5A4C04BB4F00D86A84EC1EF36B513565A451CD67E82D4994BB1B075","mfehgcgbbipciphmccgaenjidiccnmng":"1F473BF0452B0C1E06CDEED76B32C63660A94A53878E7703FAD9BC3B0A6C53CA","mfffpogegjflfpflabcdkioaeobkgjik":"401D980983E3B50656DF5D23355AC760C6969C48ECAA9E0032933014277FAFBE","mgndgikekgjfcpckkfioiadnlibdjbkf":"696C963629DD7374AF174A23B32652F4F35486E7EE06BF36DB6CDEBD643A4E67","mhjfbmdgcfjbbpaeojofohoefgiehjai":"70D2338C95084797007022623365467314870B1E2F19CAA0907800BA343B7A39","nbpagnldghgfoolbancepceaanlmhfmd":"7D14FE694D2BC0B02590F601697F179FC70F0E0A92476B98AB9AC5D6F5547E61","neajdppkdcdipfabeoofebfddakdcjhd":"5A63F2F62C36DEFAC05736000342AD3E202FC2C86BFDB1EA16B75B4F108E0DFF","nkeimhogjdpnpccoofpliimaahmaaome":"8EBA455B2FD409A81A52DB9B0839E8E0683DCC2461BA8D0F6C15E7F6CF6703F1","nmmhkkegccagdldgiimedpiccmgmieda":"C4C9A157D294A2A905DEFB9CD497F942A14CBBAB1FECDA8C10BF58EAE6967813","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"592949D6C7098DE5A02D10EE4CA2F70E5643BDFD0BF4C2777932E7F71D117911","pjkljhegncpnkpknbcohdijeoejaedia":"BA7A905EEED5F5916CC8BE5FB5A8B954BA0B45F3E1D70AC0AB31C192B1046761"}},"google":{"services":{"account_id":"01A4DDA4853EB89C4D059D1FFDD178F6A783B7575DACCA505A163FBA62D98D89","last_username":"14BA23A3B1A848C69A7E540FD75F8103B7F464D34AEFD6DB1CCEBA6AD85081E5","username":"A7F96F563A60C7A0AB61061FC51704A2D4F3CB328B0BD26E71E93D10F61454E9"}},"homepage":"86F99BB17833A2C3627232C56BC7C81155A9336B5F3C45B0FF857D62643FD79F","homepage_is_newtabpage":"5868B75AFB5F5B5D3B5081029A57578F99A49DB4432868D4A1799A302CDD1D3F","pinned_tabs":"748EB777BC5A8079580D4B85A63BAACAD9F4CDED43C818699E4F083906B48B80","prefs":{"preference_reset_time":"C7EAD987A75067469128F49BED42FAEE128AEB7D71A99DAAAC64813463D8D8A3"},"profile":{"reset_prompt_memento":"E94EA1906FEC16E40355B9E31D91D4DAD172C2CFD4A586DDEE841DD16DC54929"},"safebrowsing":{"incidents_sent":"448E35D8B9F5FD7E96BE7A361ADBBA3C993FC59FBE94EB56B068BBA7C3D52AD0"},"search_provider_overrides":"E7D9963C09DAD2DEC93BC97492347295FBF5855F5CF418EE67797D3FA930B5AB","session":{"restore_on_startup":"65CC5C5482FA2EBB1D0926CA3C0CD4827A01C4D2EEE6E7F0FA3C44D702E6294A","startup_urls":"163EC4FF92DC85D78CCBD0C149698B26E396342ACF30A64D53C0C72D0CBE931E"},"software_reporter":{"prompt_reason":"24049FD10992BA5E8FA8B310E74D8BC4AFF88A614C16268782E7ACA28D8CF40B","prompt_seed":"DD12BF4B9B0B58428C23487829C5BF17A8BE7BF8952F2A2099F86BFB26A63EAF","prompt_version":"305A78995838A142504B088A37CC74F4CD39620DB6282F87D1E0D41AF4DE7F19"},"sync":{"remaining_rollback_tries":"5D7744DDE8C0D205292EE58282F28317D710965F9E2975E2D2E0A438F829854E"}},"super_mac":"6E1307BA09FBAB5407EC8F1C02D93865F49C43ADE4E4BA1EBC430B73726304F4"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/]},"sync":{"remaining_rollback_tries":0}}
 
 
==== Chromium Fix ======================
 
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage deleted successfully
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.nid.naver.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE}"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} Unknown  Url="Not_Found"
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Policies\Chromium deleted successfully
 
==== Empty IE Cache ======================
 
C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\재원\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
Flash Cache Emptied Successfully
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=58 folders=40 103260071 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\재원\AppData\Local\Temp will be emptied at reboot
C:\Users\재원\AppData\Local\Temp will be emptied at reboot
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\windows\Temp successfully emptied
C:\Users\재원\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on 2015-08-24 at 20:30:09.97 ======================
 
****************************************************************************************************************
 
 
 
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello cometrue and :welcome:! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and then post your log files in a new reply in this thread:

https://forums.malwarebytes.org/index.php?/topic/9573-im-infected-what-do-i-do-now/

Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

Thank you, Borislav.. :)

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by 재원 (administrator) on X250-JAEWON (25-08-2015 19:54:48)
Running from C:\Users\재원\Downloads
Loaded Profiles: 재원 (Available Profiles: 재원)
Platform: Windows 8.1 (X64) Language: 영어(미국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe
(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Adarian Software, LLC) C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Tracker Software Products Ltd.) C:\Program Files\Tracker Software\PDF Viewer\PDFXCview.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)
HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)
HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]
ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]
ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cab
DPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cab
DPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24]
 
Chrome: 
=======
CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]
CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]
CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)
R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)
R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 19:54 - 2015-08-25 19:55 - 00035420 _____ C:\Users\재원\Downloads\FRST.txt
2015-08-25 19:54 - 2015-08-25 19:54 - 00000000 ____D C:\FRST
2015-08-25 19:52 - 2015-08-25 19:52 - 02186752 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe
2015-08-24 20:47 - 2015-08-24 20:47 - 00015320 _____ C:\Users\재원\Downloads\28주후_28.Weeks.Later.2007.720p.BrRip.264.YIFY.torrent
2015-08-24 20:46 - 2015-08-24 20:46 - 00023138 _____ C:\Users\재원\Downloads\에너미_오브_스테이트_Enemy.Of.The.State.1998.1080p.BluRay.x264.AC3_ONe.torrent
2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore
2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe
2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log
2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일
2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup
2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe
2015-08-24 19:28 - 2015-08-24 19:28 - 00013978 _____ C:\Users\재원\Downloads\어벤져스_에이지_오브_울트론_한글_avengers_age_of_ultron_2015_1080p_web_dl_6ch_2_5gb_shaanig_액션.torrent
2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-08-24 15:32 - 2015-08-25 14:23 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe
2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK
2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk
2015-08-23 20:43 - 2015-08-25 18:41 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat
2015-08-23 19:59 - 2015-08-23 19:59 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\재원\Downloads\SpyHunter-Installer.exe
2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-12 17:02 - 2015-08-12 17:02 - 00018387 _____ C:\Users\재원\Downloads\EBS 스페셜 프로젝트.E04.150806.소셜 다이어트 내 몸 혁명 4부.HDTV.H264.720p-WITH.mp4.torrent
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian
2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe
2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 15:07 - 2015-08-12 15:07 - 00016582 _____ C:\Users\재원\Downloads\The.Classified.File.2015.720p.HDRip.H264.AAC-iMrel.mp4.torrent
2015-08-09 15:28 - 2015-08-09 15:28 - 00016492 _____ C:\Users\재원\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.DTS.x264-KAGA.torrent
2015-08-09 15:17 - 2015-08-09 15:17 - 00013225 _____ C:\Users\재원\Downloads\The.SpongeBob.Movie.Sponge.Out.of.Water.2015.1080p.BRRip.x264.AC3-JYK.torrent
2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip
2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합
2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview
2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE
2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url
2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys
2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll
2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat
2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet
2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS61
2015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe
2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe
2015-07-31 21:27 - 2015-07-31 21:27 - 00027749 _____ C:\Users\재원\Downloads\7번방의.선물.2012.AVCHD.1080i.VOD.DirectStreamCopy-OHE.ts.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-25 19:51 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell
2015-08-25 19:40 - 2015-04-24 12:21 - 00735478 _____ C:\windows\SysWOW64\Gms.log
2015-08-25 19:18 - 2015-04-24 12:13 - 01766430 _____ C:\windows\WindowsUpdate.log
2015-08-25 19:00 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru
2015-08-25 18:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job
2015-08-25 15:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job
2015-08-25 10:01 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat
2015-08-25 10:01 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat
2015-08-25 10:01 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-25 09:58 - 2013-08-22 23:46 - 00065358 _____ C:\windows\setupact.log
2015-08-24 20:49 - 2015-06-01 22:07 - 00000000 ____D C:\Users\재원\AppData\Roaming\qBittorrent
2015-08-24 20:30 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job
2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브
2015-08-24 20:30 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive
2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원
2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity
2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log
2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-24 15:41 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-1001
2015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-23 22:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job
2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache
2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk
2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-19 22:10 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF
2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages
2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo
2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT
2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo
 
==================== Files in the root of some directories =======
 
2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 16:36
 
==================== End of FRST.txt ============================
Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted
Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-08-2015

Ran by 재원 (2015-08-25 19:55:31)

Running from C:\Users\재원\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-593337814-833741486-1504065185-500 - Administrator - Disabled)

Guest (S-1-5-21-593337814-833741486-1504065185-501 - Limited - Disabled)

재원 (S-1-5-21-593337814-833741486-1504065185-1001 - Administrator - Enabled) => C:\Users\재원

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

(x32 Version: 1.00.0000 - Hancom) Hidden

Adarian Money for Windows (HKLM-x32\...\Adarian Money for Windows) (Version: 5.3.0.0 - Adarian Software, LLC)

Atom (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\atom) (Version: 0.207.0 - GitHub Inc.)

Bitnami WAMP Stack (HKLM-x32\...\Bitnami WAMP Stack 5.4.40-0) (Version: 5.4.40-0 - Bitnami)

Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)

Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)

Daum 라이브 에이전트 (HKLM-x32\...\DaumLiveAgent) (Version:  - Daum Communications Corp.)

Daum 팟플레이어 (HKLM-x32\...\PotPlayer) (Version:  - Daum Kakao Corp.)

Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.32.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden

Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden

Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7/8 (HKLM\...\DisableAMTPopup) (Version: 1.00 - )

DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)

Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.3.1 - Dolby Laboratories Inc)

Evernote v. 5.8.13 (HKLM-x32\...\{A229420E-204B-11E5-B844-0050569584E9}) (Version: 5.8.13.8152 - Evernote Corp.)

FileZilla Client 3.11.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.11.0.2 - Tim Kosse)

FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)

Git version 1.9.5-preview20150319 (HKLM-x32\...\Git_is1) (Version: 1.9.5-preview20150319 - The Git Development Community)

Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)

Google Photos Backup (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Google Photos Backup) (Version: 1.1.0.239 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.27.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden

Inst5676 (Version: 8.01.42 - Softex Inc.) Hidden

Integrated Camera (HKLM-x32\...\Sunplus SPUVCb) (Version: 3.4.7.36 - SunplusIT)

Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)

Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden

Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4206 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.2.4.1000 - Intel Corporation)

Intel® Technology Access (HKLM-x32\...\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}) (Version: 1.3.2.1030 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{4A8C6512-8784-4B77-A815-CAC7FA64102E}) (Version: 2.6.1645 - Intel Corporation)

Intel® WiDi (HKLM\...\{3F5D407B-86F5-4CA5-8F83-7C00BBB69080}) (Version: 5.1.23.0 - Intel Corporation)

Intel® Wireless Bluetooth® (HKLM-x32\...\{72059B36-031F-495E-B1A6-5346A905386E}) (Version: 17.1.1434.02 - Intel Corporation)

Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)

Kaspersky Internet Security (x32 Version: 15.0.2.361 - Kaspersky Lab) Hidden

LastPass (제거 전용) (HKLM-x32\...\LastPass) (Version:  - LastPass)

Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )

Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)

Lenovo Fingerprint Manager Pro (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.42(x64) - Lenovo)

Lenovo Fingerprint Manager Pro (Version: 8.01.42(x64) - Lenovo) Hidden

Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)

Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)

Lenovo Patch Utility (x32 Version: 1.3.2.6 - Lenovo Group Limited) Hidden

Lenovo Patch Utility 64 bit (Version: 1.3.2.6 - Lenovo Group Limited) Hidden

Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)

Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.02 - )

Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited)

Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)

Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)

Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.37 - Lenovo Group Limited)

Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.88 - Lenovo)

Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.10 - Lenovo Group Limited)

Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)

Lenovo Solution Center (HKLM\...\{1CA74803-5CB2-4C03-BDBE-061EDC81CC7F}) (Version: 2.8.004.00 - Lenovo Group Limited)

Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0003 - Lenovo)

Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)

Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)

Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)

Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)

Malwarebytes Anti-Malware 버전 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)

Metric Collection SDK (x32 Version: 1.1.0008.00 - Lenovo Group Limited) Hidden

Metric Collection SDK 35 (x32 Version: 1.2.0006.00 - Lenovo Group Limited) Hidden

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Multifactor Authentication Client (HKLM\...\{89F955AF-7274-4C60-B5ED-3530AFB88163}) (Version: 1.3.2.3008 - Nok Nok Labs)

Nitro Pro 9 (HKLM\...\{199748CD-E046-4D0F-A9D1-0712EE050EFC}) (Version: 9.5.1.5 - Nitro)

Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.7 - Notepad++ Team)

nProtect Online Security V1.0(PFS) (HKLM-x32\...\nProtect Online Security V1.0(PFS)) (Version: 2015.7.24.1 - INCA Internet Co., Ltd.)

On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.44.00 - )

PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.198.0 - Tracker Software Products Ltd)

Python 3.4.3 (HKLM-x32\...\{CCD588A7-8D55-49F1-A30C-47FAB40889ED}) (Version: 3.4.16490 - Python Software Foundation)

qBittorrent 3.2.1 (HKLM-x32\...\qBittorrent) (Version: 3.2.1 - The qBittorrent project)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7383 - Realtek Semiconductor Corp.)

Ruby 2.2.2-p95-x64 (HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.2-p95 - RubyInstaller Team)

SourceTree (HKLM-x32\...\SourceTree 1.6.14) (Version: 1.6.14 - Atlassian)

SourceTree (x32 Version: 1.6.14 - Atlassian) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.27.26 - Synaptics Incorporated)

Synaptics WBF DDK 5011 (HKLM\...\{4D70781C-36A9-4335-9568-565C6F61B5EB}) (Version: 4.5.285.0 - )

Synaptics WBF DDK 5011 (HKLM\...\{D6FED322-4EA0-48AE-A5AC-BC381D7048CF}) (Version: 4.5.285.0 - Synaptics)

Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.18.923.2014 - Lenovo)

ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.03.00 - Lenovo)

Update for Korean Microsoft IME Standard Dictionary (HKLM\...\{75A54180-CA5E-47B8-AFBB-29337B976B21}) (Version: 16.0.662.1 - Microsoft Corporation)

Windows Driver Package - Intel (e1dexpress) Net  (09/29/2014 12.12.80.19) (HKLM\...\8C1187DE2DED27E2043DC3ACEB6DCBCCE2F1E831) (Version: 09/29/2014 12.12.80.19 - Intel)

Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)

Windows Driver Package - Synaptics (SmbDrv) System  (11/18/2014 18.1.27.14) (HKLM\...\706FA340710376D8FBA10CF75C37A24846787B52) (Version: 11/18/2014 18.1.27.14 - Synaptics)

Windows Driver Package - Synaptics (SynTP) Mouse  (11/18/2014 18.1.27.14) (HKLM\...\04C8B1B4379AB123816C6F1849A5525D79A4A0DF) (Version: 11/18/2014 18.1.27.14 - Synaptics)

XecureWeb Control (HKLM-x32\...\XecureWeb Control) (Version:  - )

꿀뷰 (HKLM\...\Honeyview) (Version: 5.12 - 반디소프트)

리디북스 PC뷰어 1.5.8 (HKLM-x32\...\{C6B843D0-7592-442E-A0A6-25F919223257}_is1) (Version: 1.5.8 - RIDI Corporation)

반디집 (HKLM\...\Bandizip) (Version: 5.06 - 반디소프트)

반디카메라 (HKLM-x32\...\Bandicamera) (Version: 2.03 - Bandisoft.com)

인텔® PROSet/무선 소프트웨어 (HKLM-x32\...\{3ebb66ee-dcfa-4ac4-987b-ef1f5bd0284d}) (Version: 17.16.1 - Intel Corporation)

카카오톡 (HKLM-x32\...\KakaoTalk) (Version: 2.0.7.918 - Daum Kakao Corp)

한컴 타자연습 (HKLM-x32\...\{FAB5E347-A6B0-44BB-A876-34E7EE6E52CF}) (Version: 1.00.0000 - Hancom)

한컴오피스 2014 VP (HKLM-x32\...\{42DE9F0E-4BC9-414B-8520-F07587B3F16F}) (Version: 9.0.9.0 - Hancom)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{5B69A6B4-393B-459C-8EBB-214237A9E7AC}\InprocServer32 -> C:\Program Files\Bandizip\bdzshl64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{9B6D38F3-8EF4-48A5-AD30-FFFFFFFFFFFF}\InprocServer32 -> C:\Program Files\Honeyview\HVShell64.dll (Bandisoft.com)

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{ca586c80-7c84-4b88-8537-726724df6929}\InprocServer32 -> C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll ()

CustomCLSID: HKU\S-1-5-21-593337814-833741486-1504065185-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)

 

==================== Restore Points =========================

 

24-08-2015 20:15:03 zoek.exe restore point

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 22:25 - 2013-08-22 22:25 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {0CEA827A-CB80-4F0D-A7AF-6BFC58834340} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {1D25B132-4D9F-4E65-8362-EA1A1E65C3A9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc)

Task: {221C746E-699D-4ED0-8B7B-17933AF0F680} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2014-09-03] (Lenovo)

Task: {2689558A-A198-4770-BBFD-BA5576375DC2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc)

Task: {26CCF782-400D-497F-B188-44FFFEF6B4B5} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07] (Realtek Semiconductor)

Task: {2D614EF5-2E43-48AC-BFC5-EADCEA6AD0CD} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-11-07] (Realtek Semiconductor)

Task: {394C1A1E-751F-48F6-8BFF-932E2DE665AE} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-03-10] (Synaptics Incorporated)

Task: {461599B8-76DE-4DCB-A32D-F7A9FD56849A} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()

Task: {46524A51-5754-4E69-AD91-1DA5E3C9A821} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2015-08-14] (Microsoft Corporation)

Task: {49A04251-2644-45A8-AB60-AEEE7A617F1C} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-03-09] (Lenovo)

Task: {65E8ED9E-B179-48E7-AB3E-6FFB06CA1626} - System32\Tasks\Lenovo\Lenovo Settings Power => Rundll32.exe "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor

Task: {8218E095-8C78-4CE3-80F3-507A8F2D640B} - System32\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc)

Task: {84FD3994-71E7-4086-8F6E-1E137D15C107} - System32\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc)

Task: {8C991B98-40E0-4BD9-B825-43BBD139576A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2015-07-01] ()

Task: {99890DB0-8768-47B3-A2FD-D644DFBDDF07} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-07-11] ()

Task: {B37C511F-AAE9-458C-BE15-3835302FF45A} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {B6C3A79D-0E71-4B47-9C7D-F7444CDBCFAC} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2014-09-11] (Lenovo)

Task: {BCF50AE1-228F-4CB1-A78C-7A434ADE2204} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe

Task: {C28DA552-F722-4607-AD69-034FC2D0A8F8} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-10-23] (Realtek Semiconductor)

Task: {D2AFCB6A-BC82-4DE3-ADFB-063881679B63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-07] (Google Inc)

Task: {E49ADC6A-50C1-423D-93A8-BAB27C5A41BF} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-03-09] ()

Task: {E73CA589-402C-40B0-A2A9-0B5952E31165} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-03-09] (Lenovo)

Task: {F830018B-176B-42B8-938B-6C1EE5A45968} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-07-11] ()

Task: {FE4AE6B2-083A-4994-8112-AC4EAF905952} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-29] (Google Inc)

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-04-24 12:45 - 2015-01-16 23:49 - 00083968 ____N () C:\Program Files (x86)\ThinkPad\Utilities\KR\PWMRT64V.dll

2015-01-24 08:42 - 2015-01-24 08:42 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll

2015-01-24 08:58 - 2015-01-24 08:58 - 01795976 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll

2015-01-24 08:58 - 2015-01-24 08:58 - 00357768 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll

2014-05-16 10:39 - 2014-05-16 10:39 - 00417800 _____ () C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe

2015-06-03 00:18 - 2015-06-03 00:18 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll

2015-05-17 03:10 - 2015-03-19 23:33 - 00736962 _____ () C:\Program Files (x86)\Git\git-cheetah\git_shell_ext64.dll

2015-05-08 21:17 - 2015-01-07 06:52 - 08148480 _____ () C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe

2015-04-24 12:45 - 2015-01-16 23:49 - 00083968 ____N () C:\Program Files (x86)\ThinkPad\Utilities\KR\PWMRT64V.DLL

2014-12-09 12:41 - 2014-12-09 12:41 - 00223984 _____ () C:\Program Files\ThinkPad\TpShocks\MUI\0412\TpShocks.dll

2015-04-24 12:46 - 2015-01-10 07:40 - 00469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe

2015-04-24 12:46 - 2015-01-10 07:40 - 00013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe

2015-07-12 00:05 - 2015-07-12 00:05 - 14725120 _____ () C:\Program Files (x86)\qBittorrent\qbittorrent.exe

2015-05-08 21:17 - 2015-01-30 19:44 - 00404480 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\pcre.dll

2015-05-08 21:17 - 2013-06-30 04:15 - 00067584 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\zlib1.dll

2015-05-08 21:17 - 2015-04-16 04:49 - 00097792 _____ () C:\Bitnami\wampstack-5.4.40-0\php\libpq.dll

2015-05-08 21:17 - 2015-04-18 18:19 - 00025088 _____ () C:\Bitnami\wampstack-5.4.40-0\php\php5apache2_4.dll

2015-05-08 21:27 - 2015-04-16 04:49 - 00166400 _____ () C:\Bitnami\WAMPST~1.40-\apache2\bin\libssh2.dll

2015-05-07 14:25 - 2015-05-07 14:25 - 01282048 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bd9568d53459ad96625ccca026823507\Windows.Devices.ni.dll

2015-07-23 13:27 - 2015-07-23 13:27 - 00228864 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\833b8df73b9caf0c73759a6d4b85c6be\Windows.Foundation.ni.dll

2015-08-24 20:30 - 2015-08-24 20:30 - 00098816 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32api.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00110080 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pywintypes27.dll

2015-08-24 20:30 - 2015-08-24 20:30 - 00364544 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pythoncom27.dll

2015-08-24 20:30 - 2015-08-24 20:30 - 00045568 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_socket.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 01161216 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_ssl.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00320512 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32com.shell.shell.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00713216 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_hashlib.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 01176576 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._core_.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00806400 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._gdi_.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00816128 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._windows_.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 01067008 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._controls_.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00733184 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._misc_.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00682496 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pysqlite2._sqlite.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00087552 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_ctypes.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00119808 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32file.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00108544 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32security.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00007168 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\hashobjs_ext.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00068096 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\usb_ext.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00167936 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32gui.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00018432 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32event.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00128512 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_elementtree.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00127488 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\pyexpat.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00013824 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\common.time34.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00036864 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_psutil_windows.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00038912 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32inet.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00011264 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32crypt.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00077312 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._html2.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00027136 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_multiprocessing.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00020480 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\_yappi.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00035840 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32process.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00686080 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\unicodedata.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00123392 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._wizard.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00024064 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32pipe.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00010240 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\select.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00025600 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32pdh.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00525640 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\windows._lib_cacheinvalidation.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00017408 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32profile.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00022528 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\win32ts.pyd

2015-08-24 20:30 - 2015-08-24 20:30 - 00078848 _____ () C:\Users\재원\AppData\Local\Temp\_MEI85042\wx._animate.pyd

2015-07-11 03:38 - 2015-07-11 03:38 - 03481600 _____ () C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\gpuploader_i18n.dll

2015-06-03 00:18 - 2015-06-03 00:18 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

2015-08-21 22:53 - 2015-08-18 14:23 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll

2015-08-21 22:53 - 2015-08-18 14:23 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll

2015-07-01 17:35 - 2015-07-01 17:35 - 00439304 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll

2015-07-01 17:35 - 2015-07-01 17:35 - 00321032 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll

2014-11-11 04:12 - 2014-11-11 04:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2015-04-24 12:46 - 2015-01-08 01:29 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll

2015-04-24 12:46 - 2015-01-08 01:29 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll

2015-04-16 07:11 - 2015-04-16 07:11 - 00014336 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

2015-04-16 07:11 - 2015-04-16 07:11 - 02748416 _____ () C:\Program Files (x86)\Notepad++\plugins\NppFTP.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Windows:nlsPreferences

AlternateDataStreams: C:\Users\재원\OneDrive:ms-properties

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-593337814-833741486-1504065185-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\재원\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\StartupApproved\StartupFolder: => "OneNote(으)로 보내기.lnk"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{07B3EF51-49F3-4784-9050-B26839DDE896}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe

FirewallRules: [{391357AB-F9DD-409D-AA9A-37C4837E9370}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe

FirewallRules: [{829B8561-8AB8-4953-B0A1-80509297393B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe

FirewallRules: [{0CB61DC2-DC4B-45FE-B2E2-C9B3E4E963CD}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe

FirewallRules: [{D32121EA-13C9-4760-8B13-FADCC9C625F1}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumLiveAgent.exe

FirewallRules: [{AE70F90C-ECDC-40F8-B814-6217D65F5162}] => (Allow) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DLiveStreamer.exe

FirewallRules: [{ACF438FB-F2DD-405F-BFCB-5C47C28F403A}] => (Allow) C:\Program Files (x86)\DAUM\PotPlayer\PotPlayer.exe

FirewallRules: [{24EDC4EE-0642-4422-82CA-AD4D299CA84E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

FirewallRules: [{82185331-DEF3-4CF4-84DC-D68B032F51A8}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{3647E54F-10F9-48A6-B92F-32785A35B29B}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe

FirewallRules: [{FBA93460-99F3-4AA0-86DF-F0C349EC5EAB}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

FirewallRules: [{0D83F4E3-DC01-428C-B22B-359E185BED0A}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe

FirewallRules: [{0C04F9C8-8BB0-416D-9560-010A9B0C77D9}] => (Allow) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe

FirewallRules: [{AF006213-BB0F-4B30-BF41-B2C0855B9B6B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (08/24/2015 12:37:26 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation, 설명 = Scheduled Checkpoint, 오류 = 0x80070422).

 

Error: (08/23/2015 02:27:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057)

 

Error: (08/22/2015 04:49:45 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreation, 설명 = Scheduled Checkpoint, 오류 = 0x80070422).

 

Error: (08/22/2015 04:36:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057)

 

Error: (08/21/2015 10:19:19 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding, 설명 = Windows Modules Installer, 오류 = 0x80070422).

 

Error: (08/21/2015 10:19:16 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422).

 

Error: (08/19/2015 10:31:46 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -Embedding, 설명 = Windows Modules Installer, 오류 = 0x80070422).

 

Error: (08/19/2015 10:31:45 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422).

 

Error: (08/15/2015 03:44:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: 오류가 발생하여 WINRE_DRV 볼륨이 최적화되지 않았습니다. The parameter is incorrect. (0x80070057)

 

Error: (08/14/2015 09:42:56 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: 복원 지점을 만들지 못했습니다(프로세스 = C:\windows\system32\svchost.exe -k netsvcs, 설명 = Windows Update, 오류 = 0x80070422).

 

 

System errors:

=============

Error: (08/25/2015 09:59:18 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON)

Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat

 

Error: (08/25/2015 09:59:08 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON)

Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat

 

Error: (08/24/2015 08:26:18 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

 

Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

 

Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

 

Error: (08/24/2015 08:26:17 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

 

Error: (08/24/2015 08:26:16 PM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: PEVSystemStart 서비스가 대화식 서비스로 표시되어 있습니다. 그러나 시스템이 대화식 서비스를 허용하지 않습니다. 이 서비스가 제대로 작동하지 않을 수도 있습니다.

 

Error: (08/24/2015 06:48:40 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON)

Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat

 

Error: (08/24/2015 06:48:34 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: X250-JAEWON)

Description: 0x8000002a115\??\C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\S-1-5-21-593337814-833741486-1504065185-1001-0-ntuser.dat

 

Error: (08/24/2015 03:32:28 PM) (Source: KLIF) (EventID: 0) (User: )

Description: Сonnection is not established

 

 

Microsoft Office:

=========================

Error: (08/24/2015 12:37:26 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

 

Error: (08/23/2015 02:27:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: WINRE_DRVThe parameter is incorrect. (0x80070057)

 

Error: (08/22/2015 04:49:45 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\system32\srtasks.exe ExecuteScheduledSPPCreationScheduled Checkpoint0x80070422

 

Error: (08/22/2015 04:36:20 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: WINRE_DRVThe parameter is incorrect. (0x80070057)

 

Error: (08/21/2015 10:19:19 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422

 

Error: (08/21/2015 10:19:16 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

 

Error: (08/19/2015 10:31:46 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422

 

Error: (08/19/2015 10:31:45 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

 

Error: (08/15/2015 03:44:34 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )

Description: WINRE_DRVThe parameter is incorrect. (0x80070057)

 

Error: (08/14/2015 09:42:56 PM) (Source: System Restore) (EventID: 8193) (User: )

Description: C:\windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core i5-5200U CPU @ 2.20GHz

Percentage of memory in use: 74%

Total physical RAM: 3975.17 MB

Available physical RAM: 1022.02 MB

Total Virtual: 6663.17 MB

Available Virtual: 1722.25 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:218.99 GB) (Free:77.94 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 232.9 GB) (Disk ID: 00000000)

 

Partition: GPT.

 

==================== End of FRST.txt ============================

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as qBittorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh FRST log files.

Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

Hello, Borislav.

 

I uninstalled qtorrent.

 

I generated new fresh FRST log files.

 

**************************************************************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-08-2015
Ran by 재원 (administrator) on X250-JAEWON (28-08-2015 21:34:52)
Running from C:\Users\재원\Downloads
Loaded Profiles: 재원 &  (Available Profiles: 재원)
Platform: Windows 8.1 (X64) Language: 영어(미국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe
(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Adarian Software, LLC) C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)
HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)
HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2015-05-29] (Google Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]
ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]
ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cab
DPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cab
DPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cab
DPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24]
 
Chrome: 
=======
CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]
CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]
CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)
R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)
R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)
R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP
2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\Program Files (x86)\KCP
2015-08-26 16:35 - 2015-08-26 16:35 - 00392839 _____ ( ) C:\Users\재원\Downloads\KCPPluginSetup.exe
2015-08-26 16:30 - 2015-08-26 16:30 - 00001320 _____ C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Calculator.lnk
2015-08-25 19:55 - 2015-08-25 19:56 - 00040811 _____ C:\Users\재원\Downloads\Addition.txt
2015-08-25 19:54 - 2015-08-28 21:34 - 00039161 _____ C:\Users\재원\Downloads\FRST.txt
2015-08-25 19:54 - 2015-08-28 21:34 - 00000000 ____D C:\FRST
2015-08-25 19:52 - 2015-08-25 19:52 - 02186752 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe
2015-08-24 20:47 - 2015-08-24 20:47 - 00015320 _____ C:\Users\재원\Downloads\28주후_28.Weeks.Later.2007.720p.BrRip.264.YIFY.torrent
2015-08-24 20:46 - 2015-08-24 20:46 - 00023138 _____ C:\Users\재원\Downloads\에너미_오브_스테이트_Enemy.Of.The.State.1998.1080p.BluRay.x264.AC3_ONe.torrent
2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore
2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe
2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log
2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일
2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup
2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe
2015-08-24 19:28 - 2015-08-24 19:28 - 00013978 _____ C:\Users\재원\Downloads\어벤져스_에이지_오브_울트론_한글_avengers_age_of_ultron_2015_1080p_web_dl_6ch_2_5gb_shaanig_액션.torrent
2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-08-24 15:32 - 2015-08-27 17:47 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe
2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK
2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk
2015-08-23 20:43 - 2015-08-28 21:29 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat
2015-08-23 19:59 - 2015-08-23 19:59 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\재원\Downloads\SpyHunter-Installer.exe
2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-12 17:02 - 2015-08-12 17:02 - 00018387 _____ C:\Users\재원\Downloads\EBS 스페셜 프로젝트.E04.150806.소셜 다이어트 내 몸 혁명 4부.HDTV.H264.720p-WITH.mp4.torrent
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian
2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe
2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-12 15:07 - 2015-08-12 15:07 - 00016582 _____ C:\Users\재원\Downloads\The.Classified.File.2015.720p.HDRip.H264.AAC-iMrel.mp4.torrent
2015-08-09 15:28 - 2015-08-09 15:28 - 00016492 _____ C:\Users\재원\Downloads\World.War.Z.2013.UNRATED.1080p.BluRay.DTS.x264-KAGA.torrent
2015-08-09 15:17 - 2015-08-09 15:17 - 00013225 _____ C:\Users\재원\Downloads\The.SpongeBob.Movie.Sponge.Out.of.Water.2015.1080p.BRRip.x264.AC3-JYK.torrent
2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip
2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합
2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview
2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE
2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url
2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys
2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll
2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat
2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet
2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS61
2015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe
2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe
2015-07-31 21:27 - 2015-07-31 21:27 - 00027749 _____ C:\Users\재원\Downloads\7번방의.선물.2012.AVCHD.1080i.VOD.DirectStreamCopy-OHE.ts.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 21:32 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell
2015-08-28 21:32 - 2015-04-24 12:21 - 01139908 _____ C:\windows\SysWOW64\Gms.log
2015-08-28 21:29 - 2013-08-22 23:46 - 00065954 _____ C:\windows\setupact.log
2015-08-27 18:00 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru
2015-08-27 17:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job
2015-08-27 17:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job
2015-08-27 16:17 - 2015-04-24 12:13 - 01873041 _____ C:\windows\WindowsUpdate.log
2015-08-27 10:38 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat
2015-08-27 10:38 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat
2015-08-27 10:38 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-26 16:54 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-1001
2015-08-26 16:09 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-25 22:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job
2015-08-25 21:57 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job
2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브
2015-08-24 20:30 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive
2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원
2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity
2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log
2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache
2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk
2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF
2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages
2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo
2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT
2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo
 
==================== Files in the root of some directories =======
 
2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 16:36
 

 

==================== End of FRST.txt ============================
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as qBittorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

When you are ready, please generate new fresh FRST log files.

Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

I'm ready.

 

 

*************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-08-2015
Ran by 재원 (administrator) on X250-JAEWON (01-09-2015 18:03:44)
Running from C:\Users\재원\Downloads
Loaded Profiles: 재원 (Available Profiles: 재원)
Platform: Windows 8.1 (X64) Language: 영어(미국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(LENOVO INCORPORATED.) C:\Program Files\Lenovo\iMController\SystemAgentService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
() C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Apache Software Foundation) C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(INCA Internet Co., Ltd.) C:\Program Files (x86)\INCAInternet\nProtect Online Security\nosstarter.npe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\KOR\KorIME.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(%CFullName%) C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Daum Kakao Corp. ) C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe
(Google, Inc) C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Daum Kakao Corp. ) C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
(Nok Nok Labs Inc.) C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hancom Inc.) C:\Program Files (x86)\Hnc\HOffice9\Bin\Hwp.exe
(Hancom Inc.) C:\Program Files (x86)\Hnc\HOffice9\Bin\HimTrayIcon.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FcContextMenu64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Google Inc.) C:\Users\재원\AppData\Local\Google\Update\Install\{11F2E4F1-3E11-402A-BA63-5035EA382C69}\GoogleUpdateSetup.exe
(Google Inc) C:\Users\재원\AppData\Local\Temp\GUM2C56.tmp\GoogleUpdate.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-08] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\windows\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-17] (Nok Nok Labs, Inc.)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [164112 2015-05-16] (IvoSoft)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe [1172256 2014-11-11] (Intel Corporation)
HKLM-x32\...\Run: [integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1723040 2014-09-01] (SunplusIT, Inc.)
HKLM-x32\...\Run: [HncUpdate90] => C:\Program Files (x86)\Hnc\HncUtils\Update\HncCheck.exe [604168 2015-06-29] (한글과컴퓨터)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Daum Streaming Service] => C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-06-02] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Update] => C:\Users\재원\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-01] (Google Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [Google Photos Backup] => C:\Users\재원\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3791176 2015-07-11] (Google, Inc)
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [KakaoTalk] => C:\Program Files (x86)\Kakao\KakaoTalk\KakaoTalk.exe [6331544 2015-08-20] (Daum Kakao Corp. )
HKU\S-1-5-21-593337814-833741486-1504065185-1001\...\Run: [GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [shareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-05-16]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adarian Money Reminder.lnk [2015-08-12]
ShortcutTarget: Adarian Money Reminder.lnk -> C:\Program Files (x86)\Adarian\Adarian Money\AMRemind.exe (Adarian Software, LLC)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-14]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote(으)로 보내기.lnk [2015-05-10]
ShortcutTarget: OneNote(으)로 보내기.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (No File)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0DBEA07B-1A1A-4C4A-A4CA-936525D130E2}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F9A4DA8D-6E83-460B-B5DA-96EA433EB835}: [DhcpNameServer] 1.214.68.2 61.41.153.2
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.naver.com/
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-593337814-833741486-1504065185-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-593337814-833741486-1504065185-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-05-16] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-07-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-05-16] (LastPass)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-05-16] (IvoSoft)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-05-16] (LastPass)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-05-16] (IvoSoft)
DPF: HKLM-x32 {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxp://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: HKLM-x32 {3EFC2239-B769-469F-A5E6-38693AE0B9DE} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/sysinfo2.cab
DPF: HKLM-x32 {417A8BA3-7DDF-4C02-919C-4F9D1ED46E58} hxxp://210.182.142.35:8020/qms/speed/speedtest/cab/PowerComSpeedTest.cab
DPF: HKLM-x32 {A79ACFE1-331F-47E0-8F86-A020B21B66F9} hxxp://legaledu.co.kr/biz/player/IMGTech/ZoneMediaPlayer/download/ZMediaPlayer.cab
DPF: HKLM-x32 {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
 
FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin-x32: @imgtech.co.kr/ZoneMediaPlayer -> C:\IMGTech\core\1.0.0.0\NP_ZoneMediaPlayer.dll [2014-11-21] (IMGTech. (www.imgtech.co.kr))
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-11] (Intel Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24] ()
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-05-16] (LastPass)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll [2014-05-16] (Nitro PDF)
FF Plugin-x32: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll [2015-04-24] (Nok Nok Labs Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @kcp.co.kr/plugin;version=1 -> C:\Program Files (x86)\KCP\Plugin\npKCPPlugin.dll [2014-10-28] (KCP CO.,LTD)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @softforum.com/npxwebplugins_file -> C:\Program Files (x86)\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-06-08] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=3 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: @tools.google.com/Google Update;version=9 -> C:\Users\재원\AppData\Local\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-593337814-833741486-1504065185-1001: daum.net/DaumNPPLive -> C:\Users\재원\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2015-04-24]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-08-24]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-08-24]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-07-21]
CHR Extension: (Google Docs) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-21]
CHR Extension: (Google Drive) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-21]
CHR Extension: (YouTube) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-21]
CHR Extension: (Google Search) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-21]
CHR Extension: (Kaspersky Protection) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2015-08-24]
CHR Extension: (Google Calendar) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-07-21]
CHR Extension: (Google Sheets) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-07-21]
CHR Extension: (Chrome Remote Desktop) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-07-21]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-07-21]
CHR Extension: (Adblock Super) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\knebimhcckndhiglamoabbnifdkijidd [2015-07-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-21]
CHR Extension: (Gmail) - C:\Users\재원\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-21]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-22] (Lenovo Corporation)
S2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-07-04] (Kaspersky Lab ZAO)
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-04-01] (DisplayLink Corp.)
R2 ibtsiva.exe; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [121288 2014-08-23] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-05-21] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-07-11] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-11] (Intel Corporation)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-10] (Lenovo Group Limited)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-22] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-22] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272440 2015-03-09] (Lenovo)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-03-19] ()
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-16] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-16] ()
R2 nossvc; C:\Program Files (x86)\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2015-04-24] (Nok Nok Labs Inc.)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [103936 2015-04-02] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-06] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-06] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-07-01] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49968 2015-01-29] (Synaptics Incorporated)
R2 wampstackApache; C:\Bitnami\WAMPST~1.40-\apache2\bin\httpd.exe [20992 2015-01-30] (Apache Software Foundation) [File not signed]
R2 wampstackMySQL; C:\Bitnami\wampstack-5.4.40-0\mysql\bin\mysqld.exe [8148480 2015-01-07] () [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2015-03-19] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-07-04] (Kaspersky Lab UK Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [394520 2014-09-30] (Intel Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [222152 2014-08-23] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [79016 2014-08-06] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-07-04] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [64368 2015-07-04] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2012-07-27] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [159960 2015-07-04] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [226480 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831664 2015-07-04] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [40304 2015-07-04] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [39792 2015-07-04] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-07-04] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [77680 2015-07-04] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [85360 2015-07-04] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [190648 2015-07-04] (Kaspersky Lab ZAO)
R3 LnvHIDHW; C:\Windows\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-11] (Intel Corporation)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497752 2015-04-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-09] (Intel Corporation)
R3 noskp; C:\windows\syswow64\noskp64.sys [23096 2015-07-23] (INCA Internet Co.,Ltd.)
R3 nosku; C:\windows\syswow64\nosku64.sys [34920 2015-07-20] (INCA Internet Co.,Ltd.)
R3 np_ck64s; C:\windows\syswow64\np_ck64s.sys [75680 2014-08-13] (INCA Internet Co.,Ltd.)
R1 OMNISMI; C:\windows\SysWOW64\drivers\omnismi.sys [14776 2014-09-27] ()
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-25] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32936 2015-03-10] (Synaptics Incorporated)
R1 SMIDriver; C:\Windows\System32\drivers\smi.sys [19656 2015-01-29] (Windows ® Win 7 DDK provider)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [682272 2014-09-04] (Sunplus)
R3 TKCtrl; C:\windows\system32\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKCtrl; C:\windows\SysWOW64\TKCtrl2k64.sys [136528 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\windows\system32\TKFsAv64.sys [175560 2015-01-21] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\windows\system32\TKFsFt64.sys [28824 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\windows\system32\TKPcFtCb64.sys [35528 2014-10-20] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\windows\system32\TKRgAc2k64.sys [96584 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\windows\system32\TKRgFtXp64.sys [51464 2013-11-18] (INCA Internet Co., Ltd.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-08-22] (Microsoft Corporation)
U4 klkbdflt2; \SystemRoot\system32\DRIVERS\klkbdflt2.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 17:53 - 2015-09-01 18:03 - 00035807 _____ C:\Users\재원\Downloads\FRST.txt
2015-09-01 17:53 - 2015-09-01 17:53 - 00000000 ____D C:\Users\재원\Downloads\FRST-OlderVersion
2015-08-31 20:23 - 2015-08-31 20:40 - 00000600 _____ C:\Users\재원\AppData\Local\PUTTY.RND
2015-08-31 20:21 - 2015-08-31 20:21 - 00524288 _____ (Simon Tatham) C:\Users\재원\Downloads\putty.exe
2015-08-31 19:08 - 2015-08-31 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2015-08-31 19:08 - 2015-08-31 19:08 - 00000000 ____D C:\Program Files (x86)\ImageWriter
2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KCP
2015-08-26 16:36 - 2015-08-26 16:36 - 00000000 ____D C:\Program Files (x86)\KCP
2015-08-26 16:35 - 2015-08-26 16:35 - 00392839 _____ ( ) C:\Users\재원\Downloads\KCPPluginSetup.exe
2015-08-26 16:30 - 2015-08-26 16:30 - 00001320 _____ C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Calculator.lnk
2015-08-25 19:55 - 2015-08-25 19:56 - 00040811 _____ C:\Users\재원\Downloads\Addition.txt
2015-08-25 19:54 - 2015-09-01 18:03 - 00000000 ____D C:\FRST
2015-08-25 19:52 - 2015-09-01 17:53 - 02188800 _____ (Farbar) C:\Users\재원\Downloads\FRST64.exe
2015-08-24 20:30 - 2015-08-24 20:30 - 00000000 ____D C:\Users\재원\AppData\Local\VirtualStore
2015-08-24 20:29 - 2015-08-24 20:12 - 00024064 _____ C:\windows\zoek-delete.exe
2015-08-24 20:15 - 2015-08-24 20:30 - 00015297 _____ C:\zoek-results.log
2015-08-24 20:01 - 2015-08-24 20:01 - 00000000 ____D C:\Users\재원\Documents\카카오톡 받은 파일
2015-08-24 19:51 - 2015-08-24 20:27 - 00000000 ____D C:\zoek_backup
2015-08-24 19:48 - 2015-08-24 19:48 - 01308672 _____ C:\Users\재원\Downloads\zoek.exe
2015-08-24 15:34 - 2015-08-24 15:34 - 00002357 _____ C:\Users\재원\Desktop\안전 금융.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00002157 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2015-08-24 15:33 - 2015-08-24 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2015-08-24 15:33 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2015-08-24 15:32 - 2015-08-31 21:22 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-08-24 15:32 - 2015-08-24 15:32 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-08-24 15:32 - 2015-07-04 07:56 - 00831664 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00226480 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2015-08-24 15:32 - 2015-07-04 07:56 - 00159960 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2015-08-24 14:45 - 2015-08-24 15:13 - 177523928 _____ (Kaspersky Lab) C:\Users\재원\Downloads\kis15.0.2.361ko-kr.exe
2015-08-24 12:32 - 2015-08-24 13:26 - 00000000 ____D C:\Quarantine_MZK
2015-08-24 12:30 - 2015-08-24 12:30 - 00000000 ____D C:\Users\재원\Downloads\mzk
2015-08-23 20:43 - 2015-08-31 19:06 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-23 20:43 - 2015-08-23 20:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-23 20:43 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-08-23 20:43 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-23 20:38 - 2015-08-23 20:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\재원\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-08-23 20:01 - 2015-08-23 20:01 - 00000000 _____ C:\autoexec.bat
2015-08-21 22:19 - 2015-08-11 10:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-21 22:19 - 2015-08-11 09:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-14 12:54 - 2015-07-07 18:40 - 00270168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00114520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdNisDrv.sys
2015-08-14 12:54 - 2015-07-07 18:40 - 00044560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2015-08-14 11:39 - 2015-08-14 11:39 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adarian
2015-08-12 16:23 - 2015-08-12 16:23 - 00000000 ____D C:\Users\재원\AppData\Roaming\Adarian
2015-08-12 16:22 - 2015-08-12 16:22 - 00000000 ____D C:\Program Files (x86)\Adarian
2015-08-12 16:13 - 2015-08-12 16:13 - 00368296 _____ (RegNow.com) C:\Users\재원\Downloads\Download_AMWinInstall.exe
2015-08-12 15:46 - 2015-07-30 23:04 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:46 - 2015-07-30 22:48 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 15:40 - 2015-07-19 10:58 - 00136904 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 15:40 - 2015-07-19 03:51 - 03704320 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:31 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:29 - 00409088 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 15:40 - 2015-07-19 03:29 - 00029696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 15:40 - 2015-07-19 03:28 - 00081920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 15:40 - 2015-07-19 03:12 - 02228736 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 15:40 - 2015-07-19 03:10 - 00891904 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 15:40 - 2015-07-19 03:09 - 00721920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 15:40 - 2015-07-17 05:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 15:40 - 2015-07-17 05:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 15:40 - 2015-07-17 05:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 15:40 - 2015-07-17 05:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 15:40 - 2015-07-17 05:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:53 - 00145408 _____ (Microsoft Corporation) C:\windows\system32\iepeers.dll
2015-08-12 15:40 - 2015-07-17 04:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 15:40 - 2015-07-17 04:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 15:40 - 2015-07-17 04:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 15:40 - 2015-07-17 04:45 - 01032704 _____ (Microsoft Corporation) C:\windows\system32\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 15:40 - 2015-07-17 04:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 15:40 - 2015-07-17 04:38 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2015-08-12 15:40 - 2015-07-17 04:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 15:40 - 2015-07-17 04:14 - 02880000 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 04:13 - 00880128 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcomm.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 15:40 - 2015-07-17 04:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 15:40 - 2015-07-17 04:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 15:40 - 2015-07-17 04:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 15:40 - 2015-07-17 04:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:52 - 01048576 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2015-08-12 15:40 - 2015-07-17 03:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 15:40 - 2015-07-17 03:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 15:40 - 2015-07-17 03:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 15:40 - 2015-07-17 03:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 15:40 - 2015-07-10 03:40 - 00359936 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 15:40 - 2015-06-27 12:08 - 00052224 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 15:40 - 2015-06-27 11:14 - 00027136 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 07458648 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 15:39 - 2015-07-16 09:29 - 01735000 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 15:39 - 2015-07-16 09:29 - 00101720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 15:39 - 2015-07-16 09:28 - 01499920 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 15:39 - 2015-07-14 12:22 - 02529880 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 15:39 - 2015-07-14 12:21 - 01901776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 15:39 - 2015-07-14 04:46 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 15:39 - 2015-07-14 04:45 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 15:39 - 2015-07-11 02:54 - 01217024 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 15:39 - 2015-07-11 02:42 - 02345472 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 15:39 - 2015-07-11 02:13 - 07032320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 15:39 - 2015-07-11 01:47 - 01556992 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 15:39 - 2015-07-02 07:19 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 07:16 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 15:39 - 2015-07-02 06:37 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 15:39 - 2015-07-02 06:35 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 15:38 - 2015-07-29 23:37 - 01994752 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 15:38 - 2015-07-29 23:30 - 01381888 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 15:38 - 2015-07-29 23:23 - 01559552 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 15:38 - 2015-07-25 03:57 - 04177408 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 15:38 - 2015-07-25 03:57 - 00358912 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 15:38 - 2015-07-25 03:52 - 00044032 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 15:38 - 2015-07-25 02:27 - 00301568 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 15:38 - 2015-07-25 02:23 - 00035840 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 15:38 - 2015-07-11 03:19 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 02:14 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-08-12 15:38 - 2015-07-11 01:31 - 06213120 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 15:38 - 2015-07-10 02:13 - 00221184 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 15:38 - 2015-07-10 01:30 - 00212992 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 15:38 - 2015-05-12 09:24 - 00536920 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-09 08:26 - 2015-08-09 08:26 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2015-08-09 08:26 - 2015-08-09 08:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2015-08-09 01:19 - 2015-08-09 01:19 - 00189303 _____ C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합.zip
2015-08-09 01:19 - 2015-08-09 01:19 - 00000000 ____D C:\Users\재원\Downloads\블랙 미러(Black Mirror) 시즌1,2 E01 - 03(完) 한영통합
2015-08-08 18:59 - 2015-08-08 18:59 - 00000905 _____ C:\Users\Public\Desktop\꿀뷰.lnk
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\꿀뷰
2015-08-08 18:59 - 2015-08-08 18:59 - 00000000 ____D C:\Program Files\Honeyview
2015-08-08 18:58 - 2015-08-08 18:59 - 07583528 _____ C:\Users\재원\Downloads\HONEYVIEW-SETUP-KR.EXE
2015-08-07 21:39 - 2015-08-07 21:39 - 00000060 _____ C:\Users\재원\Desktop\jnk.url
2015-08-05 07:50 - 2014-05-21 19:52 - 00136528 _____ (INCA Internet Co., Ltd.) C:\windows\system32\TKCtrl2k64.sys
2015-08-05 07:50 - 2013-11-27 10:37 - 00237888 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\TKFW.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00328000 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkidsx.dll
2015-08-05 07:50 - 2013-11-27 10:36 - 00225600 _____ (INCA Internet Co.,Ltd.) C:\windows\SysWOW64\tkfwflt.dll
2015-08-05 07:50 - 2013-04-30 15:46 - 00036388 _____ C:\windows\SysWOW64\teexcept.dat
2015-08-04 17:20 - 2015-08-22 16:25 - 00000000 ____D C:\Program Files (x86)\IPinside
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet UnInstall
2015-08-04 17:18 - 2015-08-04 17:18 - 00000000 ____D C:\Program Files (x86)\INCAInternet
2015-08-04 17:13 - 2015-08-04 17:13 - 00000000 ____D C:\Program Files (x86)\INICIS61
2015-08-04 17:13 - 2009-07-09 15:36 - 00025872 _____ () C:\windows\SysWOW64\INIUAC.exe
2015-08-04 17:13 - 2007-07-10 16:44 - 00214584 _____ (SoftCamp Co.,Ltd.) C:\windows\SysWOW64\SCSKLoader.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-01 18:03 - 2015-05-29 22:48 - 00003646 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA
2015-09-01 18:03 - 2015-05-29 22:48 - 00003266 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core
2015-09-01 18:03 - 2015-05-29 22:48 - 00000706 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001UA.job
2015-09-01 18:03 - 2015-05-29 22:48 - 00000654 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-593337814-833741486-1504065185-1001Core.job
2015-09-01 18:02 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\sru
2015-09-01 18:01 - 2015-05-31 14:48 - 00000000 ____D C:\Users\재원\AppData\Local\ClassicShell
2015-09-01 17:57 - 2015-05-20 22:52 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c.job
2015-09-01 17:57 - 2015-05-07 21:47 - 00000716 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec.job
2015-09-01 17:53 - 2015-04-24 12:13 - 01161770 _____ C:\windows\WindowsUpdate.log
2015-09-01 17:52 - 2015-05-20 22:52 - 00003452 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0930440a5774c
2015-09-01 17:52 - 2015-05-07 21:47 - 00003688 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA1d088c3f97344ec
2015-09-01 17:48 - 2015-04-24 12:21 - 01740284 _____ C:\windows\SysWOW64\Gms.log
2015-09-01 10:53 - 2015-05-07 21:35 - 00516440 _____ C:\windows\system32\perfh012.dat
2015-09-01 10:53 - 2015-05-07 21:35 - 00135664 _____ C:\windows\system32\perfc012.dat
2015-09-01 10:53 - 2014-11-21 13:44 - 01506566 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-01 10:27 - 2013-08-22 23:46 - 00067493 _____ C:\windows\setupact.log
2015-08-31 19:36 - 2015-05-07 14:13 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-593337814-833741486-1504065185-1001
2015-08-31 19:16 - 2013-08-23 00:36 - 00000000 ____D C:\windows\AppReadiness
2015-08-31 15:32 - 2015-05-26 01:58 - 00000000 ____D C:\Users\재원\Documents\반디카메라
2015-08-28 22:57 - 2015-05-07 21:47 - 00000712 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-24 20:30 - 2015-05-07 21:54 - 00000000 ___RD C:\Users\재원\Google 드라이브
2015-08-24 20:30 - 2015-05-07 14:10 - 00000000 ____D C:\Users\재원\OneDrive
2015-08-24 20:29 - 2015-05-07 14:04 - 00000000 ____D C:\Users\재원
2015-08-24 20:29 - 2015-04-24 12:41 - 00000000 ____D C:\ProgramData\Validity
2015-08-24 20:29 - 2014-11-21 13:31 - 00020990 _____ C:\windows\PFRO.log
2015-08-24 20:29 - 2013-08-22 23:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-24 20:29 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\BBI
2015-08-24 15:33 - 2013-08-22 22:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2015-08-24 15:32 - 2013-08-23 00:36 - 00000000 ___HD C:\windows\ELAMBKUP
2015-08-22 16:49 - 2013-08-23 00:36 - 00000000 ____D C:\windows\rescache
2015-08-21 22:53 - 2015-07-21 07:21 - 00002188 _____ C:\Users\Public\Desktop\Chrome.lnk
2015-08-21 22:19 - 2013-08-23 00:20 - 00000000 ____D C:\windows\CbsTemp
2015-08-14 21:49 - 2013-08-22 23:44 - 00484216 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-14 21:48 - 2013-08-23 00:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-14 21:47 - 2015-05-09 09:02 - 00000000 ____D C:\windows\system32\MRT
2015-08-14 21:43 - 2015-05-09 09:01 - 132483416 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-08-14 08:52 - 2015-05-07 21:53 - 00002069 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002067 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00002057 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-14 08:52 - 2015-05-07 21:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:45 - 2013-08-23 00:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:08 - 2013-08-23 00:36 - 00000000 ____D C:\windows\system32\NDF
2015-08-08 22:55 - 2014-11-21 21:27 - 00794088 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-08 22:55 - 2014-11-21 21:27 - 00179688 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 17:37 - 2015-05-07 14:07 - 00000000 ____D C:\Users\재원\AppData\Local\Packages
2015-08-05 18:06 - 2015-04-24 12:20 - 00000000 ____D C:\Program Files\Lenovo
2015-08-05 18:05 - 2015-04-24 12:16 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2015-08-04 14:12 - 2015-04-24 12:40 - 00000000 ____D C:\windows\System32\Tasks\TVT
2015-08-04 14:12 - 2015-04-24 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-08-04 14:12 - 2015-04-24 12:16 - 00000000 ____D C:\Program Files (x86)\Lenovo
2015-08-04 14:12 - 2015-04-24 11:57 - 00000000 ____D C:\ProgramData\Lenovo
 
==================== Files in the root of some directories =======
 
2015-05-16 11:00 - 2015-05-16 11:00 - 16258616 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-08-31 20:23 - 2015-08-31 20:40 - 0000600 _____ () C:\Users\재원\AppData\Local\PUTTY.RND
2015-04-24 12:22 - 2015-04-24 12:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\dlumd10.dll
C:\Windows\SysWOW64\dlumd11.dll
C:\Windows\SysWOW64\dlumd9.dll
C:\Windows\System32\dlumd10.dll
C:\Windows\System32\dlumd11.dll
C:\Windows\System32\dlumd9.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-31 20:44
 
==================== End of FRST.txt ============================
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2

Please update Malwarebytes Anti-Malware and perform a threat scan. Post your log file.

In your next reply, post the following log files:

  • FRST log
  • Malwarebytes' Anti-Malware log

fixlist.txt

Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

Step 1

 

**************************************************************

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by 재원 (2015-09-04 06:43:29) Run:1
Running from C:\Users\재원\Downloads
Loaded Profiles: 재원 &  (Available Profiles: 재원)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeelamk.sys
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
mfeelamk => service removed successfully
C:\Windows\System32\drivers\mfeelamk.sys => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 362 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 06:43:56 ====
Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

FRST log

 

***********************************************************

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by 재원 (2015-09-04 06:43:29) Run:1
Running from C:\Users\재원\Downloads
Loaded Profiles: 재원 &  (Available Profiles: 재원)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0E4AC09B-5BBD-49F2-BFCD-BD1BEFBAA0AE} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80160 2015-02-13] (McAfee, Inc.)
C:\Windows\System32\drivers\mfeelamk.sys
RemoveProxy:
CMD: bitsadmin /reset /allusers
EmptyTemp:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
mfeelamk => service removed successfully
C:\Windows\System32\drivers\mfeelamk.sys => moved successfully
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-593337814-833741486-1504065185-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
EmptyTemp: => 362 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 06:43:56 ====
Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

  • Malwarebytes' Anti-Malware log

 

**************************************************************

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2015-09-04

Scan Time: 오전 6:50

Logfile: 

Administrator: Yes

 

Version: 2.1.8.1057

Malware Database: v2015.09.03.07

Rootkit Database: v2015.08.16.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: 재원

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 355058

Time Elapsed: 7 min, 8 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
Step 3
  • Please download ZHPCleaner (by NicolasCoolman) to your desktop.
  • Double click on ZHPCleaner to run the tool. (Vista/Windows 7/8 users right-click and select Run As Administrator).
  • Please click on the Ashampoo_Snap_20140819_13h09m50s_001__zp button.
  • Then press the y3pI4LR.png button.
  • During the scan any open instances of the browsers will be closed automatically.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • In your next reply, post the following log files:
    • Junkware Removal Tool log
    • AdwCleaner log
    • ZHPCleaner log
Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

It's been a long time.

 

Thank you for giving a favor.

 

************************************************************************

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 8.1 x64
Ran by 재원 on 2015-09-14 at 21:30:58.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
Successfully deleted: [service] omaha [Reboot required]
Successfully deleted: [service] omaham [Reboot required]
 
 
 
~~~ Tasks
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\kakao
Successfully deleted: [Folder] C:\Users\재원\Appdata\Local\kakao
 
 
 
~~~ Chrome
 
 
[C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
 
[C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\재원\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-09-14 at 21:34:11.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted

# AdwCleaner v5.007 - Logfile created 14/09/2015 at 21:39:21

# Updated 08/09/2015 by Xplode

# Database : 2015-09-10.1 [server]

# Operating system : Windows 8.1  (x64)

# Username : 재원 - X250-JAEWON

# Running from : C:\Users\재원\Downloads\AdwCleaner.exe

# Option : Cleaning


 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

 

***** [ Files ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [599 bytes] ##########

 

Link to post
Share on other sites
cometrue

cometrue

Posted
  • Author
Posted
~ ZHPCleaner v2015.9.12.346 by Nicolas Coolman (2015/09/12)

~ Run by 재원 (Administrator)  (14/09/2015 21:49:34)



~ State version : Version OK

~ Type : Scan

~ Report : C:\Users\재원\Desktop\ZHPCleaner.txt

~ Quarantine : C:\Users\재원\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt

~ UAC : Activate

~ Boot Mode : Normal (Normal boot)

Windows 8.1, 64-bit  (Build 9600)

 

 

---\\  Services (0)

~ No malicious or unnecessary items found.

 

 

---\\  Browser internet (1)

FOUND data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [bad : pfs.nprotect.com]  =>Hijacker.Proxy

 

 

---\\  Hosts file (1)

~ The hosts file is legitimate (21)

 

 

---\\  Scheduled automatic tasks. (0)

~ No malicious or unnecessary items found.

 

 

---\\  Explorer ( File, Folder) (8)

FOUND file: C:\Windows\Prefetch\SH_INSTALLER.EXE-04FEBFDD.pf    =>.Superfluous.SpyHunter

FOUND folder: C:\windows\Installer\MSI100A.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSI4EBC.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSI52D4.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSI962.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSIC0D0.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSIC342.tmp-  =>Empty

FOUND folder: C:\windows\Installer\MSIC537.tmp-  =>Empty

 

 

---\\  Registry ( Key, Value, Data) (1)

FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_A0A69805D4ACD1C2462F4F8BE8A06446 ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window]  =>PUP.Optional.CrossBrowse

 

 

---\\ Result of repair

~ Any repair made

~ Browser not found (Mozilla Firefox)

~ Browser not found (Opera Software)

 

 

---\\ Statistics

~ Items scanned : 69595

~ Items found : 10

~ Items cancelled : 0

~ Items repaired : 0

 

 

~ End of search in 2 minutes

===================

ZHPCleaner--14092015-21_51_39.txt
Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Well done!

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.

      Save it to your Desktop.

    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Link to post
Share on other sites
  • 3 months later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.