Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:27-09-2015 01
Ran by Administrator (administrator) on MSDN-SPECIAL (29-09-2015 11:35:10)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows 7 Ultimate K Service Pack 1 (X86) Language: 한국어(대한민국)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYAgent.aye
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Daum Kakao Corp. ) C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Reset) C:\Users\Administrator\AppData\Roaming\Reset\reset.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Gretech Corp.) C:\Program Files\GRETECH\GomHelper\GomHelperSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\IME14\SHARED\IMEDICTUPDATE.EXE
(INNORIX) C:\Program Files\INNORIX\common\innosvc7.exe
Failed to access process -> nossvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
Failed to access process -> nosstarter.npe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ESTsoft Corp) C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye
(Daum Kakao Corp. ) C:\Program Files\Kakao\KakaoTalk\KakaoTalk.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [ALYac] => C:\Program Files\ESTsoft\ALYac\AYLaunch.exe [249152 2015-07-29] (ESTsoft Corp)
HKLM\...\Run: [ProcessClean] => "C:\Program Files\ProcessClean\ProcessClean.exe"
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-01-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [ALToolBar] => C:\Program Files\ESTsoft\ALToolBar\atbhelper.exe [1212632 2015-02-09] (ESTsoft Corp.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Reset] => C:\Users\Administrator\AppData\Roaming\Reset\resetagent.exe [333320 2014-12-09] (Reset)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Daum Streaming Service] => C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\DaumSAM.exe [511808 2015-09-08] (Daum Kakao Corp. )
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [NaverAgent] => C:\Program Files\naver\NaverAgent\NaverAgent.exe [1840464 2014-10-24] (NHN Corporation)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [afreecatvpackage] => C:\Program Files\afreeca\afreecatvpackage.exe [2048064 2015-09-20] ()
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Run: [Between] => C:\Users\Administrator\AppData\Local\Between\couple.exe [284216 2015-02-12] (VCNC)
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\...\Policies\Explorer: []
HKU\S-1-5-21-1188650637-3751185830-4272639098-500\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [221184 2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.)
BootExecute: autocheck autochk * bootalyac.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{2616D2A9-E1F6-46E7-B3CF-FD0D98EA781A}: [DhcpNameServer] 168.126.63.1 168.126.63.2
Tcpip\..\Interfaces\{B0A3953C-BCD0-4452-B64D-70A0795AA16C}: [DhcpNameServer] 192.168.42.129
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.pooqoo.co.kr/
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1188650637-3751185830-4272639098-500 -> {D09CFF09-A42A-4EDC-9804-E61224F59CA1} URL = hxxp://search.naver.com/search.naver?where=nexearch&sm=ies_hty&query={searchTerms}&ie=utf8
BHO: 네이버 세이프가드 -> {000011A1-74C9-4c7e-9B4E-59B5765CF409} -> c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2014_12_16_1.dll [2015-07-21] (NAVER Corp.)
BHO: 네이버 툴바 도우미 -> {67C41E9E-2EBF-4F2B-AF74-314F0D793172} -> C:\Program Files\naver\NaverToolbar\NaverTB_4_0_29_296.dll [2015-07-21] (NAVER Corp.)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll [2015-09-01] (Oracle Corporation)
BHO: ALToolbarBho -> {7F1A79F9-78D1-4186-9F60-EE0B63DF042A} -> C:\Program Files\ESTsoft\ALToolBar\ALToolBar_3600.dll [2015-02-09] (ESTsoft Corp.)
BHO: 확장검색서비스 -> {A14EAA16-CA35-4666-845A-DC084DCDF356} -> C:\Program Files\GRETECH\GomHelper\GomHelper.dll [2014-08-27] (Gretech Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-01] (Oracle Corporation)
Toolbar: HKLM - ALToolBar - {38FBE93D-4CA1-4414-AF6A-94920C5BD8DA} - C:\Program Files\ESTsoft\ALToolBar\ALToolBar_3600.dll [2015-02-09] (ESTsoft Corp.)
Toolbar: HKLM - 네이버 툴바 - {D09CFF09-A42A-4EDC-9804-E61224F59CA1} - C:\Program Files\naver\NaverToolbar\NaverTB_4_0_29_296.dll [2015-07-21] (NAVER Corp.)
Toolbar: HKU\S-1-5-21-1188650637-3751185830-4272639098-500 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10] (Adobe Systems Incorporated)
DPF: {04931AA4-5D13-442F-AEE8-0F1184002BDD} hxxp://eureka.ewha.ac.kr/eureka/hs/rdViewer/activeX6.0/cab/cxviewer60u.cab
DPF: {142DC14B-63E4-453E-8B4B-AE36A52BF049} hxxp://appdown.naver.com/naver/sports/Cabs/NLiveCastX.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} hxxp://www.kula.or.kr/tmp/ScriptX.cab
DPF: {1864C9E3-6D7D-46A8-BAE1-EB7C7F4EB961} hxxp://poz3.publog.co.kr/poz30/activex_cab86/ActiveLoader27x86.cab
DPF: {1CBDCD5A-18EE-4CCA-9AEA-93D5D27E310B} hxxps://supdate.nprotect.net/nprotect2007/keycrypt/choiyh/140521/npkfxx_14042901.cab
DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} hxxp://img.kbs.co.kr/AlwaysOn/AlwaysOn.CAB
DPF: {24F6E6A8-852C-45A8-ADD3-C4AB0D6FD231} hxxps://plugin.inicis.com/wallet61/INIwallet61_win8.cab
DPF: {27640517-0513-4D81-A61E-228DC51680F8} hxxps://www.sgic.co.kr/chp/TouchEnFw/TEFW.cab
DPF: {2B2525E4-557F-449C-B337-3742A6EF35EE} hxxps://keris.signgate.com/client/KicaSafe2.cab
DPF: {317BB082-05F5-48C1-A90F-C89174D3BCAB} hxxp://util.knou.ac.kr/bcqre/HardtackWriteNhic.cab
DPF: {3C36DCBE-5CDF-4C35-9D0B-4A1882B2EB0A} hxxps://tx.allatpay.com/component/AllatPayRE.cab
DPF: {40B66BDF-8C2B-45A5-B33C-8BA09ED9D00A} hxxp://dcollection.sogang.ac.kr:8089/ezpdfdrm/ezPDFBookS30.cab
DPF: {47660CBA-279C-4E16-9155-6249F30012AD} hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_3_1_3_LG_UPLUS.cab
DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} hxxps://mpi2.uplus.co.kr/XPayMPI/XPayMPI.cab
DPF: {4CAA1AB3-3448-4FE9-8B42-D8E2BC070083} hxxp://appdown.naver.com/naver/cassiod/cab/NVLauncher.cab
DPF: {57CE3D53-D596-49F6-B36B-8F4039E8E02F}
DPF: {63A7D575-8E63-464E-947B-57D5A6773D79} hxxps://supdate.nprotect.net/netizen/card/shinhan/slm/npEfdsWCtrl.cab
DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Users\ADMINI~1\AppData\Local\Temp\tek_ud\TouchEnKey_Installer_32bit_woorikill.exe
DPF: {7A5C041C-33F3-4407-BE96-815D513D149C} hxxp://fl.game.naver.com/ActiveX/LSLuncherAx.cab
DPF: {7A63FEE6-E174-4FBC-A064-875DB95594A6} hxxp://cab.axissoft.gscdn.com/starplayer/starplayer-1.5.10.11.cab
DPF: {7C7190CE-6FB9-4DEE-AE2B-4276BD106CDA} hxxp://www.snaps.kr/app/ActiveX2.5/SPSetup.cab
DPF: {7E9FDB80-5316-11D4-B02C-00C04F0CD404} hxxps://www.ei.go.kr/ei/js/XecureObject/xw_install.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {8E2A904F-FDD7-4086-A49C-834F1C47DC39}
DPF: {95A57FEB-0909-4FEA-B819-63DA7C4D9E1E} hxxp://edu.kyci.or.kr/printmade/165/PrintmadeActiveX.cab
DPF: {9709739B-4909-489B-A1F7-148C74F16EEE} hxxp://platform.nx.com/ActiveX/nxsysinfo.cab
DPF: {9FC84F7D-D177-4A75-A7BB-429DA5BD0A3E} hxxp://download.signgate.com/download/2048/ews/ewsinstaller_full.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} hxxps://nice.checkplus.co.kr/common/js/key_protect/kdfense8.cab
DPF: {B1D16D27-B5AC-434D-85D2-9D1CD4C0E018} hxxps://pay.kcp.co.kr/plugin_new/file/KCPPayUX.cab
DPF: {B44935A0-2D44-4699-A8E8-0450C2A80A95} hxxp://poz3.publog.co.kr/poz30/activex_cab/ActiveLoader27.cab
DPF: {B70EA6F1-4C66-4F85-AB4D-CB3B1EB1A341} hxxp://img.shinhan.com/shttp/sphone/11017/INISAFECertClientv1.cab
DPF: {B9B38E70-EEF6-4E3A-AE84-DDE59A053B7C} hxxp://mail.daum.net/hanmail-ax/DaumActiveX/2_0_1_6/DaumActiveX.cab?ver=2,0,1,6
DPF: {BBB0FC2D-1D95-45CA-BDCF-03B53F247FCC}
DPF: {C1143E84-B2B1-473B-9F20-E62DD754FCAF} hxxps://vbv.shinhancard.com/infovine/VineTransfer.cab
DPF: {C1339348-E262-4F01-9DCD-B162A29C1276} hxxps://pgdownload.uplus.co.kr/dacom/IssacWebProCMS_4_5_0_10_oovi.cab
DPF: {CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
DPF: {DD8C54E8-9028-4A54-96B9-30761B1F80DF} hxxp://static.kosaf.go.kr/initech/plugin/down/INIS60.cab
DPF: {E42F7FEB-DE20-43F4-A342-47F1DA77F667} hxxp://pgdownload.uplus.co.kr/lguplus/XPayPlugin_3.0.0.3.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} hxxps://www.vpay.co.kr/kvpfiles_new/KVPISPCTLD_VISTA.cab
DPF: {E8631F4B-4A37-4E60-901C-03634D824B56} hxxp://hes.sen.go.kr/epki/Client/EPKIWCtl.cab
DPF: {F4F4B387-2626-41B5-8A4E-CB94EE757F7D} hxxp://nxweb.dn.nexoncdn.co.kr/ActiveX/ActiveX/NXActiveX_1001.cab
DPF: {FCE6C95E-E454-4A25-A968-847AB0D44F3F} hxxp://www.daekyeong.hs.kr/edu/AxSSEM(3.5.3.4).cab
DPF: {FE342FC7-4374-4EBE-86DB-D73AE861F779} hxxp://image.software.naver.com/install/NaverAXGuide.cab
Handler: s-http - {D37E6C5F-1C0F-47C0-A3B6-403EEC555402} - C:\Program Files\Initech\SHTTP\InitechSHTTPInterface.11018.dll [2014-12-04] (© INITECH)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Handler: touchenex - {0d279da2-4656-11e5-9642-005056c00008} - C:\Program Files\RaonSecure\bridge\CrossEX\touchenex\1.0.1.734\CrossEXProtocol.dll [2015-08-19] (iniLINE Co., Ltd.)
FireFox:
========
FF Plugin: @ahnlab.com/asp/npaosmgr.1 -> C:\Program Files\AhnLab\ASP\Components\aosmgr\conflict_575\npaosmgr.dll [2015-08-26] (AhnLab, Inc.)
FF Plugin: @ahnlab.com/asp/npmkd25sp -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2015-07-14] (AhnLab, Inc.)
FF Plugin: @application/x-kicasafe2,version=2.0.1 -> C:\Windows\system32\npKicaSafe2.dll [2014-09-29] (KICA co.,ltd : <Korea Infomation Certificate Authority>)
FF Plugin: @axissoft.co.kr/StarPlayer -> C:\Program Files\Axissoft\StarPlayer\npStarPlayer.dll [2015-03-27] (Axissoft)
FF Plugin: @canon.com/EPPEX -> C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin: @clipsoft.com/rexpert30 -> C:\Program Files\clipsoft\rexpert30\bin\viewer\nprexpert3.0.plugin.dll [2015-03-03] ( )
FF Plugin: @daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin: @epki.go.kr/NPEPKI -> C:\Program Files\EPKI\EPKIWCtl\NPEPKI.dll [2015-09-10] (EPKI Center)
FF Plugin: @gomtv.com/gomtvx-plugin -> C:\Program Files\Common Files\GRETECH\npgomtvx_nie.dll [2013-05-28] (Gretech Corporation)
FF Plugin: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-01] (Oracle Corporation)
FF Plugin: @kings.co.kr/KDefense -> C:\Users\Administrator\AppData\LocalLow\kdefense\nplssl32.dll [2015-07-25] (Kings Information & Network)
FF Plugin: @lguplus.co.kr/application/lguplus-xpayplugin,version=1.0.5.1 -> C:\Program Files\XPayPlugin\npXPayPlugin_1.0.5.1.dll [2015-09-11] (LG Uplus Corp)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin: @nexon.com/NxGame -> C:\ProgramData\Nexon\NGM\npNxGame.dll [No File]
FF Plugin: @nprotect.com/npEfdsWPlugin -> C:\Users\Administrator\AppData\Local\nProtect\npEfdsWCtrl\npEfdsWPlugin.dll [2013-11-01] (INCA Internet Co., Ltd)
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin: @softforum.com/npKeyPro -> C:\Windows\system32\npKeyPro.dll [2015-05-17] (RaonSecure Co., Ltd.)
FF Plugin: @softforum.com/npXecureMacuxNPPlugin -> C:\Program Files\Softforum\XecureWeb\NPPlugin\dll\npXecureMacuxNPPlugin.dll [2013-05-24] (Softforum, Inc.)
FF Plugin: @softforum.com/npxwebplugins -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin: @softforum.com/npxwebplugins_file -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin: @SoftSecurity.com/npTEFWplugin -> C:\Windows\system32\NPTEFW.dll [2015-07-12] ( )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin: @unidocs.co.kr/ezPDFReader,version=3.0 -> C:\Program Files\Unidocs\ezPDFReaderS3.0\npezpdf30.dll [2014-07-25] (UNIDOCS, INC.)
FF Plugin: @wizvera.com/npVeraport20 -> C:\Program Files\Wizvera\Veraport20\npveraport20.dll [2015-02-02] ()
FF Plugin: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files\INFovine\npVineTransfer.dll [2012-09-12] (INFOVINE)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin: innorix.com/InnoGMP -> C:\Program Files\INNORIX\npinnogmp7.dll [2015-02-11] (INNORIX)
FF Plugin: [email protected]/npCrossEXPlugin -> C:\Program Files\RaonSecure\bridge\CrossEX\touchenex\1.0.1.734\npraontouchenex.dll [2015-08-19] (iniLINE Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @ahnlab.com/asp/npmkd25sp -> C:\Program Files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25sp.dll [2015-07-14] (AhnLab, Inc.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @designmade.com/application/designmade-printmade -> C:\Program Files\Printmade2\npPrintmade2.dll [2014-09-19] ( )
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @iniline.com/npCrossWeb -> C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B}\plugins\npCrossWeb.dll [2011-11-12] (INITECH Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @naver.com/npNVLauncher -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npNVLauncher.dll [2015-03-31] (NHN Corp.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @naver.com/npNVLauncher64 -> C:\Users\Administrator\AppData\Roaming\Mozilla\Plugins\npNVLauncher64.dll [2015-03-31] (NHN Corp.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @softforum.com/npxwebplugins -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @softforum.com/npxwebplugins_file -> C:\Program Files\SoftForum\XecureWeb\ActiveX\npxwebplugin_file.dll [2013-11-05] (SoftForum Co., Ltd.)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: @www.ubikey.co.kr/application/npvinetransfer-plugin -> C:\Program Files\INFovine\npVineTransfer.dll [2012-09-12] (INFOVINE)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: daum.net/DaumNPPLive -> C:\Users\Administrator\AppData\Local\Daum\DaumLiveAgent\npDaumNPPLive.dll [2015-02-04] (Daum Communications)
FF Plugin HKU\S-1-5-21-1188650637-3751185830-4272639098-500: www.navercorp.com/NDownloaderObj -> C:\Windows\Downloaded Program Files\npNDownloaderObj.dll [2014-03-13] (NAVER Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNaverPhotoLauncher_1.0.0.3.dll [2015-01-14] (NHN Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNVLauncher.dll [2015-03-31] (NHN Corp.)
FF Plugin ProgramFiles/Appdata: C:\Users\Administrator\AppData\Roaming\mozilla\plugins\npNVLauncher64.dll [2015-03-31] (NHN Corp.)
FF Extension: INISAFE CrossWeb - C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{0AB9084F-0EF8-499a-A461-DE46D3C4A45B} [2014-12-04]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google 문서도구) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-25]
CHR Extension: (Google 드라이브) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-25]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-25]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-25]
CHR Extension: (Google 문서 오프라인) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-25]
CHR Extension: (Chrome 웹 스토어 결제) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-25]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ALYac_RTSrv; C:\Program Files\ESTsoft\ALYac\AYRTSrv.aye [438080 2015-08-11] (ESTsoft Corp)
R2 ALYac_UpdSrv; C:\Program Files\ESTsoft\ALYac\AYUpdSrv.aye [709952 2015-09-23] (ESTsoft Corp)
S3 Autodesk Content Service; C:\Program Files\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
S3 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.)
S3 DaumCleanerService; C:\Program Files\Daum\Cleaner\DaumCleanerService.exe [162152 2014-11-14] (Daum Kakao Corp.)
S3 DaumStationService; C:\Program Files\Daum\DaumStation\DaumStationService.exe [121200 2014-10-29] (Daum Kakao Corp.)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-11-30] (Flexera Software, Inc.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2015-01-16] (NVIDIA Corporation)
R2 GomHelper Update Services; C:\Program Files\GRETECH\GomHelper\GomHelperSvc.exe [110168 2014-08-27] (Gretech Corp.)
R2 ImeDictUpdateService; C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [59760 2010-01-21] (Microsoft Corporation)
R2 Innosvc7; C:\Program Files\INNORIX\common\innosvc7.exe [197720 2015-02-11] (INNORIX)
S3 MyFw40Service; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\ASDSvc.exe [585696 2015-06-25] (AhnLab, Inc.)
R2 nossvc; C:\Program Files\INCAInternet\nProtect Online Security\nossvc.exe [1666216 2015-06-16] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\Windows\system32\npkfxsvc.exe [197224 2015-03-02] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-01-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19775632 2015-01-16] (NVIDIA Corporation)
S4 Process Clean Service; C:\Users\Administrator\Documents\ProcessClean\ProcService.exe [548632 2015-02-10] (ProcessClean)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-31] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020120 2015-04-21] (Samsung Electronics CO., LTD.)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
S3 windowstab_mon; C:\Users\Administrator\AppData\Local\windowstab\windowstab_mon.exe [87640 2013-07-31] ()
S3 wscnvcsv32; C:\Program Files\Windows Conveniences\wscnvcsv.exe [138504 2014-09-11] ()
S3 NvUpdSrv; C:\Program Files\NVIDIA Corporation\Updates\NvdUpd.exe [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AhnFlt2K; C:\Windows\system32\drivers\AhnFlt2K.sys [61704 2015-01-20] (AhnLab, Inc.)
S3 AhnRec2K; C:\Windows\system32\drivers\AhnRec2K.sys [29704 2014-06-12] (AhnLab, Inc.)
R1 AMonLWLH; C:\Windows\System32\DRIVERS\amonlwlh.sys [52304 2015-03-12] (AhnLab, Inc.)
R1 AMonTDLH; C:\Windows\system32\Drivers\AMonTDLH.sys [118896 2015-05-27] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\AHAWKENT.sys [40024 2015-06-16] (AhnLab, Inc.)
S3 AntiStealth_MYFIREWALL40ASDF; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TfFRegNt.sys [163688 2015-06-16] (AhnLab, Inc.)
S3 ATamptNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\atamptnt.sys [282704 2015-07-01] (AhnLab, Inc.)
S3 Cdm2DrNt; C:\Windows\system32\Drivers\Cdm2DrNt.sys [80576 2014-09-17] (AhnLab, Inc.)
S3 CdmDrvNt; C:\Windows\system32\Drivers\CdmDrvNt.sys [19616 2009-07-21] (AhnLab, Inc.)
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [308859 2010-03-23] (Cisco Systems, Inc.) [File not signed]
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131984 2008-11-16] (Deterministic Networks, Inc.)
R0 EstConstantDrv; C:\Windows\System32\drivers\EstCst.sys [54040 2014-05-19] (ESTsoft Corp)
R1 EstRtwIFDrv; C:\Windows\system32\drivers\EstRtw.sys [284440 2015-09-14] (ESTsoft Corp)
S3 EstRtwIFDrvTemp; c:\program files\estsoft\alyac\plugin\realtime\EstRtw.sys [284440 2015-09-14] (ESTsoft Corp)
S3 HSBDrvNt; C:\Windows\System32\drivers\HSBDrvNt.sys [177192 2015-07-02] (AhnLab, Inc.)
R0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [103512 2011-05-19] (JMicron Technology Corp.)
R3 JRSUKD25; C:\Windows\system32\JRSUKD25.SYS [26704 2015-09-24] (RaonSecure Co., Ltd.)
S3 JRTDIFW; C:\Windows\system32\JRTDIFW.SYS [9984 2015-07-12] (SoftForum Corporation) [File not signed]
S3 kck86; C:\Windows\system32\kck86.sys [85280 2015-09-24] (Kings Information & Network)
S3 kcrtx86; C:\Windows\system32\kcrtx86.sys [126048 2014-12-26] (Kings Information & Network)
S3 MfFWEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfFWEnt.sys [102520 2014-06-11] (AhnLab, Inc.)
S3 MfIPSEnt; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\MfIPSEnt.sys [122688 2014-06-11] (AhnLab, Inc.)
S3 Mkd2Bthf; C:\Windows\System32\drivers\Mkd2Bthf.sys [88944 2015-05-29] (AhnLab, Inc.)
S3 Mkd2kfNt; C:\Windows\System32\drivers\Mkd2kfNt.sys [179792 2015-07-21] (AhnLab, Inc.)
R3 Mkd2Nadr; C:\Windows\System32\drivers\Mkd2Nadr.sys [124584 2015-05-29] (AhnLab, Inc.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
R3 noska; C:\Windows\system32\noska.sys [41696 2015-08-13] (INCA Internet Co.,Ltd.)
R3 noskp; C:\Windows\system32\noskp.sys [20576 2015-08-13] (INCA Internet Co.,Ltd.)
R3 nosku; C:\Windows\system32\nosku.sys [32936 2015-09-14] (INCA Internet Co.,Ltd.)
S3 NPFW; C:\Windows\system32\NPFWVT.sys [133712 2014-04-02] (INCA Internet Co.,Ltd.)
S3 NPIDS; C:\Windows\system32\NpIdsVt.sys [74504 2013-09-09] (INCA Internet Co.,Ltd.)
S3 npkfxa; C:\Windows\system32\npkfxa.sys [41288 2014-05-08] (INCA Internet Co.,Ltd.)
S3 npkfxs; C:\Windows\system32\npkfxs.sys [20680 2014-05-08] (INCA Internet Co.,Ltd.)
S3 npkfxu; C:\Windows\system32\npkfxu.sys [23880 2014-05-08] (INCA Internet Co.,Ltd.)
S3 np_ck32s; C:\Windows\system32\np_ck32s.sys [65312 2013-08-07] (INCA Internet Co.,Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2015-01-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
R3 scskusbf; C:\Windows\System32\drivers\scskusbf.sys [23176 2015-09-10] (SoftCamp)
S3 scskusbs; C:\Windows\System32\drivers\scskusbs.sys [201968 2015-09-10] (SoftCamp)
R3 TKCtrl; C:\Windows\system32\TKCtrl2k.sys [195800 2014-05-21] (INCA Internet Co., Ltd.)
R3 TKFsAvM; C:\Windows\system32\TKFsAv.sys [214656 2015-08-13] (INCA Internet Co., Ltd.)
R3 TKFsFtM; C:\Windows\system32\TKFsFt.sys [25848 2014-07-07] (INCA Internet Co., Ltd.)
R3 TKPcFt; C:\Windows\system32\TKPcFtHk.sys [47496 2015-08-07] (INCA Internet Co., Ltd.)
R3 TKRgAc; C:\Windows\system32\TKRgAc2k.sys [114888 2013-09-09] (INCA Internet Co., Ltd.)
R3 TKRgFt; C:\Windows\system32\TKRgFtXp.sys [78344 2013-11-18] (INCA Internet Co., Ltd.)
S3 TNFwNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNFwNt.sys [129472 2015-06-17] (AhnLab, Inc.)
S3 TNHipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNHipsNt.sys [135184 2015-06-17] (AhnLab, Inc.)
S3 TNNipsNt_MYFIREWALL40ASD; C:\Program Files\AhnLab\ASP\MyFirewall 4.0\TNNipsNt.sys [159560 2015-06-17] (AhnLab, Inc.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 JRSKD24; \??\C:\Windows\system32\JRSKD24.SYS [X]
S3 KodeMonL; \??\C:\Windows\KodeMonL.sys [X]
S3 neokdss; system32\Drivers\neokdss.sys [X]
S3 ProDefense; \??\C:\Windows\system32\drivers\ProDefense.sys [X]
S1 savepopprotector32; system32\DRIVERS\savepopprotector32.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
S3 xspirit; \??\C:\Windows\xspirit.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 11:35 - 2015-09-29 11:36 - 00032264 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-09-29 11:34 - 2015-09-29 11:35 - 00000000 ____D C:\FRST
2015-09-29 11:34 - 2015-09-29 11:34 - 02192384 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-09-29 11:34 - 2015-09-29 11:34 - 01696256 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2015-09-29 09:25 - 2015-09-29 09:25 - 00000000 _____ C:\Users\Administrator\AppData\Local\{FAD29A02-0120-4573-BF02-0F80977BF983}
2015-09-28 00:43 - 2015-09-28 00:43 - 00000000 _____ C:\Users\Administrator\AppData\Local\{0835341A-9569-4EA8-BCB8-0461B917DA3D}
2015-09-27 15:38 - 2015-09-27 15:38 - 00008654 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.HTML
2015-09-27 15:38 - 2015-09-27 15:38 - 00004270 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.TXT
2015-09-27 15:38 - 2015-09-27 15:38 - 00000296 _____ C:\Users\Administrator\Desktop\HELP_DECRYPT.URL
2015-09-26 16:19 - 2015-09-26 16:20 - 00000000 ____D C:\Users\Administrator\Desktop\꾀꼬리
2015-09-26 15:41 - 2015-09-26 15:41 - 00000000 ____D C:\Users\Administrator\Desktop\관악
2015-09-26 13:09 - 2015-09-26 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\EurekaLog
2015-09-25 21:27 - 2015-09-26 07:05 - 00100206 _____ C:\Users\Administrator\Downloads\Jurassic_World_2015_1080p_WEB-DL_x264_AAC-JYK.smi
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\Administrator\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00008654 _____ C:\HELP_DECRYPT.HTML
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\Administrator\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00004270 _____ C:\HELP_DECRYPT.TXT
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\Administrator\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\Users\Administrator\Downloads\HELP_DECRYPT.URL
2015-09-25 18:37 - 2015-09-25 18:37 - 00000296 _____ C:\HELP_DECRYPT.URL
2015-09-25 18:27 - 2015-09-25 18:27 - 00008654 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.HTML
2015-09-25 18:27 - 2015-09-25 18:27 - 00004270 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.TXT
2015-09-25 18:27 - 2015-09-25 18:27 - 00000296 _____ C:\Users\Administrator\Documents\HELP_DECRYPT.URL
2015-09-25 16:37 - 2015-09-25 16:37 - 00008654 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 00008654 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 00004270 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 00004270 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 00000296 _____ C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2015-09-25 16:37 - 2015-09-25 16:37 - 00000296 _____ C:\Users\Administrator\AppData\HELP_DECRYPT.URL
2015-09-25 16:34 - 2015-09-25 16:34 - 00008654 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-09-25 16:34 - 2015-09-25 16:34 - 00004270 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-09-25 16:34 - 2015-09-25 16:34 - 00000296 _____ C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-09-25 16:30 - 2015-09-25 16:30 - 00008654 _____ C:\ProgramData\HELP_DECRYPT.HTML
2015-09-25 16:30 - 2015-09-25 16:30 - 00004270 _____ C:\ProgramData\HELP_DECRYPT.TXT
2015-09-25 16:30 - 2015-09-25 16:30 - 00000296 _____ C:\ProgramData\HELP_DECRYPT.URL
2015-09-24 18:21 - 2015-09-24 18:21 - 00159416 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgent.exe
2015-09-24 18:21 - 2015-09-24 18:21 - 00159384 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgentNXE.exe
2015-09-24 18:21 - 2015-09-24 18:21 - 00159384 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\CKAgentNXE.dat
2015-09-24 18:21 - 2015-09-24 18:21 - 00085280 _____ (Kings Information & Network) C:\Windows\system32\kck86.sys
2015-09-24 18:21 - 2015-09-24 18:21 - 00026704 ____R (RaonSecure Co., Ltd.) C:\Windows\system32\JRSUKD25.SYS
2015-09-24 18:21 - 2015-09-24 18:21 - 00000000 ____D C:\Program Files\RaonSecure
2015-09-23 18:47 - 2015-09-23 18:47 - 02070504 _____ (NAVER Corp.) C:\Windows\system32\NaverAXGuide.exe
2015-09-23 18:47 - 2015-09-23 18:47 - 00387048 _____ (NAVER Corp.) C:\Windows\system32\NAxgPluginW_0_1.dll
2015-09-22 01:15 - 2015-09-25 16:58 - 00000000 ____D C:\Users\Administrator\Desktop\material-design-icons-1.0.0
2015-09-22 00:11 - 2015-09-22 00:11 - 00087840 _____ C:\Users\Administrator\Downloads\00-15-0123-1(이화여대-노기모적색후드티).xls
2015-09-21 22:22 - 2015-09-25 16:38 - 00000000 ____D C:\Users\Administrator\Desktop\2015-1
2015-09-21 22:22 - 2015-09-25 16:38 - 00000000 ____D C:\Users\Administrator\Desktop\2014-2
2015-09-20 22:32 - 2015-09-20 22:33 - 00000009 _____ C:\Windows\AFCUPDL2.txt
2015-09-20 22:27 - 2015-09-20 22:27 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\mfc70.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00964608 _____ (Microsoft Corporation) C:\Windows\system32\mfc70u.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00741440 ____N () C:\Windows\AFCUPDL2.exe
2015-09-20 22:27 - 2015-09-20 22:27 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\msvcr70.dll
2015-09-20 22:27 - 2015-09-20 22:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\afreeca
2015-09-20 22:27 - 2015-09-20 22:27 - 00000000 ____D C:\Program Files\afreeca
2015-09-19 10:03 - 2015-09-19 10:05 - 00196721 _____ C:\Users\Administrator\Downloads\Kingsman+The+Secret+Service+2014+720p+HDRip+x264+AAC-KiNGDOM (1).smi
2015-09-19 09:54 - 2015-09-19 09:54 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks (2).smi
2015-09-19 09:53 - 2015-09-19 09:53 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks (1).smi
2015-09-19 09:44 - 2015-09-19 10:10 - 00331055 _____ C:\Users\Administrator\Downloads\Kingsman+The+Secret+Service+2014+720p+HDRip+x264+AAC-KiNGDOM.smi
2015-09-19 09:28 - 2015-09-19 09:28 - 00198477 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks.smi
2015-09-19 09:28 - 2015-09-19 09:28 - 00101597 _____ C:\Users\Administrator\Downloads\[TVZIL.COM]kingsman.the.secret.service.2014.1080p.bluray.x264-sparks.torrent
2015-09-18 15:25 - 2015-09-25 16:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Games
2015-09-17 21:00 - 2015-09-17 21:00 - 00009856 _____ C:\Users\Administrator\Desktop\먼동제 윷놀이 부스.xlsx
2015-09-17 08:53 - 2015-09-17 08:53 - 00000104 _____ C:\Users\Administrator\Desktop\plot.log
2015-09-17 01:42 - 2015-09-17 01:42 - 31653904 _____ C:\Users\Administrator\Downloads\Site Analysis.pptx
2015-09-16 21:06 - 2015-09-29 09:27 - 00007152 _____ C:\Windows\system32\Drivers\EstRtwIFDrv
2015-09-15 11:49 - 2015-09-15 11:49 - 12390848 _____ C:\Users\Administrator\Downloads\관악최종.DWG
2015-09-14 11:45 - 2015-09-14 23:23 - 00018432 _____ C:\Users\Administrator\Desktop\ㅅㄱ (2015-09-14 1301의 iPad에서 충돌하는 사본).hwp
2015-09-14 01:51 - 2015-09-14 01:51 - 00020992 _____ C:\Users\Administrator\Desktop\ㅅㄱ.hwp
2015-09-11 13:47 - 2015-09-25 16:30 - 00000000 ____D C:\ProgramData\ISSAC_LG_UPLUS
2015-09-11 13:47 - 2015-09-11 14:05 - 00002644 _____ C:\Windows\issacweb.log
2015-09-11 13:38 - 2015-09-11 13:38 - 01978448 _____ (LG Uplus Corp) C:\Users\Administrator\Downloads\LGDacomXPayWizard.exe
2015-09-11 11:25 - 2015-09-11 11:25 - 00000000 _____ C:\Users\Administrator\AppData\Local\{228B11DD-33C8-4288-AC84-A4CBD408D431}
2015-09-10 19:13 - 2015-09-25 18:23 - 00000000 ____D C:\Users\Administrator\Desktop\비행청소년
2015-09-10 13:58 - 2015-09-25 17:04 - 00000000 ____D C:\Users\Administrator\Desktop\대안교육강의록
2015-09-10 00:10 - 2015-07-02 18:16 - 00177192 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\HSBDrvNt.sys
2015-09-10 00:10 - 2015-07-01 18:12 - 00143168 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amoncdw8.sys
2015-09-10 00:10 - 2015-07-01 18:11 - 00132304 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amoncdw7.sys
2015-09-10 00:10 - 2015-05-27 22:36 - 00123176 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amontdnt.sys
2015-09-10 00:10 - 2015-05-27 22:35 - 00063752 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amonhknt.sys
2015-09-10 00:10 - 2015-03-12 14:39 - 00052304 _____ (AhnLab, Inc.) C:\Windows\system32\Drivers\amonlwlh.sys
2015-09-10 00:09 - 2015-09-10 00:25 - 00000339 _____ C:\Windows\rdviewer_u.ini
2015-09-10 00:09 - 2015-09-10 00:09 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-09-10 00:09 - 2015-04-06 13:35 - 05447792 _____ ((주)엠투소프트) C:\Windows\system32\rdviewer50u.ocx
2015-09-10 00:09 - 2015-04-06 13:32 - 00741376 _____ () C:\Windows\system32\chartui_ux.dll
2015-09-10 00:09 - 2015-04-06 13:32 - 00286720 _____ () C:\Windows\system32\rdcdchart_ux.dll
2015-09-10 00:09 - 2015-04-06 13:32 - 00032976 _____ C:\Windows\system32\Rdviewer50u.tlb
2015-09-10 00:09 - 2015-04-06 13:22 - 00184320 _____ (M2Soft, Inc.) C:\Windows\system32\rdtidyx50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00438272 _____ (M2Soft Inc.) C:\Windows\system32\rdagentx50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00303104 _____ (M2Soft, Inc.) C:\Windows\system32\rdfilex50u.dll
2015-09-10 00:09 - 2015-04-06 13:21 - 00151552 _____ (M2Soft, Inc.) C:\Windows\system32\rdadox50u.dll
2015-09-10 00:09 - 2015-03-24 14:01 - 01774712 _____ (M2Soft, Inc.) C:\Windows\system32\PDFExport50.dll
2015-09-10 00:09 - 2014-09-01 16:56 - 00131208 _____ ((주)엠투소프트) C:\Windows\system32\RDVistaSupport.dll
2015-09-10 00:09 - 2012-02-14 13:43 - 02310144 ____R (Advanced Software Engineering Limited) C:\Windows\system32\chartdir50.dll
2015-09-10 00:09 - 2009-12-24 10:59 - 00610304 _____ (TEC-IT Datenverarbeitung GmbH (www.tec-it.com) Wagnerstr. 6, A-4400 Steyr, AUSTRIA [email protected] p: +43 (7252) 72720 f: +43 (7252) 72720-77) C:\Windows\system32\TBarCode5.dll
2015-09-10 00:09 - 2007-05-15 11:19 - 00032768 _____ (m2soft) C:\Windows\system32\rdabout50u.dll
2015-09-10 00:09 - 2002-07-10 14:02 - 00206336 _____ (Catenary Systems) C:\Windows\system32\VIC32.DLL
2015-09-10 00:09 - 1997-11-07 14:09 - 00441856 _____ (Sybase, Visual Components) C:\Windows\system32\VCFIWZ5.dll
2015-09-10 00:08 - 2015-09-10 00:08 - 00034218 _____ C:\Windows\system32\MaWebSAFER_KERIS_uninstall.exe
2015-09-10 00:08 - 2015-09-10 00:08 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2015-09-10 00:06 - 2015-09-10 00:06 - 01327208 _____ (Wizvera ) C:\Users\Administrator\Downloads\veraport20moz.exe
2015-09-08 10:24 - 2015-09-25 18:25 - 00000000 ____D C:\Users\Administrator\Desktop\제비
2015-09-07 18:32 - 2015-09-07 18:32 - 00000000 ____D C:\Users\Administrator\Desktop\느시
2015-09-06 11:46 - 2015-09-06 11:46 - 00000000 ____D C:\Program Files\XPayPlugin
2015-09-04 22:06 - 2015-09-04 22:07 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2015-09-04 22:06 - 2015-09-04 22:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2015-09-01 23:08 - 2015-09-01 23:08 - 00097888 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\Program Files\Java
2015-09-01 23:08 - 2015-09-01 23:08 - 00000000 ____D C:\Program Files\Common Files\Java
2015-09-01 17:52 - 2015-09-01 17:52 - 00001241 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2015-09-01 17:52 - 2015-09-01 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-09-29 10:59 - 2015-07-25 18:16 - 00000622 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-29 10:52 - 2015-07-25 18:16 - 00000672 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-29 09:32 - 2009-07-14 13:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 09:32 - 2009-07-14 13:34 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 09:27 - 2014-11-30 14:32 - 00000294 _____ C:\Windows\system32\ayboot.ini
2015-09-29 09:25 - 2015-07-25 18:16 - 00000668 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-29 09:25 - 2009-07-14 13:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-29 09:25 - 2009-07-14 13:39 - 00147714 _____ C:\Windows\setupact.log
2015-09-29 09:24 - 2014-11-30 13:21 - 00000000 ____D C:\ProgramData\NVIDIA
2015-09-28 00:53 - 2015-07-25 18:16 - 00002103 _____ C:\Users\Public\Desktop\Chrome.lnk
2015-09-26 16:22 - 2015-01-07 10:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2015-09-26 12:57 - 2011-11-19 10:00 - 00000000 ___RD C:\Users\Administrator\Desktop\민성이
2015-09-25 18:37 - 2015-07-03 13:48 - 00000000 ____D C:\Users\Administrator\Tracing
2015-09-25 18:37 - 2014-11-30 13:11 - 00000000 ____D C:\Users\Administrator
2015-09-25 18:27 - 2015-01-01 21:27 - 00000000 ____D C:\Users\Administrator\Documents\카카오톡 받은 파일
2015-09-25 18:26 - 2015-01-11 18:51 - 00000000 ____D C:\Users\Administrator\Documents\KBS
2015-09-25 18:24 - 2015-06-03 09:53 - 00000000 ____D C:\Users\Administrator\Desktop\자격증모음
2015-09-25 18:24 - 2014-12-28 12:59 - 00000000 ____D C:\Users\Administrator\Desktop\시
2015-09-25 18:23 - 2015-06-25 17:55 - 00000000 ___RD C:\Users\Administrator\Desktop\민지
2015-09-25 18:23 - 2015-03-07 09:40 - 00000000 ____D C:\Users\Administrator\Desktop\성교육성상담
2015-09-25 17:12 - 2014-11-30 11:47 - 00000000 ___RD C:\Users\Administrator\Desktop\민경
2015-09-25 17:04 - 2015-07-12 14:44 - 00000000 ____D C:\Users\Administrator\Desktop\동기강화
2015-09-25 17:04 - 2015-01-24 14:35 - 00000000 ____D C:\Users\Administrator\Desktop\논문자료
2015-09-25 17:03 - 2015-08-23 23:04 - 00000000 ____D C:\Users\Administrator\Desktop\까치
2015-09-25 17:02 - 2015-06-06 17:12 - 00000000 ____D C:\Users\Administrator\Desktop\까마귀
2015-09-25 17:00 - 2015-07-25 00:03 - 00000000 ____D C:\Users\Administrator\Desktop\고니
2015-09-25 16:37 - 2015-06-09 20:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2015-09-25 16:37 - 2015-04-07 22:35 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Naver
2015-09-25 16:37 - 2015-02-10 14:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Reset
2015-09-25 16:37 - 2014-12-30 21:07 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Savepop
2015-09-25 16:37 - 2014-12-11 18:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Skype
2015-09-25 16:36 - 2015-07-12 12:48 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\JRSOFT
2015-09-25 16:36 - 2014-12-01 20:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HNC
2015-09-25 16:36 - 2014-11-30 14:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\GRETECH
2015-09-25 16:36 - 2014-11-30 14:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\ESTsoft
2015-09-25 16:36 - 2014-11-30 14:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2015-09-25 16:36 - 2014-11-30 13:36 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Autodesk
2015-09-25 16:34 - 2014-12-11 18:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Skype
2015-09-25 16:34 - 2014-12-11 18:53 - 00000000 ____D C:\Users\Administrator\AppData\Local\SK Communications
2015-09-25 16:34 - 2014-12-01 17:54 - 00000000 ____D C:\Users\Administrator\AppData\Local\Naver
2015-09-25 16:33 - 2015-01-01 21:24 - 00000000 ____D C:\Users\Administrator\AppData\Local\Kakao
2015-09-25 16:32 - 2015-07-25 18:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2015-09-25 16:32 - 2014-11-30 14:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-09-25 16:32 - 2014-11-30 13:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Autodesk
2015-09-25 16:30 - 2015-06-09 19:57 - 00000000 ____D C:\ProgramData\Samsung
2015-09-25 16:30 - 2015-06-02 15:27 - 00000000 ____D C:\ProgramData\ISSAC_WEB_oovi
2015-09-25 16:30 - 2014-11-30 14:35 - 00000000 ____D C:\ProgramData\GRETECH
2015-09-25 16:30 - 2014-11-30 14:28 - 00000000 ____D C:\ProgramData\ESTsoft
2015-09-25 16:29 - 2014-11-30 14:07 - 00000000 ____D C:\ProgramData\Adobe
2015-09-25 16:29 - 2014-11-30 13:36 - 00000000 ____D C:\ProgramData\Autodesk
2015-09-25 16:23 - 2014-12-04 18:13 - 00000000 ____D C:\gpki
2015-09-25 15:54 - 2014-11-30 13:05 - 01786990 _____ C:\Windows\WindowsUpdate.log
2015-09-25 14:45 - 2009-07-14 13:33 - 02223016 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-24 22:15 - 2014-11-30 13:36 - 00205160 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-24 18:21 - 2014-10-29 13:53 - 02735800 _____ (RaonSecure Co., Ltd.) C:\Windows\system32\CKSetup32.exe
2015-09-24 18:21 - 2014-10-29 13:53 - 00192184 _____ (RaonSecure Co., Ltd.) C:\Windows\system32\Jrsoftcp.dll
2015-09-22 23:00 - 2014-11-30 14:41 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-09-22 23:00 - 2014-11-30 14:41 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-09-22 22:41 - 2014-12-04 16:38 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts_tmp
2015-09-21 18:45 - 2014-12-04 16:39 - 02761376 _____ (AhnLab, Inc.) C:\Windows\system32\btscan.exe
2015-09-18 22:52 - 2009-07-14 13:53 - 00032596 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-09-18 09:26 - 2014-11-30 13:31 - 00000065 _____ C:\Windows\hjimesv.ini
2015-09-14 20:03 - 2015-03-25 17:20 - 00034344 _____ (INCA Internet Co.,Ltd.) C:\Windows\system32\nosku64.sys
2015-09-14 20:03 - 2015-03-25 17:19 - 00032936 _____ (INCA Internet Co.,Ltd.) C:\Windows\system32\nosku.sys
2015-09-14 08:35 - 2014-11-30 14:32 - 00284440 _____ (ESTsoft Corp) C:\Windows\system32\Drivers\EstRtw.sys
2015-09-13 17:03 - 2014-12-10 20:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-13 12:07 - 2014-12-10 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-11 13:40 - 2014-10-28 13:42 - 01011792 _____ (LG Uplus Corp) C:\Windows\system32\XPayExtension.exe
2015-09-10 21:55 - 2011-04-13 05:55 - 00428288 _____ C:\Windows\system32\perfh012.dat
2015-09-10 21:55 - 2011-04-13 05:55 - 00119548 _____ C:\Windows\system32\perfc012.dat
2015-09-10 21:55 - 2010-11-21 06:01 - 01322266 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-10 13:37 - 2009-07-14 11:37 - 00000000 ____D C:\Windows\system32\NDF
2015-09-10 00:13 - 2014-12-04 22:35 - 00201968 _____ (SoftCamp) C:\Windows\system32\Drivers\scskusbs.sys
2015-09-10 00:13 - 2014-12-04 22:35 - 00052320 _____ (Kings Information & Network) C:\Windows\system32\Drivers\kck86s.sys
2015-09-10 00:13 - 2014-12-04 22:35 - 00023176 _____ (SoftCamp) C:\Windows\system32\Drivers\scskusbf.sys
2015-09-01 23:08 - 2015-02-24 01:11 - 00000000 ____D C:\ProgramData\Oracle
2015-09-01 17:52 - 2014-11-30 19:06 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2015-09-01 17:42 - 2014-12-04 16:40 - 00000000 ____D C:\ProgramData\Nexon
2015-09-01 17:41 - 2014-12-04 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
==================== Files in the root of some directories =======
2015-09-25 16:37 - 2015-09-25 16:37 - 0008654 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.HTML
2015-09-25 16:37 - 2015-09-25 16:37 - 0046118 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.PNG
2015-09-25 16:37 - 2015-09-25 16:37 - 0004270 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.TXT
2015-09-25 16:37 - 2015-09-25 16:37 - 0000296 _____ () C:\Users\Administrator\AppData\Roaming\HELP_DECRYPT.URL
2014-12-12 12:48 - 2014-12-12 14:33 - 0105899 _____ () C:\Users\Administrator\AppData\Roaming\output.est
2014-12-05 11:35 - 2014-12-05 11:35 - 0000020 _____ () C:\Users\Administrator\AppData\Roaming\SN3Settings.dat
2015-03-06 20:38 - 2015-03-06 20:38 - 0003584 _____ () C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-09-25 16:34 - 2015-09-25 16:34 - 0008654 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.HTML
2015-09-25 16:34 - 2015-09-25 16:34 - 0046118 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.PNG
2015-09-25 16:34 - 2015-09-25 16:34 - 0004270 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.TXT
2015-09-25 16:34 - 2015-09-25 16:34 - 0000296 _____ () C:\Users\Administrator\AppData\Local\HELP_DECRYPT.URL
2015-06-02 15:27 - 2015-06-02 15:36 - 0095168 _____ () C:\Users\Administrator\AppData\Local\issacweb.log
2015-09-28 00:43 - 2015-09-28 00:43 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{0835341A-9569-4EA8-BCB8-0461B917DA3D}
2015-09-11 11:25 - 2015-09-11 11:25 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{228B11DD-33C8-4288-AC84-A4CBD408D431}
2015-08-09 10:16 - 2015-08-09 10:16 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{796D6C42-92EE-4086-94C5-203B856AE51F}
2015-09-29 09:25 - 2015-09-29 09:25 - 0000000 _____ () C:\Users\Administrator\AppData\Local\{FAD29A02-0120-4573-BF02-0F80977BF983}
2015-09-25 16:30 - 2015-09-25 16:30 - 0008654 _____ () C:\ProgramData\HELP_DECRYPT.HTML
2015-09-25 16:30 - 2015-09-25 16:30 - 0046118 _____ () C:\ProgramData\HELP_DECRYPT.PNG
2015-09-25 16:30 - 2015-09-25 16:30 - 0004270 _____ () C:\ProgramData\HELP_DECRYPT.TXT
2015-09-25 16:30 - 2015-09-25 16:30 - 0000296 _____ () C:\ProgramData\HELP_DECRYPT.URL
2014-12-06 17:44 - 2015-07-31 11:42 - 0002398 _____ () C:\ProgramData\NCleanerInstAgentLog.log
2014-12-06 17:44 - 2015-07-31 11:42 - 0001881 _____ () C:\ProgramData\NVCInstAgentLog.log
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\NaverAdminAPI.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-09-25 01:47
==================== End of FRST.txt ============================