Code : fYvMxqHxvG7q64WawrUD97mofG+/uQpD/N+83VWwH6ZqrDx0G6/FuA==

프로그램분석

Code : fYvMxqHxvG7q64WawrUD97mofG+/uQpD/N+83VWwH6ZqrDx0G6/FuA==

프로세스 천국 2013. 6. 1. 18:14

[00-PROCESS]**7F1x2y3q -/- C:\Users\Administrator\AppData\Local\4S0J1s4j1m\7F1x2y3q.exe
[00-PROCESS]**AdminService -/- C:\WINDOWS\system32\AdminService.exe
[00-PROCESS]**AdobeARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[00-PROCESS]**AppleMobileDeviceService -/- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[00-PROCESS]**APSDaemon -/- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
[00-PROCESS]**armsvc -/- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
[00-PROCESS]**Ath_WlanAgent -/- C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe
[00-PROCESS]**BitTorrent -/- C:\Users\Administrator\AppData\Roaming\BitTorrent\BitTorrent.exe
[00-PROCESS]**c2wtshost -/- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
[00-PROCESS]**chrome -/- C:\Program Files\Google\Chrome\Application\chrome.exe
[00-PROCESS]**FacebookUpdate -/- C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe
[00-PROCESS]**GoogleUpdate -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[00-PROCESS]**GROOVE -/- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
[00-PROCESS]**hkcmd -/- C:\WINDOWS\system32\hkcmd.exe
[00-PROCESS]**igfxpers -/- C:\WINDOWS\system32\igfxpers.exe
[00-PROCESS]**igfxtray -/- C:\WINDOWS\system32\igfxtray.exe
[00-PROCESS]**iPodService -/- C:\Program Files\iPod\bin\iPodService.exe
[00-PROCESS]**iTunesHelper -/- C:\Program Files\iTunes\iTunesHelper.exe
[00-PROCESS]**jusched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[00-PROCESS]**LiveComm -/- C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1114.318_x86__8wekyb3d8bbwe\LiveComm.exe
[00-PROCESS]**mDNSResponder -/- C:\Program Files\Bonjour\mDNSResponder.exe
[00-PROCESS]**mqsvc -/- C:\WINDOWS\system32\mqsvc.exe
[00-PROCESS]**MsMpEng -/- C:\Program Files\Windows Defender\MsMpEng.exe
[00-PROCESS]**NBService -/- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
[00-PROCESS]**NeroCheck -/- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[00-PROCESS]**NMBgMonitor -/- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[00-PROCESS]**NMIndexingService -/- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[00-PROCESS]**NMIndexStoreSvr -/- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
[00-PROCESS]**OSE -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00-PROCESS]**OSPPSVC -/- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
[00-PROCESS]**RtHDVCpl -/- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
[00-PROCESS]**RuntimeBroker -/- C:\Windows\System32\RuntimeBroker.exe
[00-PROCESS]**sbu -/- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
[00-PROCESS]**ServiceLayer -/- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[00-PROCESS]**SMSvcHost -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[00-PROCESS]**snmp -/- C:\WINDOWS\System32\snmp.exe
[00-PROCESS]**taskhostex -/- C:\WINDOWS\system32\taskhostex.exe
[00-PROCESS]**tcpsvcs -/- C:\WINDOWS\System32\tcpsvcs.exe
[00-PROCESS]**VideoAccelerator -/- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
[00-PROCESS]**WinRAR -/- C:\Program Files\WinRAR\WinRAR.exe
[00-PROCESS]**wmpnetwk -/- C:\Program Files\Windows Media Player\wmpnetwk.exe
[00-PROCESS]**YCMMirage -/- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
[00-PROCESS]**YouCamTray -/- C:\Program Files\CyberLink\YouCam\YouCamTray.exe
[01-HKCUREG]**Adobe ARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[01-HKCUREG]**APSDaemon -/- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
[01-HKCUREG]**BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -/- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[01-HKCUREG]**Facebook Update -/- C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
[01-HKCUREG]**HotKeysCmds -/- C:\WINDOWS\system32\hkcmd.exe
[01-HKCUREG]**IgfxTray -/- C:\WINDOWS\system32\igfxtray.exe
[01-HKCUREG]**iTunesHelper -/- C:\Program Files\iTunes\iTunesHelper.exe
[01-HKCUREG]**NeroFilterCheck -/- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[01-HKCUREG]**Persistence -/- C:\WINDOWS\system32\igfxpers.exe
[01-HKCUREG]**RtHDVCpl -/- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
[01-HKCUREG]**SpeedBitVideoAccelerator -/- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe /startup
[01-HKCUREG]**SunJavaUpdateSched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[01-HKCUREG]**YouCam Mirage -/- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
[01-HKCUREG]**YouCam Tray -/- C:\Program Files\CyberLink\YouCam\YouCamTray.exe /s
[02-HKLMREG]**Adobe ARM -/- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[02-HKLMREG]**APSDaemon -/- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
[02-HKLMREG]**BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -/- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[02-HKLMREG]**Facebook Update -/- C:\Users\Administrator\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
[02-HKLMREG]**HotKeysCmds -/- C:\WINDOWS\system32\hkcmd.exe
[02-HKLMREG]**IgfxTray -/- C:\WINDOWS\system32\igfxtray.exe
[02-HKLMREG]**iTunesHelper -/- C:\Program Files\iTunes\iTunesHelper.exe
[02-HKLMREG]**NeroFilterCheck -/- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[02-HKLMREG]**Persistence -/- C:\WINDOWS\system32\igfxpers.exe
[02-HKLMREG]**RtHDVCpl -/- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
[02-HKLMREG]**SpeedBitVideoAccelerator -/- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe /startup
[02-HKLMREG]**SunJavaUpdateSched -/- C:\Program Files\Common Files\Java\Java Update\jusched.exe
[02-HKLMREG]**YouCam Mirage -/- C:\Program Files\CyberLink\YouCam\YCMMirage.exe
[02-HKLMREG]**YouCam Tray -/- C:\Program Files\CyberLink\YouCam\YouCamTray.exe /s
[03-BHOCLSD]**Groove GFS Browser Helper -/- C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL -/- {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
[03-BHOCLSD]**Java(tm) Plug-In 2 SSV Helper -/- C:\Program Files\Java\jre7\bin\jp2ssv.dll -/- {DBC80044-A445-435b-BC74-9C25C1C588A9}
[03-BHOCLSD]**Java(tm) Plug-In SSV Helper -/- C:\Program Files\Java\jre7\bin\ssv.dll -/- {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
[03-BHOCLSD]**N.A -/- N.A -/- {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
[03-BHOCLSD]**Office Document Cache Handler -/- C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL -/- {B4F3A835-0E21-4959-BA22-42B3008E02FF}
[04-TOOLBAR]**N.A -/- N.A -/- {10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[05-SERVICE]**AdobeARMservice -/- Adobe Acrobat Update Service -/- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
[05-SERVICE]**AllUserInstallAgent -/- Agente de Instalação para Todos os Usuários do Windows -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\system32\AUInstallAgent.dll
[05-SERVICE]**AppHostSvc -/- Serviço Auxiliar de Host do Aplicativo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\inetsrv\apphostsvc.dll
[05-SERVICE]**AppIDSvc -/- Identidade do Aplicativo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\appidsvc.dll
[05-SERVICE]**Apple Mobile Device -/- Apple Mobile Device -/- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
[05-SERVICE]**AtherosSvc -/- AtherosSvc -/- C:\WINDOWS\system32\AdminService.exe
[05-SERVICE]**AudioEndpointBuilder -/- Construtor de Pontos de Extremidade de Áudio do Windows -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\AudioEndpointBuilder.dll
[05-SERVICE]**Bonjour Service -/- Serviço do Bonjour -/- C:\Program Files\Bonjour\mDNSResponder.exe
[05-SERVICE]**BrokerInfrastructure -/- Serviço de Infraestrutura de Tarefas de Segundo Plano -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\bisrv.dll
[05-SERVICE]**bthserv -/- Serviço de Suporte a Bluetooth -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\bthserv.dll
[05-SERVICE]**c2wts -/- Declarações para o Windows Token Service -/- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
[05-SERVICE]**DeviceAssociationService -/- Serviço de Associação de Dispositivo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\das.dll
[05-SERVICE]**DeviceInstall -/- Serviço de Instalação de Dispositivo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\umpnpmgr.dll
[05-SERVICE]**DsmSvc -/- Gerenciador de Instalação de Dispositivo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\DeviceSetupManager.dll
[05-SERVICE]**EFS -/- EFS (Encrypting File System) -/- C:\WINDOWS\System32\lsass.exe -/- C:\WINDOWS\system32\efssvc.dll
[05-SERVICE]**fhsvc -/- Serviço de Histórico de Arquivos -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\fhsvc.dll
[05-SERVICE]**FontCache -/- Serviço de Cache de Fontes do Windows -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\FntCache.dll
[05-SERVICE]**gupdate -/- Serviço do Google Update (gupdate) -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[05-SERVICE]**gupdatem -/- Serviço do Google Update (gupdatem) -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[05-SERVICE]**iPod Service -/- iPod Service -/- C:\Program Files\iPod\bin\iPodService.exe
[05-SERVICE]**iprip -/- RIP de Escuta -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\iprip.dll
[05-SERVICE]**KeyIso -/- Isolamento de Chave CNG -/- C:\WINDOWS\system32\lsass.exe -/- C:\WINDOWS\system32\keyiso.dll
[05-SERVICE]**lmhosts -/- Auxiliar NetBIOS TCP/IP -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\lltdsvc.dll
[05-SERVICE]**LSM -/- Gerenciador de Sessão Local -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\lsm.dll
[05-SERVICE]**Microsoft SharePoint Workspace Audit Service -/- Microsoft SharePoint Workspace Audit Service -/- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE
[05-SERVICE]**MSMQ -/- Enfileiramento de Mensagens -/- C:\WINDOWS\system32\mqsvc.exe
[05-SERVICE]**NBService -/- NBService -/- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
[05-SERVICE]**NcaSvc -/- Assistente de Conectividade de Rede -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\ncasvc.dll
[05-SERVICE]**NcdAutoSetup -/- Instalação Automática de Dispositivos Conectados à Rede -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\NcdAutoSetup.dll
[05-SERVICE]**Netlogon -/- Logon de rede -/- C:\WINDOWS\system32\lsass.exe -/- C:\WINDOWS\system32\netlogon.dll
[05-SERVICE]**netprofm -/- Serviço da Lista de Redes -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\netprofmsvc.dll
[05-SERVICE]**NetTcpPortSharing -/- Serviço de Compartilhamento de Porta Net.Tcp -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[05-SERVICE]**NlaSvc -/- Reconhecimento de Locais de Rede -/- C:\WINDOWS\System32\svchost.exe
[05-SERVICE]**NMIndexingService -/- NMIndexingService -/- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[05-SERVICE]**nsi -/- Serviço de Interface de Repositório de Rede -/- C:\WINDOWS\system32\svchost.exe
[05-SERVICE]**ose -/- Office Source Engine -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[05-SERVICE]**osppsvc -/- Office Software Protection Platform -/- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
[05-SERVICE]**PrintNotify -/- Extensões e Notificações da Impressora -/- C:\WINDOWS\system32\svchost.exe -/- C:\Windows\system32\spool\DRIVERS\W32X86\3\PrintConfig.dll
[05-SERVICE]**SBUpd -/- SpeedBit Update -/- C:\Program Files\Common Files\SpeedBit\SBUpdate\sbu.exe
[05-SERVICE]**ServiceLayer -/- ServiceLayer -/- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
[05-SERVICE]**simptcp -/- Serviços TCP/IP Simples -/- C:\WINDOWS\System32\tcpsvcs.exe -/- C:\WINDOWS\System32\shsvcs.dll
[05-SERVICE]**SNMP -/- Serviço SNMP -/- C:\WINDOWS\System32\snmp.exe
[05-SERVICE]**StorSvc -/- Serviço de Armazenamento -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\system32\storsvc.dll
[05-SERVICE]**SvcUpt -/- SvcUpt -/- C:\Users\Administrator\AppData\Local\4S0J1s4j1m\7F1x2y3q.exe
[05-SERVICE]**svsvc -/- Verificador de Ponto -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\svsvc.dll
[05-SERVICE]**SystemEventsBroker -/- Agente de Eventos do Sistema -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\SystemEventsBrokerServer.dll
[05-SERVICE]**TimeBroker -/- Agente de Tempo -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\TimeBrokerServer.dll
[05-SERVICE]**VaultSvc -/- Gerenciador de Credenciais -/- C:\WINDOWS\system32\lsass.exe -/- C:\Windows\System32\vaultsvc.dll
[05-SERVICE]**VideoAcceleratorService -/- VideoAcceleratorService -/- C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm
[05-SERVICE]**vmicheartbeat -/- Serviço de Pulsação do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**vmickvpexchange -/- Serviço de Troca de Dados do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**vmicrdv -/- Serviço de Virtualização de Área de Trabalho Remota do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**vmicshutdown -/- Serviço de Desligamento de Convidado do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**vmictimesync -/- Serviço de Sincronização de Data/Hora do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**vmicvss -/- Solicitante de Cópia de Sombra de Volume do Hyper-V -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\ICSvc.dll
[05-SERVICE]**W3SVC -/- Serviço de Publicação da World Wide Web -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\inetsrv\iisw3adm.dll
[05-SERVICE]**WAS -/- Serviço de Ativação de Processos do Windows -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\inetsrv\iisw3adm.dll
[05-SERVICE]**Wcmsvc -/- Gerenciador de Conexões do Windows -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\wcmsvc.dll
[05-SERVICE]**WiaRpc -/- Eventos de Aquisição de Imagens Estáticas -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\wiarpc.dll
[05-SERVICE]**WinDefend -/- Serviço Windows Defender -/- C:\Program Files\Windows Defender\MsMpEng.exe
[05-SERVICE]**WinHttpAutoProxySvc -/- Serviço de Descoberta Automática de Proxy da Web do WinHTTP -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\winhttp.dll
[05-SERVICE]**wlidsvc -/- Assistente de Conexão de Conta da Microsoft -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\wlidsvc.dll
[05-SERVICE]**WSService -/- Serviço da Windows Store (WSService) -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\WSService.dll
[05-SERVICE]**ZAtheros Wlan Agent -/- ZAtheros Wlan Agent -/- C:\Program Files\Qualcomm Atheros\Ath_WlanAgent.exe