Code : Mw1XjHW2Er5jlNbFGEkBxFUKch4UehnfFMwrS/oKboi14frvHBvodg==

프로그램분석

Code : Mw1XjHW2Er5jlNbFGEkBxFUKch4UehnfFMwrS/oKboi14frvHBvodg==

프로세스 천국 2013. 8. 13. 17:05

[00-PROCESS]**aara9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82290\aara9.exe
[00-PROCESS]**alg -/- C:\Windows\System32\alg.exe
[00-PROCESS]**Arsusu -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Arsusu.exe
[00-PROCESS]**avguard -/- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
[00-PROCESS]**azza9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-861390\azza9.exe
[00-PROCESS]**ctfmon -/- C:\Windows\system32\ctfmon.exe
[00-PROCESS]**dllhost -/- C:\Windows\system32\dllhost.exe
[00-PROCESS]**Dwm -/- C:\Windows\system32\Dwm.exe
[00-PROCESS]**ehRecvr -/- C:\Windows\ehome\ehRecvr.exe
[00-PROCESS]**ehsched -/- C:\Windows\ehome\ehsched.exe
[00-PROCESS]**Explorer -/- C:\Windows\Explorer.EXE
[00-PROCESS]**firefox -/- C:\Program Files\Mozilla Firefox\firefox.exe
[00-PROCESS]**FlashPlayerUpdateService -/- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[00-PROCESS]**fxssvc -/- C:\Windows\system32\fxssvc.exe
[00-PROCESS]**HPSIsvc -/- C:\Windows\system32\HPSIsvc.exe
[00-PROCESS]**iexplore -/- C:\Program Files\Internet Explorer\iexplore.exe
[00-PROCESS]**infocard -/- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
[00-PROCESS]**locator -/- C:\Windows\system32\locator.exe
[00-PROCESS]**lsass -/- C:\Windows\system32\lsass.exe
[00-PROCESS]**MobileBroadband -/- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
[00-PROCESS]**mscorsvw -/- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00-PROCESS]**msdtc -/- C:\Windows\System32\msdtc.exe
[00-PROCESS]**msiexec -/- C:\Windows\system32\msiexec.exe
[00-PROCESS]**mspaint -/- C:\Windows\system32\mspaint.exe
[00-PROCESS]**notepad -/- C:\Windows\system32\notepad.exe
[00-PROCESS]**Orsusi -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Orsusi.exe
[00-PROCESS]**OSE -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00-PROCESS]**PresentationFontCache -/- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[00-PROCESS]**s11h10 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-187892\s11h10.exe
[00-PROCESS]**s11z2ec -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-101417\s11z2ec.exe
[00-PROCESS]**s1sh10 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-87892\s1sh10.exe
[00-PROCESS]**s222h10 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22892\s222h10.exe
[00-PROCESS]**sched -/- C:\Program Files\Avira\AntiVir Desktop\sched.exe
[00-PROCESS]**SearchIndexer -/- C:\Windows\system32\SearchIndexer.exe
[00-PROCESS]**SearchProtocolHost -/- C:\Windows\system32\SearchProtocolHost.exe
[00-PROCESS]**SMSvcHost -/- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
[00-PROCESS]**snmptrap -/- C:\Windows\System32\snmptrap.exe
[00-PROCESS]**spoolsv -/- C:\Windows\System32\spoolsv.exe
[00-PROCESS]**sppsvc -/- C:\Windows\system32\sppsvc.exe
[00-PROCESS]**svchost -/- C:\Windows\system32\svchost.exe
[00-PROCESS]**sxsh10 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87891\sxsh10.exe
[00-PROCESS]**sxshin -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-81540\sxshin.exe
[00-PROCESS]**sxshin1 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-81140\sxshin1.exe
[00-PROCESS]**sxshin1 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81240\sxshin1.exe
[00-PROCESS]**sxshin3 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-81340\sxshin3.exe
[00-PROCESS]**sxshin4 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-81350\sxshin4.exe
[00-PROCESS]**sxshin5 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-81650\sxshin5.exe
[00-PROCESS]**sxshin6 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-86650\sxshin6.exe
[00-PROCESS]**sxshin7 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87650\sxshin7.exe
[00-PROCESS]**sxshin8 -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-87850\sxshin8.exe
[00-PROCESS]**szsec -/- c:\recycler\s-1-5-21-0243556031-888888379-781863308-861397\szsec.exe
[00-PROCESS]**taskhost -/- C:\Windows\system32\taskhost.exe
[00-PROCESS]**TrustedInstaller -/- C:\Windows\servicing\TrustedInstaller.exe
[00-PROCESS]**UI0Detect -/- C:\Windows\system32\UI0Detect.exe
[00-PROCESS]**vds -/- C:\Windows\System32\vds.exe
[00-PROCESS]**VmbService -/- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
[00-PROCESS]**vssvc -/- C:\Windows\system32\vssvc.exe
[00-PROCESS]**wbengine -/- C:\Windows\system32\wbengine.exe
[00-PROCESS]**WerFault -/- C:\Windows\system32\WerFault.exe
[00-PROCESS]**WmiApSrv -/- C:\Windows\system32\wbem\WmiApSrv.exe
[00-PROCESS]**wmpnetwk -/- C:\Program Files\Windows Media Player\wmpnetwk.exe
[01-HKCUREG]**aa0rab9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82290\aara9.exe
[01-HKCUREG]**Arsusu -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Arsusu.exe
[01-HKCUREG]**azzrab9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-861390\azza9.exe
[01-HKCUREG]**Brsusv -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Brsusv.exe
[01-HKCUREG]**Hrsusb -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Hrsusb.exe
[01-HKCUREG]**IEtemp -/- C:\Users\Administrator\AppData\Roaming\IEtemp.scr
[01-HKCUREG]**Lrsusf -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Lrsusf.exe
[01-HKCUREG]**Mrsusg -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Mrsusg.exe
[01-HKCUREG]**Orsusi -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Orsusi.exe
[01-HKCUREG]**Screen Saver Pro 3.1 -/- C:\Users\Administrator\AppData\Roaming\ScreenSaverPro.scr
[01-HKCUREG]**Srsusm -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Srsusm.exe
[01-HKCUREG]**sz1s3ec -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-101417\s11z2ec.exe
[01-HKCUREG]**szsec -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-861397\szsec.exe
[01-HKCUREG]**Trsusn -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Trsusn.exe
[01-HKCUREG]**x111n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-187892\s11h10.exe
[01-HKCUREG]**x1h2n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87892\s1sh10.exe
[01-HKCUREG]**x222n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22892\s222h10.exe
[01-HKCUREG]**Xrsusr -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Xrsusr.exe
[01-HKCUREG]**xsh2n1 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81240\sxshin1.exe
[01-HKCUREG]**xsh2n3 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81340\sxshin3.exe
[01-HKCUREG]**xsh2n4 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81350\sxshin4.exe
[01-HKCUREG]**xsh2n5 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81650\sxshin5.exe
[01-HKCUREG]**xsh2n6 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86650\sxshin6.exe
[01-HKCUREG]**xsh2n7 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87650\sxshin7.exe
[01-HKCUREG]**xsh2n8 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87850\sxshin8.exe
[01-HKCUREG]**xsh2n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87891\sxsh10.exe
[01-HKCUREG]**xshin -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81540\sxshin.exe
[01-HKCUREG]**xshin1 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81140\sxshin1.exe
[01-HKCUREG]**Zrsust -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Zrsust.exe
[02-HKLMREG]**aa0rab9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-82290\aara9.exe
[02-HKLMREG]**Arsusu -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Arsusu.exe
[02-HKLMREG]**azzrab9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-861390\azza9.exe
[02-HKLMREG]**Brsusv -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Brsusv.exe
[02-HKLMREG]**Hrsusb -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Hrsusb.exe
[02-HKLMREG]**IEtemp -/- C:\Users\Administrator\AppData\Roaming\IEtemp.scr
[02-HKLMREG]**Lrsusf -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Lrsusf.exe
[02-HKLMREG]**Mrsusg -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Mrsusg.exe
[02-HKLMREG]**Orsusi -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Orsusi.exe
[02-HKLMREG]**Screen Saver Pro 3.1 -/- C:\Users\Administrator\AppData\Roaming\ScreenSaverPro.scr
[02-HKLMREG]**Srsusm -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Srsusm.exe
[02-HKLMREG]**sz1s3ec -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-101417\s11z2ec.exe
[02-HKLMREG]**szsec -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-861397\szsec.exe
[02-HKLMREG]**Trsusn -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Trsusn.exe
[02-HKLMREG]**x111n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-187892\s11h10.exe
[02-HKLMREG]**x1h2n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87892\s1sh10.exe
[02-HKLMREG]**x222n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-22892\s222h10.exe
[02-HKLMREG]**Xrsusr -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Xrsusr.exe
[02-HKLMREG]**xsh2n1 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81240\sxshin1.exe
[02-HKLMREG]**xsh2n3 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81340\sxshin3.exe
[02-HKLMREG]**xsh2n4 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81350\sxshin4.exe
[02-HKLMREG]**xsh2n5 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81650\sxshin5.exe
[02-HKLMREG]**xsh2n6 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-86650\sxshin6.exe
[02-HKLMREG]**xsh2n7 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87650\sxshin7.exe
[02-HKLMREG]**xsh2n8 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87850\sxshin8.exe
[02-HKLMREG]**xsh2n9 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-87891\sxsh10.exe
[02-HKLMREG]**xshin -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81540\sxshin.exe
[02-HKLMREG]**xshin1 -/- C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-81140\sxshin1.exe
[02-HKLMREG]**Zrsust -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Zrsust.exe
[03-BHOCLSD]**Adobe PDF Link Helper -/- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -/- {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
[03-BHOCLSD]**AVG Safe Search -/- C:\Program Files\AVG\AVG8\avgssie.dll -/- {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[03-BHOCLSD]**AVG Security Toolbar -/- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL -/- {A057A204-BACC-4D26-9990-79A187E2698E}
[03-BHOCLSD]**DefaultTab Browser Helper -/- C:\Users\Administrator\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll -/- {7F6AFBF1-E065-4627-A2FD-810366367D01}
[04-TOOLBAR]**AVG Security Toolbar -/- C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL -/- {A057A204-BACC-4D26-9990-79A187E2698E}
[05-SERVICE]**AdobeFlashPlayerUpdateSvc -/- Adobe Flash Player Update Service -/- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[05-SERVICE]**AntiVirSchedulerService -/- Avira AntiVir Scheduler -/- C:\Program Files\Avira\AntiVir Desktop\sched.exe
[05-SERVICE]**AntiVirService -/- Avira AntiVir Guard -/- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
[05-SERVICE]**HPSIService -/- HP SI Service -/- C:\Windows\system32\HPSIsvc.exe
[05-SERVICE]**lmhosts -/- TCP/IP NetBIOS Helper -/- C:\Windows\system32\svchost.exe -/- C:\Windows\System32\lltdsvc.dll
[05-SERVICE]**NlaSvc -/- Network Location Awareness -/- C:\Windows\System32\svchost.exe
[05-SERVICE]**nsi -/- Network Store Interface Service -/- C:\Windows\system32\svchost.exe
[05-SERVICE]**ose -/- Office Source Engine -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[05-SERVICE]**VmbService -/- Vodafone Mobile Broadband Service -/- C:\Program Files\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe