Code : HiIUQUmpNJY36JOqFl5r4cRHRIcWsdGz

프로그램분석

Code : HiIUQUmpNJY36JOqFl5r4cRHRIcWsdGz

프로세스 천국 2013. 10. 3. 01:34

[00-PROCESS]**alg -/- C:\Windows\System32\alg.exe
[00-PROCESS]**bkcount -/- C:\Program Files\UTECH\bkcount.exe
[00-PROCESS]**bkpops -/- C:\Program Files\bkpop\bkpops.exe
[00-PROCESS]**bksvc -/- C:\Program Files\UTECH\bksvc.exe
[00-PROCESS]**csrss -/- C:\Windows\system32\csrss.exe
[00-PROCESS]**datawindowconfig -/- C:\Windows\datawindowconfig.exe
[00-PROCESS]**dllhost -/- C:\Windows\system32\dllhost.exe
[00-PROCESS]**Dwm -/- C:\Windows\system32\Dwm.exe
[00-PROCESS]**ehRecvr -/- C:\Windows\ehome\ehRecvr.exe
[00-PROCESS]**ehsched -/- C:\Windows\ehome\ehsched.exe
[00-PROCESS]**explorer -/- C:\Windows\explorer.exe
[00-PROCESS]**Foxcorn -/- C:\Users\Administrator\AppData\Roaming\Microsoft\FoxPlugin\Tools\Foxcorn.exe
[00-PROCESS]**FreeApp -/- C:\Windows\system32\MicrowindowSearch\FreeApp.exe
[00-PROCESS]**fxcom -/- C:\Users\Administrator\AppData\Roaming\Microsoft\FoxPlugin\Tools\fxcom.exe
[00-PROCESS]**fxssvc -/- C:\Windows\system32\fxssvc.exe
[00-PROCESS]**ICleanZoneSetup_HIDE_206 -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\ICleanZoneSetup_HIDE_206.exe
[00-PROCESS]**infocard -/- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
[00-PROCESS]**Install-29713005 -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Install-29713005.exe
[00-PROCESS]**kwinso_uninstall -/- C:\Program Files\kwinstart\kwinso_uninstall.exe
[00-PROCESS]**kwinstart -/- C:\Program Files\kwinstart\kwinstart.exe
[00-PROCESS]**kwinstartagent -/- C:\Program Files\kwinstart\kwinstartagent.exe
[00-PROCESS]**livecleaner -/- C:\Program Files\livecleaner\livecleaner.exe
[00-PROCESS]**livecleanerse -/- C:\Program Files\livecleaner\livecleanerse.exe
[00-PROCESS]**livecleanersetup_add -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\livecleanersetup_add.exe
[00-PROCESS]**livecleanerU -/- C:\Program Files\livecleaner\livecleanerU.exe
[00-PROCESS]**locator -/- C:\Windows\system32\locator.exe
[00-PROCESS]**lsass -/- C:\Windows\system32\lsass.exe
[00-PROCESS]**lsm -/- C:\Windows\system32\lsm.exe
[00-PROCESS]**metablogagent -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\metablogagent.exe
[00-PROCESS]**MetablogNewIssues -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\MetablogNewIssues.exe
[00-PROCESS]**MicrowindowSearch -/- C:\Windows\system32\MicrowindowSearch\MicrowindowSearch.exe
[00-PROCESS]**mscorsvw -/- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00-PROCESS]**mscorsvw -/- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
[00-PROCESS]**msdtc -/- C:\Windows\System32\msdtc.exe
[00-PROCESS]**msiexec -/- C:\Windows\system32\msiexec.exe
[00-PROCESS]**NOTEPAD -/- C:\Windows\system32\NOTEPAD.EXE
[00-PROCESS]**pcm -/- C:\Users\Administrator\AppData\Roaming\pcm\pcm.exe
[00-PROCESS]**pcmagent -/- C:\Users\Administrator\AppData\Roaming\pcm\pcmagent.exe
[00-PROCESS]**perfhost -/- C:\Windows\system32\perfhost.exe
[00-PROCESS]**pmu -/- C:\Users\Administrator\AppData\Roaming\pmu\pmu.exe
[00-PROCESS]**pmuagent -/- C:\Users\Administrator\AppData\Roaming\pmu\pmuagent.exe
[00-PROCESS]**PresentationFontCache -/- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
[00-PROCESS]**SearchIndexer -/- C:\Windows\system32\SearchIndexer.exe
[00-PROCESS]**services -/- C:\Windows\system32\services.exe
[00-PROCESS]**setup_jamong_silent -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\setup_jamong_silent.exe
[00-PROCESS]**SmartWeb -/- C:\Program Files\SmartWeb\SmartWeb.exe
[00-PROCESS]**SmartWebAgent -/- C:\Program Files\SmartWeb\SmartWebAgent.exe
[00-PROCESS]**snmptrap -/- C:\Windows\System32\snmptrap.exe
[00-PROCESS]**speedscan -/- C:\Program Files\speedscan\speedscan.exe
[00-PROCESS]**speedscanse -/- C:\Program Files\speedscan\speedscanse.exe
[00-PROCESS]**speedscanu -/- C:\Program Files\speedscan\speedscanu.exe
[00-PROCESS]**spoolsv -/- C:\Windows\System32\spoolsv.exe
[00-PROCESS]**sppsvc -/- C:\Windows\system32\sppsvc.exe
[00-PROCESS]**SRankingPopView_06_hinst -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\SRankingPopView_06_hinst.exe
[00-PROCESS]**svchost -/- C:\Windows\system32\svchost.exe
[00-PROCESS]**taskeng -/- C:\Windows\system32\taskeng.exe
[00-PROCESS]**taskhost -/- C:\Windows\system32\taskhost.exe
[00-PROCESS]**TPAutoConnSvc -/- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
[00-PROCESS]**TPVCGateway -/- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
[00-PROCESS]**TrustedInstaller -/- C:\Windows\servicing\TrustedInstaller.exe
[00-PROCESS]**UI0Detect -/- C:\Windows\system32\UI0Detect.exe
[00-PROCESS]**upenkr -/- C:\Users\Administrator\AppData\Roaming\Microsoft\FoxPlugin\Tools\upenkr.exe
[00-PROCESS]**vds -/- C:\Windows\System32\vds.exe
[00-PROCESS]**vmtoolsd -/- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
[00-PROCESS]**vssvc -/- C:\Windows\system32\vssvc.exe
[00-PROCESS]**wbengine -/- C:\Windows\system32\wbengine.exe
[00-PROCESS]**wellbinga -/- C:\Program Files\wellbinga\wellbinga.exe
[00-PROCESS]**wellbingup -/- C:\Program Files\wellbinga\wellbingup.exe
[00-PROCESS]**wellclean -/- C:\Program Files\wellbinga\wellclean.exe
[00-PROCESS]**windowpurchase -/- C:\Users\Administrator\AppData\Local\windowpurchase\windowpurchase.exe
[00-PROCESS]**windowpurchase_uc -/- C:\Users\Administrator\AppData\Local\windowpurchase\windowpurchase_uc.exe
[00-PROCESS]**windowpurchase_unins -/- C:\Users\Administrator\AppData\Local\windowpurchase\windowpurchase_unins.exe
[00-PROCESS]**WindowServiceNT -/- C:\Windows\system32\WindowServiceNT.exe
[00-PROCESS]**WindowsPurchaseHelperSetup_enterjoy1r -/- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\WindowsPurchaseHelperSetup_enterjoy1r.exe
[00-PROCESS]**windowstab -/- C:\Users\Administrator\AppData\Local\windowstab\windowstab.exe
[00-PROCESS]**windowstab_mon -/- C:\Users\Administrator\AppData\Local\windowstab\windowstab_mon.exe
[00-PROCESS]**windowstab_uc -/- C:\Users\Administrator\AppData\Local\windowstab\windowstab_uc.exe
[00-PROCESS]**windowstab_unins -/- C:\Users\Administrator\AppData\Local\windowstab\windowstab_unins.exe
[00-PROCESS]**wininit -/- C:\Windows\system32\wininit.exe
[00-PROCESS]**winlogon -/- C:\Windows\system32\winlogon.exe
[00-PROCESS]**WmiApSrv -/- C:\Windows\system32\wbem\WmiApSrv.exe
[00-PROCESS]**wmiprvse -/- C:\Windows\system32\wbem\wmiprvse.exe
[00-PROCESS]**wmpnetwk -/- C:\Program Files\Windows Media Player\wmpnetwk.exe
[01-HKCUREG]**baduk -/- C:\Program Files\bkpop\bkpops.exe
[01-HKCUREG]**dwmtools -/- C:\Users\Administrator\AppData\Roaming\opensearchGT\dwmtools.exe Runcmd
[01-HKCUREG]**Fox-Corn -/- C:\Users\Administrator\AppData\Roaming\Microsoft\FoxPlugin\Tools\upenkr.exe
[01-HKCUREG]**kwinstart -/- C:\Program Files\kwinstart\kwinstart.exe
[01-HKCUREG]**kwinstartagent -/- C:\Program Files\kwinstart\kwinstartagent.exe
[01-HKCUREG]**LnchSysIP -/- C:\Program Files\SysIntPro\prsyncp.exe
[01-HKCUREG]**metablogagent -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\metablogagent.exe
[01-HKCUREG]**MetablogNewIssues -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\MetablogNewIssues.exe /byboot
[01-HKCUREG]**MicrowindowSearch -/- C:\WINDOWS\system32\MicrowindowSearch\MicrowindowSearch.exe
[01-HKCUREG]**VMware Tools -/- C:\Program Files\VMware\VMware Tools\VMwareTray.exe
[01-HKCUREG]**VMware User Process -/- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe -n vmusr
[01-HKCUREG]**wellbinga -/- C:\Program Files\wellbinga\wellbingup.exe
[01-HKCUREG]**WINDOWPURCHASE_UC -/- C:\Users\Administrator\AppData\Local\windowpurchase\windowpurchase_uc.exe /run
[02-HKLMREG]**baduk -/- C:\Program Files\bkpop\bkpops.exe
[02-HKLMREG]**dwmtools -/- C:\Users\Administrator\AppData\Roaming\opensearchGT\dwmtools.exe Runcmd
[02-HKLMREG]**Fox-Corn -/- C:\Users\Administrator\AppData\Roaming\Microsoft\FoxPlugin\Tools\upenkr.exe
[02-HKLMREG]**kwinstart -/- C:\Program Files\kwinstart\kwinstart.exe
[02-HKLMREG]**kwinstartagent -/- C:\Program Files\kwinstart\kwinstartagent.exe
[02-HKLMREG]**LnchSysIP -/- C:\Program Files\SysIntPro\prsyncp.exe
[02-HKLMREG]**metablogagent -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\metablogagent.exe
[02-HKLMREG]**MetablogNewIssues -/- C:\Users\Administrator\AppData\Local\MetablogNewIssues\MetablogNewIssues.exe /byboot
[02-HKLMREG]**MicrowindowSearch -/- C:\WINDOWS\system32\MicrowindowSearch\MicrowindowSearch.exe
[02-HKLMREG]**VMware Tools -/- C:\Program Files\VMware\VMware Tools\VMwareTray.exe
[02-HKLMREG]**VMware User Process -/- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe -n vmusr
[02-HKLMREG]**wellbinga -/- C:\Program Files\wellbinga\wellbingup.exe
[02-HKLMREG]**WINDOWPURCHASE_UC -/- C:\Users\Administrator\AppData\Local\windowpurchase\windowpurchase_uc.exe /run
[03-BHOCLSD]**kwinso -/- c:\PROGRA~2\KWINST~1\kwinso.dll -/- {CC01FC6C-CACC-4E17-8C06-95C30EF5E6A7}
[05-SERVICE]**ApplicationSpecialManagement -/- Application Special Management -/- C:\Windows\system32\WindowServiceNT.exe
[05-SERVICE]**bkpops -/- bkpops 서비스 -/- C:\Program Files\UTECH\bksvc.exe
[05-SERVICE]**livecleanerService -/- livecleaner Service -/- C:\Program Files\livecleaner\livecleanerse.exe
[05-SERVICE]**NetTcpPortSharing -/- Net.Tcp Port Sharing Service -/- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
[05-SERVICE]**PerfHost -/- Performance Counter DLL Host -/- C:\Windows\system32\perfhost.exe
[05-SERVICE]**speedscan Update Service -/- speedscan Support Service -/- C:\Windows\datawindowconfig.exe
[05-SERVICE]**speedscanService -/- speedscan Service -/- C:\Program Files\speedscan\speedscanse.exe
[05-SERVICE]**TPAutoConnSvc -/- TP AutoConnect Service -/- C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe
[05-SERVICE]**TPVCGateway -/- TP VC Gateway Service -/- C:\Program Files\VMware\VMware Tools\TPVCGateway.exe
[05-SERVICE]**VMTools -/- VMware Tools -/- C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
[05-SERVICE]**vmvss -/- VMware Snapshot Provider -/- C:\Windows\system32\dllhost.exe
[06-TASKLST]**ICleanZone -/- C:\Program Files\ICleanZone\ICleanZoneUpdate.exe
[06-TASKLST]**PC_Clean_Optimizer -/- C:\Program Files\PCO\PCOUpdate.exe
[06-TASKLST]**pcm -/- C:\Users\Administrator\AppData\Roaming\pcm\pcmagent.exe
[06-TASKLST]**pmu -/- C:\Users\Administrator\AppData\Roaming\pmu\pmuagent.exe
[06-TASKLST]**prsynco -/- C:\Program Files\SysIntPro\prsynco.exe
[06-TASKLST]**SWSTART -/- C:\Program Files\SmartWeb\SmartWebAgent.exe
[06-TASKLST]**Window_Network_Manager -/- C:\Program Files\Window Network Manager\WindowNetworkManager.exe