프로그램분석
[wLaunCxx.Win32/Trojan Downloader] Processing log
프로세스 천국
2011. 6. 4. 20:34
----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Microsoft Windows XP Service Pack 3(5.1.2600.196608)
Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz / 767.48 MB
x86 Family 6 Model 37 Stepping 5
Date : 2011-06-04
----------------------------------------------------------------------
DF001 C:\Program Files\BasicPrivacy\AddScheduler.exe
DF001 C:\Program Files\GuideOn\GuideOn.dll
DF002 C:\Program Files\BasicPrivacy\AddScheduler_.exe
DF002 C:\Program Files\GuideOn\GuideOn.exe
DF003 C:\Program Files\BasicPrivacy\BasicPrivacy.exe
DF003 C:\Program Files\GuideOn\uninstall.exe
DF004 C:\Program Files\BasicPrivacy\BasicPrivacycfg.exe
DF004 C:\Program Files\opensearchp\opensearchp.dll
DF005 C:\Program Files\BasicPrivacy\BasicPrivacyMon.exe
DF005 C:\Program Files\opensearchp\opensearchps.exe
DF006 C:\Program Files\BasicPrivacy\uninst.exe
DF006 C:\Program Files\opensearchp\Uninstall.exe
DF007 C:\Program Files\icleservice\icleservice.dll
DF007 C:\Program Files\PostTip\PostTip.dll
DF008 C:\Program Files\icleservice\Uninstall.exe
DF008 C:\Program Files\PostTip\PostTip.exe
DF009 C:\Program Files\mmedia\mmedia.exe
DF009 C:\Program Files\PostTip\uninstall.exe
DF010 C:\Program Files\opensearchp\icleservicein.exe
DF010 C:\Program Files\SmartAppUpdate\Check\smtbin.exe
DF011 C:\Program Files\SmartAppUpdate\SggMMt.exe
DF011 C:\WINDOWS\GuideOn__GO45.exe
DF012 C:\Program Files\SmartAppUpdate\smtiestarter.dll
DF012 C:\WINDOWS\install_p1.exe
DF013 C:\Program Files\SmartAppUpdate\smtuninst.exe
DF014 C:\Program Files\SmartTool\SmartTool.dll
DF015 C:\Program Files\SmartTool\SmartTool.exe
DF016 C:\Program Files\SmartTool\Uninstall.exe
DF017 C:\Program Files\smsGwang\smsGwang.exe
DF018 C:\Program Files\smsGwang\smsGwang_Uninstall.exe
DF019 C:\Program Files\wLauncher\uninstall.exe
DF020 C:\Program Files\wLauncher\wDup.exe
DF021 C:\smtappsetup.exe
DF022 C:\WINDOWS\system32\opensearchpinst.exe
----------------------------------------------------------------------
UN013 베이직프라이버시 -/- - -/- BasicPrivacy -/- - -/- -
UN014 GuideOn -/- - -/- GuideOn -/- - -/- -
UN015 keepprotect -/- - -/- keepprotect -/-
UN016 New Feel 2 Day -/- feel2day, Inc. -/- NFDay -/-
UN017 opensearchp 1.00 -/- - -/- opensearchp 1.00 -/- - -/- -
UN018 PostTip -/- - -/- PostTip -/- - -/- -
UN019 SmartAppUpdate -/- - -/- SmartAppUpdate -/- - -/- -
UN020 SmartTool 제거 -/- - -/- SmartTool -/- - -/- -
UN021 문자광 -/- - -/- smsGwang -/- - -/- -
UN022 Window Internet Shop Service 1.00 -/- - -/- Window Internet Shop Service 1.00 -/- - -/- -
UN023 GuideOn -/- - -/- GuideOn -/- - -/- -
UN023 wLauncher -/- wLauncher -/- wLauncher -/-
UN024 opensearchp 1.00 -/- - -/- opensearchp 1.00 -/- - -/- -
UN025 PostTip -/- - -/- PostTip -/- - -/- -
UN026 SmartAppUpdate -/- - -/- SmartAppUpdate -/- - -/- -
UN027 SmartTool 제거 -/- - -/- SmartTool -/- - -/- -
UN028 문자광 -/- - -/- smsGwang -/- - -/- -
UN029 wLauncher -/- wLauncher -/- wLauncher -/-
----------------------------------------------------------------------
BH034 opensearchhana.opensearchp -/- C:\Program Files\opensearchp\opensearchp.dll -/- {1ED8E185-17DF-4A1A-A25C-79B29B604925}
BH035 SmartToolCtl Class -/- C:\Program Files\SmartTool\SmartTool.dll -/- {2D891923-34B7-4186-9B47-752624535DC1}
BH036 icleserviceprg.icleservice -/- C:\Program Files\icleservice\icleservice.dll -/- {54FA145A-81B1-4C06-87A2-78BDD58BF073}
BH036 SmartToolCtl Class -/- C:\Program Files\SmartTool\SmartTool.dll -/- {2D891923-34B7-4186-9B47-752624535DC1}
BH037 GuideHelper Class -/- C:\Program Files\GuideOn\GuideOn.dll -/- {6704E2EA-6213-4d17-BB3D-4AE9E3609536}
BH038 -/- C:\PROGRA~1\SMARTA~1\SMTIES~1.DLL -/- {71C1129C-1253-4C97-82CA-B6D1E568072E}
BH039 PostTip -/- C:\Program Files\PostTip\PostTip.dll -/- {C4BF6897-41A2-454b-AC3B-437F30BEA671}
BH040 IECtrl Class -/- C:\PROGRA~1\NFDay\nfddll.dll -/- {CA479385-AB37-40C5-AC98-43CB6A8E0B90}
LS027 PostTip -/- C:\Program Files\PostTip\PostTip.exe
LS028 keepprotect main -/- C:\Program Files\keepprotect\keepprotectu.exe
LS029 GuideOn -/- C:\Program Files\GuideOn\GuideOn.exe
LS030 SmartTool -/- C:\Program Files\SmartTool\SmartTool.exe
LS031 NFDay -/- C:\Program Files\NFDay\nfdupdater.exe
LS032 GuideOn -/- C:\Program Files\GuideOn\GuideOn.exe
LS032 NFDayUpdate -/- C:\Program Files\NFDay\nfdux.exe
LS033 BasicPrivacy -/- C:\Program Files\BasicPrivacy\BasicPrivacy.exe /run1
LS033 PostTip -/- C:\Program Files\PostTip\PostTip.exe
LS034 SmartTool -/- C:\Program Files\SmartTool\SmartTool.exe
US024 Starcraft-wLauncher -/- C:\Program Files\wLauncher\wDup.exe -s
US025 smsGwang -/- C:\Program Files\smsGwang\smsGwang.exe -h
US026 mmedia -/- C:\Program Files\mmedia\mmedia.exe
US030 Starcraft-wLauncher -/- C:\Program Files\wLauncher\wDup.exe -s
US031 smsGwang -/- C:\Program Files\smsGwang\smsGwang.exe -h
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
[01-HKCUREG]**mmedia
[01-HKCUREG]**smsGwang
[01-HKCUREG]**Starcraft-wLauncher
[02-HKLMREG]**BasicPrivacy
[02-HKLMREG]**GuideOn
[02-HKLMREG]**keepprotect main
[02-HKLMREG]**NFDay
[02-HKLMREG]**NFDayUpdate
[02-HKLMREG]**PostTip
[02-HKLMREG]**SmartTool
[03-BHOCLSD]**{1ED8E185-17DF-4A1A-A25C-79B29B604925}
[03-BHOCLSD]**{2D891923-34B7-4186-9B47-752624535DC1}
[03-BHOCLSD]**{54FA145A-81B1-4C06-87A2-78BDD58BF073}
[03-BHOCLSD]**{6704E2EA-6213-4d17-BB3D-4AE9E3609536}
[03-BHOCLSD]**{71C1129C-1253-4C97-82CA-B6D1E568072E}
[03-BHOCLSD]**{C4BF6897-41A2-454b-AC3B-437F30BEA671}
[03-BHOCLSD]**{CA479385-AB37-40C5-AC98-43CB6A8E0B90}
----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Microsoft Windows XP Service Pack 3(5.1.2600.196608)
Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz / 767.48 MB
x86 Family 6 Model 37 Stepping 5
Date : 2011-06-04
----------------------------------------------------------------------
DF001 C:\Program Files\BasicPrivacy\AddScheduler.exe
DF001 C:\Program Files\GuideOn\GuideOn.dll
DF002 C:\Program Files\BasicPrivacy\AddScheduler_.exe
DF002 C:\Program Files\GuideOn\GuideOn.exe
DF003 C:\Program Files\BasicPrivacy\BasicPrivacy.exe
DF003 C:\Program Files\GuideOn\uninstall.exe
DF004 C:\Program Files\BasicPrivacy\BasicPrivacycfg.exe
DF004 C:\Program Files\opensearchp\opensearchp.dll
DF005 C:\Program Files\BasicPrivacy\BasicPrivacyMon.exe
DF005 C:\Program Files\opensearchp\opensearchps.exe
DF006 C:\Program Files\BasicPrivacy\uninst.exe
DF006 C:\Program Files\opensearchp\Uninstall.exe
DF007 C:\Program Files\icleservice\icleservice.dll
DF007 C:\Program Files\PostTip\PostTip.dll
DF008 C:\Program Files\icleservice\Uninstall.exe
DF008 C:\Program Files\PostTip\PostTip.exe
DF009 C:\Program Files\mmedia\mmedia.exe
DF009 C:\Program Files\PostTip\uninstall.exe
DF010 C:\Program Files\opensearchp\icleservicein.exe
DF010 C:\Program Files\SmartAppUpdate\Check\smtbin.exe
DF011 C:\Program Files\SmartAppUpdate\SggMMt.exe
DF011 C:\WINDOWS\GuideOn__GO45.exe
DF012 C:\Program Files\SmartAppUpdate\smtiestarter.dll
DF012 C:\WINDOWS\install_p1.exe
DF013 C:\Program Files\SmartAppUpdate\smtuninst.exe
DF014 C:\Program Files\SmartTool\SmartTool.dll
DF015 C:\Program Files\SmartTool\SmartTool.exe
DF016 C:\Program Files\SmartTool\Uninstall.exe
DF017 C:\Program Files\smsGwang\smsGwang.exe
DF018 C:\Program Files\smsGwang\smsGwang_Uninstall.exe
DF019 C:\Program Files\wLauncher\uninstall.exe
DF020 C:\Program Files\wLauncher\wDup.exe
DF021 C:\smtappsetup.exe
DF022 C:\WINDOWS\system32\opensearchpinst.exe
----------------------------------------------------------------------
UN013 베이직프라이버시 -/- - -/- BasicPrivacy -/- - -/- -
UN014 GuideOn -/- - -/- GuideOn -/- - -/- -
UN015 keepprotect -/- - -/- keepprotect -/-
UN016 New Feel 2 Day -/- feel2day, Inc. -/- NFDay -/-
UN017 opensearchp 1.00 -/- - -/- opensearchp 1.00 -/- - -/- -
UN018 PostTip -/- - -/- PostTip -/- - -/- -
UN019 SmartAppUpdate -/- - -/- SmartAppUpdate -/- - -/- -
UN020 SmartTool 제거 -/- - -/- SmartTool -/- - -/- -
UN021 문자광 -/- - -/- smsGwang -/- - -/- -
UN022 Window Internet Shop Service 1.00 -/- - -/- Window Internet Shop Service 1.00 -/- - -/- -
UN023 GuideOn -/- - -/- GuideOn -/- - -/- -
UN023 wLauncher -/- wLauncher -/- wLauncher -/-
UN024 opensearchp 1.00 -/- - -/- opensearchp 1.00 -/- - -/- -
UN025 PostTip -/- - -/- PostTip -/- - -/- -
UN026 SmartAppUpdate -/- - -/- SmartAppUpdate -/- - -/- -
UN027 SmartTool 제거 -/- - -/- SmartTool -/- - -/- -
UN028 문자광 -/- - -/- smsGwang -/- - -/- -
UN029 wLauncher -/- wLauncher -/- wLauncher -/-
----------------------------------------------------------------------
BH034 opensearchhana.opensearchp -/- C:\Program Files\opensearchp\opensearchp.dll -/- {1ED8E185-17DF-4A1A-A25C-79B29B604925}
BH035 SmartToolCtl Class -/- C:\Program Files\SmartTool\SmartTool.dll -/- {2D891923-34B7-4186-9B47-752624535DC1}
BH036 icleserviceprg.icleservice -/- C:\Program Files\icleservice\icleservice.dll -/- {54FA145A-81B1-4C06-87A2-78BDD58BF073}
BH036 SmartToolCtl Class -/- C:\Program Files\SmartTool\SmartTool.dll -/- {2D891923-34B7-4186-9B47-752624535DC1}
BH037 GuideHelper Class -/- C:\Program Files\GuideOn\GuideOn.dll -/- {6704E2EA-6213-4d17-BB3D-4AE9E3609536}
BH038 -/- C:\PROGRA~1\SMARTA~1\SMTIES~1.DLL -/- {71C1129C-1253-4C97-82CA-B6D1E568072E}
BH039 PostTip -/- C:\Program Files\PostTip\PostTip.dll -/- {C4BF6897-41A2-454b-AC3B-437F30BEA671}
BH040 IECtrl Class -/- C:\PROGRA~1\NFDay\nfddll.dll -/- {CA479385-AB37-40C5-AC98-43CB6A8E0B90}
LS027 PostTip -/- C:\Program Files\PostTip\PostTip.exe
LS028 keepprotect main -/- C:\Program Files\keepprotect\keepprotectu.exe
LS029 GuideOn -/- C:\Program Files\GuideOn\GuideOn.exe
LS030 SmartTool -/- C:\Program Files\SmartTool\SmartTool.exe
LS031 NFDay -/- C:\Program Files\NFDay\nfdupdater.exe
LS032 GuideOn -/- C:\Program Files\GuideOn\GuideOn.exe
LS032 NFDayUpdate -/- C:\Program Files\NFDay\nfdux.exe
LS033 BasicPrivacy -/- C:\Program Files\BasicPrivacy\BasicPrivacy.exe /run1
LS033 PostTip -/- C:\Program Files\PostTip\PostTip.exe
LS034 SmartTool -/- C:\Program Files\SmartTool\SmartTool.exe
US024 Starcraft-wLauncher -/- C:\Program Files\wLauncher\wDup.exe -s
US025 smsGwang -/- C:\Program Files\smsGwang\smsGwang.exe -h
US026 mmedia -/- C:\Program Files\mmedia\mmedia.exe
US030 Starcraft-wLauncher -/- C:\Program Files\wLauncher\wDup.exe -s
US031 smsGwang -/- C:\Program Files\smsGwang\smsGwang.exe -h
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
[01-HKCUREG]**mmedia
[01-HKCUREG]**smsGwang
[01-HKCUREG]**Starcraft-wLauncher
[02-HKLMREG]**BasicPrivacy
[02-HKLMREG]**GuideOn
[02-HKLMREG]**keepprotect main
[02-HKLMREG]**NFDay
[02-HKLMREG]**NFDayUpdate
[02-HKLMREG]**PostTip
[02-HKLMREG]**SmartTool
[03-BHOCLSD]**{1ED8E185-17DF-4A1A-A25C-79B29B604925}
[03-BHOCLSD]**{2D891923-34B7-4186-9B47-752624535DC1}
[03-BHOCLSD]**{54FA145A-81B1-4C06-87A2-78BDD58BF073}
[03-BHOCLSD]**{6704E2EA-6213-4d17-BB3D-4AE9E3609536}
[03-BHOCLSD]**{71C1129C-1253-4C97-82CA-B6D1E568072E}
[03-BHOCLSD]**{C4BF6897-41A2-454b-AC3B-437F30BEA671}
[03-BHOCLSD]**{CA479385-AB37-40C5-AC98-43CB6A8E0B90}
----------------------------------------------------------------------