프로그램분석

[timt***on] Trojan.Downloader Install log(Remove All) : 489ms

프로세스 천국 2011. 6. 15. 16:39

----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Microsoft Windows XP Service Pack 3(5.1.2600.196608)
Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz / 767.48 MB
x86 Family 6 Model 37 Stepping 5
Date : 2011-06-15
----------------------------------------------------------------------
DF000 C:\Documents and Settings\Administrator\Application Data\letslive.exe
DF001 C:\Documents and Settings\Administrator\Application Data\moatime\timthelion.exe
DF002 C:\Documents and Settings\Administrator\Application Data\MSINET.OCX
DF003 C:\Documents and Settings\Administrator\Application Data\msvbvm60.dll
DF004 C:\Documents and Settings\Administrator\Application Data\scrrun.dll
DF005 C:\Documents and Settings\Administrator\Application Data\toolonKF\localListFile.dll
DF006 C:\Documents and Settings\Administrator\Application Data\ToolonSetup.exe
DF007 C:\Documents and Settings\Administrator\Application Data\VB6KO.DLL
DF008 C:\Documents and Settings\Administrator\Recent\ADPrime.exe
DF009 C:\Documents and Settings\Administrator\Recent\mcmst_mb.exe
DF010 C:\Documents and Settings\Administrator\Recent\moatimef.exe
DF011 C:\Documents and Settings\Administrator\Recent\ToolOn_king.exe
DF012 C:\Documents and Settings\Administrator\Recent\vaccineu_letsbe.exe
DF013 C:\Program Files\mcmst\mcmst_mb.exe
DF014 C:\Program Files\Microsolution\Microsolution.exe
DF015 C:\Program Files\Microsolution\Microsolution_se.exe
DF016 C:\Program Files\Microsolution\Microsolution_updater.exe
DF017 C:\Program Files\timthelion\timthelion.dll
DF018 C:\Program Files\ToolOnKF\ADPopupTO.dll
DF019 C:\Program Files\ToolOnKF\ToolOnKF.dll
DF020 C:\Program Files\ToolOnKF\ToolOnUpdateKF.exe
DF021 C:\Program Files\ToolOnKF\tosghelp.exe
DF022 C:\Program Files\ToolOnKF\TOUninstallKF.exe
DF023 C:\Program Files\toowo\toowo.exe
DF024 C:\Program Files\towoo\towoo.exe
DF025 C:\Program Files\vaccineu\db\filter.dll
DF026 C:\Program Files\vaccineu\db\inter.dll
DF027 C:\Program Files\vaccineu\etc\VUFilterDriver.SYS
DF028 C:\Program Files\vaccineu\etc\VUMon.exe
DF029 C:\Program Files\vaccineu\etc\VUmonRemote.dll
DF030 C:\Program Files\vaccineu\etc\VUReg.exe
DF031 C:\Program Files\vaccineu\temp\filter.dll
DF032 C:\Program Files\vaccineu\temp\inter.dll
DF033 C:\Program Files\vaccineu\Uninstall.exe
DF034 C:\Program Files\vaccineu\vaccineu.exe
DF035 C:\Program Files\vaccineu\VUAutoUpdate.exe
DF036 C:\Program Files\vaccineu\VUEngine.dll
DF037 C:\WINDOWS\Microsolution_uninstaller.exe
DF038 C:\WINDOWS\system32\PreadAgent.exe
DF039 C:\WINDOWS\system32\PremiumAd.dll
DF040 C:\WINDOWS\system32\Uninstall.exe
DF041 C:\WINDOWS\system32\Updater.exe
----------------------------------------------------------------------
SC042 Microsolution Update Service -/- Microsolution Support Service -/- - -/-  -/- "C:\Program Files\Microsolution\Microsolution_se.exe" /service
SC043 timthelion -/- timthelion -/- - -/- C:\Program Files\timthelion\timthelion.dll -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
----------------------------------------------------------------------
UN044 ADPrime Components 1.00 -/- - -/- ADPrime Components 1.00 -/- - -/- -
UN045 Microsolution -/- - -/- Microsolution -/-
UN046 ToolOn Uninstall -/-  -/- ToolOnKF -/-  -/- -
UN047 Windows winwool -/- Windows winwool -/- toowo -/- -
UN048 Windows ziptool -/- Windows ziptool -/- towoo -/- -
UN049 vaccineu -/- - -/- vaccineu -/- - -/- -
----------------------------------------------------------------------
LS050 toowo.exe -/- C:\Program Files\toowo\toowo.exe
LS051 towoo.exe -/- C:\Program Files\towoo\towoo.exe
LS052 mcmst_mb.exe -/- C:\Program Files\mcmst\mcmst_mb.exe
LS053 BestSite Agent -/- C:\Program Files\BSTL\Agent.exe BestSite.dll
LS054 PremiumAd -/- C:\WINDOWS\system32\PreadAgent.exe
LS055 toolonupdateKF -/- C:\Program Files\ToolOnKF\ToolOnUpdateKF.exe
LS056 vaccineu -/- C:\Program Files\vaccineu\vaccineu.exe /Scan
LS057 letslive -/- C:\Documents and Settings\Administrator\Application Data\letslive.exe
----------------------------------------------------------------------
BH058 AdPopupB -/- C:\Program Files\ToolOnKF\ADPopupTO.dll -/- {397CFDD8-762F-44D4-9517-E3969F89639E}
BH059 ToolOnKF -/- C:\Program Files\ToolOnKF\ToolOnKF.dll -/- {514FE04D-4442-415c-8AFE-C6B7BFB2DA33}
BH060 PremiumAdBHO Class -/- C:\WINDOWS\system32\PremiumAd.dll -/- {CA431E35-A5FA-4F7B-BB28-0F62DE3DE761}
----------------------------------------------------------------------
Deleted Files : 42
Remove Service : 2
Remove Uninstall Entry : 6
Remove Startup Entry : 8
Remove Browser Helper Object : 3
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
[02-HKLMREG]**toowo.exe
[02-HKLMREG]**towoo.exe
[02-HKLMREG]**mcmst_mb.exe
[02-HKLMREG]**BestSite Agent
[02-HKLMREG]**PremiumAd
[02-HKLMREG]**toolonupdateKF
[02-HKLMREG]**vaccineu
[02-HKLMREG]**letslive
[03-BHOCLSD]**{397CFDD8-762F-44D4-9517-E3969F89639E}
[03-BHOCLSD]**{514FE04D-4442-415c-8AFE-C6B7BFB2DA33}
[03-BHOCLSD]**{CA431E35-A5FA-4F7B-BB28-0F62DE3DE761}
[05-SERVICE]**Microsolution Update Service
[05-SERVICE]**timthelion
----------------------------------------------------------------------
Total Processing Time : 489ms
----------------------------------------------------------------------
What's new : BH059 ToolOnKF -/- C:\Program Files\ToolOnKF\ToolOnKF.dll -/- {514FE04D-4442-415c-8AFE-C6B7BFB2DA33}
----------------------------------------------------------------------

저작자표시 (새창열림)