프로그램분석
Trojan-Dropper.Win32.Zegost / Generic Dropper.YOUSHIZHUAY
프로세스 천국
2012. 2. 8. 07:00
---------------------------------------------------
001. Created by Windowexe.com / do not delete this label.
---------------------------------------------------
001. SCADD AppMgmt -/- Application Management -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\gqbpg.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
002. SCADD FastUserSwitchingCompatibility -/- Fast User Switching Compatibility -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\pmwvg.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
003. SCADD hkmsvc -/- Health Key and Certificate Management Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\odwgd.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
004. SCADD ias -/- hvujvvuc -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\ghode.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
005. SCADD napagent -/- Network Access Protection Agent -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\vhkqc.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
006. SCADD Netman -/- Network Connections -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\qlfgj.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
---------------------------------------------------
007. Created by Windowexe.com / do not delete this label.
---------------------------------------------------
007. SCADD NtmsSvc -/- Removable Storage -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\dtnfs.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
008. SCADD nwcworkstation -/- dgthujdg -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\mkgys.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
009. SCADD RasAuto -/- Remote Access Auto Connection Manager -/- Auto/Stopped -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\xbwgd.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
010. SCADD RemoteAccess -/- Routing and Remote Access -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\lerhc.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
011. SCADD WmdmPmSN -/- Portable Media Serial Number Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\phbsi.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
012. SCADD wmi -/- sdworbgi -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\ymqrs.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
013. SCADD xmlprov -/- Network Provisioning Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\dhrcn.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
001. Created by Windowexe.com / do not delete this label.
---------------------------------------------------
001. SCADD AppMgmt -/- Application Management -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\gqbpg.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
002. SCADD FastUserSwitchingCompatibility -/- Fast User Switching Compatibility -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\pmwvg.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
003. SCADD hkmsvc -/- Health Key and Certificate Management Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\odwgd.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
004. SCADD ias -/- hvujvvuc -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\ghode.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
005. SCADD napagent -/- Network Access Protection Agent -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\vhkqc.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
006. SCADD Netman -/- Network Connections -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\qlfgj.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
---------------------------------------------------
007. Created by Windowexe.com / do not delete this label.
---------------------------------------------------
007. SCADD NtmsSvc -/- Removable Storage -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\dtnfs.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
008. SCADD nwcworkstation -/- dgthujdg -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\mkgys.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
009. SCADD RasAuto -/- Remote Access Auto Connection Manager -/- Auto/Stopped -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\xbwgd.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
010. SCADD RemoteAccess -/- Routing and Remote Access -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\lerhc.cc3 -/- C:\WINDOWS\system32\svchost.exe -k netsvcs
011. SCADD WmdmPmSN -/- Portable Media Serial Number Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\phbsi.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
012. SCADD wmi -/- sdworbgi -/- Auto/StartPending -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\ymqrs.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs
013. SCADD xmlprov -/- Network Provisioning Service -/- Auto/Running -/- C:\Documents and Settings\Administrator\Application Data\Storm\update\%YOUSHIZHUAY%\dhrcn.cc3 -/- C:\WINDOWS\System32\svchost.exe -k netsvcs