5억명이 사용하는 AVAST 안티바이러스 백신 자세히보기

새로운 소식

Avast! SE 안티바이러스를 삭제하는 루트킷 발견!

알 수 없는 사용자 2007. 4. 12. 11:04

최근, 웹 서버와 메일 서버에 대한 다각적인 공격 성향을 앞서 알려 드린 적이 있습니다. 요즘에 새롭게 부각되는 부분이 바로 루트킷이라는 공격 방식입니다.

바이러스/웜은 OS가 동작하고 난 뒤에 실행되므로, 프로세스/파일 등에서 그 원인을 찾아 낸 수 있는 반면에, 루트킷은 OS 커널 상에 동작하기 때문에 기존의 바이러스 백신으로는 진단 및 치료가 불가능합니다.

최근 발견된 XXX 루트킷의 동작을 살펴 보면, 각종 백신의 설치 자체를 인식하는 것으로 보여지며, 당사에서 판매하는 avast! SE를 설치할 경우, 설치를 마치고 재부팅을 하고 나면, 설치 폴더 이외에는 아무런 파일이 보이지 않는 상황이 나타납니다. 물론, 서비스에 어베스트! 관련 4개가 존재하지만 아무런 동작을 취하지 않습니다.

아래 자료는 avast! SE 설치시에 로그를 별도로 생성하여 작성한 것입니다. 로그의 맨끝 부분을 보면 일종의 힌트를 얻어 알아 낼 수 있습니다.

이러한 루트킷에 감염될 경우에는 일반적으로 치료가 가능하지만, 보안을 위해 기존의 데이터를 모두 백업 받고 시스템 OS의 재설치를 추천합니다.

AVG 안티 루트킷 프로그램 다운로드: 무료

알림: 로그의 하단에는 관련 자료 링크가 제공됩니다.

08:59:00 min/gen  Started: 12.04.2007, 08:59:00
08:59:00 min/gen  Running setup_av_srv-2d6 (726)
08:59:00 nrm/sys  Operating system: Windows2003 ver 5.2, build 3790, sp 1.0 [Service Pack 1] SERVER
08:59:00 vrb/sys  Computer WinName: SERVER-TESTSVRI
08:59:00 min/sys  Windows Net User:
08:59:00 min/gen  Cmdline: /sfx /sfxstorage "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\_av_sfx.tm~a02524" /savelog "d:\temp\avsrv.log" /srcpath "D:\temp"
08:59:00 vrb/gen  DldSrc set to sfx
08:59:00 min/gen  Old version: ffffffff (-1)
08:59:00 vrb/reg  Get registry: Software\Microsoft\Internet Explorer\Version=6.0.3790.1830
08:59:00 vrb/gen  Operation set to INST_OP_INSTALL
08:59:00 min/gen  GUID: 9eadb837-2dab-40b9-80e0-b534ec9df7ef
08:59:00 nrm/gen  SelectCurrent: selected server 'tmp sfx storage' from 'sfx'
08:59:00 min/pkg  GetPackages - set proxy for inet
08:59:01 nrm/int  SYNCER: Type: use IE settings
08:59:01 nrm/int  SYNCER: Auth: another authentication, use WinInet
08:59:01 dbg/gen  Entered SetupProcessWin32Avast::Do( INST_OP_INSTALL )
08:59:01 dbg/gen  Entered SetupProcessWin32::Do( INST_OP_INSTALL )
08:59:01 dbg/gen  Entered SetupProcess::Do( INST_OP_INSTALL )
08:59:20 min/pkg  Load C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\_av_sfx.tm~a02524\prod-av_srv.vpu
08:59:20 vrb/pkg  LatestPartInfo: news = news-4b
08:59:20 vrb/pkg  LatestPartInfo: program = prg_av_srv-2d6
08:59:20 vrb/pkg  LatestPartInfo: setup = setup_av_srv-2d6
08:59:20 vrb/pkg  LatestPartInfo: vps = vps-71002
08:59:20 vrb/pkg  Part prg_av_srv-2d6 was set to be installed
08:59:20 vrb/pkg  Part vps-71002 was set to be installed
08:59:20 vrb/pkg  Part news-4b was set to be installed
08:59:20 vrb/pkg  Part setup_av_srv-2d6 was set to be installed
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_e2k', containing 14 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dll416', containing 4 subversions
08:59:20 dbg/pkg  Loaded pkg info 'winsys', containing 3 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dll409', containing 13 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_hlp411', containing 2 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dll', containing 6 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_pro_skins', containing 5 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_hlp405', containing 2 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_net_agent', containing 5 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_hlp416', containing 2 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_core', containing 7 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_hlp409', containing 2 subversions
08:59:20 dbg/pkg  Loaded pkg info 'winsysgui', containing 3 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dom', containing 7 subversions
08:59:20 dbg/pkg  Loaded pkg info 'avscan', containing 8 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_se', containing 11 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dll411', containing 4 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_pxy', containing 15 subversions
08:59:20 dbg/pkg  Loaded pkg info 'av_srv_dll405', containing 13 subversions
08:59:20 dbg/pkg  Loaded pkg info 'vpsm', containing 1 subversions
08:59:20 dbg/pkg  Loaded pkg info 'vps', containing 84 subversions
08:59:20 dbg/pkg  Loaded pkg info 'news405', containing 1 subversions
08:59:20 dbg/pkg  Loaded pkg info 'news409', containing 1 subversions
08:59:20 dbg/pkg  Loaded pkg info 'setif_av_srv', containing 9 subversions
08:59:20 dbg/pkg  Loaded pkg info 'setup_av_srv', containing 4 subversions
08:59:20 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 dbg/pkg  Full of package vps was set to 1
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 dbg/pkg  Full of package vpsm was set to 1
08:59:20 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:20 vrb/pkg  FilterOutExistingFiles: 147 & 0 = 147
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 dbg/pkg  Full of package vps was set to 1
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 dbg/pkg  Full of package vpsm was set to 1
08:59:20 vrb/pkg  FilterOutExistingFiles: 147 & 0 = 147
08:59:20 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 dbg/pkg  Full of package vps was set to 1
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 dbg/pkg  Full of package vpsm was set to 1
08:59:20 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:20 vrb/gen  Operation set to INST_OP_INSTALL
08:59:20 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:20 dbg/pkg  Full of package vps was set to 1
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:20 dbg/pkg  Full of package vpsm was set to 1
08:59:20 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:20 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 dbg/pkg  Full of package vps was set to 1
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 dbg/pkg  Full of package vpsm was set to 1
08:59:21 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 dbg/pkg  Full of package vps was set to 1
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 dbg/pkg  Full of package vpsm was set to 1
08:59:21 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:21 vrb/pkg  FilterOutExistingFiles: 161 & 0 = 161
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:21 dbg/pkg  Full of package vps was set to 1
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:21 dbg/pkg  Full of package vpsm was set to 1
08:59:22 vrb/gen  Operation set to INST_OP_INSTALL
08:59:22 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:22 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:22 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:22 dbg/pkg  Full of package vps was set to 1
08:59:22 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:22 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:22 dbg/pkg  Full of package vpsm was set to 1
08:59:23 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:23 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:23 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:23 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:23 dbg/pkg  Full of package vps was set to 1
08:59:23 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:23 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:23 dbg/pkg  Full of package vpsm was set to 1
08:59:23 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:23 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:23 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:23 dbg/pkg  Full of package vps was set to 1
08:59:23 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:23 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:23 dbg/pkg  Full of package vpsm was set to 1
08:59:23 vrb/pkg  FilterOutExistingFiles: 163 & 0 = 163
08:59:24 vrb/pkg  FilterOutExistingFiles: 159 & 0 = 159
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 dbg/pkg  Full of package vps was set to 1
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 dbg/pkg  Full of package vpsm was set to 1
08:59:24 vrb/pkg  FilterOutExistingFiles: 159 & 0 = 159
08:59:24 vrb/pkg  FilterOutExistingFiles: 159 & 0 = 159
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 dbg/pkg  Full of package vps was set to 1
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 dbg/pkg  Full of package vpsm was set to 1
08:59:24 vrb/pkg  FilterOutExistingFiles: 159 & 0 = 159
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:24 dbg/pkg  Full of package vps was set to 1
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:24 dbg/pkg  Full of package vpsm was set to 1
08:59:24 vrb/pkg  FilterOutExistingFiles: 159 & 0 = 159
08:59:25 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 dbg/pkg  Full of package vps was set to 1
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 dbg/pkg  Full of package vpsm was set to 1
08:59:25 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:25 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 dbg/pkg  Full of package vps was set to 1
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 dbg/pkg  Full of package vpsm was set to 1
08:59:25 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:25 dbg/pkg  Full of package vps was set to 1
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:25 dbg/pkg  Full of package vpsm was set to 1
08:59:25 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:33 nrm/gen  Selected group: Skins
08:59:33 nrm/gen  Selected group: Instant Messaging
08:59:33 nrm/gen  Selected group: P2P shield
08:59:33 nrm/gen  Selected group: Network shield
08:59:33 nrm/gen  Selected group: Web shield
08:59:33 nrm/gen  Selected group: Standard shield
08:59:33 nrm/gen  Selected group: Script blocking
08:59:33 nrm/gen  Selected group: The Bat!
08:59:33 nrm/gen  Selected group: English language extension
08:59:33 nrm/gen  Selected group: English help
08:59:33 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:33 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:33 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:33 dbg/pkg  Full of package vps was set to 1
08:59:33 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:33 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:33 dbg/pkg  Full of package vpsm was set to 1
08:59:33 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:34 dbg/gen  progress thread start
08:59:34 dbg/gen  progress start - 1
08:59:34 dbg/gen  progress start - 2
08:59:34 dbg/gen  progress start - 3
08:59:34 min/pkg  Load C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\_av_sfx.tm~a02524\prod-av_srv.vpu
08:59:34 vrb/pkg  LatestPartInfo: news = news-4b
08:59:34 vrb/pkg  LatestPartInfo: program = prg_av_srv-2d6
08:59:34 vrb/pkg  LatestPartInfo: setup = setup_av_srv-2d6
08:59:34 vrb/pkg  LatestPartInfo: vps = vps-71002
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_e2k', containing 14 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dll416', containing 4 subversions
08:59:34 dbg/pkg  Loaded pkg info 'winsys', containing 3 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dll409', containing 13 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_hlp411', containing 2 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dll', containing 6 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_pro_skins', containing 5 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_hlp405', containing 2 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_net_agent', containing 5 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_hlp416', containing 2 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_core', containing 7 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_hlp409', containing 2 subversions
08:59:34 dbg/pkg  Loaded pkg info 'winsysgui', containing 3 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dom', containing 7 subversions
08:59:34 dbg/pkg  Loaded pkg info 'avscan', containing 8 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_se', containing 11 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dll411', containing 4 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_pxy', containing 15 subversions
08:59:34 dbg/pkg  Loaded pkg info 'av_srv_dll405', containing 13 subversions
08:59:34 dbg/pkg  Loaded pkg info 'vpsm', containing 1 subversions
08:59:34 dbg/pkg  Loaded pkg info 'vps', containing 84 subversions
08:59:34 dbg/pkg  Loaded pkg info 'news405', containing 1 subversions
08:59:34 dbg/pkg  Loaded pkg info 'news409', containing 1 subversions
08:59:34 dbg/pkg  Loaded pkg info 'setif_av_srv', containing 9 subversions
08:59:34 dbg/pkg  Loaded pkg info 'setup_av_srv', containing 4 subversions
08:59:34 dbg/gen  progress end - 2
08:59:34 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:35 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:35 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:35 dbg/pkg  Full of package vps was set to 1
08:59:35 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:35 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:35 dbg/pkg  Full of package vpsm was set to 1
08:59:35 vrb/pkg  FilterOutExistingFiles: 156 & 0 = 156
08:59:35 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:35 vrb/pkg  IsFullOkay: vps-71000.vpu - not okay
08:59:35 dbg/pkg  Full of package vps was set to 1
08:59:35 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:35 vrb/pkg  IsFullOkay: vpsm-71002.vpu - not okay
08:59:35 dbg/pkg  Full of package vpsm was set to 1
08:59:35 vrb/gen  Used server: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\_av_sfx.tm~a02524
08:59:35 nrm/pkg  DldPackage: D:\Program Files\Alwil Software\Avast4\Setup\vps-71000.vpu, returned 0x00000000
08:59:35 vrb/gen  Used server: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1\_av_sfx.tm~a02524
08:59:35 nrm/pkg  DldPackage: D:\Program Files\Alwil Software\Avast4\Setup\vpsm-71002.vpu, returned 0x00000000
08:59:37 min/pkg  vps: needs to be updated [071002]
08:59:37 dbg/gen  progress end - 1
08:59:37 min/gen  setup: same as previous
08:59:37 min/gen  setif: same as previous
08:59:39 vrb/fil  SetExistingFilesBitmap: Setting group av_srv_sysx because of existing file C:\WINDOWS\system32\OleAcc.dll
08:59:39 vrb/fil  SetExistingFilesBitmap: 312->156->154
08:59:39 vrb/pkg  FilterOutExistingFiles: 156 & 154 = 3
08:59:39 vrb/pkg  Extracting from av_srv_core-27b.vpu (1)
08:59:39 nrm/fil  Direct move of file: C:\WINDOWS\system32\AVASTSSw.scr
08:59:39 vrb/fil  Installed file:C:\WINDOWS\system32\AVASTSSw.scr
08:59:39 nrm/fil  Direct move of file: D:\Program Files\Alwil Software\Avast4\Data\report\avast.xsl
08:59:39 vrb/fil  Installed file:D:\Program Files\Alwil Software\Avast4\Data\report\avast.xsl
08:59:39 vrb/pkg  Extracting from winsysgui-2.vpu (1)
08:59:39 nrm/fil  Direct move of file: C:\WINDOWS\system32\actskin4.ocx
08:59:39 vrb/fil  Installed file:C:\WINDOWS\system32\actskin4.ocx
08:59:39 min/pkg  program: installed 3 files (480813 bytes), removed 0 files
08:59:39 min/gen  news: same as previous
08:59:42 min/pkg  vps: updated [071002]
08:59:42 vrb/sys  Reboot set by changed resident C:\WINDOWS\system32\drivers\aswmon.sys
08:59:42 vrb/sys  Driver file copied: C:\WINDOWS\system32\drivers\aswmon.sys
08:59:42 vrb/sys  Reboot set by changed resident C:\WINDOWS\system32\drivers\aswmon2.sys
08:59:42 vrb/sys  Driver file copied: C:\WINDOWS\system32\drivers\aswmon2.sys
08:59:42 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\DisplayName=avast! Standard Shield Support
08:59:42 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\ErrorControl=1
08:59:42 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Type=2
08:59:42 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Start=2
08:59:43 dbg/fil  DllRegisterServer success
08:59:43 vrb/fil  File registered: D:\Program Files\Alwil Software\Avast4\AvAScr.dll
08:59:43 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\psapi.dll=5
08:59:43 vrb/fil  File set as shared dll: C:\WINDOWS\system32\psapi.dll
08:59:43 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\MSVCP71.dll=5
08:59:43 vrb/fil  File set as shared dll: C:\WINDOWS\system32\MSVCP71.dll
08:59:43 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\MSVCR71.dll=5
08:59:43 vrb/fil  File set as shared dll: C:\WINDOWS\system32\MSVCR71.dll
08:59:43 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\MFC71.dll=5
08:59:43 vrb/fil  File set as shared dll: C:\WINDOWS\system32\MFC71.dll
08:59:43 dbg/fil  DllRegisterServer success
08:59:43 vrb/fil  File registered: C:\WINDOWS\system32\actskin4.ocx
08:59:43 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\actskin4.ocx=1
08:59:43 vrb/fil  File set as shared dll: C:\WINDOWS\system32\actskin4.ocx
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Label=Feb2007
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Avast4DataFolder=D:\Program Files\Alwil Software\Avast4\DATA
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Avast4SkinFolder=D:\Program Files\Alwil Software\Avast4\DATA\Skin
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Version=4.7
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\VersionShort=4.7
08:59:45 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\SetupVersion=726
08:59:45 vrb/reg  Set registry: .csk\=cskfile
08:59:45 vrb/reg  Set registry: .csk\Content Type=application/copernic-csk
08:59:45 vrb/reg  Set registry: .asws\=aswsfile
08:59:45 vrb/reg  Set registry: .asws\Content Type=application/avast-asws
08:59:45 vrb/reg  Set registry: aswsfile\=avast! Skin
08:59:45 vrb/reg  Set registry: aswsfile\EditFlags=65536
08:59:45 vrb/reg  Set registry: aswsfile\BrowserFlags=8
08:59:45 vrb/reg  Set registry: aswsfile\shell\=
08:59:45 vrb/reg  Set registry: aswsfile\shell\open\=
08:59:45 vrb/reg  Set registry: aswsfile\shell\open\command\="D:\Program Files\Alwil Software\Avast4\aswSimpl.exe" "%1"
08:59:45 vrb/reg  Set registry: .aswcs\=aswsfile
08:59:45 vrb/reg  Set registry: .aswcs\Content Type=application/avast-aswcs
08:59:45 vrb/reg  Set registry: aswcsfile\=avast! Compressed Skin
08:59:45 vrb/reg  Set registry: aswcsfile\EditFlags=65536
08:59:45 vrb/reg  Set registry: aswcsfile\BrowserFlags=8
08:59:45 vrb/reg  Set registry: aswcsfile\shell\=
08:59:45 vrb/reg  Set registry: aswcsfile\shell\open\=
08:59:45 vrb/reg  Set registry: aswcsfile\shell\open\command\="D:\Program Files\Alwil Software\Avast4\aswSimpl.exe" "%1"
08:59:45 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\App Paths\aswAvast.exe\Path=D:\Program Files\Alwil Software\Avast4
08:59:45 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\App Paths\aswAvast.exe\=D:\Program Files\Alwil Software\Avast4\aswAvast.exe
08:59:45 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\EventLog\Antivirus\avast!\CategoryCount=3
08:59:45 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\EventLog\Antivirus\avast!\CategoryMessageFile=D:\Program Files\Alwil Software\Avast4\aswRes.dll
08:59:45 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\EventLog\Antivirus\avast!\EventMessageFile=D:\Program Files\Alwil Software\Avast4\aswRes.dll
08:59:45 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\EventLog\Antivirus\avast!\CategoryCount=7
08:59:45 vrb/sys  Service avast! Antivirus uninstalled
08:59:45 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\avast! Antivirus\Description=Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
08:59:45 vrb/sys  Service avast! Antivirus installed
08:59:45 vrb/sys  Reboot set by non-installed service "avast! Antivirus"
08:59:45 vrb/sys  Service aswUpdSv uninstalled
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswUpdSv\Description=Provides automatic updating for avast! antivirus.
08:59:46 vrb/sys  Service aswUpdSv installed
08:59:46 vrb/sys  Reboot set by changed resident C:\WINDOWS\system32\drivers\aavmker4.sys
08:59:46 vrb/sys  Driver file copied: C:\WINDOWS\system32\drivers\aavmker4.sys
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\Aavmker4\DisplayName=avast! Asynchronous Virus Monitor
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\Aavmker4\ErrorControl=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\Aavmker4\Type=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\Aavmker4\Start=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\DisplayName=avast! Standard Shield Support
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\ErrorControl=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Type=2
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswMon2\Start=2
08:59:46 vrb/sys  Reboot set by changed resident C:\WINDOWS\system32\drivers\aswTdi.sys
08:59:46 vrb/sys  Driver file copied: C:\WINDOWS\system32\drivers\aswTdi.sys
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\DisplayName=avast! Network Shield Support
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\ErrorControl=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\Type=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\Group=PNP_TDI
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswTdi\Start=1
08:59:46 nrm/sys  Service 'aswTdi' load order set id=268435456 in group 'PNP_TDI'
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\avast! Web Scanner\Description=Implements web (HTTP) scanning for avast! antivirus.
08:59:46 vrb/sys  Service avast! Web Scanner installed
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswRdr\DisplayName=aswRdr
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswRdr\ErrorControl=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswRdr\Type=1
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswRdr\Start=3
08:59:46 vrb/reg  Set registry: SYSTEM\CurrentControlSet\Services\aswRdr\Group=PNP_TDI
08:59:46 vrb/pkg  FilterOutExistingFiles: 100 & 154 = 3
08:59:46 vrb/fil  Shortcut for aswAvast.exe installed in C:\Documents and Settings\All Users\시작 메뉴\프로그램\avast! Server Edition
08:59:46 vrb/fil  Shortcut for help.chm installed in C:\Documents and Settings\All Users\시작 메뉴\프로그램\avast! Server Edition
08:59:46 nrm/fil  Direct delete of file: C:\Documents and Settings\All Users\시작 메뉴\프로그램\avast! Server Edition\avast! Web Site.url
08:59:46 vrb/fil  Shortcut for aswCluWz.exe installed in C:\Documents and Settings\All Users\시작 메뉴\프로그램\avast! Server Edition
08:59:46 vrb/fil  Shortcut for aswSdWiz.exe installed in C:\Documents and Settings\All Users\시작 메뉴\프로그램\avast! Server Edition
08:59:46 vrb/fil  Shortcut for aswAvast.exe installed in C:\Documents and Settings\All Users\바탕 화면
08:59:46 vrb/reg  Set registry: *\shellex\ContextMenuHandlers\avast\(null)={472083B0-C522-11CF-8763-00608CC02F24}
08:59:46 vrb/reg  Set registry: avast\ShellEx\ContextMenuHandlers\(null)={472083B0-C522-11CF-8763-00608CC02F24}
08:59:46 vrb/reg  Set registry: Folder\shellex\ContextMenuHandlers\avast\(null)={472083B0-C522-11CF-8763-00608CC02F24}
08:59:46 vrb/reg  Set registry: CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\(null)=avast
08:59:46 vrb/reg  Set registry: CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32\(null)=D:\Program Files\Alwil Software\Avast4\aswShell.dll
08:59:46 vrb/reg  Set registry: CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32\ReleaseName=D:\Program Files\Alwil Software\Avast4\aswShell.dll
08:59:46 vrb/reg  Set registry: CLSID\{472083B0-C522-11CF-8763-00608CC02F24}\InProcServer32\ThreadingModel=Apartment
08:59:46 vrb/reg  Set registry: SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{472083B0-C522-11CF-8763-00608CC02F24}=avast
08:59:46 vrb/reg  Set registry: SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{472083B0-C522-11CF-8763-00608CC02F24}=avast
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Run\aswSdWiz=D:\PROGRA~1\ALWILS~1\Avast4\aswSdWiz.exe /i
08:59:46 vrb/fil  Fix security on: D:\Program Files\Alwil Software\Avast4\*.*
08:59:46 vrb/fil  Fix security on: D:\Program Files\Alwil Software\Avast4\ENGLISH\*.*
08:59:46 vrb/fil  Fix security on: D:\Program Files\Alwil Software\Avast4\ENGLISH\HELP\*.*
08:59:46 vrb/fil  Fix security on: D:\Program Files\Alwil Software\Avast4\ENGLISH\HtmlData\*.*
08:59:46 vrb/fil  Fix security on: D:\Program Files\Alwil Software\Avast4\images\*.*
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\DisplayName=avast! Server Edition
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\DisplayVersion=4.7
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\HelpLink=http://www.avast.com
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\HelpTelephone=
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\UrlInfoAbout=http://www.avast.com
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\UrlUpdateInfo=http://www.avast.com
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\InstallLocation=D:\PROGRA~1\ALWILS~1\Avast4
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\InstallSource=D:\temp
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\Publisher=Alwil Software
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\VersionMajor=4
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\VersionMinor=7
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\DisplayIcon=D:\Program Files\Alwil Software\Avast4\aswAvast.exe
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Uninstall\avast!SRV\UninstallString=rundll32 D:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
08:59:46 vrb/reg  Set registry: Software\Microsoft\Windows\CurrentVersion\Run\avast!=D:\PROGRA~1\ALWILS~1\Avast4\aswDisp.exe
08:59:48 dbg/gen  progress end - forced
08:59:48 dbg/gen  progress thread end
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Label=Feb2007
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Avast4DataFolder=D:\Program Files\Alwil Software\Avast4\DATA
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Avast4SkinFolder=D:\Program Files\Alwil Software\Avast4\DATA\Skin
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\Version=4.7
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\VersionShort=4.7
08:59:53 vrb/reg  Set registry: Software\Alwil Software\Avast\4.0\SetupVersion=726
08:59:53 nrm/pkg  Transferred files: 2
08:59:53 nrm/pkg  Transferred bytes: 5714113
08:59:53 nrm/pkg  Transfer time: 16 ms
08:59:53 vrb/fil  NeedReboot=true
08:59:53 dbg/fil  filRenameOnReboot:!bSuccess
08:59:53 dbg/fil  filRenameOnReboot:bOnReboot
08:59:53 vrb/sys  Reboot set by filRenameOnReboot(D:\Program Files\Alwil Software\Avast4\Setup\reboot.txt,)
08:59:53 vrb/fil  MoveFileEx(D:\PROGRA~1\ALWILS~1\Avast4\Setup\reboot.txt, NULL)
08:59:53 min/gen  Return code: 0x20000000 [Something done]
08:59:53 min/gen  Stopped: 12.04.2007, 08:59:53

관련 자료

참조 :
   
        http://blog.softmail.co.kr/192
 


감사합니다