악성코드 해결 - PUP.BabylonToolbar

PUP.BabylonToolbar

*file
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbar.crx
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarEng.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarApp.dll
C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\uninstall.exe
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\manifest.json
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\bg.js
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\bg.html
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\babylon48.png
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\BabylonChromePI.dll
C:\Users\{USERNAME}\AppData\Local\Google\Chrome\User Data\DefaultC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\cs.js

*reg_key
HKCU\Software\BabylonToolbar
HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2893608250-2205728168-3091723128-1001\Software\BabylonToolbar
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com
HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\search.babylon.com
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
HKCU\Software\Microsoft\Windows\CurrentVersionC:\Program Files\Updater By SweetPacks\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
HKCU\Software\Microsoft\Windows\CurrentVersionC:\Program Files\Updater By SweetPacks\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
HKCU\Software\Microsoft\Windows\CurrentVersionC:\Program Files\Updater By SweetPacks\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
HKCU\Software\Microsoft\Windows\CurrentVersionC:\Program Files\Updater By SweetPacks\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
HKLM\SOFTWARE\BabylonToolbar
HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}
HKLM\SOFTWARE\Classes\AppID\escort.DLL
HKLM\SOFTWARE\Classes\Babylon.dskBnd
HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
HKLM\SOFTWARE\Classes\escort.escrtBtn.1
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
HKLM\SOFTWARE\Classes\bbylnApp.appCore
HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
HKLM\SOFTWARE\Classes\bbylntlbr.xtrnl
HKLM\SOFTWARE\Classes\bbylntlbr.xtrnl.1
HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}
HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}
HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}
HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}
HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
HKLM\SOFTWARE\Classes\Interface\{3718D0AF-A3B8-4F5E-86F3-FAD8D02043BE}
HKLM\SOFTWARE\Classes\Interface\{78868069-5D96-4B47-BE52-3D625EE3D7CB}
HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
HKLM\SOFTWARE\Google\chromeC:\Program Files\Updater By SweetPacks\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar

*reg_val
HKLM\SOFTWARE\Microsoft\Internet ExplorerC:\Program Files\SweetIM\Toolbar | {98889811-442D-49dd-99D7-DC866BE87DBC}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | BabylonToolbar
HKCU\Software\Microsoft\Internet Explorer\Approved Extensions | {97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
HKCU\Software\Microsoft\Internet Explorer\Approved Extensions | {98889811-442D-49DD-99D7-DC866BE87DBC}

PUP.BabylonToolbar

단축키

단축키

PUP.BabylonToolbar

PUP.BabylonToolbar

PUP.RelevantKnowledge

PUP.Zaxar

Adware.SearchProtect

PUP.SweetIM

PUP.wxDfast

Adware.SecuriDex

Trojan.ImageCropResize

PUP.EasyHotspot

PUP.Dev360 Cleaner

Adware.MovieDea

Adware.WarThunder

Backdoor.BSQL Hacker

Adware.ClickNetwork

PUP.SpaceSondPro

PUP. SoftPlanet

Trojan.DVD Region+CSS Free

Trojan.KaZaA

PUP. lyoness Cashback

Trojan. remote manipulator system