[개소리넷] Install log : 59ms / 2012-12-14

프로그램분석

[개소리넷] Install log : 59ms / 2012-12-14

프로세스 천국 2012. 12. 14. 18:18

----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Windows 7 Ultimate Service Pack 1(6.1.7601.65536)
Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz / 1,023.55 MB
Intel64 Family 6 Model 37 Stepping 5
Date : 2012-12-14
----------------------------------------------------------------------
DF000 C:\Program Files (x86)\AdMatching\AdMatching.exe
DF001 C:\Program Files (x86)\AdMatching\admsys.exe
DF002 C:\Program Files (x86)\GAESORI\ffmpeg.exe
DF003 C:\Program Files (x86)\GAESORI\gaesori.exe
DF004 C:\Program Files (x86)\GAESORI\gaesori_module.dll
DF005 C:\Program Files (x86)\GAESORI\gaesoriplayer.exe
DF006 C:\Program Files (x86)\UtilZone\Cleaner.exe
DF007 C:\Program Files (x86)\UtilZone\UtilZone.dll
DF008 C:\Program Files (x86)\UtilZone\UtilZone.exe
DF009 C:\Program Files (x86)\WHelp\WHelp.dll
DF010 C:\Program Files (x86)\WHelp\WHelp.exe
DF011 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\개소리넷\개소리넷 다운로드.lnk
DF012 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\개소리넷\개소리넷 플레이어.lnk
DF013 C:\Users\Administrator\AppData\Local\Temp\6530\AdMatching.exe
DF014 C:\Users\Public\Desktop\개소리넷 다운로드.lnk
DF015 C:\Users\Public\Desktop\자료천국 무료다운.url
----------------------------------------------------------------------
----------------------------------------------------------------------
US016 GaesoriPlayer -/- C:\Program Files (x86)\GAESORI\gaesoriplayer.exe /start
US017 admsys -/- C:\Program Files (x86)\AdMatching\admsys.exe
US018 AdMatching -/- C:\Program Files (x86)\AdMatching\AdMatching.exe
LS019 WHelp" -/- C:\Program Files (x86)\WHelp\WHelp.exe
LS020 UtilZone -/- C:\Program Files (x86)\UtilZone\UtilZone.exe
LS021 AdMatching -/- C:\Program Files (x86)\AdMatching\AdMatching.exe /byboot
LS022 admsys -/- C:\Program Files (x86)\AdMatching\admsys.exe
LS023 WHelp -/- C:\Program Files (x86)\WHelp\WHelp.exe
----------------------------------------------------------------------
BH024 UtilZone -/- C:\Program Files (x86)\UtilZone\UtilZone.dll -/- {1C5099DD-7923-45e8-9680-5F285DC61213}
BH025 WHelp -/- C:\Program Files (x86)\WHelp\WHelp.dll -/- {2F2CF04D-300B-49A2-A23B-407D27FB9BFB}
EXADD Windows Media Player -/- C:\Windows\system32\wmp.dll -/- {6BF52A52-394A-11D3-B153-00C04F79FAA6}
EXADD Shockwave Flash Object -/- C:\Windows\system32\Macromed\Flash\Flash64_11_1_102.ocx -/- {D27CDB6E-AE6D-11CF-96B8-444553540000}
EXADD XML HTTP Request -/- C:\Windows\System32\msxml3.dll -/- {ED8C108E-4349-11D2-91A4-00C04F7969E8}
EXADD Windows Media Player -/- C:\Windows\system32\wmp.dll -/- {6BF52A52-394A-11D3-B153-00C04F79FAA6}
EXADD Shockwave Flash Object -/- C:\Windows\SysWOW64\Macromed\Flash\Flash11g.ocx -/- {D27CDB6E-AE6D-11CF-96B8-444553540000}
EXADD XML HTTP Request -/- C:\Windows\System32\msxml3.dll -/- {ED8C108E-4349-11D2-91A4-00C04F7969E8}
----------------------------------------------------------------------
----------------------------------------------------------------------

Deleted Files : 16
Remove Startup Entry : 8
Remove Browser Helper Object : 2
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
WindowexeAllkiller Remove Database 2012-12-14
[01-HKCUREG]**GaesoriPlayer
[01-HKCUREG]**admsys
[01-HKCUREG]**AdMatching
[02-HKLMREG]**WHelp"
[02-HKLMREG]**UtilZone
[02-HKLMREG]**AdMatching
[02-HKLMREG]**admsys
[02-HKLMREG]**WHelp
[03-BHOCLSD]**{1C5099DD-7923-45e8-9680-5F285DC61213}
[03-BHOCLSD]**{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}

----------------------------------------------------------------------
Total Processing Time : 59ms
----------------------------------------------------------------------
NA001 ======================================================================
NA002 echo Created by Windowexe.com / do not delete this label.
NA003 ======================================================================
NA004 echo Start
NA005 echo windowexe.com & tskill "AdMatching" & echo windowdel.com
NA006 echo windowexe.com & tskill "admsys" & echo windowdel.com
NA007 echo windowexe.com & tskill "gaesori" & echo windowdel.com
NA008 echo windowexe.com & tskill "gaesoriplayer" & echo windowdel.com
NA009 echo windowexe.com & tskill "Cleaner" & echo windowdel.com
NA010 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA011 echo windowexe.com & tskill "WHelp" & echo windowdel.com
NA012 echo windowexe.com & tskill "AdMatching" & echo windowdel.com
NA013 echo windowexe.com & tskill "admsys" & echo windowdel.com
NA014 echo windowexe.com & tskill "gaesori" & echo windowdel.com
NA015 echo windowexe.com & tskill "gaesoriplayer" & echo windowdel.com
NA016 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA017 echo windowexe.com & tskill "WHelp" & echo windowdel.com
NA018 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp\"" /f
NA019 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp\"" /f
NA020 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GaesoriPlayer" /f
NA021 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GaesoriPlayer" /f
NA022 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA023 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA024 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA025 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA026 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA027 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA028 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA029 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA030 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA031 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA032 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA033 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA034 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA035 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA036 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA037 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA038 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA039 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA040 echo Created by Windowexe.com
NA041 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA042 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA043 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA044 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA045 echo Created by Windowexe.com
NA046 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA047 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA048 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA049 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA050 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA051 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA052 echo Created by Windowexe.com
NA053 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\11번가.url"
NA054 echo file Delete & del /q "C:\Users\Administrator\Desktop\11번가.url"
NA055 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\G마켓.url"
NA056 echo file Delete & del /q "C:\Users\Administrator\Desktop\G마켓.url"
NA057 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\옥션.url"
NA058 echo file Delete & del /q "C:\Users\Administrator\Desktop\옥션.url"
NA059 echo change dir for x64
NA060 cd %windir%
NA061 cd syswow64
NA062 echo windowexe.com & tskill "AdMatching" & echo windowdel.com
NA063 echo windowexe.com & tskill "admsys" & echo windowdel.com
NA064 echo windowexe.com & tskill "gaesori" & echo windowdel.com
NA065 echo windowexe.com & tskill "gaesoriplayer" & echo windowdel.com
NA066 echo windowexe.com & tskill "Cleaner" & echo windowdel.com
NA067 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA068 echo windowexe.com & tskill "WHelp" & echo windowdel.com
NA069 echo windowexe.com & tskill "AdMatching" & echo windowdel.com
NA070 echo windowexe.com & tskill "admsys" & echo windowdel.com
NA071 echo windowexe.com & tskill "gaesori" & echo windowdel.com
NA072 echo windowexe.com & tskill "gaesoriplayer" & echo windowdel.com
NA073 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA074 echo windowexe.com & tskill "WHelp" & echo windowdel.com
NA075 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp\"" /f
NA076 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp\"" /f
NA077 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GaesoriPlayer" /f
NA078 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GaesoriPlayer" /f
NA079 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA080 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA081 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA082 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA083 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA084 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA085 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA086 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA087 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA088 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA089 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA090 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "admsys" /f
NA091 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA092 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WHelp" /f
NA093 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA094 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA095 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA096 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA097 echo Created by Windowexe.com
NA098 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA099 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA100 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA101 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2F2CF04D-300B-49A2-A23B-407D27FB9BFB}" /f
NA102 echo Created by Windowexe.com
NA103 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA104 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA105 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA106 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA107 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA108 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA109 echo Created by Windowexe.com
NA110 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\11번가.url"
NA111 echo file Delete & del /q "C:\Users\Administrator\Desktop\11번가.url"
NA112 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\G마켓.url"
NA113 echo file Delete & del /q "C:\Users\Administrator\Desktop\G마켓.url"
NA114 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\옥션.url"
NA115 echo file Delete & del /q "C:\Users\Administrator\Desktop\옥션.url"
NA116 echo End
NA117 ======================================================================
NA118 echo Created by Windowexe.com / do not delete this label.
NA119 ======================================================================