Code : NbfcW6uceg85nNbIJ4dv6vFM/H6rip9wMq7G/J6fw80=

프로그램분석

Code : NbfcW6uceg85nNbIJ4dv6vFM/H6rip9wMq7G/J6fw80=

프로세스 천국 2013. 2. 23. 10:08

System Analyzer Report 2013, 02, 23

NA001 ======================================================================
NA002 echo Created by Windowexe.com / do not delete this label.
NA003 ======================================================================
NA004 echo Start
NA005 echo windowexe.com & tskill "GomHelperSvc" & echo windowdel.com
NA006 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinServiceUpdate" /f
NA007 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinServiceUpdate" /f
NA008 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ewfwfw" /f
NA009 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ewfwfw" /f
NA010 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "iehighutil" /f
NA011 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "iehighutil" /f
NA012 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Uagugo" /f
NA013 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Uagugo" /f
NA014 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Cadence Design Systems" /f
NA015 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Cadence Design Systems" /f
NA016 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowsfirewal" /f
NA017 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowsfirewal" /f
NA018 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft" /f
NA019 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft" /f
NA020 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{35284C7A-C299-4857-9F87-3661D42DB09E}" /f
NA021 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{35284C7A-C299-4857-9F87-3661D42DB09E}" /f
NA022 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{960CE1F8-B9F5-49CB-816A-B3E2C1EA6BE6}" /f
NA023 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{960CE1F8-B9F5-49CB-816A-B3E2C1EA6BE6}" /f
NA024 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{DC2EFD2B-CBE4-4872-ADF4-C47E1664CC5B}" /f
NA025 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{DC2EFD2B-CBE4-4872-ADF4-C47E1664CC5B}" /f
NA026 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{15240800-61D2-4927-AEF1-1E9EE5F01CA5}" /f
NA027 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{15240800-61D2-4927-AEF1-1E9EE5F01CA5}" /f
NA028 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Intels" /f
NA029 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Intels" /f
NA030 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{0C193123-442B-4EA4-8905-070F9336E585}" /f
NA031 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{0C193123-442B-4EA4-8905-070F9336E585}" /f
NA032 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA033 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA034 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA035 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA036 echo Created by Windowexe.com
NA037 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA038 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA039 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA040 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA041 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA042 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA043 echo Created by Windowexe.com
NA044 sc stop "GomHelper Update Services"
NA045 echo Service Disable & sc config "GomHelper Update Services" start= disabled & echo Windowexe.com
NA046 echo file Delete & attrib -r "C:\Users\Han\Desktop\쇼핑 스트리트, 11번가.lnk"
NA047 echo file Delete & del /q "C:\Users\Han\Desktop\쇼핑 스트리트, 11번가.lnk"
NA048 echo file Delete & attrib -r "C:\Users\Han\Desktop\이마트몰.lnk"
NA049 echo file Delete & del /q "C:\Users\Han\Desktop\이마트몰.lnk"
NA050 echo change dir for x64
NA051 cd %windir%
NA052 cd syswow64
NA053 echo windowexe.com & tskill "GomHelperSvc" & echo windowdel.com
NA054 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinServiceUpdate" /f
NA055 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinServiceUpdate" /f
NA056 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ewfwfw" /f
NA057 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ewfwfw" /f
NA058 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "iehighutil" /f
NA059 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "iehighutil" /f
NA060 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Uagugo" /f
NA061 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Uagugo" /f
NA062 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Cadence Design Systems" /f
NA063 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Cadence Design Systems" /f
NA064 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowsfirewal" /f
NA065 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowsfirewal" /f
NA066 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft" /f
NA067 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Microsoft" /f
NA068 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{35284C7A-C299-4857-9F87-3661D42DB09E}" /f
NA069 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{35284C7A-C299-4857-9F87-3661D42DB09E}" /f
NA070 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{960CE1F8-B9F5-49CB-816A-B3E2C1EA6BE6}" /f
NA071 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{960CE1F8-B9F5-49CB-816A-B3E2C1EA6BE6}" /f
NA072 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{DC2EFD2B-CBE4-4872-ADF4-C47E1664CC5B}" /f
NA073 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{DC2EFD2B-CBE4-4872-ADF4-C47E1664CC5B}" /f
NA074 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{15240800-61D2-4927-AEF1-1E9EE5F01CA5}" /f
NA075 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{15240800-61D2-4927-AEF1-1E9EE5F01CA5}" /f
NA076 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Intels" /f
NA077 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Intels" /f
NA078 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "{0C193123-442B-4EA4-8905-070F9336E585}" /f
NA079 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "{0C193123-442B-4EA4-8905-070F9336E585}" /f
NA080 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA081 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA082 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA083 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{BDDB5A00-D1EB-49D5-B197-72A06DF78AA1}" /f
NA084 echo Created by Windowexe.com
NA085 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA086 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA087 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA088 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA089 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA090 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA091 echo Created by Windowexe.com
NA092 sc stop "GomHelper Update Services"
NA093 echo Service Disable & sc config "GomHelper Update Services" start= disabled & echo Windowexe.com
NA094 echo file Delete & attrib -r "C:\Users\Han\Desktop\쇼핑 스트리트, 11번가.lnk"
NA095 echo file Delete & del /q "C:\Users\Han\Desktop\쇼핑 스트리트, 11번가.lnk"
NA096 echo file Delete & attrib -r "C:\Users\Han\Desktop\이마트몰.lnk"
NA097 echo file Delete & del /q "C:\Users\Han\Desktop\이마트몰.lnk"
NA098 echo End
NA099 ======================================================================
NA100 echo Created by Windowexe.com / do not delete this label.
NA101 ======================================================================