Code : fo7Q24QYYC1Nqktu1Ulo2BRO3/dJoIUl

프로그램분석

Code : fo7Q24QYYC1Nqktu1Ulo2BRO3/dJoIUl

프로세스 천국 2013. 5. 20. 13:22

NA001 ================================================================================
NA002 echo Start
NA003 echo windowexe.com & tskill "WVReg" & echo windowdel.com
NA004 echo windowexe.com & tskill "WVMon" & echo windowdel.com
NA005 echo windowexe.com & tskill "WVAutoUpdate" & echo windowdel.com
NA006 echo windowexe.com & tskill "winsmex" & echo windowdel.com
NA007 echo windowexe.com & tskill "WhiteVaccine" & echo windowdel.com
NA008 echo windowexe.com & tskill "wdrwsmsvc" & echo windowdel.com
NA009 echo windowexe.com & tskill "wdrwsmsvc" & echo windowdel.com
NA010 echo windowexe.com & tskill "voaupdate" & echo windowdel.com
NA011 echo windowexe.com & tskill "voasvc" & echo windowdel.com
NA012 echo windowexe.com & tskill "voasvc" & echo windowdel.com
NA013 echo windowexe.com & tskill "voaclt" & echo windowdel.com
NA014 echo windowexe.com & tskill "voacfg" & echo windowdel.com
NA015 echo windowexe.com & tskill "svcwsmwin" & echo windowdel.com
NA016 echo windowexe.com & tskill "svcwsmwin" & echo windowdel.com
NA017 echo windowexe.com & tskill "skun" & echo windowdel.com
NA018 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA019 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA020 echo windowexe.com & tskill "SCChkUpd" & echo windowdel.com
NA021 echo windowexe.com & tskill "SCChkUpd" & echo windowdel.com
NA022 echo windowexe.com & tskill "rkp" & echo windowdel.com
NA023 echo windowexe.com & tskill "revealerul" & echo windowdel.com
NA024 echo windowexe.com & tskill "revealerul" & echo windowdel.com
NA025 echo windowexe.com & tskill "revealer" & echo windowdel.com
NA026 echo windowexe.com & tskill "revealer" & echo windowdel.com
NA027 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA028 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA029 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA030 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA031 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA032 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA033 echo windowexe.com & tskill "lstspsv" & echo windowdel.com
NA034 echo windowexe.com & tskill "lstspsv" & echo windowdel.com
NA035 echo windowexe.com & tskill "lstspsp" & echo windowdel.com
NA036 echo windowexe.com & tskill "lstspop" & echo windowdel.com
NA037 echo windowexe.com & tskill "keypang" & echo windowdel.com
NA038 echo windowexe.com & tskill "keypang" & echo windowdel.com
NA039 echo windowexe.com & tskill "ISZoneUpdate" & echo windowdel.com
NA040 echo windowexe.com & tskill "ISZone" & echo windowdel.com
NA041 echo windowexe.com & tskill "ismsvp" & echo windowdel.com
NA042 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA043 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA044 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA045 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA046 echo windowexe.com & tskill "ismctrl" & echo windowdel.com
NA047 echo windowexe.com & tskill "ie_signkey" & echo windowdel.com
NA048 echo windowexe.com & tskill "clgsvr" & echo windowdel.com
NA049 echo windowexe.com & tskill "clgsvr" & echo windowdel.com
NA050 echo windowexe.com & tskill "clgsvp" & echo windowdel.com
NA051 echo windowexe.com & tskill "clgsve" & echo windowdel.com
NA052 echo windowexe.com & tskill "bootingprosvc" & echo windowdel.com
NA053 echo windowexe.com & tskill "bootingprosvc" & echo windowdel.com
NA054 echo windowexe.com & tskill "bootingprocnt" & echo windowdel.com
NA055 echo windowexe.com & tskill "bootingpro" & echo windowdel.com
NA056 echo windowexe.com & tskill "boanfilesvc" & echo windowdel.com
NA057 echo windowexe.com & tskill "boanfilesvc" & echo windowdel.com
NA058 echo windowexe.com & tskill "boanfilemon" & echo windowdel.com
NA059 echo windowexe.com & tskill "boanfilecnt" & echo windowdel.com
NA060 echo windowexe.com & tskill "boanfile" & echo windowdel.com
NA061 echo windowexe.com & tskill "allpopup" & echo windowdel.com
NA062 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA063 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA064 echo windowexe.com & tskill "fgo" & echo windowdel.com
NA065 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA066 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA067 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeyPang" /f
NA068 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KeyPang" /f
NA069 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA070 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA071 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA072 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA073 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA074 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA075 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "scchk" /f
NA076 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "scchk" /f
NA077 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "revealerApps" /f
NA078 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "revealerApps" /f
NA079 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "revealerApp" /f
NA080 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "revealerApp" /f
NA081 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA082 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA083 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA084 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA085 echo Created by Windowexe.com
NA086 sc stop "WinsManager Service"
NA087 echo Service Disable & sc config "WinsManager Service" start= disabled & echo Windowexe.com
NA088 sc stop "Windows WinsManager Diagnostics Service"
NA089 echo Service Disable & sc config "Windows WinsManager Diagnostics Service" start= disabled & echo Windowexe.com
NA090 sc stop "voasvc"
NA091 echo Service Disable & sc config "voasvc" start= disabled & echo Windowexe.com
NA092 sc stop "lstspsv32"
NA093 echo Service Disable & sc config "lstspsv32" start= disabled & echo Windowexe.com
NA094 sc stop "ismsvc32"
NA095 echo Service Disable & sc config "ismsvc32" start= disabled & echo Windowexe.com
NA096 sc stop "ismsvc"
NA097 echo Service Disable & sc config "ismsvc" start= disabled & echo Windowexe.com
NA098 sc stop "clgsvr32"
NA099 echo Service Disable & sc config "clgsvr32" start= disabled & echo Windowexe.com
NA100 sc stop "bootingpro"
NA101 echo Service Disable & sc config "bootingpro" start= disabled & echo Windowexe.com
NA102 sc stop "boanfile"
NA103 echo Service Disable & sc config "boanfile" start= disabled & echo Windowexe.com
NA104 sc stop "allpopup"
NA105 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA106 echo schtasks Delete & schtasks /delete /tn "WhiteVaccine 실행" /f
NA107 echo Created by Windowexe.com
NA108 echo schtasks Delete & schtasks /delete /tn "ISZone" /f
NA109 echo Created by Windowexe.com
NA110 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\★오디스크 - 최신자료무료다운★.url"
NA111 echo file Delete & del /q "C:\Users\Administrator\Desktop\★오디스크 - 최신자료무료다운★.url"
NA112 echo change dir for x64
NA113 cd %windir%
NA114 cd syswow64
NA115 echo windowexe.com & tskill "WVReg" & echo windowdel.com
NA116 echo windowexe.com & tskill "WVMon" & echo windowdel.com
NA117 echo windowexe.com & tskill "WVAutoUpdate" & echo windowdel.com
NA118 echo windowexe.com & tskill "winsmex" & echo windowdel.com
NA119 echo windowexe.com & tskill "WhiteVaccine" & echo windowdel.com
NA120 echo windowexe.com & tskill "wdrwsmsvc" & echo windowdel.com
NA121 echo windowexe.com & tskill "wdrwsmsvc" & echo windowdel.com
NA122 echo windowexe.com & tskill "voaupdate" & echo windowdel.com
NA123 echo windowexe.com & tskill "voasvc" & echo windowdel.com
NA124 echo windowexe.com & tskill "voasvc" & echo windowdel.com
NA125 echo windowexe.com & tskill "voaclt" & echo windowdel.com
NA126 echo windowexe.com & tskill "voacfg" & echo windowdel.com
NA127 echo windowexe.com & tskill "svcwsmwin" & echo windowdel.com
NA128 echo windowexe.com & tskill "svcwsmwin" & echo windowdel.com
NA129 echo windowexe.com & tskill "skun" & echo windowdel.com
NA130 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA131 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA132 echo windowexe.com & tskill "SCChkUpd" & echo windowdel.com
NA133 echo windowexe.com & tskill "SCChkUpd" & echo windowdel.com
NA134 echo windowexe.com & tskill "rkp" & echo windowdel.com
NA135 echo windowexe.com & tskill "revealerul" & echo windowdel.com
NA136 echo windowexe.com & tskill "revealerul" & echo windowdel.com
NA137 echo windowexe.com & tskill "revealer" & echo windowdel.com
NA138 echo windowexe.com & tskill "revealer" & echo windowdel.com
NA139 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA140 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA141 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA142 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA143 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA144 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA145 echo windowexe.com & tskill "lstspsv" & echo windowdel.com
NA146 echo windowexe.com & tskill "lstspsv" & echo windowdel.com
NA147 echo windowexe.com & tskill "lstspsp" & echo windowdel.com
NA148 echo windowexe.com & tskill "lstspop" & echo windowdel.com
NA149 echo windowexe.com & tskill "keypang" & echo windowdel.com
NA150 echo windowexe.com & tskill "keypang" & echo windowdel.com
NA151 echo windowexe.com & tskill "ISZoneUpdate" & echo windowdel.com
NA152 echo windowexe.com & tskill "ISZone" & echo windowdel.com
NA153 echo windowexe.com & tskill "ismsvp" & echo windowdel.com
NA154 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA155 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA156 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA157 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA158 echo windowexe.com & tskill "ismctrl" & echo windowdel.com
NA159 echo windowexe.com & tskill "ie_signkey" & echo windowdel.com
NA160 echo windowexe.com & tskill "clgsvr" & echo windowdel.com
NA161 echo windowexe.com & tskill "clgsvr" & echo windowdel.com
NA162 echo windowexe.com & tskill "clgsvp" & echo windowdel.com
NA163 echo windowexe.com & tskill "clgsve" & echo windowdel.com
NA164 echo windowexe.com & tskill "bootingprosvc" & echo windowdel.com
NA165 echo windowexe.com & tskill "bootingprosvc" & echo windowdel.com
NA166 echo windowexe.com & tskill "bootingprocnt" & echo windowdel.com
NA167 echo windowexe.com & tskill "bootingpro" & echo windowdel.com
NA168 echo windowexe.com & tskill "boanfilesvc" & echo windowdel.com
NA169 echo windowexe.com & tskill "boanfilesvc" & echo windowdel.com
NA170 echo windowexe.com & tskill "boanfilemon" & echo windowdel.com
NA171 echo windowexe.com & tskill "boanfilecnt" & echo windowdel.com
NA172 echo windowexe.com & tskill "boanfile" & echo windowdel.com
NA173 echo windowexe.com & tskill "allpopup" & echo windowdel.com
NA174 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA175 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA176 echo windowexe.com & tskill "fgo" & echo windowdel.com
NA177 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA178 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA179 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeyPang" /f
NA180 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KeyPang" /f
NA181 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA182 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA183 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA184 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA185 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA186 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA187 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "scchk" /f
NA188 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "scchk" /f
NA189 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "revealerApps" /f
NA190 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "revealerApps" /f
NA191 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "revealerApp" /f
NA192 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "revealerApp" /f
NA193 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA194 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA195 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA196 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{E5814D95-D494-4907-A206-BFBE8BAE5840}" /f
NA197 echo Created by Windowexe.com
NA198 sc stop "WinsManager Service"
NA199 echo Service Disable & sc config "WinsManager Service" start= disabled & echo Windowexe.com
NA200 sc stop "Windows WinsManager Diagnostics Service"
NA201 echo Service Disable & sc config "Windows WinsManager Diagnostics Service" start= disabled & echo Windowexe.com
NA202 sc stop "voasvc"
NA203 echo Service Disable & sc config "voasvc" start= disabled & echo Windowexe.com
NA204 sc stop "lstspsv32"
NA205 echo Service Disable & sc config "lstspsv32" start= disabled & echo Windowexe.com
NA206 sc stop "ismsvc32"
NA207 echo Service Disable & sc config "ismsvc32" start= disabled & echo Windowexe.com
NA208 sc stop "ismsvc"
NA209 echo Service Disable & sc config "ismsvc" start= disabled & echo Windowexe.com
NA210 sc stop "clgsvr32"
NA211 echo Service Disable & sc config "clgsvr32" start= disabled & echo Windowexe.com
NA212 sc stop "bootingpro"
NA213 echo Service Disable & sc config "bootingpro" start= disabled & echo Windowexe.com
NA214 sc stop "boanfile"
NA215 echo Service Disable & sc config "boanfile" start= disabled & echo Windowexe.com
NA216 sc stop "allpopup"
NA217 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA218 echo schtasks Delete & schtasks /delete /tn "WhiteVaccine 실행" /f
NA219 echo Created by Windowexe.com
NA220 echo schtasks Delete & schtasks /delete /tn "ISZone" /f
NA221 echo Created by Windowexe.com
NA222 echo file Delete & attrib -r "C:\Users\Administrator\Desktop\★오디스크 - 최신자료무료다운★.url"
NA223 echo file Delete & del /q "C:\Users\Administrator\Desktop\★오디스크 - 최신자료무료다운★.url"
NA224 echo End
NA225 ================================================================================