Code : M0Y3mdL25DPdCdpNL7jsAxKWSUgKudfZ

프로그램분석

Code : M0Y3mdL25DPdCdpNL7jsAxKWSUgKudfZ

프로세스 천국 2013. 4. 3. 13:54

NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "wuu" & echo windowdel.com
NA005 echo windowexe.com & tskill "windoguideagent" & echo windowdel.com
NA006 echo windowexe.com & tskill "windoguide" & echo windowdel.com
NA007 echo windowexe.com & tskill "OpenKeywordS" & echo windowdel.com
NA008 echo windowexe.com & tskill "OpenKeywordD" & echo windowdel.com
NA009 echo windowexe.com & tskill "OpenKeywordC" & echo windowdel.com
NA010 echo windowexe.com & tskill "NetMWin" & echo windowdel.com
NA011 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA012 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA013 echo windowexe.com & tskill "windowstabup" & echo windowdel.com
NA014 echo windowexe.com & tskill "windowstab" & echo windowdel.com
NA015 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA016 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguideopt" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguideopt" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguideagent" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguideagent" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguide" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguide" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wuu" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wuu" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "openkeyword" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "openkeyword" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA033 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA034 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA035 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA036 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA037 echo Created by Windowexe.com
NA038 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA039 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA040 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA041 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA042 echo Created by Windowexe.com
NA043 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA044 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA045 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA046 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA047 echo Created by Windowexe.com
NA048 sc stop "ismsvc32"
NA049 echo Service Disable & sc config "ismsvc32" start= disabled & echo Windowexe.com
NA050 sc stop "allpopup"
NA051 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA052 echo change dir for x64
NA053 cd %windir%
NA054 cd syswow64
NA055 echo windowexe.com & tskill "wuu" & echo windowdel.com
NA056 echo windowexe.com & tskill "windoguideagent" & echo windowdel.com
NA057 echo windowexe.com & tskill "windoguide" & echo windowdel.com
NA058 echo windowexe.com & tskill "OpenKeywordS" & echo windowdel.com
NA059 echo windowexe.com & tskill "OpenKeywordD" & echo windowdel.com
NA060 echo windowexe.com & tskill "OpenKeywordC" & echo windowdel.com
NA061 echo windowexe.com & tskill "NetMWin" & echo windowdel.com
NA062 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA063 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA064 echo windowexe.com & tskill "windowstabup" & echo windowdel.com
NA065 echo windowexe.com & tskill "windowstab" & echo windowdel.com
NA066 echo windowexe.com & tskill "nextray" & echo windowdel.com
NA067 echo windowexe.com & tskill "ismsvc" & echo windowdel.com
NA068 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA069 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nextray" /f
NA070 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguideopt" /f
NA071 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguideopt" /f
NA072 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguideagent" /f
NA073 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguideagent" /f
NA074 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windoguide" /f
NA075 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windoguide" /f
NA076 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wuu" /f
NA077 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wuu" /f
NA078 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "openkeyword" /f
NA079 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "openkeyword" /f
NA080 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA081 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA082 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA083 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA084 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA085 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA086 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA087 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CC01FC6C-ED00-4E28-BCBC-F4AD5F9F0D7D}" /f
NA088 echo Created by Windowexe.com
NA089 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA090 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA091 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA092 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA093 echo Created by Windowexe.com
NA094 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA095 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA096 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA097 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{46E54E77-A5AE-4AB0-B27F-22DA3F95FAD6}" /f
NA098 echo Created by Windowexe.com
NA099 sc stop "ismsvc32"
NA100 echo Service Disable & sc config "ismsvc32" start= disabled & echo Windowexe.com
NA101 sc stop "allpopup"
NA102 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA103 echo End
NA104 ======================================================================
NA105 echo Created by Windowexe.com / do not delete this label.
NA106 ======================================================================