Code : 2HhRopgXK+m56RLmApoWVtoWuQEEK5Dn

프로그램분석

Code : 2HhRopgXK+m56RLmApoWVtoWuQEEK5Dn

프로세스 천국 2013. 4. 4. 22:43

NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "WindowServiceNT" & echo windowdel.com
NA005 echo windowexe.com & tskill "catroot" & echo windowdel.com
NA006 echo windowexe.com & tskill "WindowController" & echo windowdel.com
NA007 echo windowexe.com & tskill "WinCloud" & echo windowdel.com
NA008 echo windowexe.com & tskill "upmscryp" & echo windowdel.com
NA009 echo windowexe.com & tskill "mscryp" & echo windowdel.com
NA010 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "mscryp" /f
NA011 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "mscryp" /f
NA012 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "upmscryp" /f
NA013 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "upmscryp" /f
NA014 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "catroot" /f
NA015 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "catroot" /f
NA016 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA017 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA018 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA019 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA020 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowController" /f
NA021 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowController" /f
NA022 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA023 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA024 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA025 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA026 echo Created by Windowexe.com
NA027 sc stop "WinCloud"
NA028 echo Service Disable & sc config "WinCloud" start= disabled & echo Windowexe.com
NA029 sc stop "smatsvc"
NA030 echo Service Disable & sc config "smatsvc" start= disabled & echo Windowexe.com
NA031 sc stop "ApplicationSpecialManagement"
NA032 echo Service Disable & sc config "ApplicationSpecialManagement" start= disabled & echo Windowexe.com
NA033 sc stop "AppCatroots"
NA034 echo Service Disable & sc config "AppCatroots" start= disabled & echo Windowexe.com
NA035 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000000A-0E28-4E1D-B99F-E4482E587CA4}" /f
NA036 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{0000000A-0E28-4E1D-B99F-E4482E587CA4}" /f
NA037 echo Created by Windowexe.com
NA038 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000005-FA8F-45ED-9476-7B7E2F32EE85}" /f
NA039 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000005-FA8F-45ED-9476-7B7E2F32EE85}" /f
NA040 echo Created by Windowexe.com
NA041 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000004-F985-406F-86C1-E8C07C4EAA33}" /f
NA042 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000004-F985-406F-86C1-E8C07C4EAA33}" /f
NA043 echo Created by Windowexe.com
NA044 echo change dir for x64
NA045 cd %windir%
NA046 cd syswow64
NA047 echo windowexe.com & tskill "WindowServiceNT" & echo windowdel.com
NA048 echo windowexe.com & tskill "catroot" & echo windowdel.com
NA049 echo windowexe.com & tskill "WindowController" & echo windowdel.com
NA050 echo windowexe.com & tskill "WinCloud" & echo windowdel.com
NA051 echo windowexe.com & tskill "upmscryp" & echo windowdel.com
NA052 echo windowexe.com & tskill "mscryp" & echo windowdel.com
NA053 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "mscryp" /f
NA054 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "mscryp" /f
NA055 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "upmscryp" /f
NA056 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "upmscryp" /f
NA057 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "catroot" /f
NA058 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "catroot" /f
NA059 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA060 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA061 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA062 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicrowindowSearch" /f
NA063 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowController" /f
NA064 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowController" /f
NA065 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA066 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA067 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA068 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{F887887B-2D45-4998-9249-0ADE4BAD9EAA}" /f
NA069 echo Created by Windowexe.com
NA070 sc stop "WinCloud"
NA071 echo Service Disable & sc config "WinCloud" start= disabled & echo Windowexe.com
NA072 sc stop "smatsvc"
NA073 echo Service Disable & sc config "smatsvc" start= disabled & echo Windowexe.com
NA074 sc stop "ApplicationSpecialManagement"
NA075 echo Service Disable & sc config "ApplicationSpecialManagement" start= disabled & echo Windowexe.com
NA076 sc stop "AppCatroots"
NA077 echo Service Disable & sc config "AppCatroots" start= disabled & echo Windowexe.com
NA078 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0000000A-0E28-4E1D-B99F-E4482E587CA4}" /f
NA079 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{0000000A-0E28-4E1D-B99F-E4482E587CA4}" /f
NA080 echo Created by Windowexe.com
NA081 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000005-FA8F-45ED-9476-7B7E2F32EE85}" /f
NA082 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000005-FA8F-45ED-9476-7B7E2F32EE85}" /f
NA083 echo Created by Windowexe.com
NA084 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000004-F985-406F-86C1-E8C07C4EAA33}" /f
NA085 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000004-F985-406F-86C1-E8C07C4EAA33}" /f
NA086 echo Created by Windowexe.com
NA087 echo End
NA088 ======================================================================
NA089 echo Created by Windowexe.com / do not delete this label.
NA090 ======================================================================