프로그램분석
Code : xoh3zFOtouyOcrokpS1AqTKBCP4s66h1
프로세스 천국
2013. 4. 10. 15:13
NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "winst" & echo windowdel.com
NA005 echo windowexe.com & tskill "winggou" & echo windowdel.com
NA006 echo windowexe.com & tskill "winggom" & echo windowdel.com
NA007 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA008 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA009 echo windowexe.com & tskill "NetworkEditing" & echo windowdel.com
NA010 echo windowexe.com & tskill "enumst" & echo windowdel.com
NA011 echo windowexe.com & tskill "enumerate_gtu" & echo windowdel.com
NA012 echo windowexe.com & tskill "ctpop" & echo windowdel.com
NA013 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA014 echo windowexe.com & tskill "ganginwows" & echo windowdel.com
NA015 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA035 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA036 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA037 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA038 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA039 echo Created by Windowexe.com
NA040 sc stop "ganginwow"
NA041 echo Service Disable & sc config "ganginwow" start= disabled & echo Windowexe.com
NA042 sc stop "WindowsDriver"
NA043 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA044 sc stop "allpopup"
NA045 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA046 echo schtasks Delete & schtasks /delete /tn "Windows Network Editing system" /f
NA047 echo Created by Windowexe.com
NA048 echo change dir for x64
NA049 cd %windir%
NA050 cd syswow64
NA051 echo windowexe.com & tskill "winst" & echo windowdel.com
NA052 echo windowexe.com & tskill "winggou" & echo windowdel.com
NA053 echo windowexe.com & tskill "winggom" & echo windowdel.com
NA054 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA055 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA056 echo windowexe.com & tskill "NetworkEditing" & echo windowdel.com
NA057 echo windowexe.com & tskill "enumst" & echo windowdel.com
NA058 echo windowexe.com & tskill "enumerate_gtu" & echo windowdel.com
NA059 echo windowexe.com & tskill "ctpop" & echo windowdel.com
NA060 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA061 echo windowexe.com & tskill "ganginwows" & echo windowdel.com
NA062 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA063 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA064 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA065 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA066 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA067 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA068 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA069 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA070 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA071 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA072 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA073 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA074 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA075 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA076 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA077 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA078 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA079 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA080 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA081 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA082 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA083 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA084 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA085 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA086 echo Created by Windowexe.com
NA087 sc stop "ganginwow"
NA088 echo Service Disable & sc config "ganginwow" start= disabled & echo Windowexe.com
NA089 sc stop "WindowsDriver"
NA090 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA091 sc stop "allpopup"
NA092 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA093 echo schtasks Delete & schtasks /delete /tn "Windows Network Editing system" /f
NA094 echo Created by Windowexe.com
NA095 echo End
NA096 ======================================================================
NA097 echo Created by Windowexe.com / do not delete this label.
NA098 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "winst" & echo windowdel.com
NA005 echo windowexe.com & tskill "winggou" & echo windowdel.com
NA006 echo windowexe.com & tskill "winggom" & echo windowdel.com
NA007 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA008 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA009 echo windowexe.com & tskill "NetworkEditing" & echo windowdel.com
NA010 echo windowexe.com & tskill "enumst" & echo windowdel.com
NA011 echo windowexe.com & tskill "enumerate_gtu" & echo windowdel.com
NA012 echo windowexe.com & tskill "ctpop" & echo windowdel.com
NA013 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA014 echo windowexe.com & tskill "ganginwows" & echo windowdel.com
NA015 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA035 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA036 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA037 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA038 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA039 echo Created by Windowexe.com
NA040 sc stop "ganginwow"
NA041 echo Service Disable & sc config "ganginwow" start= disabled & echo Windowexe.com
NA042 sc stop "WindowsDriver"
NA043 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA044 sc stop "allpopup"
NA045 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA046 echo schtasks Delete & schtasks /delete /tn "Windows Network Editing system" /f
NA047 echo Created by Windowexe.com
NA048 echo change dir for x64
NA049 cd %windir%
NA050 cd syswow64
NA051 echo windowexe.com & tskill "winst" & echo windowdel.com
NA052 echo windowexe.com & tskill "winggou" & echo windowdel.com
NA053 echo windowexe.com & tskill "winggom" & echo windowdel.com
NA054 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA055 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA056 echo windowexe.com & tskill "NetworkEditing" & echo windowdel.com
NA057 echo windowexe.com & tskill "enumst" & echo windowdel.com
NA058 echo windowexe.com & tskill "enumerate_gtu" & echo windowdel.com
NA059 echo windowexe.com & tskill "ctpop" & echo windowdel.com
NA060 echo windowexe.com & tskill "allpopsvi" & echo windowdel.com
NA061 echo windowexe.com & tskill "ganginwows" & echo windowdel.com
NA062 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA063 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA064 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA065 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA066 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA067 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctpop" /f
NA068 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA069 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA070 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA071 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gtst" /f
NA072 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA073 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Enumerate_gt" /f
NA074 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA075 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA076 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA077 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA078 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA079 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA080 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA081 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA082 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA083 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA084 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA085 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2475D87B-48D1-4E24-84CE-EB2E2CFA6EA5}" /f
NA086 echo Created by Windowexe.com
NA087 sc stop "ganginwow"
NA088 echo Service Disable & sc config "ganginwow" start= disabled & echo Windowexe.com
NA089 sc stop "WindowsDriver"
NA090 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA091 sc stop "allpopup"
NA092 echo Service Disable & sc config "allpopup" start= disabled & echo Windowexe.com
NA093 echo schtasks Delete & schtasks /delete /tn "Windows Network Editing system" /f
NA094 echo Created by Windowexe.com
NA095 echo End
NA096 ======================================================================
NA097 echo Created by Windowexe.com / do not delete this label.
NA098 ======================================================================