Code : aOc4Tf0aL6dvSnJ4jXadbOb8BalcqMCS

프로그램분석

Code : aOc4Tf0aL6dvSnJ4jXadbOb8BalcqMCS

프로세스 천국 2013. 4. 18. 15:30

NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "sup" & echo windowdel.com
NA005 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA006 echo windowexe.com & tskill "IETab" & echo windowdel.com
NA007 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA008 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA009 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA010 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA011 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA012 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA013 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "clickpang.exe" /f
NA014 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "clickpang.exe" /f
NA015 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kgaprot" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "kgaprot" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KongGa" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KongGa" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "searchup" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "searchup" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA027 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA028 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA029 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA030 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA031 echo Created by Windowexe.com
NA032 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA033 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA034 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA035 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA036 echo Created by Windowexe.com
NA037 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA038 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA039 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA040 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA041 echo Created by Windowexe.com
NA042 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA043 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA044 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA045 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA046 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA047 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA048 echo Created by Windowexe.com
NA049 sc stop "WindowsDriver"
NA050 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA051 sc stop "KongGa"
NA052 echo Service Disable & sc config "KongGa" start= disabled & echo Windowexe.com
NA053 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA054 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA055 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA056 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA057 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\11번가.lnk"
NA058 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\11번가.lnk"
NA059 echo change dir for x64
NA060 cd %windir%
NA061 cd syswow64
NA062 echo windowexe.com & tskill "sup" & echo windowdel.com
NA063 echo windowexe.com & tskill "UtilZone" & echo windowdel.com
NA064 echo windowexe.com & tskill "IETab" & echo windowdel.com
NA065 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA066 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA067 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA068 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA069 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA070 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA071 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "clickpang.exe" /f
NA072 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "clickpang.exe" /f
NA073 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "kgaprot" /f
NA074 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "kgaprot" /f
NA075 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KongGa" /f
NA076 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KongGa" /f
NA077 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA078 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA079 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "searchup" /f
NA080 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "searchup" /f
NA081 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA082 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA083 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA084 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA085 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA086 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA087 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA088 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{B60FE1D2-2F84-42a7-AE04-03284738CC24}" /f
NA089 echo Created by Windowexe.com
NA090 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA091 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA092 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA093 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{432339F4-9FDC-43BA-99C2-FEE0D9EA7C74}" /f
NA094 echo Created by Windowexe.com
NA095 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA096 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA097 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA098 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1C5099DD-7923-45e8-9680-5F285DC61213}" /f
NA099 echo Created by Windowexe.com
NA100 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA101 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA102 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA103 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA104 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA105 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{9CA634EF-ECF0-4DD1-B7E2-B9CCFF40BCAF}" /f
NA106 echo Created by Windowexe.com
NA107 sc stop "WindowsDriver"
NA108 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA109 sc stop "KongGa"
NA110 echo Service Disable & sc config "KongGa" start= disabled & echo Windowexe.com
NA111 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA112 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA113 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA114 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\옥션.lnk"
NA115 echo file Delete & attrib -r "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\11번가.lnk"
NA116 echo file Delete & del /q "C:\Users\choihyeonho\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\11번가.lnk"
NA117 echo End
NA118 ======================================================================
NA119 echo Created by Windowexe.com / do not delete this label.
NA120 ======================================================================