Code : gkkUHBaytFF2QhfKrvLW77A8xnp0rIu7

프로그램분석

Code : gkkUHBaytFF2QhfKrvLW77A8xnp0rIu7

프로세스 천국 2013. 4. 20. 16:50

NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "stickads" & echo windowdel.com
NA005 echo windowexe.com & tskill "windowsstats" & echo windowdel.com
NA006 echo windowexe.com & tskill "winmdnts" & echo windowdel.com
NA007 echo windowexe.com & tskill "GuardConvert" & echo windowdel.com
NA008 echo windowexe.com & tskill "MicroProCon" & echo windowdel.com
NA009 echo windowexe.com & tskill "MicroProProc" & echo windowdel.com
NA010 echo windowexe.com & tskill "windowstatus" & echo windowdel.com
NA011 echo windowexe.com & tskill "TCCheckAgent" & echo windowdel.com
NA012 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA013 echo windowexe.com & tskill "PIIMSService" & echo windowdel.com
NA014 echo windowexe.com & tskill "primead" & echo windowdel.com
NA015 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HiSch" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "HiSch" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winmdnts" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winmdnts" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowsstats" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowsstats" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "stickads" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "stickads" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowstatus" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowstatus" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "primead.exe" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "primead.exe" /f
NA035 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "0667C93C" /f
NA036 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "0667C93C" /f
NA037 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
NA038 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
NA039 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GuardSupport" /f
NA040 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GuardSupport" /f
NA041 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroProCon" /f
NA042 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroProCon" /f
NA043 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabProc" /f
NA044 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabProc" /f
NA045 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroProProc" /f
NA046 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroProProc" /f
NA047 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA048 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA049 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA050 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA051 echo Created by Windowexe.com
NA052 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA053 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA054 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA055 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA056 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA057 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA058 echo Created by Windowexe.com
NA059 sc stop "adbfqqnvftj"
NA060 echo Service Disable & sc config "adbfqqnvftj" start= disabled & echo Windowexe.com
NA061 sc stop "bhwjobm"
NA062 echo Service Disable & sc config "bhwjobm" start= disabled & echo Windowexe.com
NA063 sc stop "crzflgqdg"
NA064 echo Service Disable & sc config "crzflgqdg" start= disabled & echo Windowexe.com
NA065 sc stop "ctwopop"
NA066 echo Service Disable & sc config "ctwopop" start= disabled & echo Windowexe.com
NA067 sc stop "dogrwsmkj"
NA068 echo Service Disable & sc config "dogrwsmkj" start= disabled & echo Windowexe.com
NA069 sc stop "dwmruwy"
NA070 echo Service Disable & sc config "dwmruwy" start= disabled & echo Windowexe.com
NA071 sc stop "egsiecyqfh"
NA072 echo Service Disable & sc config "egsiecyqfh" start= disabled & echo Windowexe.com
NA073 sc stop "ensxrfiibn"
NA074 echo Service Disable & sc config "ensxrfiibn" start= disabled & echo Windowexe.com
NA075 sc stop "fmzwrbz"
NA076 echo Service Disable & sc config "fmzwrbz" start= disabled & echo Windowexe.com
NA077 sc stop "hksimrooxgx"
NA078 echo Service Disable & sc config "hksimrooxgx" start= disabled & echo Windowexe.com
NA079 sc stop "ipjdpig"
NA080 echo Service Disable & sc config "ipjdpig" start= disabled & echo Windowexe.com
NA081 sc stop "jcotskrp"
NA082 echo Service Disable & sc config "jcotskrp" start= disabled & echo Windowexe.com
NA083 sc stop "jonaodf"
NA084 echo Service Disable & sc config "jonaodf" start= disabled & echo Windowexe.com
NA085 sc stop "jqmusqcnpw"
NA086 echo Service Disable & sc config "jqmusqcnpw" start= disabled & echo Windowexe.com
NA087 sc stop "jvmpnq"
NA088 echo Service Disable & sc config "jvmpnq" start= disabled & echo Windowexe.com
NA089 sc stop "llgmmh"
NA090 echo Service Disable & sc config "llgmmh" start= disabled & echo Windowexe.com
NA091 sc stop "lytnxjgk"
NA092 echo Service Disable & sc config "lytnxjgk" start= disabled & echo Windowexe.com
NA093 sc stop "Nationalaem"
NA094 echo Service Disable & sc config "Nationalaem" start= disabled & echo Windowexe.com
NA095 sc stop "Nationalhmc"
NA096 echo Service Disable & sc config "Nationalhmc" start= disabled & echo Windowexe.com
NA097 sc stop "NATService"
NA098 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA099 sc stop "ncighstd"
NA100 echo Service Disable & sc config "ncighstd" start= disabled & echo Windowexe.com
NA101 sc stop "nsearchx"
NA102 echo Service Disable & sc config "nsearchx" start= disabled & echo Windowexe.com
NA103 sc stop "PIIMSService"
NA104 echo Service Disable & sc config "PIIMSService" start= disabled & echo Windowexe.com
NA105 sc stop "qfskyebnlbl"
NA106 echo Service Disable & sc config "qfskyebnlbl" start= disabled & echo Windowexe.com
NA107 sc stop "svclcaskkkz"
NA108 echo Service Disable & sc config "svclcaskkkz" start= disabled & echo Windowexe.com
NA109 sc stop "TCCheckAgent"
NA110 echo Service Disable & sc config "TCCheckAgent" start= disabled & echo Windowexe.com
NA111 sc stop "vmewhsllaq"
NA112 echo Service Disable & sc config "vmewhsllaq" start= disabled & echo Windowexe.com
NA113 sc stop "WindowsDriver"
NA114 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA115 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8605E9B4-68C1-4ED9-B282-74C1AA3C312E}" /f
NA116 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{8605E9B4-68C1-4ED9-B282-74C1AA3C312E}" /f
NA117 echo Created by Windowexe.com
NA118 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D64A7743-7E62-4002-90EA-80E0671F9902}" /f
NA119 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{D64A7743-7E62-4002-90EA-80E0671F9902}" /f
NA120 echo Created by Windowexe.com
NA121 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA214B13-1A9F-480B-B749-94A566FC59D9}" /f
NA122 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{FA214B13-1A9F-480B-B749-94A566FC59D9}" /f
NA123 echo Created by Windowexe.com
NA124 echo End
NA125 ======================================================================
NA126 echo Created by Windowexe.com / do not delete this label.
NA127 ======================================================================