Code : a+SvkLCdIqlA4gZdZ+Xxi2qxTJ/PQPth

프로그램분석

Code : a+SvkLCdIqlA4gZdZ+Xxi2qxTJ/PQPth

프로세스 천국 2013. 4. 21. 07:52

NA000 ======================================================================
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 ======================================================================
NA003 echo Start
NA004 echo windowexe.com & tskill "userinforesetupdate" & echo windowdel.com
NA005 echo windowexe.com & tskill "internetdownload_se" & echo windowdel.com
NA006 echo windowexe.com & tskill "entering-se" & echo windowdel.com
NA007 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA008 echo windowexe.com & tskill "IProtectUpdate" & echo windowdel.com
NA009 echo windowexe.com & tskill "IProtect" & echo windowdel.com
NA010 echo windowexe.com & tskill "WinCloud" & echo windowdel.com
NA011 echo windowexe.com & tskill "mbox" & echo windowdel.com
NA012 echo windowexe.com & tskill "displaylink" & echo windowdel.com
NA013 echo windowexe.com & tskill "nmnewup" & echo windowdel.com
NA014 echo windowexe.com & tskill "nmnewmgr" & echo windowdel.com
NA015 echo windowexe.com & tskill "signkey" & echo windowdel.com
NA016 echo windowexe.com & tskill "ie_signkey" & echo windowdel.com
NA017 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA018 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA019 echo windowexe.com & tskill "winst" & echo windowdel.com
NA020 echo windowexe.com & tskill "windowstabup" & echo windowdel.com
NA021 echo windowexe.com & tskill "windowstab" & echo windowdel.com
NA022 echo windowexe.com & tskill "weblinkup" & echo windowdel.com
NA023 echo windowexe.com & tskill "weblink" & echo windowdel.com
NA024 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA025 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "webManager.exe" /f
NA026 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "nmnew" /f
NA027 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "nmnew" /f
NA028 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA029 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA030 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "TkBellExe" /f
NA031 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TkBellExe" /f
NA032 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA033 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA034 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA035 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WingGo" /f
NA036 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA037 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "signkey" /f
NA038 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA039 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsTab" /f
NA040 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IProtect" /f
NA041 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IProtect" /f
NA042 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA043 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA044 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA045 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "winsigntool" /f
NA046 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "iniweblink" /f
NA047 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "iniweblink" /f
NA048 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "displaylink" /f
NA049 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "displaylink" /f
NA050 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "mbox" /f
NA051 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "mbox" /f
NA052 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA053 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA054 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA055 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{AB705622-B25B-491B-A6BF-4A46FDDBC88E}" /f
NA056 echo Created by Windowexe.com
NA057 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA058 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA059 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA060 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA061 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA062 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA063 echo Created by Windowexe.com
NA064 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA065 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA066 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA067 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA068 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA069 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{003B9765-AB24-47E6-8DB6-6A1A0CE11BC9}" /f
NA070 echo Created by Windowexe.com
NA071 sc stop "WindowsDriver"
NA072 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA073 sc stop "windowfaster Update Service"
NA074 echo Service Disable & sc config "windowfaster Update Service" start= disabled & echo Windowexe.com
NA075 sc stop "msfsvc32"
NA076 echo Service Disable & sc config "msfsvc32" start= disabled & echo Windowexe.com
NA077 sc stop "WinCloud"
NA078 echo Service Disable & sc config "WinCloud" start= disabled & echo Windowexe.com
NA079 sc stop "SmartMode Update Service"
NA080 echo Service Disable & sc config "SmartMode Update Service" start= disabled & echo Windowexe.com
NA081 sc stop "NATService"
NA082 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA083 sc stop "InternetDownload Update Service"
NA084 echo Service Disable & sc config "InternetDownload Update Service" start= disabled & echo Windowexe.com
NA085 sc stop "enteringservice"
NA086 echo Service Disable & sc config "enteringservice" start= disabled & echo Windowexe.com
NA087 sc stop "3RUmYAM9"
NA088 echo Service Disable & sc config "3RUmYAM9" start= disabled & echo Windowexe.com
NA089 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FF5CBC30-F3C4-4f82-B398-F01FC9A4830C}" /f
NA090 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{FF5CBC30-F3C4-4f82-B398-F01FC9A4830C}" /f
NA091 echo Created by Windowexe.com
NA092 echo End
NA093 ======================================================================
NA094 echo Created by Windowexe.com / do not delete this label.
NA095 ======================================================================