Code : xOn92dHK/gS8lYb2iYUYWpdzGXm2iFCD3wGSUMx7ldo=

프로그램분석

Code : xOn92dHK/gS8lYb2iYUYWpdzGXm2iFCD3wGSUMx7ldo=

프로세스 천국 2013. 2. 18. 22:49

System Analyzer Report 2013, 02, 18

NA001 ======================================================================
NA002 echo Created by Windowexe.com / do not delete this label.
NA003 ======================================================================
NA004 echo Start
NA005 echo windowexe.com & tskill "admatbu" & echo windowdel.com
NA006 echo windowexe.com & tskill "poezall" & echo windowdel.com
NA007 echo windowexe.com & tskill "wisesearch" & echo windowdel.com
NA008 echo windowexe.com & tskill "windowsphup" & echo windowdel.com
NA009 echo windowexe.com & tskill "windowviewconup" & echo windowdel.com
NA010 echo windowexe.com & tskill "AdMatching" & echo windowdel.com
NA011 echo windowexe.com & tskill "dailycon" & echo windowdel.com
NA012 echo windowexe.com & tskill "DownsCK" & echo windowdel.com
NA013 echo windowexe.com & tskill "IETab" & echo windowdel.com
NA014 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA015 echo windowexe.com & tskill "padaily" & echo windowdel.com
NA016 echo windowexe.com & tskill "winspop" & echo windowdel.com
NA017 echo windowexe.com & tskill "winspsv" & echo windowdel.com
NA018 echo windowexe.com & tskill "wisesearch" & echo windowdel.com
NA019 echo windowexe.com & tskill "windowviewcon" & echo windowdel.com
NA020 echo windowexe.com & tskill "GuardConvert" & echo windowdel.com
NA021 echo windowexe.com & tskill "MicroProCon" & echo windowdel.com
NA022 echo windowexe.com & tskill "MicroProProc" & echo windowdel.com
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Downs" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Downs" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WindowsPurchaseHelper" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WindowsPurchaseHelper" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowviewcon" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowviewcon" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "dailycon" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "dailycon" /f
NA035 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "padaily" /f
NA036 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "padaily" /f
NA037 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA038 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AdMatching" /f
NA039 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA040 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA041 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA042 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA043 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA044 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA045 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WiseSearch" /f
NA046 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WiseSearch" /f
NA047 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "poezall" /f
NA048 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "poezall" /f
NA049 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Kp" /f
NA050 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Kp" /f
NA051 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "admatbu" /f
NA052 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "admatbu" /f
NA053 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA054 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
NA055 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GuardSupport" /f
NA056 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GuardSupport" /f
NA057 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroProCon" /f
NA058 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroProCon" /f
NA059 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
NA060 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
NA061 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabProc" /f
NA062 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabProc" /f
NA063 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroProProc" /f
NA064 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroProProc" /f
NA065 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}" /f
NA066 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}" /f
NA067 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}" /f
NA068 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}" /f
NA069 echo Created by Windowexe.com
NA070 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA071 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA072 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA073 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA074 echo Created by Windowexe.com
NA075 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA076 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA077 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA078 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA079 echo Created by Windowexe.com
NA080 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}" /f
NA081 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}" /f
NA082 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}" /f
NA083 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}" /f
NA084 echo Created by Windowexe.com
NA085 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA086 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA087 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA088 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA089 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA090 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{FE063DB9-4EC0-403e-8DD8-394C54984B2C}" /f
NA091 echo Created by Windowexe.com
NA092 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA093 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA094 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA095 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA096 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA097 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA098 echo Created by Windowexe.com
NA099 sc stop "ajqzbwcvbxr"
NA100 echo Service Disable & sc config "ajqzbwcvbxr" start= disabled & echo Windowexe.com
NA101 sc stop "auxhazr"
NA102 echo Service Disable & sc config "auxhazr" start= disabled & echo Windowexe.com
NA103 sc stop "baockaxholu"
NA104 echo Service Disable & sc config "baockaxholu" start= disabled & echo Windowexe.com
NA105 sc stop "bhwjobm"
NA106 echo Service Disable & sc config "bhwjobm" start= disabled & echo Windowexe.com
NA107 sc stop "crzflgqdg"
NA108 echo Service Disable & sc config "crzflgqdg" start= disabled & echo Windowexe.com
NA109 sc stop "gazoueveefm"
NA110 echo Service Disable & sc config "gazoueveefm" start= disabled & echo Windowexe.com
NA111 sc stop "hdpvvuuccg"
NA112 echo Service Disable & sc config "hdpvvuuccg" start= disabled & echo Windowexe.com
NA113 sc stop "hhsrxmfrnqq"
NA114 echo Service Disable & sc config "hhsrxmfrnqq" start= disabled & echo Windowexe.com
NA115 sc stop "hksimrooxgx"
NA116 echo Service Disable & sc config "hksimrooxgx" start= disabled & echo Windowexe.com
NA117 sc stop "lgyuppg"
NA118 echo Service Disable & sc config "lgyuppg" start= disabled & echo Windowexe.com
NA119 sc stop "llgmmh"
NA120 echo Service Disable & sc config "llgmmh" start= disabled & echo Windowexe.com
NA121 sc stop "NATService"
NA122 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA123 sc stop "ncighstd"
NA124 echo Service Disable & sc config "ncighstd" start= disabled & echo Windowexe.com
NA125 sc stop "olctpopfrx"
NA126 echo Service Disable & sc config "olctpopfrx" start= disabled & echo Windowexe.com
NA127 sc stop "qfofzxoykn"
NA128 echo Service Disable & sc config "qfofzxoykn" start= disabled & echo Windowexe.com
NA129 sc stop "rhplinfqs"
NA130 echo Service Disable & sc config "rhplinfqs" start= disabled & echo Windowexe.com
NA131 sc stop "svclcaskkkz"
NA132 echo Service Disable & sc config "svclcaskkkz" start= disabled & echo Windowexe.com
NA133 sc stop "winspsv32"
NA134 echo Service Disable & sc config "winspsv32" start= disabled & echo Windowexe.com
NA135 sc stop "yxqolnptfk"
NA136 echo Service Disable & sc config "yxqolnptfk" start= disabled & echo Windowexe.com
NA137 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{8605E9B4-68C1-4ED9-B282-74C1AA3C312E}" /f
NA138 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{8605E9B4-68C1-4ED9-B282-74C1AA3C312E}" /f
NA139 echo Created by Windowexe.com
NA140 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D64A7743-7E62-4002-90EA-80E0671F9902}" /f
NA141 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{D64A7743-7E62-4002-90EA-80E0671F9902}" /f
NA142 echo Created by Windowexe.com
NA143 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA214B13-1A9F-480B-B749-94A566FC59D9}" /f
NA144 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{FA214B13-1A9F-480B-B749-94A566FC59D9}" /f
NA145 echo Created by Windowexe.com
NA146 echo schtasks Delete & schtasks /delete /tn "HubGate" /f
NA147 echo Created by Windowexe.com
NA148 echo schtasks Delete & schtasks /delete /tn "Windows prime ad-pop" /f
NA149 echo Created by Windowexe.com
NA150 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\HubGate.job"
NA151 echo Created by Windowexe.com
NA152 echo End
NA153 ======================================================================
NA154 echo Created by Windowexe.com / do not delete this label.
NA155 ======================================================================