Code : KrlwXUeVCkRn2Tv3TJo5s9jrSzVI//YDgUJiu9JNOAo=

[00-PROCESS]**alg -/- C:\WINDOWS\System32\alg.exe
[00-PROCESS]**aspnet_state -/- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[00-PROCESS]**Ati2evxx -/- C:\WINDOWS\system32\Ati2evxx.exe
[00-PROCESS]**chrome -/- C:\Program Files\Google\Chrome\Application\chrome.exe
[00-PROCESS]**cisvc -/- C:\WINDOWS\system32\cisvc.exe
[00-PROCESS]**clipsrv -/- C:\WINDOWS\system32\clipsrv.exe
[00-PROCESS]**conime -/- C:\WINDOWS\system32\conime.exe
[00-PROCESS]**ctfmon -/- C:\WINDOWS\system32\ctfmon.exe
[00-PROCESS]**dllhost -/- C:\WINDOWS\system32\dllhost.exe
[00-PROCESS]**Explorer -/- C:\WINDOWS\Explorer.EXE
[00-PROCESS]**FlashPlayerUpdateService -/- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[00-PROCESS]**GoogleToolbarNotifier -/- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[00-PROCESS]**GoogleUpdate -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[00-PROCESS]**GoogleUpdaterService -/- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[00-PROCESS]**imapi -/- C:\WINDOWS\system32\imapi.exe
[00-PROCESS]**lcpagent -/- C:\Documents and Settings\Administrator\Application Data\livetools\codec\lcpagent.exe
[00-PROCESS]**lcuagent -/- C:\Documents and Settings\Administrator\Application Data\livetools\update\lcuagent.exe
[00-PROCESS]**LiveCodecUpdate -/- C:\Program Files\LiveCodec\LiveCodecUpdate.exe
[00-PROCESS]**locator -/- C:\WINDOWS\system32\locator.exe
[00-PROCESS]**lsass -/- C:\WINDOWS\system32\lsass.exe
[00-PROCESS]**mnmsrvc -/- C:\WINDOWS\system32\mnmsrvc.exe
[00-PROCESS]**mscorsvw -/- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00-PROCESS]**msdtc -/- C:\WINDOWS\system32\msdtc.exe
[00-PROCESS]**msiexec -/- C:\WINDOWS\system32\msiexec.exe
[00-PROCESS]**NaverAgent -/- C:\Program Files\naver\NaverAgent\NaverAgent.exe
[00-PROCESS]**netdde -/- C:\WINDOWS\system32\netdde.exe
[00-PROCESS]**npkcmsvc -/- C:\WINDOWS\system32\npkcmsvc.exe
[00-PROCESS]**ntasvr -/- C:\Program Files\Nate\AddressSearch\ntasvr.exe
[00-PROCESS]**OSE -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00-PROCESS]**rsvp -/- C:\WINDOWS\system32\rsvp.exe
[00-PROCESS]**SCardSvr -/- C:\WINDOWS\System32\SCardSvr.exe
[00-PROCESS]**services -/- C:\WINDOWS\system32\services.exe
[00-PROCESS]**sessmgr -/- C:\WINDOWS\system32\sessmgr.exe
[00-PROCESS]**smlogsvc -/- C:\WINDOWS\system32\smlogsvc.exe
[00-PROCESS]**smss -/- C:\WINDOWS\System32\smss.exe
[00-PROCESS]**SOUNDMAN -/- C:\WINDOWS\SOUNDMAN.EXE
[00-PROCESS]**spoolsv -/- C:\WINDOWS\system32\spoolsv.exe
[00-PROCESS]**svchost -/- C:\WINDOWS\system32\svchost.exe
[00-PROCESS]**tlntsvr -/- C:\WINDOWS\system32\tlntsvr.exe
[00-PROCESS]**ups -/- C:\WINDOWS\System32\ups.exe
[00-PROCESS]**V3LSvc -/- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
[00-PROCESS]**V3LTray -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe
[00-PROCESS]**vssvc -/- C:\WINDOWS\System32\vssvc.exe
[00-PROCESS]**wdfmgr -/- C:\WINDOWS\system32\wdfmgr.exe
[00-PROCESS]**winlogon -/- C:\WINDOWS\system32\winlogon.exe
[00-PROCESS]**WinxpendUP_f5 -/- C:\Program Files\WinExpand_f5\WinxpendUP_f5.exe
[00-PROCESS]**wmiapsrv -/- C:\WINDOWS\system32\wbem\wmiapsrv.exe
[00-PROCESS]**YahooAUService -/- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
[01-HKCUREG]**AhnLab V3Lite Tray Process -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe /logon
[01-HKCUREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[01-HKCUREG]**lcp -/- C:\Documents and Settings\Administrator\Application Data\livetools\codec\lcpagent.exe
[01-HKCUREG]**lcu -/- C:\Documents and Settings\Administrator\Application Data\livetools\update\lcuagent.exe
[01-HKCUREG]**LiveCodecUpdate -/- C:\Program Files\LiveCodec\LiveCodecUpdate.exe boot
[01-HKCUREG]**NaverAgent -/- C:\Program Files\naver\NaverAgent\NaverAgent.exe /autorun
[01-HKCUREG]**ntasvr -/- C:\Program Files\Nate\AddressSearch\ntasvr.exe
[01-HKCUREG]**SoundMan -/- SOUNDMAN.EXE
[01-HKCUREG]**swg -/- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[01-HKCUREG]**WinxpendUP_f5 -/- C:\Program Files\WinExpand_f5\WinxpendUP_f5.exe
[02-HKLMREG]**AhnLab V3Lite Tray Process -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe /logon
[02-HKLMREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[02-HKLMREG]**lcp -/- C:\Documents and Settings\Administrator\Application Data\livetools\codec\lcpagent.exe
[02-HKLMREG]**lcu -/- C:\Documents and Settings\Administrator\Application Data\livetools\update\lcuagent.exe
[02-HKLMREG]**LiveCodecUpdate -/- C:\Program Files\LiveCodec\LiveCodecUpdate.exe boot
[02-HKLMREG]**NaverAgent -/- C:\Program Files\naver\NaverAgent\NaverAgent.exe /autorun
[02-HKLMREG]**ntasvr -/- C:\Program Files\Nate\AddressSearch\ntasvr.exe
[02-HKLMREG]**SoundMan -/- SOUNDMAN.EXE
[02-HKLMREG]**swg -/- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[02-HKLMREG]**WinxpendUP_f5 -/- C:\Program Files\WinExpand_f5\WinxpendUP_f5.exe
[03-BHOCLSD]**Adobe PDF Link Helper -/- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll -/- {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
[03-BHOCLSD]**Google Toolbar Helper -/- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -/- {AA58ED58-01DD-4d91-8333-CF10577473F7}
[03-BHOCLSD]**Google Toolbar Notifier BHO -/- C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll -/- {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
[03-BHOCLSD]**Nate Class -/- C:\Program Files\Nate\AddressSearch\sch.dll -/- {BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}
[03-BHOCLSD]**Naver SafeGuard -/- c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2012_4_26_1.dll -/- {000011A1-74C9-4c7e-9B4E-59B5765CF409}
[03-BHOCLSD]**Smart Targeting AD -/- C:\Program Files\WinExpand_f5\WinExpandPu_f5.dll -/- {00000D27-3C23-42CA-BA69-EAD72A010F00}
[03-BHOCLSD]**WinExpandB Class -/- C:\Program Files\WinExpand_f5\WinExpand_f5.dll -/- {00000441-8E0A-4A9C-9C14-29263749E122}
[03-BHOCLSD]**네이버 툴바 도우미 -/- C:\Program Files\naver\NaverToolbar\NaverTB_3_5_4_45.dll -/- {67C41E9E-2EBF-4F2B-AF74-314F0D793172}
[04-TOOLBAR]**Google Toolbar -/- C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -/- {2318C2B1-4965-11d4-9B18-009027A5CD4F}
[04-TOOLBAR]**네이버 툴바(&N) -/- C:\Program Files\naver\NaverToolbar\NaverTB_3_5_4_45.dll -/- {D09CFF09-A42A-4EDC-9804-E61224F59CA1}
[05-SERVICE]**AdobeFlashPlayerUpdateSvc -/- Adobe Flash Player Update Service -/- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[05-SERVICE]**ALYac_PZSrv -/- ALYac_PZSrv -/- C:\Program Files\ESTsoft\ALYac\AYServiceNt.aye
[05-SERVICE]**Ati HotKey Poller -/- Ati HotKey Poller -/- C:\WINDOWS\system32\Ati2evxx.exe
[05-SERVICE]**bivzmdpmm -/- Shell Windows -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\zgynj.dll
[05-SERVICE]**gupdate -/- Google 업데이트 서비스 (gupdate) -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[05-SERVICE]**gupdatem -/- Google 업데이트 서비스 (gupdatem) -/- C:\Program Files\Google\Update\GoogleUpdate.exe
[05-SERVICE]**gusvc -/- Google Software Updater -/- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[05-SERVICE]**Irmon -/- Infrared Monitor -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\System32\irmon.dll
[05-SERVICE]**napagent -/- Network Access Protection Agent -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\qagentrt.dll
[05-SERVICE]**NMIndexingService -/- NMIndexingService -/- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
[05-SERVICE]**npggsvc -/- nProtect GameGuard Service -/- C:\WINDOWS\system32\GameMon.des -service
[05-SERVICE]**npkcmsvc -/- npkcmsvc -/- C:\WINDOWS\system32\npkcmsvc.exe
[05-SERVICE]**ose -/- Office Source Engine -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[05-SERVICE]**UMWdf -/- Windows User Mode Driver Framework -/- C:\WINDOWS\system32\wdfmgr.exe
[05-SERVICE]**V3 Lite Service -/- V3 Lite Service -/- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
[05-SERVICE]**YahooAUService -/- Yahoo! Updater -/- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

 

Code : tGyn3fS91uw59EH2OKzqxzX1tJeE4gV3

NA001 echo Start
NA002 echo windowexe.com & tskill "lcpagent" & echo windowdel.com
NA003 echo windowexe.com & tskill "lcuagent" & echo windowdel.com
NA004 echo windowexe.com & tskill "LiveCodecUpdate" & echo windowdel.com
NA005 echo windowexe.com & tskill "ntasvr" & echo windowdel.com
NA006 echo windowexe.com & tskill "WinxpendUP_f5" & echo windowdel.com
NA007 echo windowexe.com & tskill "WinxpendUP_f5" & echo windowdel.com
NA008 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "LiveCodecUpdate" /f
NA009 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "LiveCodecUpdate" /f
NA010 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "LiveCodecUpdate" /f
NA011 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "lcp" /f
NA012 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "lcp" /f
NA013 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "lcp" /f
NA014 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "lcu" /f
NA015 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "lcu" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "lcu" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ntasvr" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ntasvr" /f
NA019 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "ntasvr" /f
NA020 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinxpendUP_f5" /f
NA021 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinxpendUP_f5" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "WinxpendUP_f5" /f
NA023 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000441-8E0A-4A9C-9C14-29263749E122}" /f
NA024 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000441-8E0A-4A9C-9C14-29263749E122}" /f
NA025 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000441-8E0A-4A9C-9C14-29263749E122}" /f
NA026 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{00000441-8E0A-4A9C-9C14-29263749E122}" /f
NA027 echo Created by Windowexe.com
NA028 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000D27-3C23-42CA-BA69-EAD72A010F00}" /f
NA029 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000D27-3C23-42CA-BA69-EAD72A010F00}" /f
NA030 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000D27-3C23-42CA-BA69-EAD72A010F00}" /f
NA031 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{00000D27-3C23-42CA-BA69-EAD72A010F00}" /f
NA032 echo Created by Windowexe.com
NA033 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}" /f
NA034 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}" /f
NA035 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}" /f
NA036 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{BC92C53E-A5C1-4D33-995C-AB7BB869E0E6}" /f
NA037 echo Created by Windowexe.com
NA038 echo Service Disable & sc config "bivzmdpmm" start= disabled & echo Windowexe.com
NA039 echo schtasks Delete & schtasks /delete /tn "WinExpandUpdate_f5" /f
NA040 echo Created by Windowexe.com
NA041 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\WinExpandUpdate_f5.job"
NA042 echo Created by Windowexe.com
NA043 echo End