Trojan.downloader ad.pkg report 2012. 06. 07

copy and paste.

 

======================================================================
echo Created by Windowexe.com / do not delete this label.
======================================================================

echo Start
echo windowexe.com & tskill "appopsvc" & echo windowdel.com
echo windowexe.com & tskill "GuideOn" & echo windowdel.com
echo windowexe.com & tskill "GuideOn" & echo windowdel.com
echo windowexe.com & tskill "keywordfindagent" & echo windowdel.com
echo windowexe.com & tskill "keywordfindagent" & echo windowdel.com
echo windowexe.com & tskill "SmartTool" & echo windowdel.com
echo windowexe.com & tskill "SmartTool" & echo windowdel.com
echo windowexe.com & tskill "WizSearch" & echo windowdel.com
echo windowexe.com & tskill "WizSearch" & echo windowdel.com
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "keywordfindagent" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "keywordfindagent" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WizSearch" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WizSearch" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "smartsafer main" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "smartsafer main" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowcurestart.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowcurestart.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "powerboan main" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "powerboan main" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "update.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "update.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "SmartTool" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SmartTool" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GuideOn" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GuideOn" /f
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo Created by Windowexe.com
sc stop "apartpop SVC"
echo Service Disable & sc config "apartpop SVC" start= disabled & echo Windowexe.com
sc stop "mclenmds SVC"
echo Service Disable & sc config "mclenmds SVC" start= disabled & echo Windowexe.com
sc stop "norbaweum SVC"
echo Service Disable & sc config "norbaweum SVC" start= disabled & echo Windowexe.com
sc stop "winkpksvc"
echo Service Disable & sc config "winkpksvc" start= disabled & echo Windowexe.com
echo schtasks Delete & schtasks /delete /tn "MicroWebAD Installer 1.1" /f
echo Created by Windowexe.com
echo change dir for x64
cd %windir%
cd syswow64
echo windowexe.com & tskill "appopsvc" & echo windowdel.com
echo windowexe.com & tskill "GuideOn" & echo windowdel.com
echo windowexe.com & tskill "GuideOn" & echo windowdel.com
echo windowexe.com & tskill "keywordfindagent" & echo windowdel.com
echo windowexe.com & tskill "keywordfindagent" & echo windowdel.com
echo windowexe.com & tskill "SmartTool" & echo windowdel.com
echo windowexe.com & tskill "SmartTool" & echo windowdel.com
echo windowexe.com & tskill "WizSearch" & echo windowdel.com
echo windowexe.com & tskill "WizSearch" & echo windowdel.com
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "keywordfindagent" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "keywordfindagent" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WizSearch" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WizSearch" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "smartsafer main" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "smartsafer main" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "windowcurestart.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "windowcurestart.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "powerboan main" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "powerboan main" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "IETab" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "update.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "update.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "SmartTool" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SmartTool" /f
echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "GuideOn" /f
echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "GuideOn" /f
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2D891923-34B7-4186-9B47-752624535DC1}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{62283419-4E2B-435E-B408-483F55D0FEC5}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6323EB95-40E2-4b6e-90FC-B32D3F7A290C}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6704E2EA-6213-4d17-BB3D-4AE9E3609536}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{6CFAA0AD-C62B-47B9-B850-7F295A7B4349}" /f
echo Created by Windowexe.com
echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CC01FC6C-3890-4B05-AE2E-8E0BC223EA38}" /f
echo Created by Windowexe.com
sc stop "apartpop SVC"
echo Service Disable & sc config "apartpop SVC" start= disabled & echo Windowexe.com
sc stop "mclenmds SVC"
echo Service Disable & sc config "mclenmds SVC" start= disabled & echo Windowexe.com
sc stop "norbaweum SVC"
echo Service Disable & sc config "norbaweum SVC" start= disabled & echo Windowexe.com
sc stop "winkpksvc"
echo Service Disable & sc config "winkpksvc" start= disabled & echo Windowexe.com
echo schtasks Delete & schtasks /delete /tn "MicroWebAD Installer 1.1" /f
echo Created by Windowexe.com
echo End

======================================================================
echo Created by Windowexe.com / do not delete this label.
======================================================================