프로그램분석
System Analyzer Report 2012, 12, 12
프로세스 천국
2012. 12. 12. 09:20
NA001 echo Created by Windowexe.com / do not delete this label.
NA002 echo Start
NA003 echo windowexe.com & tskill "HubGate" & echo windowdel.com
NA004 echo windowexe.com & tskill "HubGateUpdate" & echo windowdel.com
NA005 echo windowexe.com & tskill "FBDSvcMan" & echo windowdel.com
NA006 echo windowexe.com & tskill "ancamcorderupdate" & echo windowdel.com
NA007 echo windowexe.com & tskill "ancameraup" & echo windowdel.com
NA008 echo windowexe.com & tskill "linkdirectT" & echo windowdel.com
NA009 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA010 echo windowexe.com & tskill "update" & echo windowdel.com
NA011 echo windowexe.com & tskill "QRCodeUp" & echo windowdel.com
NA012 echo windowexe.com & tskill "SystemChkUp" & echo windowdel.com
NA013 echo windowexe.com & tskill "winesrv" & echo windowdel.com
NA014 echo windowexe.com & tskill "winever" & echo windowdel.com
NA015 echo windowexe.com & tskill "WinPro" & echo windowdel.com
NA016 echo windowexe.com & tskill "WinProUp" & echo windowdel.com
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "linkdirectmain" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "linkdirectmain" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "walarm" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "walarm" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheck" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheck" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wfortune" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wfortune" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AnCamera" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AnCamera" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AnCamCorder" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AnCamCorder" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinProUp" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinProUp" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheckup" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheckup" /f
NA035 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "qrcode" /f
NA036 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "qrcode" /f
NA037 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA038 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA039 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA040 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA041 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA042 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA043 echo Created by Windowexe.com
NA044 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA045 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA046 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA047 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA048 sc stop "dlyrvizap"
NA049 echo Service Disable & sc config "dlyrvizap" start= disabled & echo Windowexe.com
NA050 sc stop "FBDSvcman"
NA051 echo Service Disable & sc config "FBDSvcman" start= disabled & echo Windowexe.com
NA052 sc stop "NATService"
NA053 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA054 sc stop "quicksvc"
NA055 echo Service Disable & sc config "quicksvc" start= disabled & echo Windowexe.com
NA056 sc stop "RunS"
NA057 echo Service Disable & sc config "RunS" start= disabled & echo Windowexe.com
NA058 sc stop "winesrv32"
NA059 echo Service Disable & sc config "winesrv32" start= disabled & echo Windowexe.com
NA060 sc stop "Ias"
NA061 echo Service Disable & sc config "Ias" start= disabled & echo Windowexe.com
NA062 sc stop "Irmon"
NA063 echo Service Disable & sc config "Irmon" start= disabled & echo Windowexe.com
NA064 sc stop "6to4"
NA065 echo Service Disable & sc config "6to4" start= disabled & echo Windowexe.com
NA066 sc stop "NetMSSQL"
NA067 echo Service Disable & sc config "NetMSSQL" start= disabled & echo Windowexe.com
NA068 sc stop "netsvcs_0x40"
NA069 echo Service Disable & sc config "netsvcs_0x40" start= disabled & echo Windowexe.com
NA070 sc stop "netsvcs_0x47"
NA071 echo Service Disable & sc config "netsvcs_0x47" start= disabled & echo Windowexe.com
NA072 sc stop "netsvcs_0x50"
NA073 echo Service Disable & sc config "netsvcs_0x50" start= disabled & echo Windowexe.com
NA074 sc stop "netsvcs_0x54"
NA075 echo Service Disable & sc config "netsvcs_0x54" start= disabled & echo Windowexe.com
NA076 sc stop "WebClient NetMSSQL"
NA077 echo Service Disable & sc config "WebClient NetMSSQL" start= disabled & echo Windowexe.com
NA078 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-2461-47fc-A02F-9EB8678B2A5C}" /f
NA079 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-2461-47fc-A02F-9EB8678B2A5C}" /f
NA080 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-25AE-487c-8DD7-1CC9CE85512A}" /f
NA081 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-25AE-487c-8DD7-1CC9CE85512A}" /f
NA082 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-61C1-4d78-9748-81073EFB1E53}" /f
NA083 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-61C1-4d78-9748-81073EFB1E53}" /f
NA084 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A91263EE-61C1-4d78-9748-81073EFB1E53}" /f
NA085 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{A91263EE-61C1-4d78-9748-81073EFB1E53}" /f
NA086 echo schtasks Delete & schtasks /delete /tn "HubGate" /f
NA087 echo schtasks Delete & schtasks /delete /tn "HubGateUpdate" /f
NA088 echo schtasks Delete & schtasks /delete /tn "utiltop" /f
NA089 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\HubGate.job"
NA090 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\HubGateUpdate.job"
NA091 echo 000 & reg.exe delete "HKCR\CLSID\{5121BCAB-14D5-40AD-A469-4437CC51F7AA}" /f & echo windowdel.com
NA092 echo 000 & reg.exe delete "HKCR\CLSID\{A832F633-668F-4F8A-9EA1-A6375D1C1418}" /f & echo windowdel.com
NA093 echo End
NA002 echo Start
NA003 echo windowexe.com & tskill "HubGate" & echo windowdel.com
NA004 echo windowexe.com & tskill "HubGateUpdate" & echo windowdel.com
NA005 echo windowexe.com & tskill "FBDSvcMan" & echo windowdel.com
NA006 echo windowexe.com & tskill "ancamcorderupdate" & echo windowdel.com
NA007 echo windowexe.com & tskill "ancameraup" & echo windowdel.com
NA008 echo windowexe.com & tskill "linkdirectT" & echo windowdel.com
NA009 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA010 echo windowexe.com & tskill "update" & echo windowdel.com
NA011 echo windowexe.com & tskill "QRCodeUp" & echo windowdel.com
NA012 echo windowexe.com & tskill "SystemChkUp" & echo windowdel.com
NA013 echo windowexe.com & tskill "winesrv" & echo windowdel.com
NA014 echo windowexe.com & tskill "winever" & echo windowdel.com
NA015 echo windowexe.com & tskill "WinPro" & echo windowdel.com
NA016 echo windowexe.com & tskill "WinProUp" & echo windowdel.com
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "linkdirectmain" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "linkdirectmain" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "walarm" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "walarm" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheck" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheck" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wfortune" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wfortune" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AnCamera" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AnCamera" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AnCamCorder" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AnCamCorder" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinProUp" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinProUp" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheckup" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wsyscheckup" /f
NA035 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "qrcode" /f
NA036 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "qrcode" /f
NA037 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA038 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA039 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA040 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA041 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA042 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{339E5541-DA75-412A-9F9B-3C014BE1050B}" /f
NA043 echo Created by Windowexe.com
NA044 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA045 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA046 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA047 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{E7A20F9D-BA43-43D8-A2E0-CE28D763EF72}" /f
NA048 sc stop "dlyrvizap"
NA049 echo Service Disable & sc config "dlyrvizap" start= disabled & echo Windowexe.com
NA050 sc stop "FBDSvcman"
NA051 echo Service Disable & sc config "FBDSvcman" start= disabled & echo Windowexe.com
NA052 sc stop "NATService"
NA053 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA054 sc stop "quicksvc"
NA055 echo Service Disable & sc config "quicksvc" start= disabled & echo Windowexe.com
NA056 sc stop "RunS"
NA057 echo Service Disable & sc config "RunS" start= disabled & echo Windowexe.com
NA058 sc stop "winesrv32"
NA059 echo Service Disable & sc config "winesrv32" start= disabled & echo Windowexe.com
NA060 sc stop "Ias"
NA061 echo Service Disable & sc config "Ias" start= disabled & echo Windowexe.com
NA062 sc stop "Irmon"
NA063 echo Service Disable & sc config "Irmon" start= disabled & echo Windowexe.com
NA064 sc stop "6to4"
NA065 echo Service Disable & sc config "6to4" start= disabled & echo Windowexe.com
NA066 sc stop "NetMSSQL"
NA067 echo Service Disable & sc config "NetMSSQL" start= disabled & echo Windowexe.com
NA068 sc stop "netsvcs_0x40"
NA069 echo Service Disable & sc config "netsvcs_0x40" start= disabled & echo Windowexe.com
NA070 sc stop "netsvcs_0x47"
NA071 echo Service Disable & sc config "netsvcs_0x47" start= disabled & echo Windowexe.com
NA072 sc stop "netsvcs_0x50"
NA073 echo Service Disable & sc config "netsvcs_0x50" start= disabled & echo Windowexe.com
NA074 sc stop "netsvcs_0x54"
NA075 echo Service Disable & sc config "netsvcs_0x54" start= disabled & echo Windowexe.com
NA076 sc stop "WebClient NetMSSQL"
NA077 echo Service Disable & sc config "WebClient NetMSSQL" start= disabled & echo Windowexe.com
NA078 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-2461-47fc-A02F-9EB8678B2A5C}" /f
NA079 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-2461-47fc-A02F-9EB8678B2A5C}" /f
NA080 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-25AE-487c-8DD7-1CC9CE85512A}" /f
NA081 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-25AE-487c-8DD7-1CC9CE85512A}" /f
NA082 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{00000012-61C1-4d78-9748-81073EFB1E53}" /f
NA083 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{00000012-61C1-4d78-9748-81073EFB1E53}" /f
NA084 echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A91263EE-61C1-4d78-9748-81073EFB1E53}" /f
NA085 echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{A91263EE-61C1-4d78-9748-81073EFB1E53}" /f
NA086 echo schtasks Delete & schtasks /delete /tn "HubGate" /f
NA087 echo schtasks Delete & schtasks /delete /tn "HubGateUpdate" /f
NA088 echo schtasks Delete & schtasks /delete /tn "utiltop" /f
NA089 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\HubGate.job"
NA090 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\HubGateUpdate.job"
NA091 echo 000 & reg.exe delete "HKCR\CLSID\{5121BCAB-14D5-40AD-A469-4437CC51F7AA}" /f & echo windowdel.com
NA092 echo 000 & reg.exe delete "HKCR\CLSID\{A832F633-668F-4F8A-9EA1-A6375D1C1418}" /f & echo windowdel.com
NA093 echo End