Code : Uvh4aa9sbT0ebm88jMK1ohAp8lith2U3

프로그램분석

Code : Uvh4aa9sbT0ebm88jMK1ohAp8lith2U3

프로세스 천국 2013. 2. 18. 15:10

System Analyzer Report 2013, 02, 18

NA001 ======================================================================
NA002 echo Created by Windowexe.com / do not delete this label.
NA003 ======================================================================
NA004 echo Start
NA005 echo windowexe.com & tskill "rthtsahfg" & echo windowdel.com
NA006 echo windowexe.com & tskill "internetdownload_se" & echo windowdel.com
NA007 echo windowexe.com & tskill "entering-se" & echo windowdel.com
NA008 echo windowexe.com & tskill "RaclSvc" & echo windowdel.com
NA009 echo windowexe.com & tskill "natsvc" & echo windowdel.com
NA010 echo windowexe.com & tskill "HSSvcApp" & echo windowdel.com
NA011 echo windowexe.com & tskill "HSSearch" & echo windowdel.com
NA012 echo windowexe.com & tskill "hufzuk" & echo windowdel.com
NA013 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA014 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA015 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Racl" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Racl" /f
NA019 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "TabSync" /f
NA020 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TabSync" /f
NA021 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinxpendUP_imnw" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinxpendUP_imnw" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA025 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA026 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA027 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "gcodecopen" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "HiSch" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "HiSch" /f
NA031 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "itore2" /f
NA032 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "itore2" /f
NA033 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Search Protection" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Search Protection" /f
NA035 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA036 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA037 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA038 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{EB291D96-1D76-450D-90E4-BE798BA796E8}" /f
NA039 echo Created by Windowexe.com
NA040 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA041 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA042 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA043 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{A433374B-2F44-402B-AB7E-E58B4A09DF8A}" /f
NA044 echo Created by Windowexe.com
NA045 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA046 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA047 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA048 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA049 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA050 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA051 echo Created by Windowexe.com
NA052 sc stop "SmartMode Update Service"
NA053 echo Service Disable & sc config "SmartMode Update Service" start= disabled & echo Windowexe.com
NA054 sc stop "NATService"
NA055 echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
NA056 sc stop "InternetDownload Update Service"
NA057 echo Service Disable & sc config "InternetDownload Update Service" start= disabled & echo Windowexe.com
NA058 sc stop "enteringservice"
NA059 echo Service Disable & sc config "enteringservice" start= disabled & echo Windowexe.com
NA060 sc stop "deofru"
NA061 echo Service Disable & sc config "deofru" start= disabled & echo Windowexe.com
NA062 echo schtasks Delete & schtasks /delete /tn "WinExpandUpdate_smve5" /f
NA063 echo Created by Windowexe.com
NA064 echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\WinExpandUpdate_smve5.job"
NA065 echo Created by Windowexe.com
NA066 echo 000 & reg.exe add "HKCU\Software\Microsoft\Internet Explorer\Main" /v "Start Page" /d "http://www.naver.com" /f & echo windowdel.com
NA067 echo Created by Windowexe.com
NA068 echo End
NA069 ======================================================================
NA070 echo Created by Windowexe.com / do not delete this label.
NA071 ======================================================================