애드웨어, 허위백신, 팝업광고, 쇼핑몰 바로가기, 악성툴바, 각종 개쓰레기 프로그램 삭제 요청하기
이용약관을 안내하며 컴퓨터에 설치하는 개쓰레기 프로그램들은 백신으로 백날 돌려봐야 검색이 안됩니다.
개쓰레기 프로그램들은 아주 지능적이라서 전문가가 아니고서는 찾아내기가 어렵습니다.


[ampir5.sp Trojan.Downloader Ad.pkg] Processing Time : 63ms / 2012-04-05

----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Windows 7 Ultimate Service Pack 1(6.1.7601.65536)
Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz / 1,023.55 MB
Intel64 Family 6 Model 37 Stepping 5
Date : 2012-04-05
----------------------------------------------------------------------
DF000 C:\Program Files (x86)\addenbar\addenbar.dll
DF001 C:\Program Files (x86)\addenbar\addenbaragent.exe
DF002 C:\Program Files (x86)\cobato\cbtal.exe
DF003 C:\Program Files (x86)\cobato\cbtdel.exe
DF004 C:\Program Files (x86)\cobato\cbtdl.dll
DF005 C:\Program Files (x86)\cobato\cbtup.exe
DF006 C:\Program Files (x86)\cool-pc\cool-pc.exe
DF007 C:\Program Files (x86)\cool-pc\cool-pcEngine.exe
DF008 C:\Program Files (x86)\cool-pc\cool-pcse.exe
DF009 C:\Program Files (x86)\cool-pc\cool-pcU.exe
DF010 C:\Program Files (x86)\cool-pc\uninst_cool-pc.exe
DF011 C:\Program Files (x86)\dm\dm.dll
DF012 C:\Program Files (x86)\dm\dm.exe
DF013 C:\Program Files (x86)\dm\dmsp.dll
DF014 C:\Program Files (x86)\nurungzi\agnrz.exe
DF015 C:\Program Files (x86)\nurungzi\amnrz.exe
DF016 C:\Program Files (x86)\nurungzi\dlnrz.dll
DF017 C:\Program Files (x86)\nurungzi\mnnrz.exe
DF018 C:\Program Files (x86)\nurungzi\udnrz.exe
DF019 C:\Program Files (x86)\nurungzi\updnrz.exe
DF020 C:\Program Files (x86)\sponsormatch\sponsormatch.exe
DF021 C:\Program Files (x86)\sponsormatch\sponsormatchagent.exe
DF022 C:\Program Files (x86)\subjet\acircle.exe
DF023 C:\Program Files (x86)\subjet\sjt.exe
DF024 C:\Program Files (x86)\subjet\subjet.dll
DF025 C:\Program Files (x86)\subjet\subjetb.dll
DF026 C:\Program Files (x86)\subjet\subjete.exe
DF027 C:\Program Files (x86)\UtilZone\Cleaner.exe
DF028 C:\Program Files (x86)\UtilZone\UtilZone.dll
DF029 C:\Program Files (x86)\UtilZone\UtilZone.exe
DF030 C:\Program Files\addenbar\addenov.dll
DF031 C:\Program Files\FirstClick\FirstClick.dll
DF032 C:\Program Files\FirstClick\FirstClickInstaller.exe
DF033 C:\Program Files\FirstClick\FirstClickUpdater.exe
DF034 C:\ProgramData\WindowsTab\uninst.exe
DF035 C:\ProgramData\WindowsTab\windowstab.exe
DF036 C:\ProgramData\WindowsTab\windowstabup.exe
DF037 C:\Users\ADMINI~1\AppData\Local\Temp\0.exe
DF038 C:\Users\ADMINI~1\AppData\Local\Temp\1.exe
DF039 C:\Users\ADMINI~1\AppData\Local\Temp\10.exe
DF040 C:\Users\ADMINI~1\AppData\Local\Temp\11.exe
DF041 C:\Users\ADMINI~1\AppData\Local\Temp\12.exe
DF042 C:\Users\ADMINI~1\AppData\Local\Temp\13.exe
DF043 C:\Users\ADMINI~1\AppData\Local\Temp\2.exe
DF044 C:\Users\ADMINI~1\AppData\Local\Temp\3.exe
DF045 C:\Users\ADMINI~1\AppData\Local\Temp\4.exe
DF046 C:\Users\ADMINI~1\AppData\Local\Temp\5.exe
DF047 C:\Users\ADMINI~1\AppData\Local\Temp\6.exe
DF048 C:\Users\ADMINI~1\AppData\Local\Temp\7.exe
DF049 C:\Users\ADMINI~1\AppData\Local\Temp\8.exe
DF050 C:\Users\ADMINI~1\AppData\Local\Temp\9.exe
DF086 C:\Windows\audnrz.exe
DF087 C:\Windows\cbtad.exe
----------------------------------------------------------------------
SC088 cool-pcService -/- cool-pc Service -/- - -/-  -/- C:\Program Files (x86)\cool-pc\cool-pcse.exe
----------------------------------------------------------------------
UN089 WindowsTab Uninstall -/- /- WindowsTab -/- hxxp://www.about-tab.com -/- -
----------------------------------------------------------------------
US090 sponsormatch -/- C:\Program Files (x86)\sponsormatch\sponsormatch.exe
US091 sponsormatchagent -/- C:\Program Files (x86)\sponsormatch\sponsormatchagent.exe
US092 DualMatching -/- C:\Program Files (x86)\dm\dm.exe
US093 WindowsTab -/- C:\ProgramData\WindowsTab\windowstabup.exe
US094 addenbaragent -/- C:\Program Files (x86)\addenbar\addenbaragent.exe
US095 FirstClickUpdater -/- C:\Program Files\FirstClick\FirstClickUpdater.exe
US096 subjet -/- C:\Program Files (x86)\subjet\subjete.exe
LS097 UtilZone -/- C:\Program Files (x86)\UtilZone\UtilZone.exe
LS098 cobato -/- C:\Program Files (x86)\cobato\cbtup.exe
LS099 nurungzi -/- C:\Program Files (x86)\nurungzi\updnrz.exe
LS100 nurungziUpdate -/- C:\Program Files (x86)\nurungzi\agnrz.exe
----------------------------------------------------------------------
BH101 FirstClickBHO Class -/- C:\Program Files\FirstClick\FirstClick.dll -/- {1E905554-CF1D-4C5B-9085-A74F8E76A042}
BH102 UtilZoneHelper -/- C:\Program Files (x86)\UtilZone\UtilZone.dll -/- {6F8DA4FC-BFEC-47E8-88D2-D88C4B6D0EDC}
BH103 subjet -/- C:\PROGRA~2\subjet\subjetb.dll -/- {7B1F1AE7-7B63-487E-8F45-1471E1BD826E}
BH104 DualMatching Live -/- c:\program files (x86)\dm\dm.dll -/- {7B1F3650-64DD-477a-9D09-DA14ABCBFF7B}
BH105 addenbar Class -/- C:\Program Files (x86)\addenbar\addenbar.dll -/- {9A3D68DC-5557-46E0-BD7B-BF64B561BD96}
BH106 IECtrl Class -/- C:\PROGRA~2\nurungzi\dlnrz.dll -/- {CBCBB24B-72D0-48F3-B03D-C9237C019606}
BH107 adden_ov -/- c:\PROGRA~1\addenbar\addenov.dll -/- {CC01FC6C-DCA0-4F39-B902-DF736EF8E5E9}
BH108 IECtrl Class -/- C:\PROGRA~2\cobato\cbtdl.dll -/- {FB37C411-AA9A-44A8-8147-343AB83A4DD6}
----------------------------------------------------------------------
Deleted Files : 88
Remove Service : 1
Remove Uninstall Entry : 1
Remove Startup Entry : 11
Remove Browser Helper Object : 8
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
WindowexeAllkiller Remove Database 2012-04-05
[01-HKCUREG]**sponsormatch
[01-HKCUREG]**sponsormatchagent
[01-HKCUREG]**DualMatching
[01-HKCUREG]**WindowsTab
[01-HKCUREG]**addenbaragent
[01-HKCUREG]**FirstClickUpdater
[01-HKCUREG]**subjet
[02-HKLMREG]**UtilZone
[02-HKLMREG]**cobato
[02-HKLMREG]**nurungzi
[02-HKLMREG]**nurungziUpdate
[03-BHOCLSD]**{1E905554-CF1D-4C5B-9085-A74F8E76A042}
[03-BHOCLSD]**{6F8DA4FC-BFEC-47E8-88D2-D88C4B6D0EDC}
[03-BHOCLSD]**{7B1F1AE7-7B63-487E-8F45-1471E1BD826E}
[03-BHOCLSD]**{7B1F3650-64DD-477a-9D09-DA14ABCBFF7B}
[03-BHOCLSD]**{9A3D68DC-5557-46E0-BD7B-BF64B561BD96}
[03-BHOCLSD]**{CBCBB24B-72D0-48F3-B03D-C9237C019606}
[03-BHOCLSD]**{CC01FC6C-DCA0-4F39-B902-DF736EF8E5E9}
[03-BHOCLSD]**{FB37C411-AA9A-44A8-8147-343AB83A4DD6}
[05-SERVICE]**cool-pcService
----------------------------------------------------------------------
Total Processing Time : 63ms
----------------------------------------------------------------------

신고



요즘 휴대폰 소액결제(월정액 자동결제)를 이용한 사기사이트 및 사기프로그램이 판을 치고 있습니다.
무료백신 프로그램, 무료개인정보삭제 프로그램, 무료 유해사이트차단 프로그램, 무료파일다운, 무료문자, 무료운세, 무료로또, 무료게임, 무료MP3등의 사이트에서 휴대폰 및 일반전화로 절대 인증 하지마세요.

인증하는 즉시 결제되며, 서비스를 해지하지 않는 이상 매월 자동결제됩니다. (인증번호 = 결제번호)
업체마다 결제되는 기간은 다르지만 짧게는 2년, 길게는 20년, 최대 50년짜리도 있습니다.
서비스 업체의 이용약관 및 결제내용에 대해 확실히 알고 인증/사용하시기 바랍니다.
안드로이드계열 스마트폰에서 출처가 없는 설치파일도 다운받지말고 실행하지도 마세요.
해당 통신사에 전화해서 소액결제 안되게끔 차단시키세요. (스마트폰에 무지한 아이들/노인분들 주의)

*악덕업체의 요청으로 인하여 블로그의 게시글이 이유없이 삭제되는 경우 구글 블로그에 재게시 합니다.
[ 2012.04.05 10:12 ] Posted by windowexe.com , 프로그램분석

댓글을 달아 주세요

  1. windowexe.com - 2012.04.06 09:08 신고 댓글주소 수정/삭제 댓글쓰기

    ======================================================================
    echo Created by Windowexe.com / do not delete this label.
    ======================================================================

    echo Start
    echo windowexe.com & tskill "ecomntsv" & echo windowdel.com
    echo windowexe.com & tskill "reservereset" & echo windowdel.com
    echo windowexe.com & tskill "Opentabhper" & echo windowdel.com
    echo windowexe.com & tskill "Opentabch" & echo windowdel.com
    echo windowexe.com & tskill "OpenTab" & echo windowdel.com
    echo windowexe.com & tskill "WinSuggestionsU" & echo windowdel.com
    echo windowexe.com & tskill "WinSuggestions" & echo windowdel.com
    echo windowexe.com & tskill "subjete" & echo windowdel.com
    echo windowexe.com & tskill "sjt" & echo windowdel.com
    echo windowexe.com & tskill "acircle" & echo windowdel.com
    echo windowexe.com & tskill "SafeTerraUpdate" & echo windowdel.com
    echo windowexe.com & tskill "SafeTerra" & echo windowdel.com
    echo windowexe.com & tskill "SearchCloudU" & echo windowdel.com
    echo windowexe.com & tskill "SearchCloud" & echo windowdel.com
    echo windowexe.com & tskill "PopLink" & echo windowdel.com
    echo windowexe.com & tskill "natsvc" & echo windowdel.com
    echo windowexe.com & tskill "microWebAD" & echo windowdel.com
    echo windowexe.com & tskill "WkipUpdate" & echo windowdel.com
    echo windowexe.com & tskill "addentoolagent" & echo windowdel.com
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "addentoolagent" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "addentoolagent" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "AddendumAgent" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "AddendumAgent" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "subjet" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "subjet" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Opentabup" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Opentabup" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Opentabhper" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Opentabhper" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Opentab" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Opentab" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "SearchCloud" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "SearchCloud" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windowns Suggestions" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windowns Suggestions" /f
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC01FC6C-7E27-4AFB-AC0E-36230DF6084E}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC01FC6C-7E27-4AFB-AC0E-36230DF6084E}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CC01FC6C-7E27-4AFB-AC0E-36230DF6084E}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CC01FC6C-7E27-4AFB-AC0E-36230DF6084E}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BC68E426-72B1-4C4C-9910-D802FF47616D}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC68E426-72B1-4C4C-9910-D802FF47616D}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC68E426-72B1-4C4C-9910-D802FF47616D}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{BC68E426-72B1-4C4C-9910-D802FF47616D}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B1F1AE7-7B63-487E-8F45-1471E1BD826E}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B1F1AE7-7B63-487E-8F45-1471E1BD826E}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B1F1AE7-7B63-487E-8F45-1471E1BD826E}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{7B1F1AE7-7B63-487E-8F45-1471E1BD826E}" /f
    echo Created by Windowexe.com
    sc stop "wecomntsv"
    echo Service Disable & sc config "wecomntsv" start= disabled & echo Windowexe.com
    sc stop "best-pcService"
    echo Service Disable & sc config "best-pcService" start= disabled & echo Windowexe.com
    sc stop "best-pc Update Service"
    echo Service Disable & sc config "best-pc Update Service" start= disabled & echo Windowexe.com
    sc stop "NATService"
    echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
    echo schtasks Delete & schtasks /delete /tn "Safeterra" /f
    echo Created by Windowexe.com
    echo schtasks Delete & schtasks /delete /tn "MicroWebAD Installer 1.1" /f
    echo Created by Windowexe.com
    echo schtasks Delete & schtasks /delete /tn "KeywordInfo" /f
    echo Created by Windowexe.com
    echo End

    ======================================================================
    echo Created by Windowexe.com / do not delete this label.
    ======================================================================