애드웨어, 허위백신, 팝업광고, 쇼핑몰 바로가기, 악성툴바, 각종 개쓰레기 프로그램 삭제 요청하기
이용약관을 안내하며 컴퓨터에 설치하는 개쓰레기 프로그램들은 백신으로 백날 돌려봐야 검색이 안됩니다.
개쓰레기 프로그램들은 아주 지능적이라서 전문가가 아니고서는 찾아내기가 어렵습니다.
[00-PROCESS]**alg -/- C:\WINDOWS\System32\alg.exe
[00-PROCESS]**aspnet_state -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
[00-PROCESS]**cisvc -/- C:\WINDOWS\system32\cisvc.exe
[00-PROCESS]**clipsrv -/- C:\WINDOWS\system32\clipsrv.exe
[00-PROCESS]**cmd -/- C:\WINDOWS\system32\cmd.exe
[00-PROCESS]**conime -/- C:\WINDOWS\system32\conime.exe
[00-PROCESS]**ctfmon -/- C:\WINDOWS\system32\ctfmon.exe
[00-PROCESS]**dllhost -/- C:\WINDOWS\system32\dllhost.exe
[00-PROCESS]**dmadmin -/- C:\WINDOWS\System32\dmadmin.exe
[00-PROCESS]**Explorer -/- C:\WINDOWS\Explorer.EXE
[00-PROCESS]**FlashPlayerUpdateService -/- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[00-PROCESS]**guxdlv -/- C:\WINDOWS\system32\guxdlv.exe
[00-PROCESS]**IEXPLORE -/- C:\Program Files\Internet Explorer\IEXPLORE.EXE
[00-PROCESS]**imapi -/- C:\WINDOWS\system32\imapi.exe
[00-PROCESS]**infocard -/- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
[00-PROCESS]**locator -/- C:\WINDOWS\system32\locator.exe
[00-PROCESS]**lsass -/- C:\WINDOWS\system32\lsass.exe
[00-PROCESS]**metablogagent -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\metablogagent.exe
[00-PROCESS]**MetablogNewIssues -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\MetablogNewIssues.exe
[00-PROCESS]**mnmsrvc -/- C:\WINDOWS\system32\mnmsrvc.exe
[00-PROCESS]**mscorsvw -/- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[00-PROCESS]**mscorsvw -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
[00-PROCESS]**msdtc -/- C:\WINDOWS\system32\msdtc.exe
[00-PROCESS]**msiexec -/- C:\WINDOWS\system32\msiexec.exe
[00-PROCESS]**netdde -/- C:\WINDOWS\system32\netdde.exe
[00-PROCESS]**NetMWin -/- C:\Program Files\NetMWin\NetMWin.exe
[00-PROCESS]**npkcmsvc -/- C:\WINDOWS\system32\npkcmsvc.exe
[00-PROCESS]**nvsvc32 -/- C:\WINDOWS\system32\nvsvc32.exe
[00-PROCESS]**ODSERV -/- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[00-PROCESS]**OSE -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[00-PROCESS]**PMB -/- C:\Program Files\Pando Networks\Media Booster\PMB.exe
[00-PROCESS]**PresentationFontCache -/- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
[00-PROCESS]**Qmacro1 -/- C:\Documents and Settings\Administrator\Local Settings\Temp\Qmacro1.exe
[00-PROCESS]**rsvp -/- C:\WINDOWS\system32\rsvp.exe
[00-PROCESS]**RTHDCPL -/- C:\WINDOWS\RTHDCPL.EXE
[00-PROCESS]**SCardSvr -/- C:\WINDOWS\System32\SCardSvr.exe
[00-PROCESS]**services -/- C:\WINDOWS\system32\services.exe
[00-PROCESS]**sessmgr -/- C:\WINDOWS\system32\sessmgr.exe
[00-PROCESS]**smlogsvc -/- C:\WINDOWS\system32\smlogsvc.exe
[00-PROCESS]**smss -/- C:\WINDOWS\System32\smss.exe
[00-PROCESS]**SMSvcHost -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[00-PROCESS]**Sogou -/- C:\Program Files\Common Files\Sogou.exe
[00-PROCESS]**Sougou -/- C:\WINDOWS\system32\Sougou.exe
[00-PROCESS]**spoolsv -/- C:\WINDOWS\system32\spoolsv.exe
[00-PROCESS]**svchost -/- C:\WINDOWS\system32\svchost.exe
[00-PROCESS]**svcspeed -/- C:\WINDOWS\System32\svcspeed.exe
[00-PROCESS]**tlntsvr -/- C:\WINDOWS\system32\tlntsvr.exe
[00-PROCESS]**Updater -/- C:\Program Files\Skype\Updater\Updater.exe
[00-PROCESS]**ups -/- C:\WINDOWS\System32\ups.exe
[00-PROCESS]**V3LSvc -/- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
[00-PROCESS]**V3LTray -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe
[00-PROCESS]**vssvc -/- C:\WINDOWS\System32\vssvc.exe
[00-PROCESS]**winlogon -/- C:\WINDOWS\system32\winlogon.exe
[00-PROCESS]**wmiapsrv -/- C:\WINDOWS\system32\wbem\wmiapsrv.exe
[00-PROCESS]**wmpnetwk -/- C:\Program Files\Windows Media Player\wmpnetwk.exe
[00-PROCESS]**WPFFontCache_v0400 -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
[01-HKCUREG]**7C135259 -/- C:\WINDOWS\7C135259\svchsot.exe
[01-HKCUREG]**AhnLab V3Lite Tray Process -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe /logon
[01-HKCUREG]**Ball -/- C:\progra~1\Common Files\Sogou.exe
[01-HKCUREG]**ctdata -/- C:\Documents and Settings\Administrator\LOCALS~1\Temp\data.exe
[01-HKCUREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[01-HKCUREG]**metablogagent -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\metablogagent.exe
[01-HKCUREG]**MetablogNewIssues -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\MetablogNewIssues.exe /byboot
[01-HKCUREG]**NetworkEditing.exe -/- C:\Program Files\NetworkEditing\NetworkEditing.exe
[01-HKCUREG]**NvCplDaemon -/- RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dllNvStartup
[01-HKCUREG]**Pando Media Booster -/- C:\Program Files\Pando Networks\Media Booster\PMB.exe
[01-HKCUREG]**RTHDCPL -/- RTHDCPL.EXE
[01-HKCUREG]**UtilZone -/- C:\Program Files\UtilZone\UtilZone.exe
[01-HKCUREG]**WinPro -/- C:\Program Files\WinPro\WinPro.exe
[02-HKLMREG]**7C135259 -/- C:\WINDOWS\7C135259\svchsot.exe
[02-HKLMREG]**AhnLab V3Lite Tray Process -/- C:\Program Files\AhnLab\V3Lite\V3LTray.exe /logon
[02-HKLMREG]**Ball -/- C:\progra~1\Common Files\Sogou.exe
[02-HKLMREG]**ctdata -/- C:\Documents and Settings\Administrator\LOCALS~1\Temp\data.exe
[02-HKLMREG]**ctfmon.exe -/- C:\WINDOWS\system32\ctfmon.exe
[02-HKLMREG]**metablogagent -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\metablogagent.exe
[02-HKLMREG]**MetablogNewIssues -/- C:\Documents and Settings\Administrator\Local Settings\Application Data\MetablogNewIssues\MetablogNewIssues.exe /byboot
[02-HKLMREG]**NetworkEditing.exe -/- C:\Program Files\NetworkEditing\NetworkEditing.exe
[02-HKLMREG]**NvCplDaemon -/- RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dllNvStartup
[02-HKLMREG]**Pando Media Booster -/- C:\Program Files\Pando Networks\Media Booster\PMB.exe
[02-HKLMREG]**RTHDCPL -/- RTHDCPL.EXE
[02-HKLMREG]**UtilZone -/- C:\Program Files\UtilZone\UtilZone.exe
[02-HKLMREG]**WinPro -/- C:\Program Files\WinPro\WinPro.exe
[03-BHOCLSD]**Naver SafeGuard -/- c:\program files\naver\navertoolbar\naversafeguard\nsafeguard_2012_9_24_1.dll -/- {000011A1-74C9-4c7e-9B4E-59B5765CF409}
[03-BHOCLSD]**NetMCtrl Class -/- C:\Program Files\NetMWin\NMHelper.dll -/- {7760E6D4-CC93-4495-981B-5E23919D602A}
[03-BHOCLSD]**네이버 툴바 도우미 -/- C:\Program Files\naver\NaverToolbar\NaverTB_4_0_13_212.dll -/- {67C41E9E-2EBF-4F2B-AF74-314F0D793172}
[04-TOOLBAR]**네이버 툴바 -/- C:\Program Files\naver\NaverToolbar\NaverTB_4_0_13_212.dll -/- {D09CFF09-A42A-4EDC-9804-E61224F59CA1}
[04-TOOLBAR]**잠김영역복사 -/- C:\Program Files\Racl\RaclTB.dll -/- {BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}
[05-SERVICE]**360例콘췄 -/- http://www.yesmybi.cn/ -/- C:\WINDOWS\system32\Sougou.exe
[05-SERVICE]**AdobeFlashPlayerUpdateSvc -/- Adobe Flash Player Update Service -/- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
[05-SERVICE]**BITS -/- Background Intelligent Transfer Service -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\bits.dll
[05-SERVICE]**napagent -/- Network Access Protection Agent -/- C:\WINDOWS\System32\svchost.exe -/- C:\WINDOWS\System32\qagentrt.dll
[05-SERVICE]**NetTcpPortSharing -/- Net.Tcp Port Sharing Service -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
[05-SERVICE]**npggsvc -/- nProtect GameGuard Service -/- C:\WINDOWS\system32\GameMon.des -service
[05-SERVICE]**npkcmsvc -/- npkcmsvc -/- C:\WINDOWS\system32\npkcmsvc.exe
[05-SERVICE]**NVSvc -/- NVIDIA Driver Helper Service -/- C:\WINDOWS\system32\nvsvc32.exe
[05-SERVICE]**odserv -/- Microsoft Office Diagnostics Service -/- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
[05-SERVICE]**ose -/- Office Source Engine -/- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
[05-SERVICE]**rcmdsvc -/- Remote Command Service -/- C:\WINDOWS\system32\guxdlv.exe
[05-SERVICE]**SkypeUpdate -/- Skype Updater -/- C:\Program Files\Skype\Updater\Updater.exe
[05-SERVICE]**SpeedPing Service -/- SpeedPing Service -/- C:\WINDOWS\System32\svcspeed.exe
[05-SERVICE]**V3 Lite Service -/- V3 Lite Service -/- C:\Program Files\AhnLab\V3Lite\V3LSvc.exe
[05-SERVICE]**WindowsDriver -/- WindowsDriver -/- C:\WINDOWS\system32\svchost.exe -/- C:\WINDOWS\system32\WindowsDriver.dll
[05-SERVICE]**WPFFontCache_v0400 -/- Windows Presentation Foundation Font Cache 4.0.0.0 -/- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
Code : QoTYoTMZvJgS2JNB8qp471qqQJjQx50yoiDBw2g94fQ=
NA001 echo Start
NA002 echo windowexe.com & tskill "metablogagent" & echo windowdel.com
NA003 echo windowexe.com & tskill "MetablogNewIssues" & echo windowdel.com
NA004 echo windowexe.com & tskill "NetMWin" & echo windowdel.com
NA005 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA006 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro\"" /f
NA007 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "WinPro\"" /f
NA008 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Pando Media Booster" /f
NA009 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Pando Media Booster" /f
NA010 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "Pando Media Booster" /f
NA011 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA012 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "metablogagent" /f
NA013 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "metablogagent" /f
NA014 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA015 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MetablogNewIssues" /f
NA016 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "MetablogNewIssues" /f
NA017 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA018 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WinPro" /f
NA019 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "WinPro" /f
NA020 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA021 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilZone" /f
NA022 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "UtilZone" /f
NA023 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA024 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "ctdata" /f
NA025 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "ctdata" /f
NA026 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA027 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "NetworkEditing.exe" /f
NA028 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "NetworkEditing.exe" /f
NA029 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "7C135259" /f
NA030 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "7C135259" /f
NA031 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "7C135259" /f
NA032 echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Ball" /f
NA033 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Ball" /f
NA034 echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run" /v "Ball" /f
NA035 echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA036 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA037 echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA038 echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{7760E6D4-CC93-4495-981B-5E23919D602A}" /f
NA039 echo Created by Windowexe.com
NA040 echo HKEY_LOCAL_MACHINE Toolbar Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA041 echo HKEY_CURRENT_USER Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA042 echo HKCU Search Hook Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks" /v "{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA043 echo HKEY_LOCAL_MACHINE Ext PreApproved Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA044 echo HKEY_CURRENT_USER Ext Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA045 echo HKEY_CLASSES_ROOT CLSID Delete & reg.exe delete "HKCR\CLSID\{BCE04A5B-2B7D-4F4B-BB8E-2A59611733DD}" /f
NA046 echo Created by Windowexe.com
NA047 echo Service Disable & sc config "rcmdsvc" start= disabled & echo Windowexe.com
NA048 echo Service Disable & sc config "SpeedPing Service" start= disabled & echo Windowexe.com
NA049 echo Service Disable & sc config "WindowsDriver" start= disabled & echo Windowexe.com
NA050 echo Service Disable & sc config "BITS" start= disabled & echo Windowexe.com
NA051 echo Service Disable & sc config "360例콘췄" start= disabled & echo Windowexe.com
NA052 echo End
요즘 휴대폰 소액결제(월정액 자동결제)를 이용한 사기사이트 및 사기프로그램이 판을 치고 있습니다.
무료백신 프로그램, 무료개인정보삭제 프로그램, 무료 유해사이트차단 프로그램, 무료파일다운, 무료문자, 무료운세, 무료로또, 무료게임, 무료MP3등의 사이트에서 휴대폰 및 일반전화로 절대 인증 하지마세요.
인증하는 즉시 결제되며, 서비스를 해지하지 않는 이상 매월 자동결제됩니다. (인증번호 = 결제번호)
업체마다 결제되는 기간은 다르지만 짧게는 2년, 길게는 20년, 최대 50년짜리도 있습니다.
서비스 업체의 이용약관 및 결제내용에 대해 확실히 알고 인증/사용하시기 바랍니다.
안드로이드계열 스마트폰에서 출처가 없는 설치파일도 다운받지말고 실행하지도 마세요.
해당 통신사에 전화해서 소액결제 안되게끔 차단시키세요. (스마트폰에 무지한 아이들/노인분들 주의)
*악덕업체의 요청으로 인하여 블로그의 게시글이 이유없이 삭제되는 경우 구글 블로그에 재게시 합니다.
