애드웨어, 허위백신, 팝업광고, 쇼핑몰 바로가기, 악성툴바, 각종 개쓰레기 프로그램 삭제 요청하기
이용약관을 안내하며 컴퓨터에 설치하는 개쓰레기 프로그램들은 백신으로 백날 돌려봐야 검색이 안됩니다.
개쓰레기 프로그램들은 아주 지능적이라서 전문가가 아니고서는 찾아내기가 어렵습니다.


----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Microsoft Windows XP Service Pack 3(5.1.2600.196608)
Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz / 767.48 MB
x86 Family 6 Model 37 Stepping 5
Date : 2011-07-24
----------------------------------------------------------------------
DF001 C:\Documents and Settings\All Users\Templates\skylove.exe
DF002 C:\Program Files\skylove\msvcm80.dll
DF003 C:\Program Files\skylove\msvcp80.dll
DF004 C:\Program Files\skylove\msvcr80.dll
DF005 C:\Program Files\skylove\skylove.dll
DF006 C:\Program Files\skylove\skyloveup.exe
DF007 C:\Program Files\skylove\uninstall.exe
----------------------------------------------------------------------
UN008 linkage_web 2.0 -/- - -/- skylove uninstall -/- - -/- -
----------------------------------------------------------------------
LS009 skylove -/- C:\Program Files\skylove\skyloveup.exe
----------------------------------------------------------------------
BH010 SkyloveObj Class -/- C:\Program Files\skylove\skylove.dll -/- {B19ED0E1-BD68-4BE7-8B79-78DC3EBCAFAB}
----------------------------------------------------------------------
NA000 cfteam.net/skylove/skylove_20080901_install*.***
NA001 endnew.com/linechk/overlap/overlap*.***
NA002 endnew.com/skylove_clone/update*.***
NA003 ieshow.co.kr/partner/counter/install.php?pid=nzell&cid=enc*.***
NA004 ieshow.co.kr/partner/counter/install.php?pid=skylove&cid=linegu**.***
NA005 ieshow.co.kr/partner/counter/run.php?pid=skylove&cid=lineguide_**.***
NA006 ieshow.co.kr/partner/counter/run.php?pid=vktest&cid=sky*.***
NA007 reward.point-up.kr/install/skylove/new_install_slove*.***
NA008 reward.point-up.kr/install/skylove/new_install_slove.exe?9830df**.***
----------------------------------------------------------------------
Deleted Files : 8
Remove Uninstall Entry : 1
Remove Startup Entry : 1
Remove Browser Helper Object : 1
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
[02-HKLMREG]**skylove
[03-BHOCLSD]**{B19ED0E1-BD68-4BE7-8B79-78DC3EBCAFAB}

----------------------------------------------------------------------
Total Processing Time : 40ms

 




요즘 휴대폰 소액결제(월정액 자동결제)를 이용한 사기사이트 및 사기프로그램이 판을 치고 있습니다.
무료백신 프로그램, 무료개인정보삭제 프로그램, 무료 유해사이트차단 프로그램, 무료파일다운, 무료문자, 무료운세, 무료로또, 무료게임, 무료MP3등의 사이트에서 휴대폰 및 일반전화로 절대 인증 하지마세요.

인증하는 즉시 결제되며, 서비스를 해지하지 않는 이상 매월 자동결제됩니다. (인증번호 = 결제번호)
업체마다 결제되는 기간은 다르지만 짧게는 2년, 길게는 20년, 최대 50년짜리도 있습니다.
서비스 업체의 이용약관 및 결제내용에 대해 확실히 알고 인증/사용하시기 바랍니다.
안드로이드계열 스마트폰에서 출처가 없는 설치파일도 다운받지말고 실행하지도 마세요.
해당 통신사에 전화해서 소액결제 안되게끔 차단시키세요. (스마트폰에 무지한 아이들/노인분들 주의)

*악덕업체의 요청으로 인하여 블로그의 게시글이 이유없이 삭제되는 경우 구글 블로그에 재게시 합니다.
[ 2011. 7. 24. 22:59 ] Posted by 프로세스 천국 , 프로그램분석

댓글을 달아 주세요

  1. 프로세스 천국 - 2012.02.27 19:17 신고 댓글주소 수정/삭제 댓글쓰기

    ======================================================================
    Created by Windowexe.com / do not delete this label.
    ======================================================================

    echo Start
    echo windowexe.com & tskill "pcmdefenderp" & echo windowdel.com
    echo windowexe.com & tskill "RealCodec_CDXA" & echo windowdel.com
    echo windowexe.com & tskill "recstart" & echo windowdel.com
    echo windowexe.com & tskill "barosearch" & echo windowdel.com
    echo windowexe.com & tskill "cloudpop" & echo windowdel.com
    echo windowexe.com & tskill "EasyOn" & echo windowdel.com
    echo windowexe.com & tskill "MicroLabCon" & echo windowdel.com
    echo windowexe.com & tskill "MicroLabProc" & echo windowdel.com
    echo windowexe.com & tskill "natsvc" & echo windowdel.com
    echo windowexe.com & tskill "SearchhostUpdate" & echo windowdel.com
    echo windowexe.com & tskill "UtilQService" & echo windowdel.com
    echo windowexe.com & tskill "atn32" & echo windowdel.com
    echo windowexe.com & tskill "winnumbsvc" & echo windowdel.com
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "BaroSearch" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "BaroSearch" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "KeywordSearchUpdater" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "MicroLabCon" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "CastMy3_Plus" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CastMy3_Plus" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "PCM Defender" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "PCM Defender" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RealCodec CDXA" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "RealCodec CDXA" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "real-con" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "real-con" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "atn" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "atn" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "EasyOn" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "EasyOn" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "UtilQService" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "UtilQService" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "searchhostupdate" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "searchhostupdate" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "cloudpop.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "cloudpop.exe" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "mCodec.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "mCodec.exe" /f
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{372F53F6-57FB-46c1-BC8E-1327C723CEA3}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{372F53F6-57FB-46c1-BC8E-1327C723CEA3}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{372F53F6-57FB-46c1-BC8E-1327C723CEA3}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{372F53F6-57FB-46c1-BC8E-1327C723CEA3}" /f
    echo Created by Windowexe.com
    sc stop "IEHost2Services"
    echo Service Disable & sc config "IEHost2Services" start= disabled & echo Windowexe.com
    sc stop "NATService"
    echo Service Disable & sc config "NATService" start= disabled & echo Windowexe.com
    sc stop "NetAppUpdate"
    echo Service Disable & sc config "NetAppUpdate" start= disabled & echo Windowexe.com
    sc stop "Windows MineService Diagnostics Service"
    echo Service Disable & sc config "Windows MineService Diagnostics Service" start= disabled & echo Windowexe.com
    sc stop "EapHost"
    echo Service Disable & sc config "EapHost" start= disabled & echo Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{57D1CDEE-1880-484f-8361-55D7626D2679}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{57D1CDEE-1880-484f-8361-55D7626D2679}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{664290A3-9ADB-4e0d-9762-EF088688AD41}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{664290A3-9ADB-4e0d-9762-EF088688AD41}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D51609DD-8FD8-4eb1-9714-CA093C12A0B8}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{D51609DD-8FD8-4eb1-9714-CA093C12A0B8}" /f
    echo Created by Windowexe.com
    echo kill & taskkill /im "mznumbydsvc.exe" /f
    echo file rename & rename "C:\Program Files\MozeNumb\mznumbydsvc.exe" "Renamed_by_Windowexe.com_mznumbydsvc.exe"
    echo file rename & rename "C:\Program Files (x86)\MozeNumb\mznumbydsvc.exe" "Renamed_by_Windowexe.com_mznumbydsvc.exe"
    echo Created by Windowexe.com
    echo End

    ======================================================================
    Created by Windowexe.com / do not delete this label.
    ======================================================================