애드웨어, 허위백신, 팝업광고, 쇼핑몰 바로가기, 악성툴바, 각종 개쓰레기 프로그램 삭제 요청하기
이용약관을 안내하며 컴퓨터에 설치하는 개쓰레기 프로그램들은 백신으로 백날 돌려봐야 검색이 안됩니다.
개쓰레기 프로그램들은 아주 지능적이라서 전문가가 아니고서는 찾아내기가 어렵습니다.


----------------------------------------------------------------------
Created by Windowexe.com , Logfile of WindowexeAllkiller
----------------------------------------------------------------------
Microsoft Windows XP Service Pack 3(5.1.2600.196608)
Intel(R) Core(TM) i3 CPU       M 380  @ 2.53GHz / 767.48 MB
x86 Family 6 Model 37 Stepping 5
Date : 2011-08-27
----------------------------------------------------------------------
DF000 C:\Program Files\WideOn\ADPopupWO.dll
DF001 C:\Program Files\WideOn\WideOn.dll
DF002 C:\Program Files\WideOn\WideOnUpdate.exe
DF003 C:\Program Files\WideOn\wosghelp.exe
DF004 C:\Program Files\WideOn\WOUninstall.exe
----------------------------------------------------------------------
UN005 WideOn Uninstall -/-  -/- WideOn -/-  -/- -
----------------------------------------------------------------------
LS006 wideonupdate -/- C:\Program Files\WideOn\WideOnUpdate.exe
----------------------------------------------------------------------
BH007 AdPopupB -/- C:\Program Files\WideOn\ADPopupWO.dll -/- {397CFDD8-762F-44D4-9517-E3969F89639E}
BH008 WideOn -/- C:\Program Files\WideOn\WideOn.dll -/- {FB5259EB-0EC8-43e6-B97A-78635CB052FF}
----------------------------------------------------------------------
Deleted Files : 5
Remove Uninstall Entry : 1
Remove Startup Entry : 1
Remove Browser Helper Object : 2
----------------------------------------------------------------------
Remove these Entry in a WindowexeAllkiller.txt file. Save and Run.
[02-HKLMREG]**wideonupdate
[03-BHOCLSD]**{397CFDD8-762F-44D4-9517-E3969F89639E}
[03-BHOCLSD]**{FB5259EB-0EC8-43e6-B97A-78635CB052FF}

----------------------------------------------------------------------
Total Processing Time : 45ms
----------------------------------------------------------------------




요즘 휴대폰 소액결제(월정액 자동결제)를 이용한 사기사이트 및 사기프로그램이 판을 치고 있습니다.
무료백신 프로그램, 무료개인정보삭제 프로그램, 무료 유해사이트차단 프로그램, 무료파일다운, 무료문자, 무료운세, 무료로또, 무료게임, 무료MP3등의 사이트에서 휴대폰 및 일반전화로 절대 인증 하지마세요.

인증하는 즉시 결제되며, 서비스를 해지하지 않는 이상 매월 자동결제됩니다. (인증번호 = 결제번호)
업체마다 결제되는 기간은 다르지만 짧게는 2년, 길게는 20년, 최대 50년짜리도 있습니다.
서비스 업체의 이용약관 및 결제내용에 대해 확실히 알고 인증/사용하시기 바랍니다.
안드로이드계열 스마트폰에서 출처가 없는 설치파일도 다운받지말고 실행하지도 마세요.
해당 통신사에 전화해서 소액결제 안되게끔 차단시키세요. (스마트폰에 무지한 아이들/노인분들 주의)

*악덕업체의 요청으로 인하여 블로그의 게시글이 이유없이 삭제되는 경우 구글 블로그에 재게시 합니다.
[ 2011. 8. 27. 18:13 ] Posted by 프로세스 천국 , 프로그램분석

댓글을 달아 주세요

  1. 프로세스 천국 - 2012.02.17 12:09 신고 댓글주소 수정/삭제 댓글쓰기

    ======================================================================
    ======================================================================

    echo Start
    echo windowexe.com & tskill "goormaUpdater" & echo windowdel.com
    echo windowexe.com & tskill "RapidGet" & echo windowdel.com
    echo windowexe.com & tskill "rpgchk" & echo windowdel.com
    echo windowexe.com & tskill "RPGManager" & echo windowdel.com
    echo windowexe.com & tskill "RPGSvcMan" & echo windowdel.com
    echo windowexe.com & tskill "WerPingGood" & echo windowdel.com
    echo windowexe.com & tskill "WPUpdate" & echo windowdel.com
    echo windowexe.com & tskill "iesync" & echo windowdel.com
    echo windowexe.com & tskill "wcmgr" & echo windowdel.com
    echo windowexe.com & tskill "webcompass" & echo windowdel.com
    echo windowexe.com & tskill "InfoScan" & echo windowdel.com
    echo windowexe.com & tskill "InfoScanMgr" & echo windowdel.com
    echo windowexe.com & tskill "InfoUpdate" & echo windowdel.com
    echo windowexe.com & tskill "InfoWrk" & echo windowdel.com
    echo windowexe.com & tskill "OpenPot" & echo windowdel.com
    echo windowexe.com & tskill "InfoSvc" & echo windowdel.com
    echo windowexe.com & tskill "EasyOn" & echo windowdel.com
    echo windowexe.com & tskill "findkey" & echo windowdel.com
    echo windowexe.com & tskill "FineTop" & echo windowdel.com
    echo windowexe.com & tskill "isrchro" & echo windowdel.com
    echo windowexe.com & tskill "sroup" & echo windowdel.com
    echo windowexe.com & tskill "microWebAD" & echo windowdel.com
    echo windowexe.com & tskill "PostTip" & echo windowdel.com
    echo windowexe.com & tskill "TopFind" & echo windowdel.com
    echo windowexe.com & tskill "TopFindUpdate" & echo windowdel.com
    echo windowexe.com & tskill "WTool" & echo windowdel.com
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "alking" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "alking" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Goorma" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Goorma" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "TopFind" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "TopFind" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "FineTop" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "FineTop" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "PostTip" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "PostTip" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "EasyOn" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "EasyOn" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "microWebAD.exe" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "RapidGet" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "RapidGet" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "rpga" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "rpga" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "WTool" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "WTool" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "isrchro" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "isrchro" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "findkey.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "findkey.exe" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "wcmgr.exe" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "wcmgr.exe" /f
    echo HKCU Startup Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "InfoScan Worker" /f
    echo HKLM Startup Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "InfoScan Worker" /f
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000940A-F4A5-4773-9978-C4FF15AC168A}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0000940A-F4A5-4773-9978-C4FF15AC168A}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0000940A-F4A5-4773-9978-C4FF15AC168A}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{0000940A-F4A5-4773-9978-C4FF15AC168A}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{114EB2A5-9A65-4FC2-A6E3-9949666EBA72}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{114EB2A5-9A65-4FC2-A6E3-9949666EBA72}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{114EB2A5-9A65-4FC2-A6E3-9949666EBA72}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{114EB2A5-9A65-4FC2-A6E3-9949666EBA72}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1CE681DC-1190-40EF-85A9-ADE47098CF51}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F9ED355-57C0-4E03-B777-2F8BB467DCC1}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F9ED355-57C0-4E03-B777-2F8BB467DCC1}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1F9ED355-57C0-4E03-B777-2F8BB467DCC1}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{1F9ED355-57C0-4E03-B777-2F8BB467DCC1}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{2D3BA117-A67B-4BE3-B692-A0F399E7EBC3}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84395E42-9FF9-4B85-9264-B1762D069593}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84395E42-9FF9-4B85-9264-B1762D069593}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{84395E42-9FF9-4B85-9264-B1762D069593}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{84395E42-9FF9-4B85-9264-B1762D069593}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4BF6897-41A2-454b-AC3B-437F30BEA671}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4BF6897-41A2-454b-AC3B-437F30BEA671}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4BF6897-41A2-454b-AC3B-437F30BEA671}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{C4BF6897-41A2-454b-AC3B-437F30BEA671}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE BHO Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CBF53489-AD8D-4637-965A-413861EEC7CF}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBF53489-AD8D-4637-965A-413861EEC7CF}" /f
    echo HKEY_CURRENT_USER.BHO.Stats Delete & reg.exe delete "HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CBF53489-AD8D-4637-965A-413861EEC7CF}" /f
    echo HKEY_CLASSES_ROOT.CLSID Delete & reg.exe delete "HKCR\CLSID\{CBF53489-AD8D-4637-965A-413861EEC7CF}" /f
    echo Created by Windowexe.com
    sc stop "RPGSvcman"
    echo Service Disable & sc config "RPGSvcman" start= disabled & echo Windowexe.com
    sc stop "InfoSvc"
    echo Service Disable & sc config "InfoSvc" start= disabled & echo Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68C04328-167E-446A-AC57-4A04DAD74BDC}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{68C04328-167E-446A-AC57-4A04DAD74BDC}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A005B05D-B3BD-49DB-B0A8-1D4F0CF53CFB}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{A005B05D-B3BD-49DB-B0A8-1D4F0CF53CFB}" /f
    echo Created by Windowexe.com
    echo HKEY_LOCAL_MACHINE EB Delete & reg.exe delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5990159-7CB9-4E2C-A27E-4C23E2FA70E6}" /f
    echo HKCU EB Delete & reg.exe delete "HKCU\Software\Microsoft\Internet Explorer\Extensions\{E5990159-7CB9-4E2C-A27E-4C23E2FA70E6}" /f
    echo Created by Windowexe.com
    echo Tasklist Delete & del /q "C:\WINDOWS\Tasks\WebCompassUpdate.job"
    echo Created by Windowexe.com
    echo 000 & reg.exe delete "HKCR\CLSID\{CE70F673-E2D3-4711-B329-4ADE0E524C6B}" /f & echo windowdel.com
    echo 000 & reg.exe delete "HKCR\TypeLib\{FEAB3553-F7EC-4685-90E0-C24720015386}" /f & echo windowdel.com
    echo Created by Windowexe.com
    echo file Delete & attrib -r "C:\Documents and Settings\Administrator\바탕 화면\최신영화보기.lnk"
    echo file Delete & del /q "C:\Documents and Settings\Administrator\바탕 화면\최신영화보기.lnk"
    echo End

    ======================================================================
    ======================================================================