등록일 : 2007.10.05
수정일 : 2007.12.25
해당 애드웨어의 기능이야 논할 필요 없이 자신들의 광고수익을 얻기위해
특정 홈피 방문시 경유하게 함으로써 광고비를 버는 ...
뭐 적립툴바 인데 어떠냐고요.. 그런데 말이죠..
정말 악성 툴바가 아니라면... 왜 다수의 홈 과 이름만 다른 버전을 그리 많이 유포시키고 있는지 의문입니다.
플러스코인 이라는 사이트에서도 방문하자마자 Active X 방겨주고 있었다.ㅋ
<확인일 : 2007.12.25>
관련글 :
2007/12/16 - [유포 정보/유포 프로그램] - Adware - Windows Pluspackage Installer <다른 버전 : pluscashbag / 플러스캐쉬백>
<진단상황><2007.12.25>
--> 진단상황은 일부 누락되었을 수 있습니다.
1> 안철수 연구소
Ahnlab SpyZero 2.0 / V3 Internet Security Platinum / 빛자루의 안티스파이웨어
Win-Adware/PlusPoint.99888
pluspoint2getinfo.dll Win-Adware/PlusPoint.77824.B
pluspoint2.dll Win-Adware/ToolBar.PlusPoint.311296
008686b0.exe Win-Downloader/PlusPoint.72704.B
2> 하우리 (바이로봇)
Adware.PPoint.To
pluspoint2.dll Adware.PPoint.To.311296.A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus Adware.PointManager
pluspoint2inst.dll Adware.PPoint.To.99888.A
3> 바이러스체이서
008686b0.exe Trojan.DownLoader.36314
4> 네이버툴바
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus Adware/CashPlus
보안제품 사용자라면 최소한 알아야 할 진단명 설명
--> http://fantasy-actuality.tistory.com/20
File 008686b0.exe received on 12.25.2007 14:57:16 (CET)
MD5: a2024ed815207b29798b05eafab3c72c
http://www.virustotal.com/resultado.html?48436b6a2dfc5f837264ec51f9ebd6a7
--> Active X 에 의해 설치될 때 다운로드되는 해당 애드웨어 설치자<동의창없음>
<설치정보><2007.12.25>
설치Url : {760FF20F-B852-4ED7-AE91-F1DE355C080F}
(pluspoint) - hxxp://file.pluscoin.xx.kr/cashxxxx2/xxxxload/pluspoint2inst.cab
제작사에서 제공중인 삭제프로그램 : http://file.pluscoin.co.kr/cashback/download/uninstall.exe
제어판 - 추가삭제 항목에서 아래 프로그램 목록을 확인할 수 있다.
win pluspoint Manager V2.33
윈도우 익스플로어 추가기능관리 (BHO) 에 아래파일 등록
BHO: pluspoint - {0FB9FC89-46E5-4961-9515-788A9EDCFDE9}
- C:\Program Files\pluspoint2\pluspoint2.dll
Toolbar: pluspoint - {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
- C:\Program Files\pluspoint2\pluspoint2.dll
시작프로그램에 아래항목을 등록
[pluspoint] "C:\Program Files\pluspoint\pluspoint.exe" /start
<일부 삽입되는 레지스터리 일부><2007.12.25>
HKEY_CLASSES_ROOT\CLSID\{0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
HKEY_CLASSES_ROOT\CLSID\{0FB9FC89-46E5-4961-9515-788A9EDCFDE9}
HKEY_CLASSES_ROOT\CLSID\{25FDA627-7C17-4B33-A2F6-0EF2AE83E212}
HKEY_CLASSES_ROOT\CLSID\{760FF20F-B852-4ED7-AE91-F1DE355C080F}
HKEY_CLASSES_ROOT\Interface\{2F7DB9C3-469C-4E86-B818-FB077A8B84ED}
HKEY_CLASSES_ROOT\Interface\{5B9948BB-7B70-4B2C-9FE2-4F48810C509C}
HKEY_CLASSES_ROOT\Interface\{6EB6DD47-9D2C-4433-8B49-9E30A785C115}
HKEY_CLASSES_ROOT\Interface\{9BBDBC20-363B-4F92-9088-325EDC911B09}
HKEY_CLASSES_ROOT\Interface\{B96E5BB7-F653-435E-B16B-4E023DE978AE}
HKEY_CLASSES_ROOT\Interface\{D433027B-85A8-473B-90C3-F44D89BE6564}
HKEY_CLASSES_ROOT\Pluspoint2.ToolBar
HKEY_CLASSES_ROOT\Pluspoint2.ToolBar.1
HKEY_CLASSES_ROOT\Pluspoint2.ViewSource
HKEY_CLASSES_ROOT\Pluspoint2.ViewSource.1
HKEY_CLASSES_ROOT\Pluspoint2getinfo.Util
HKEY_CLASSES_ROOT\Pluspoint2getinfo.Util.1
HKEY_CLASSES_ROOT\Pluspoint2inst.AtlCtrl
HKEY_CLASSES_ROOT\Pluspoint2inst.AtlCtrl.1
HKEY_CLASSES_ROOT\TypeLib\{3EC461BB-88F5-4524-8D86-038081CB744C}\1.0
HKEY_CLASSES_ROOT\TypeLib\{91740667-FE49-43A1-A95F-696A0238884A}\1.0
HKEY_CLASSES_ROOT\TypeLib\{ED708A28-822A-405A-857E-0A0853B53784}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F04D8F1-A1B7
-4BA9-B091-E87E0EDD4940}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB9FC89-46E5
-4961-9515-788A9EDCFDE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25FDA627-7C17
-4B33-A2F6-0EF2AE83E212}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{760FF20F-B852
-4ED7-AE91-F1DE355C080F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F7DB9C3
-469C-4E86-B818-FB077A8B84ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B9948BB
-7B70-4B2C-9FE2-4F48810C509C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EB6DD47
-9D2C-4433-8B49-9E30A785C115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BBDBC20
-363B-4F92-9088-325EDC911B09}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B96E5BB7
-F653-435E-B16B-4E023DE978AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D433027B
-85A8-473B-90C3-F44D89BE6564}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ToolBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ToolBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ViewSource
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ViewSource.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2getinfo.Util
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2getinfo.Util.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2inst.AtlCtrl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2inst.AtlCtrl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EC461BB-88F5
-4524-8D86-038081CB744C}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{91740667-FE49
-43A1-A95F-696A0238884A}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED708A28-822A
-405A-857E-0A0853B53784}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{62E65991-BAFA-4AFB-9B40-06039E276D28}
BandCLSID REG_SZ {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
ButtonText REG_SZ 플러스포인트
CLSID REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
Default Visible REG_SZ Yes add
HotIcon REG_SZ C:\Program Files\pluspoint2\pluspoint2.dll,202
Icon REG_SZ C:\Program Files\pluspoint2\pluspoint2.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940} REG_BINARY
C:\Program Files\pluspoint2\pluspoint2.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus
check REG_SZ y
iv REG_SZ pluspoint2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
pluspoint2 REG_SZ "C:\Program Files\pluspoint2\pluspoint2.exe" /start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\pluspoint2
DisplayName REG_SZ win pluspoint Manager V2.33 add
UninstallString REG_SZ C:\Program Files\pluspoint2\uninstall.exe add
HKEY_LOCAL_MACHINE\SOFTWARE\pluspoint2\data
<설치폴더><2007.12.25>
수정일 : 2007.12.25
해당 애드웨어의 기능이야 논할 필요 없이 자신들의 광고수익을 얻기위해
특정 홈피 방문시 경유하게 함으로써 광고비를 버는 ...
뭐 적립툴바 인데 어떠냐고요.. 그런데 말이죠..
정말 악성 툴바가 아니라면... 왜 다수의 홈 과 이름만 다른 버전을 그리 많이 유포시키고 있는지 의문입니다.
아 그런 자기들께 아니라고요.. 그런데 디자인 설치되는 유형 아이콘 모양.
패턴까지 ... 다른 곳에서 도용해서 썼다고 하기엔 의심스러울 정도로 동일..
패턴까지 ... 다른 곳에서 도용해서 썼다고 하기엔 의심스러울 정도로 동일..
플러스코인 이라는 사이트에서도 방문하자마자 Active X 방겨주고 있었다.ㅋ
<확인일 : 2007.12.25>
설치되었을 때 표시되는 툴바 / 추천사이트 / 버튼
그런데 버튼은 많이 본 듯하지 않으십니까. 적립툴바라며 유포되던 cashback 류 들에서 동일하게 볼수 있는 빨간 끈 선물상자 아이콘
그런데 버튼은 많이 본 듯하지 않으십니까. 적립툴바라며 유포되던 cashback 류 들에서 동일하게 볼수 있는 빨간 끈 선물상자 아이콘
관련글 :
2007/12/16 - [유포 정보/유포 프로그램] - Adware - Windows Pluspackage Installer <다른 버전 : pluscashbag / 플러스캐쉬백>
<진단상황><2007.12.25>
--> 진단상황은 일부 누락되었을 수 있습니다.
1> 안철수 연구소
Ahnlab SpyZero 2.0 / V3 Internet Security Platinum / 빛자루의 안티스파이웨어
Win-Downloader/SLimit.141312 slupd.exe
Win-Downloader/OkInternet.151552 C:\WINDOWS\system32\wpuninstall.exe Win-Spyware/SLimit.150528 C:\WINDOWS\system32\sluninstall.exe Win-Spyware/SLimit.49152 C:\WINDOWS\system32\SiteProt.dll Win-Adware/Website.44544 C:\WINDOWS\system32\SiteDB_SW.dll Win-Adware/Website.2995712 C:\WINDOWS\system32\SiteDB.dll
Win-Adware/WebProtect.53248.B
C:\WINDOWS\system32\ProtHK.dl_
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\Downloaded Program Files\SW\ProtHK.dll
Win-Downloader/OkInternet.142848 C:\Program Files\webprotect\wpupd.ex_ Win-Adware/WebProtect.218112 C:\Program Files\webprotect\sitelimit.exe Win-Downloader/WebProtect.158720.B C:\Program Files\webprotect\IHUpd.exe Win-Adware/WebProtect.142848 C:\Program Files\webprotect\IHuk.exe Win-Adware/WebProtect.61440 C:\Program Files\webprotect\IEHK.dll Win-Downloader/SLimit.141312 C:\Program Files\sitelimit\slupd.exe Win-Spyware/Slimit.218112 C:\Program Files\sitelimit\sitelimit.exe Win-Downloader/WebProtect.142848
C:\Documents and Settings\계정\Templates\wpupd2.exe
Win-Downloader/WebProtect.158720.B
C:\Documents and Settings\계정\Templates\IHUpd.exe
Win-Spyware/SLimit.49152
C:\WINDOWS\system32\sw_pass.swb C:\WINDOWS\system32\sw_deny.swb
C:\WINDOWS\system32\SiteDB.dll
C:\WINDOWS\system32\SiteDB_SW.dll
C:\WINDOWS\system32\SiteProt.dll
Win-Spyware/Slimit.218112 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "UninstallString"="C:\WINDOWS\system32\sluninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "DisplayName"="Windows-site security (KS82381)" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381)
C:\WINDOWS\system32\sluninstall.exe
HKCU\Software\slexe
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\유해사이트차단
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단\유해사이트차단.lnk
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "유해사이트차단"="C:\Program Files\sitelimit\slupd.exe -update"
C:\Program Files\sitelimit\slupd.exe
C:\Program Files\sitelimit\sitelimit.exe
C:\Program Files\sitelimit\sitelimit.cfg
C:\Program Files\sitelimit
Win-Downloader/WebProtect.158720 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "UninstallString"="C:\WINDOWS\system32\wpuninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "DisplayName"="Windows-WebProtect"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect
C:\Documents and Settings\j\Templates\IHUpd.exe
C:\Program Files\webprotect\wpupd.ex_
C:\Program Files\webprotect\sitelimit.exe
C:\Program Files\webprotect\sitelimit.cfg
C:\Program Files\webprotect\IHUpd.exe
C:\Program Files\webprotect\IHuk.exe
C:\Program Files\webprotect\IHUK.cfg
C:\Program Files\webprotect\IEHK.dll
C:\Program Files\webprotect
Win-Downloader/WebProtect.158720.B HKLM\Software\Microsoft\Windows\CurrentVersion\Run "WebProtect"="C:\WINDOWS\system32\ProtMng.exe"
C:\Documents and Settings\계정\Templates\wpupd2.exe
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\system32\ProtMng.exe
C:\WINDOWS\system32\ProtUtil.exe
Win-Downloader/WebProtect.143360
HKCU\Software\IHUK
Win-Downloader/OkInternet.151552 C:\WINDOWS\system32\wpuninstall.exe Win-Spyware/SLimit.150528 C:\WINDOWS\system32\sluninstall.exe Win-Spyware/SLimit.49152 C:\WINDOWS\system32\SiteProt.dll Win-Adware/Website.44544 C:\WINDOWS\system32\SiteDB_SW.dll Win-Adware/Website.2995712 C:\WINDOWS\system32\SiteDB.dll
Win-Adware/WebProtect.53248.B
C:\WINDOWS\system32\ProtHK.dl_
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\Downloaded Program Files\SW\ProtHK.dll
Win-Downloader/OkInternet.142848 C:\Program Files\webprotect\wpupd.ex_ Win-Adware/WebProtect.218112 C:\Program Files\webprotect\sitelimit.exe Win-Downloader/WebProtect.158720.B C:\Program Files\webprotect\IHUpd.exe Win-Adware/WebProtect.142848 C:\Program Files\webprotect\IHuk.exe Win-Adware/WebProtect.61440 C:\Program Files\webprotect\IEHK.dll Win-Downloader/SLimit.141312 C:\Program Files\sitelimit\slupd.exe Win-Spyware/Slimit.218112 C:\Program Files\sitelimit\sitelimit.exe Win-Downloader/WebProtect.142848
C:\Documents and Settings\계정\Templates\wpupd2.exe
Win-Downloader/WebProtect.158720.B
C:\Documents and Settings\계정\Templates\IHUpd.exe
Win-Spyware/SLimit.49152
C:\WINDOWS\system32\sw_pass.swb C:\WINDOWS\system32\sw_deny.swb
C:\WINDOWS\system32\SiteDB.dll
C:\WINDOWS\system32\SiteDB_SW.dll
C:\WINDOWS\system32\SiteProt.dll
Win-Spyware/Slimit.218112 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "UninstallString"="C:\WINDOWS\system32\sluninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381) "DisplayName"="Windows-site security (KS82381)" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-site security (KS82381)
C:\WINDOWS\system32\sluninstall.exe
HKCU\Software\slexe
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\유해사이트차단
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단\유해사이트차단.lnk
C:\Documents and Settings\j\시작 메뉴\프로그램\유해사이트차단
HKLM\Software\Microsoft\Windows\CurrentVersion\Run "유해사이트차단"="C:\Program Files\sitelimit\slupd.exe -update"
C:\Program Files\sitelimit\slupd.exe
C:\Program Files\sitelimit\sitelimit.exe
C:\Program Files\sitelimit\sitelimit.cfg
C:\Program Files\sitelimit
Win-Downloader/WebProtect.158720 HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "UninstallString"="C:\WINDOWS\system32\wpuninstall.exe" HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect "DisplayName"="Windows-WebProtect"
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Windows-WebProtect
C:\Documents and Settings\j\Templates\IHUpd.exe
C:\Program Files\webprotect\wpupd.ex_
C:\Program Files\webprotect\sitelimit.exe
C:\Program Files\webprotect\sitelimit.cfg
C:\Program Files\webprotect\IHUpd.exe
C:\Program Files\webprotect\IHuk.exe
C:\Program Files\webprotect\IHUK.cfg
C:\Program Files\webprotect\IEHK.dll
C:\Program Files\webprotect
Win-Downloader/WebProtect.158720.B HKLM\Software\Microsoft\Windows\CurrentVersion\Run "WebProtect"="C:\WINDOWS\system32\ProtMng.exe"
C:\Documents and Settings\계정\Templates\wpupd2.exe
C:\WINDOWS\system32\ProtHK.dll
C:\WINDOWS\system32\ProtMng.exe
C:\WINDOWS\system32\ProtUtil.exe
Win-Downloader/WebProtect.143360
HKCU\Software\IHUK
Win-Adware/PlusPoint.99888
pluspoint2getinfo.dll Win-Adware/PlusPoint.77824.B
pluspoint2.dll Win-Adware/ToolBar.PlusPoint.311296
008686b0.exe Win-Downloader/PlusPoint.72704.B
2> 하우리 (바이로봇)
Adware.PPoint.To
pluspoint2.dll Adware.PPoint.To.311296.A
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus Adware.PointManager
pluspoint2inst.dll Adware.PPoint.To.99888.A
3> 바이러스체이서
008686b0.exe Trojan.DownLoader.36314
4> 네이버툴바
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus Adware/CashPlus
보안제품 사용자라면 최소한 알아야 할 진단명 설명
--> http://fantasy-actuality.tistory.com/20
File 008686b0.exe received on 12.25.2007 14:57:16 (CET)
MD5: a2024ed815207b29798b05eafab3c72c
http://www.virustotal.com/resultado.html?48436b6a2dfc5f837264ec51f9ebd6a7
--> Active X 에 의해 설치될 때 다운로드되는 해당 애드웨어 설치자<동의창없음>
<설치정보><2007.12.25>
설치Url : {760FF20F-B852-4ED7-AE91-F1DE355C080F}
(pluspoint) - hxxp://file.pluscoin.xx.kr/cashxxxx2/xxxxload/pluspoint2inst.cab
제작사에서 제공중인 삭제프로그램 : http://file.pluscoin.co.kr/cashback/download/uninstall.exe
애드웨어 삭제후 인터넷 주소줄 표시창이 살아진다면 ?
--> http://fantasy-actuality.tistory.com/24
HijackThis - 보안툴 <참고하면 좋은 프로그램>
--> http://fantasy-actuality.tistory.com/103
제어판 - 추가삭제 항목에서 아래 프로그램 목록을 확인할 수 있다.
win pluspoint Manager V2.33
윈도우 익스플로어 추가기능관리 (BHO) 에 아래파일 등록
BHO: pluspoint - {0FB9FC89-46E5-4961-9515-788A9EDCFDE9}
- C:\Program Files\pluspoint2\pluspoint2.dll
Toolbar: pluspoint - {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
- C:\Program Files\pluspoint2\pluspoint2.dll
시작프로그램에 아래항목을 등록
[pluspoint] "C:\Program Files\pluspoint\pluspoint.exe" /start
<일부 삽입되는 레지스터리 일부><2007.12.25>
HKEY_CLASSES_ROOT\CLSID\{0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
HKEY_CLASSES_ROOT\CLSID\{0FB9FC89-46E5-4961-9515-788A9EDCFDE9}
HKEY_CLASSES_ROOT\CLSID\{25FDA627-7C17-4B33-A2F6-0EF2AE83E212}
HKEY_CLASSES_ROOT\CLSID\{760FF20F-B852-4ED7-AE91-F1DE355C080F}
HKEY_CLASSES_ROOT\Interface\{2F7DB9C3-469C-4E86-B818-FB077A8B84ED}
HKEY_CLASSES_ROOT\Interface\{5B9948BB-7B70-4B2C-9FE2-4F48810C509C}
HKEY_CLASSES_ROOT\Interface\{6EB6DD47-9D2C-4433-8B49-9E30A785C115}
HKEY_CLASSES_ROOT\Interface\{9BBDBC20-363B-4F92-9088-325EDC911B09}
HKEY_CLASSES_ROOT\Interface\{B96E5BB7-F653-435E-B16B-4E023DE978AE}
HKEY_CLASSES_ROOT\Interface\{D433027B-85A8-473B-90C3-F44D89BE6564}
HKEY_CLASSES_ROOT\Pluspoint2.ToolBar
HKEY_CLASSES_ROOT\Pluspoint2.ToolBar.1
HKEY_CLASSES_ROOT\Pluspoint2.ViewSource
HKEY_CLASSES_ROOT\Pluspoint2.ViewSource.1
HKEY_CLASSES_ROOT\Pluspoint2getinfo.Util
HKEY_CLASSES_ROOT\Pluspoint2getinfo.Util.1
HKEY_CLASSES_ROOT\Pluspoint2inst.AtlCtrl
HKEY_CLASSES_ROOT\Pluspoint2inst.AtlCtrl.1
HKEY_CLASSES_ROOT\TypeLib\{3EC461BB-88F5-4524-8D86-038081CB744C}\1.0
HKEY_CLASSES_ROOT\TypeLib\{91740667-FE49-43A1-A95F-696A0238884A}\1.0
HKEY_CLASSES_ROOT\TypeLib\{ED708A28-822A-405A-857E-0A0853B53784}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F04D8F1-A1B7
-4BA9-B091-E87E0EDD4940}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0FB9FC89-46E5
-4961-9515-788A9EDCFDE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25FDA627-7C17
-4B33-A2F6-0EF2AE83E212}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{760FF20F-B852
-4ED7-AE91-F1DE355C080F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2F7DB9C3
-469C-4E86-B818-FB077A8B84ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5B9948BB
-7B70-4B2C-9FE2-4F48810C509C}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6EB6DD47
-9D2C-4433-8B49-9E30A785C115}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9BBDBC20
-363B-4F92-9088-325EDC911B09}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B96E5BB7
-F653-435E-B16B-4E023DE978AE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D433027B
-85A8-473B-90C3-F44D89BE6564}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ToolBar
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ToolBar.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ViewSource
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2.ViewSource.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2getinfo.Util
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2getinfo.Util.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2inst.AtlCtrl
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Pluspoint2inst.AtlCtrl.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3EC461BB-88F5
-4524-8D86-038081CB744C}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{91740667-FE49
-43A1-A95F-696A0238884A}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{ED708A28-822A
-405A-857E-0A0853B53784}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{62E65991-BAFA-4AFB-9B40-06039E276D28}
BandCLSID REG_SZ {0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940}
ButtonText REG_SZ 플러스포인트
CLSID REG_SZ {E0DD6CAB-2D10-11D2-8F1A-0000F87ABD16}
Default Visible REG_SZ Yes add
HotIcon REG_SZ C:\Program Files\pluspoint2\pluspoint2.dll,202
Icon REG_SZ C:\Program Files\pluspoint2\pluspoint2.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{0F04D8F1-A1B7-4BA9-B091-E87E0EDD4940} REG_BINARY
C:\Program Files\pluspoint2\pluspoint2.dll,201
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\uncashplus
check REG_SZ y
iv REG_SZ pluspoint2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
pluspoint2 REG_SZ "C:\Program Files\pluspoint2\pluspoint2.exe" /start
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\pluspoint2
DisplayName REG_SZ win pluspoint Manager V2.33 add
UninstallString REG_SZ C:\Program Files\pluspoint2\uninstall.exe add
HKEY_LOCAL_MACHINE\SOFTWARE\pluspoint2\data
<설치폴더><2007.12.25>
| c:\Program Files\pluspoint2 | |||
| License.txt | 2007-09-15 10:10.08 | 4,513 | |
| pluspoint2.dll | 2007-11-03 15:12.34 | 311,296 | |
| pluspoint2getinfo.dll | 2007-11-03 21:55.14 | 77,824 | |
| pluspoint2inst.dll | 2007-11-03 22:29.10 | 99,888 | |
| pluspointno.dat | 2006-12-21 02:22.18 | 315 | |
| pluspointok.dat | 2007-12-17 18:41.18 | 23,484 | |
| uninstall.exe | 2007-11-03 22:18.10 | 55,808 | |
| c:\WINDOWS\Downloaded Program Files | |||
| pluspoint | 2007-11-03 22:28.52 | ||
| c:\WINDOWS\system32 | |||
| pluspoint2inst.dll | 2007-11-03 22:29.12 | 99,888 | |
'Analysis > 유포 프로그램' 카테고리의 다른 글
| Adware/Rogue - NClean < 별칭 : 엔크린 > (5) | 2007.12.28 |
|---|---|
| Adware - Uninstall AdImageware (1) | 2007.12.24 |
| Adware/Rogue - Windows-site security (KS82381) (유해사이트차단) (0) | 2007.12.24 |
| Adware - Windows Go toolbar uninstall < 별칭 : GO툴바 > (1) | 2007.12.23 |
| Adware - Internet Explorer Guide V2 < 별칭 : 고툴바 / GO툴바 > (2) | 2007.12.21 |
