HJT DBの登録を一覧にしたものです。ページが重いのはご勘弁を。表示は登録が新しい順です。
(このページは手動更新なので、最新の登録データが反映されてない可能性があります。件数と更新日をご確認下さい)
ちょっと重くなりすぎたので古いものは一覧から削除しました。
| 名称 | HijackThisに現れるエントリ |
| MalwareBytes' RogueRemover | O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor |
| Sun の Java 関係エントリ | O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 |
| WinReanimator | O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\winreanimator.exe" /hide O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe |
| 2008年2月出現の Zlob 系 O21 | O21 - SSODL: MonRam - {3583ee48-944f-456a-a94d-0d5aeeb2a755} - C:\WINDOWS\Installer\{3583ee48-944f-456a-a94d-0d5aeeb2a755}\MonRam.dll O21 - SSODL: zip - {48ab9f0a-43b7-4739-81b3-b30e2513b2c6} - C:\WINDOWS\Installer\{48ab9f0a-43b7-4739-81b3-b30e2513b2c6}\zip.dll |
| YAMAHA の O4 - GO4XService.exe | O4 - HKCU\..\Run: [GO4XService] "C:\Program Files\Common Files\YAMAHA\GO4X\common\GO4XService.exe" |
| LiveUpdate Notice | O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe |
| Rising Personal Firewall | O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe |
| Rising AntiVirus | O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O10 - Unknown file in Winsock LSP: c:\program files\rising\rav\hookspi.dll O23 - Service: Rising Confing Manager (cfgload) - Beijing Rising Technology Co., Ltd. - C:\program files\rising\rav\cfgload.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - Service: Rising Vista Interface (RsVInterface) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Common Files\Rising\vsapisrv.exe O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\program files\rising\rav\scannerd.exe O23 - Service: Rising Vista Update (RsVUpdate) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Common Files\Rising\rsupd.exe |
| G DATA InternetSecurity 2008 | F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe" O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe O23 - Service: G DATA パーソナルファイアウォール (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe |
| ウイルスバスター2008 | O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Virus Buster\UfSeAgnt.exe" O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Virus Buster\TMAS_OE\TMAS_OEMon.exe" (同上) O23 - Service: トレンドマイクロ総合管理コンポーネント (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Virus Buster\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Virus Buster\TmProxy.exe |
| O9 - DesktopStrea | O9 - Extra button: DesktopStrea - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - (no file) |
| Mamutu 1.5 | O4 - HKLM\..\Run: [Mamutu Guard] "C:\Program Files\Mamutu\mamutu.exe" /silent O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program Files\Mamutu\a2service.exe |
| TAGIRI Toolbar | O3 - Toolbar: TAGIRI Toolbar - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files\TAGIRI Toolbar\ISLIEBand.dll O9 - Extra button: DesktopStrea - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - (no file) O9 - Extra button: Tagiri Toolbar - {EC113164-2692-482c-A70D-C60DA5C92546} - (no file) |
| ThreatFire | O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe |
| PunkBuster | O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe |
| Yahoo!Anti-Spy | O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll |
| Nero | O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe |
| PowerDVD | O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\ |
| Windowsウェルカムセンター | O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') |
| Windowsサイドバー | O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') |
| System Safety Monitor | O20 - Winlogon Notify: System Safety Monitor - C:\Windows\SYSTEM32\SSMWinlogonEx.dll |
| %ProgramFiles%\[もっともらしい名... | O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe |
| O4 の [54a58e5f] rundll32.exe や... | O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\iwqaonlo.dll",b O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\aydqfrfn.dll",s O4 - HKLM\..\Run: [90c291af] rundll32.exe "C:\WINDOWS\System32\wteghdag.dll",b O4 - HKLM\..\Run: [BM43c4fa5f] Rundll32.exe "C:\WINDOWS\system32\bgwytljd.dll",s O4 - HKLM\..\Run: [5c61e884] rundll32.exe "C:\WINDOWS\system32\tdtsyvjw.dll",b |
| Ask Toolbar (AskTBar) | R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL |
| CDDBUISon.dll | O2 - BHO: (no name) - {69F76916-8654-4CC0-A2F6-977A7624B5F3} - C:\WINDOWS\system32\CDDBUISon.dll O2 - BHO: (no name) - {520EEF75-40F4-4632-B552-CF6E815ED402} - C:\WINDOWS\system32\CDDBUISon.dll |
| Troj/Agent-GNA | F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\drivers\msbzgh.exe, O4 - HKCU\..\Run: [【未詳】] C:\WINDOWS\system32\drivers\msbzgh.exe O4 - HKCU\..\Run: [【未詳】] C:\Documents and Settings\【user】\Application Data\ayagbf.exe |
| Protector Suite QL 5.3 | O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe" O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll |
| FindFM Toolbar | R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll O2 - BHO: XBTB04482 - {EB1BA0FB-F408-4503-9406-3F1BDE0FF91E} - C:\PROGRA~1\FINDFM~1\toolbar.dll O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll |
| CashFiesta | O4 - HKCU\..\Run: [CashFiesta] C:\Documents and Settings\【user】\デスクトップ\Cashfiesta\Cashfiesta.exe |
| Megaupload Toolbar | O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL |
| FakeAlert・TROJ_AGENT.AASC | F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat |
| Spy Sweeper 5.5 | O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O23 - Service: Webroot Spy Sweeper ウェブルート スパイ スウィーパー エンジン (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
| VirusLocker | C:\Program Files\VirusLocker\VirusLocker.exe C:\Program Files\VirusLocker\VirusLocker.exe |
| Norton 360 | O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O3 - Toolbar: Norton ツールバーの表示 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| PeerGuardian | O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe |
| VirusSeigyo(Virus制御) | C:\Program Files\Common Files\VirusSeigyo\uga6pcw.exe C:\Program Files\VirusSeigyo\pgs.exe O4 - HKLM\..\Run: [uga6pcw] "C:\PROGRA~1\COMMON~1\VIRUSS~1\uga6pcw.exe" -start O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusSeigyo\rtasks.exe O4 - HKLM\..\RunOnce: [atf_reinstall] "C:\Program Files\VirusSeigyo\atf.exe" |
| TrendProtect 1.0 | O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll |
| PrivacyProtector | O4 - HKLM\..\Run: [PrivacyProtector Free] "C:\Program Files\PrivacyProtector Free\UPRP.exe" |
| WORM_SDBOT.BDJ | O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe |
| WinAntiSpyware 2007 | O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c |
| ErrorProtector | O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe /min O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\ErrorProtector Free\startmon.exe" O4 - HKCU\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe |
| NeroChek.exe | O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroChek.exe" |
| Win32/Expiro.C | 走っている実行ファイルは軒並み感染している可能性がある。 |
| W32/Rbot-GOR | O4 - HKLM\..\Run: [Windows LoL Layer] jkgogpaho.exe O4 - HKLM\..\RunServices: [Windows LoL Layer] jkgogpaho.exe O4 - HKCU\..\Run: [Windows LoL Layer] jkgogpaho.exe |
| W32/Rbot-GMI | O4 - HKLM\..\Run: [Universal Plug & Play devices] WinUPPD.exe O4 - HKLM\..\RunServices: [Universal Plug & Play devices] WinUPPD.exe O4 - HKCU\..\Run: [Universal Plug & Play devices] WinUPPD.exe |
| TKEYDRV.EXE | O4 - HKLM\..\Run: [Ten Key] TKEYDRV.EXE |
| O20 の stp68_2007.dll (Trojan.Kl... | O20 - Winlogon Notify: stp68_2007 - C:\WINDOWS\SYSTEM32\stp68_2007.dll O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing) |
| O10 の lzink.dll (ランダム名かも... | O10 - Unknown file in Winsock LSP: c:\windows\system32\lzink.dll |
| Browser Protection Volume | O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe O22 - SharedTaskScheduler: bedstead - {b23dc537-3e13-44c7-bf67-d8405eb377f7} - C:\WINDOWS\system32\rcohty.dll |
| [CTDrive] ... drv???.dll, startu... | O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvhaf.dll,startup |
| O4 - HKLM [WindowsHive] rpcc.exe | O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe |
| ウイルスチェイサー | O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\vcrmon.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe |
| Infostealer.Banker.C | F2 - REG:system.ini:
UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') |
| AVG Internet Security 7.5 | O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe |
| Trojan-Downloader.Win32.ConHook.... | O2 - BHO: (no name) - {80ef4338-290c-45cf-8104-9d41e7cccdc1} -
C:\WINDOWS\system32\cdm6gt.dll O20 - Winlogon Notify: cdm6gt - C:\WINDOWS\SYSTEM32\cdm6gt.dll O2 - BHO: (no name) - {d364b803-3171-48cf-b723-f39e753de102} - C:\WINDOWS\system32\mscrx3.dll O20 - Winlogon Notify: mscrx3 - C:\WINDOWS\SYSTEM32\mscrx3.dll O2 - BHO: (no name) - {0007703b-5f3f-4008-aef7-77b16292321a} - C:\WINNT\system32\c_1jet.dll O20 - Winlogon Notify: c_1jet - C:\WINNT\SYSTEM32\c_1jet.dll |
| 2007年春型 Vundo に特徴的な O2 ... | O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -
C:\WINDOWS\system32\tmp158E.tmp.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\xvtbmhix.dll |
| WinFlyer | O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run |
| TROJ_AGENT.HYI | O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe |
| Vundo の出す特定パターン O4 エン... | O4 - HKLM\..\Run: [SoundService] rundll32.exe
"C:\WINNT\vttspo.dll",setvm O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\dpaojpap.dll",setvm O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\gxaycfaw.dll",setvm O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vanbrgev.dll",setvm O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\tuvwvs.dll",realset |
| Infineon TPM Professional Packag... | O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon
Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE |
| WinAntiVirus Pro 2007 | O2 - BHO: CIEIntegrator Object - {22750ADC-C90F-43C4-9B72-0F9E60CB5119} -
C:\Program Files\WinAntiVirus Pro 2007\winavpgi.dll O2 - BHO: IEFW Object - {67121D62-2C97-4EF0-83EA-2DC643D50B01} - C:\Program Files\WinAntiVirus Pro 2007\fwbho.dll O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] "C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe" /min O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\RunOnce: [fat.exe] "C:\Program Files\WinAntiVirus Pro 2007\fat.exe" O23 - Service: Firewall service (NtTf) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2007\NtFt.exe |
| FRITZ!Box | O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program
Files\FRITZ!DSL\FwebProt.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe |
| InterSafe Personal | O4 - HKLM\..\Run: [nsfcfg] "C:\Program Files\ALSI\IS_PS\nsfcfg.exe" O10 - Broken Internet access because of LSP provider 'nsflsp.dll' missing |
| O16 の MxLogicalTRU Class 他 | O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) -
file://C:\Temp\cabfiles\MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - file://C:\Temp\cabfiles\MxBinderU.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - file://C:\Temp\cabfiles\MxMenuU.cab O16 - DPF: {4F57AF1B-5470-47EE-A5AA-D1EA4B3C42A6} (XChartU Class) - file://C:\Temp\cabfiles\XChartU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - file://C:\Temp\cabfiles\MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - file://C:\Temp\cabfiles\MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - file://C:\Temp\cabfiles\MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - file://C:\Temp\cabfiles\MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - file://C:\Temp\cabfiles\MxReportU.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - file://C:\Temp\cabfiles\MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - file://C:\Temp\cabfiles\MxDataSetU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - file://C:\Temp\cabfiles\MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - file://C:\Temp\cabfiles\MxTreeU.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - file://C:\Temp\cabfiles\MxMaskEditU.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - file://C:\Temp\cabfiles\MxRadioU.cab |
| Starware Recipe Toolbar | O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program
Files\Starware337\bin\Starware337.dll O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll |
| Starware Toolbar | O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
C:\PROGRA~1\Comet\Bin\csbho.dll O3 - Toolbar: Starware Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\Comet\Bin\csietb.dll |
| McAfee VirusScan Enterprise | O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe |
| EnvyHFCPL | O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 |
| ipTray.exe | O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe" O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe |
| 「驚速パソコン」類と about:blank | Running processes: C:\Program Files\SOURCENEXT\驚速パソコン\SFBRun.exe |
| ctpmon.exe | O4 - HKCU\..\Run: [ctpmon] ctpmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
| DinopSearchBar | O3 - Toolbar: DinopSearchBar - {4B37CC9B-FBF4-4EFB-BCAB-64293358362F} -
C:\Program Files\dinop\DinopSearchBar\bar.dll O11 - Options group: [DinopSearchBar] DinopSearchBar |
| AltaVista Toolbar | O2 - BHO: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} -
C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL O3 - Toolbar: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (ALTAVISTA) - http://toolbar.altavista.com/static/toolbar/altavista.cab?r=1169261225 |
| Backdoor.Win32.SdBot.bcf... | O4 - HKLM\..\RunServices: [mstdcs] C:\WINNT\System32\mstdcs.exe O4 - HKLM\..\RunServices: [msrdc] C:\WINNT\System32\msrdc.exe |
| Backdoor.Win32.IRCBot.xt | O23 - Service: nSecure - Unknown owner - C:\WINNT\System32\nSecure.exe |
| W32/Agobot-AHR | O23 - Service: nservice - Unknown owner - C:\WINNT\System32\nservice.exe |
| セキュリティ対策ツール | O4 - HKLM\..\Run: [pccguide.exe] "C:\program
files\NTTW\Security\pccguide.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\NTTW\Security\PcCtlCom.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTW\Flets\app\TangoService.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\NTTW\Security\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\NTTW\Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\NTTW\Security\tmproxy.exe |
| インターネット 悪質サイトブロック | O2 - BHO: 悪質サイトブロック BHO - {E51900C1-1D23-475D-921E-10E20D13ECC1} - C:\Program
Files\NetSTAR\NSFR\nsfbnd.dll O3 - Toolbar: 悪質サイトブロック - {EA7785EA-2640-49A2-832E-A882AD6D2A77} - C:\Program Files\NetSTAR\NSFR\nsfbnd.dll |
| BroadJump Client Foundation | O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe |
| O2 の BAE.dll | O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll |
| SpyMarshal | O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe |
| ウイルスバスター Corp. クライア... | O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend
Micro\OfficeScan Client\pccntmon.exe" -HideWindow O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://192.1.4.61/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://192.1.4.61/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://192.1.4.61/officescan/console/ClientInstall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://192.1.4.61/officescan/console/html/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrlClass) - http://192.1.4.61/officescan/console/ClientInstall/RemoveCtrl.cab O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe |
| AVG Anti-Spyware 7.5 | O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe |
| MyDoom.A の lsasrv.exe | F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\lsasrv.exe O4 - HKLM\..\Run: [lsass] C:\WINDOWS\System32\lsasrv.exe |
| O23 エントリを出す新種マルウェア... | O23 - Service: [もっともらしいサービス名]([その略称めいたもの]) - Unknown owner - [フルパス\もっともらしい名前(しばしばシステムファイルと同名).exe] |
| T-Online DSL Manager 6.0 | O4 - HKLM\..\Run: [T-Online DSL-Manager] C:\Program
Files\T-Online\DSL-Manager\TODslMgr.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Program Files\T-Online\DSL-Manager\TODslSvc.exe |
| SpamSubstract Pro 1.70 | Running processes: C:\Program Files\InterMute\SpamSubtract\SpamSubtract.exe |
| ウイルスバスター2007 | O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Virus Buster
2007\pccguide.exe" O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Virus Buster 2007\TMAS_OE\TMAS_OEMon.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcScnSrv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe |
| 新種Bot? - Events Log (Event) | O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe |
| WORM_SDBOT.AWG | O23 - Service: wlmsngr - Unknown owner - C:\WINNT\wlmsngr.exe (file missing) |
| W32/Tilebot-HQ | O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing) |
| WORM_RBOT.EOB | O4 - HKLM\..\Run: [ActiveX File Registration Service] filereg.exe O4 - HKLM\..\RunServices: [ActiveX File Registration Service] filereg.exe O4 - HKCU\..\Run: [ActiveX File Registration Service] filereg.exe O4 - HKCU\..\RunServices: [ActiveX File Registration Service] filereg.exe |
| Norton Internet Security 2007 | O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O3 - Toolbar: Norton ツールバーの表示 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe |
| 常時安全 セキュリティ24アシスタ... | O3 - Toolbar: セキュリティ24 - {41EFC95A-E013-4284-8C99-EB5CFD168DED} - C:\Program
Files\@nifty Security\s24iebar.dll O4 - HKLM\..\Run: [s24ctrl] "C:\Program Files\@nifty Security\s24ctrl.exe" /s O16 - DPF: {BCDE5531-8A86-47B9-8E10-76E991EA3950} (@nifty Assistant Web Installer) - https://bbsrv.nifty.com/security24/downloads/webinst.cab O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe |
| EnrollWiz | O2 - BHO: CSecDepotIeHlprObj Class - {40F83F83-6C95-4D99-A2EB-6599DE81A6BE} -
C:\WINDOWS\system32\SDSecDepotIe.dll O4 - HKLM\..\Run: [EnrollWiz] SdUsrEnrollWiz.exe enroll O9 - Extra button: Desktop Security Depot for Internet Explorer - {F61F9C2D-0A2F-4b09-B17B-7955B8610940} - C:\WINDOWS\system32\SDSecDepotIe.dll |
| バイドクター | O4 - HKLM\..\Run: [vidr] "C:\Program Files\vidr\vidrUp.exe" -b O4 - HKLM\..\Run: [PC最適化] C:\Program Files\optimizejp\optimizeupdjp.exe -update O4 - HKLM\..\Run: [バイドクター] C:\Program Files\vidoctorjp\vidoctorupdjp.exe -update |
| VVSN.exe | O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe |
| Windows Defender Beta2 | C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hidee |
| AVIRA AntiVir PersonalEdition Cl... | O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
Classic\avgnt.exe" /min O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe |
| オプトサーブ | O4 - HKLM\..\Run: [optserve] C:\WINDOWS\System32\optserve.exe O4 - HKLM\..\Run: [LP] C:\WINDOWS\system32\LP.exe |
| Trojan-Downloader.Win32.Agent.aqr | O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe |
| SystemStable | C:\Program Files\SystemStable\SystemStableMonitor.exe C:\Program Files\SystemStable\SystemStable.exe O4 - HKCU\..\Run: [SystemStableMonitor] C:\Program Files\SystemStable\SystemStableMonitor.exe |
| W32.Randex.YR | O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe |
| WORM_WOOTBOT.CE | O4 - HKLM\..\Run: [Windows Update] vgcntfy.exe O4 - HKLM\..\RunServices: [Windows Update] vgcntfy.exe O4 - HKCU\..\Run: [Windows Update] vgcntfy.exe |
| W32/Forbot-BH | O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe |
| WORM_SDBOT.VM | O4 - HKLM\..\Run: [msjava service] xpcd.exe O4 - HKLM\..\RunServices: [msjava service] xpcd.exe |
| WORM_WOOTBOT.AS | O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe |
| W32.Narcs | O4 - HKLM\..\Run: [Microsoft Updates] Botnet.exe O4 - HKLM\..\RunServices: [Microsoft Updates] Botnet.exe |
| crsss32.exe | O4 - HKLM\..\Run: [CRC Value Verifier] crsss32.exe O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss32.exe |
| WORM_WOOTBOT.BR | O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe |
| Shockwave Flash Object | O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} -
C:\WINDOWS\system32\smflash.ocx O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
| DriveCleaner 2006 | C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min |
| Win32/IRCBot.worm.188416.D | Running processes: C:\WINNT\system32\msjava.exe F2 - REG:system.ini: Shell=Explorer.exe msjava.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msjava.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe O23 - Service: Remote Procedure Call (RPC) Remote (RpcRemote) - Unknown owner - C:\WINNT\system32\remote.exe (file missing) |
| ワンクリック詐欺(←通称)Eros B... | O4 - HKLM\..\Run: [ImageViewer] C:\WINDOWS\ImageViewer.exe
/s C:\WINDOWS\ImageViewer.exe |
| SystemDoctor 2006 | C:\Program Files\SystemDoctor 2006 Free\sd2006.exe O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan |
| WORM_ANTINNY.AF | O4 - HKLM\..\Run: [Windows Security Manager]
C:\WINNT\system32\drivers\etc\svchost.exe -c -ax O23 - Service: Windows Security Manager (WindowsSecurityManager) - Unknown owner - C:\WINNT\system32\w32secm.exe |
| PC-Clean | O2 - BHO: Web Class - {D03B6018-E880-4A89-99A2-7354FE52DDAE} -
C:\PROGRA~1\NLIA\Nlia.dll O4 - HKLM\..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe /h |
| DownUp2U | O2 - BHO: DUIE Class - {CECD8E44-D53E-427B-89FB-3DF0A5C8BECD} - C:\Program
Files\DownUp2U\DU_BHO.dll O8 - Extra context menu item: Download *.swf By DownUp2U - C:\Program Files\DownUp2U\du_link_all_swf.htm O8 - Extra context menu item: Download All By DownUp2U - C:\Program Files\DownUp2U\du_link_all.htm O8 - Extra context menu item: Download By DownUp2U - C:\Program Files\DownUp2U\du_link.htm O9 - Extra button: DownUp2U - {ACC4BE27-3308-4D1B-8430-5FB2DACA774F} - C:\Program Files\DownUp2U\DownUp2U.exe |
| BitSpirit | C:\Program Files\BitSpirit\BitSpirit.exe O8 - Extra context menu item: BitSpiritでダウンロード(&B) - C:\Program Files\BitSpirit\bsurl.htm |
| Drag'n Drop CD+DVD | O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp |
| TOSHIBA Smooth View | O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exe |
| BitDefender Free Edition | O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free
edition\bdnagent.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe |
| HD Tune | O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe |
| Spyware Terminator | O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" |
| Max Antispyware | O4 - HKLM\..\Run: [MASAutoLiveupdate] C:\Program
Files\MaxAntiSpyware\LiveUpdateMAS.exe -AUTO O20 - Winlogon Notify: SDNotify - C:\Program Files\MaxAntiSpyware\SDNotify.dll O23 - Service: MASService - Max Secure Software - C:\Program Files\MaxAntiSpyware\SDService.exe |
| i-フィルター 4 | O4 - HKLM\..\Run: [IFP4] C:\Program Files\Digital Arts\IFP4\app\ifp4.exe
/s O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll |
| Ultimate Defender | O4 - HKCU\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide |
| WinSOS | O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI |
| downloadmax.net (ワンクリウェア) | C:\WINDOWS\system32\downloadmax.net.bat C:\WINDOWS\system32\downloadmax.net.exe O4 - HKLM\..\Run: [downloadmax.net] C:\WINDOWS\system32\downloadmax.net.bat |
| Norton Ghost 10.0 | O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton
Ghost\Agent\GhostTray.exe" O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe |
| Error Safe | O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe
/scan O4 - HKCU\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan |
| 1-2-3 Spyware Free Monitor | O4 - HKCU\..\Run: [123Monitor] C:\Program Files\1-2-3 Spyware Free\SpywareFreeMonitor.exe |
| FunWebProducts | R3 - URLSearchHook: (no name) - {06860C16-7110-4059-A410-44578348328E} -
C:\Program Files\AskJeevesJapan\SrchAstt\2.bin\AJJSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskJeevesJapan Search Assistant BHO - {06860C11-7110-4059-A410-44578348328E} - C:\Program Files\AskJeevesJapan\SrchAstt\2.bin\AJJSRCAS.DLL O2 - BHO: ajjscBar BHO - {3DA56661-F9C5-42a8-B943-849CA2DCD36A} - C:\Program Files\AskJeevesJapan\scbar\3.bin\AJJSCBAR.DLL O3 - Toolbar: Ask Jeeves Japan &Smiley Central Bar - {3DA56669-F9C5-42a8-B943-849CA2DCD36A} - C:\Program Files\AskJeevesJapan\scbar\3.bin\AJJSCBAR.DLL O4 - HKLM\..\Run: [AskJeevesJapan Email Plugin] C:\PROGRA~1\ASKJEE~1\scbar\3.bin\ajjoemon.exe O4 - HKCU\..\Run: [AskJeevesJapan Email Plugin] C:\PROGRA~1\ASKJEE~1\scbar\3.bin\ajjoemon.exe O8 - Extra context menu item: &Ask.jp で検索 - http://cfg.smileycentral.jp/askjpmenusearch.html?p=JSxdm001YYJP_JSHVDIS012 O16 - DPF: {7EE35792-6430-420F-B635-315E1F5A4AC1} - http://ak.nocache.smileycentral.jp/ei/AskJeevesJapanInitialSetup1.0.0.10-5.cab |
| PcoqU4kQ (ワンクリウェア) | C:\WINDOWS\System32\PcoqU4kQs.exe C:\WINDOWS\PcoqU4kQw.exe O4 - HKCU\..\Run: [PcoqU4kQ] C:\WINDOWS\System32\PcoqU4kQs.exe |
| McAfee Wi-FiScan | O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://jp.mcafee.com/Apps/WSC/jp/WscWlanScannerCtrl.cab |
| Ad-Watch | O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" |
| TLCigN5O (ワンクリウェア) | C:\WINDOWS\system32\TLCigN5Os.exe C:\WINDOWS\TLCigN5Ow.exe O4 - HKCU\..\Run: [TLCigN5O] C:\WINDOWS\system32\TLCigN5Os.exe |
| WinAntiVirusPRO 2006 | O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -
C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\RunOnce: [fat.exe] C:\Program Files\WinAntiVirus Pro 2006\fat.exe O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe |
| Kaspersky On-line Scanner | O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.co.jp/virusscanner/kavwebscan_ansi.cab |
| SpywareQuake | O4 - HKLM\..\Run: [SpywareQuake] C:\ProgramFiles\SpywareQuake\SpywareQuake.exe
/h O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h |
| SpyFalcon | O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h |
| MP3 Toolbar | O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL |
| SiteAdvisor | O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll |
| ワンクリック詐欺・完全無料動画像... | O4 - HKCU\..\Run: [MagPlayerWatcher_cwzjp] C:\Program Files\MagPlayer\MagPlayer.exe /Register |
| WinFixer 2005 | O4 - HKCU\..\Run: [WinFixer 2005] D:\Program Files\WinFixer 2005\uwfx5.exe
/scan O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_jp/WinFixer2005ScannerInstall_jp.cab |
| F5 Networks | O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) -
https://【ドメインまたはIP】/vdesk/cachecleaner.cab O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://【ドメインまたはIP】/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://【ドメインまたはIP】/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1 O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://【ドメインまたはIP】/vdesk/terminal/urxshost.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://【ドメインまたはIP】/vdesk/terminal/urxhost.cab#version=5400,0,50316,1 ------------------------------------------ O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://【ドメインまたはIP】/vdesk/terminal/urxvpn.cab#version=5500,0,50524,1 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://【ドメインまたはIP】/vdesk/terminal/urTermProxy.cab#version=5500,0,50510,1 O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://【ドメインまたはIP】/vdesk/terminal/urxshost.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://【ドメインまたはIP】/vdesk/terminal/urxhost.cab#version=5500,0,50517,1 |
| ワンクリック詐欺 In a | O4 - HKCU\..\Run: [! In a] C:\WINDOWS\SYSTEM\! In as.exe O4 - HKCU\..\RunServices: [! In a] C:\WINDOWS\SYSTEM\! In as.exe |
| EcoPassIE II | O8 - Extra context menu item: EcoIE2 で入力 - C:\Program
Files\Eco-Soft\EcoPassIE2\EcoIe2Menu1.htm O8 - Extra context menu item: EcoIE2 で全入力 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu2.htm O8 - Extra context menu item: EcoIE2 に追加 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu3.htm O8 - Extra context menu item: EcoIE2 を表示 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu4.htm |
| WebSecureAlert | O4 - Startup: WebSecureAlert.lnk = C:\PROGRA~1\WEBSEC~1\WebSecureAlert.exe |
| SpywareStrike 2.5 | O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h |
| ワンクリック詐欺 l lo | C:\WINNT\system32\l los.exe C:\WINNT\l low.exe O4 - HKCU\..\Run: [l lo] C:\WINNT\system32\l los.exe |
| ワンクリック詐欺 @ at 2 | C:\WINNT\system32\@ at 2s.exe C:\WINNT\@ at 2w.exe O4 - HKCU\..\Run: [@ at 2] C:\WINNT\system32\@ at 2s.exe |
| ワンクリック詐欺サイト「po @ t ... | C:\WINNT\po a tw.exe C:\WINNT\system32\po a ts.exe O4 - HKCU\..\Run: [po a t] C:\WINNT\system32\po a ts.exe |
| NT Meter | O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE |
| PerfectDiskのスケジューラ | O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program
Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe |
| igfxsrvc.dll | O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
| Windows Overlay Components | Running processes: C:\WINDOWS\egsktdr.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\egsktdr.exe [Key Name]="OvMon" "DisplayName"="Windows Overlay Components" "UninstallString"="C:\WINDOWS\offun.exe" |
| BKDR_DELF.IG | Running processes: C:\PROGRAM FILES\INTERNET EXPLORER\SYSSMSS.EXE O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe |
| ItalMgr | O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} -
C:\WINDOWS\system32\pkshaucy.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italkwwy.dll |
| TROJ_KAKKEYSの亜種 | F2 - REG:system.ini: Shell=C:\:.exe -s explorer.exe O4 - HKLM\..\Run: [Shell] C:/RECYCLER/S-1-5-21-1202660629-583907252-725345543-1003/iexplore.exe -e |
| Troj/Puper類 | Running
processes: C:\WINDOWS\popuper.exe C:\WINDOWS\System32\shnlog.exe C:\WINDOWS\System32\msole32.exe C:\WINDOWS\System32\intmon.exe (システムフォルダのファイル名は他にもありうる、例: paint.exe) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/ (上記はRが出る環境の場合の一例) O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp86A5.tmp (hpの次はランダム) |
| W32/Rbot-APA | O4 - HKLM\..\Run: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKLM\..\RunServices: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKCU\..\Run: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKCU\..\RunServices: [Microsoft Messenger Management Controls] msmgmctl.exe |
| W32/Rbot-ALE (またはW32/Rbot-AU... | O4 - HKLM\..\Run: [Service Monitor] msnfilen.exe O4 - HKLM\..\RunServices: [Service Monitor] msnfilen.exe |
| WORM_RBOT.BMY | O4 - HKLM\..\Run: [System Event Manager] secsvc.exe O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe |
| W32/Rbot-ALC | O4 - HKLM\..\Run: [Windows Update Service] update32.pif O4 - HKLM\..\RunServices: [Windows Update Service] update32.pif O4 - HKCU\..\Run: [Windows Update Service] update32.pif O4 - HKCU\..\RunServices: [Windows Update Service] update32.pif |
| O4 - [Microsoft Security GManage... | O4 - HKLM\..\Run: [Microsoft Security GManagers] vutblab.exe O4 - HKLM\..\RunServices: [Microsoft Security GManagers] vutblab.exe |
| W32/Rbot-AHK または W32/Rbot-ALJ | O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif |
| WORM_RBOT.BUZ | O4 - HKLM\..\Run: [Windows Spool Server] spoolsrv.exe O4 - HKLM\..\RunServices: [Windows Spool Server] spoolsrv.exe |
| W32/Rbot-ATE | O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif |
| W32/Rbot-AWJ | O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] MSN32.EXE O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSN32.EXE |
| ウイルスバスター2006 | [XPの場合] Running processes: C:\PROGRA~1\TRENDM~1\VIRUSB~1\PCCTLCOM.EXE C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\VIRUSB~1\TMPFW.EXE C:\Program Files\Trend Micro\Virus Buster 2006\pccguide.exe O2 - BHO: フィッシング詐欺対策ツールバー - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PccIeBar.dll O3 - Toolbar: フィッシング詐欺対策ツールバー - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PccIeBar.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Virus Buster 2006\pccguide.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe |
| Adware.Webtext | O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsa130.dll (一例。ファイル名はns*.dllで可変) |
| W32/Rbot-AVQ | Running Processes: C:\WINDOWS\System32\BHSV.EXE O4 - HKLM\..\Run: [Browser Help Svc] BHSV.EXE O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE |
| W32/Rbot-ARP | Running processes: C:\WINDOWS\System32\scorti.exe O4 - HKLM\..\Run: [MCX Updte] scorti.exe O4 - HKLM\..\RunServices: [MCX Updte] scorti.exe |
| W32/Rbot-AQS | Running processes: C:\WINDOWS\System32\winssx.exe O4 - HKLM\..\Run: [Microft Update 32] winssx.exe O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe |
| W32/Rbot-AUZ | Running processes: C:\WINDOWS\System32\winmx32.EXE O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE |
| mssearchnet.exe | Running processes: C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\System32\nvctrl.exe O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hp8DA9.tmp |
| PRunOnce.exe | O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe |
| msqsearc (TROJ_DLUCA.CN) | Running processes: C:\windows\system32\msqsearc.exe O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install "DisplayName"="dxvid" "DisplayName"="msqsearc" |
| Secure Application Manager | O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application
manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll |
| xpdiag.exe | Running processes: C:\WINDOWS\XPDIAG.EXE O4 - HKLM\..\Run: [XpDiag] xpdiag.exe -off |
| MSN Messenger 7.5のO18 | O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
| PhishWall | O2 - BHO: PhishWall - {8CA7E745-EF75-4E7B-BB86-8065C0CE29CA} - C:\Program
Files\SecureBrain\PhishWall\sbpw32.dll O3 - Toolbar: PhishWall - {BB62FFF4-41CB-4AFC-BB8C-2A4D4B42BBDC} - C:\Program Files\SecureBrain\PhishWall\sbpw32.dll アンインストール情報 [Key Name]="{8C0B0C9E-60E6-48CD-8080-615A6D271C0F}" "DisplayName"="PhishWall" "Version"="0x01000000" "InstallDate"="20051014" "InstallLocation"="C:\Program Files\SecureBrain\PhishWall" "InstallSource"="C:\Documents and Settings\[username]\My Documents\AppSetupExe\phishwall\"[パスはあくまで一例] "UninstallString"="RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C0B0C9E-60E6-48CD-8080-615A6D271C0F}\setup.exe" -l0x11 -removeonly" "Publisher"="SecureBrain Corporation" |
| ewido online scanner beta | O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab |
| PSGuard | O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe |
| SSA-KeyLogger spyware | O1 - Hosts: 85.192.32.112 name of a bank O1 - Hosts 82.146.42.123 name of a bank O1 - Hosts 209.160.64.29 name of a bank O1 - Hosts: 64.34.84.76 name of a bank O1 - Hosts: 17.145.117.11 name of a bank O1 - Hosts: 128.250.24.84 name of a bank O1 - Hosts: 141.225.152.142 ibank.barclays.co.uk O4 - HKLM\\..\\Run: [load32] C:\\WINDOWS\\System32\\winldra.exe O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM32\winldra.exe |
| WORM_SNONE.A | O4 - HKLM\..\Run: [WinMsgService] C:\WINDOWS\system32\explorer.exe O4 - HKLM\..\Run: [realone_nt2004] C:\WINDOWS\system32\syslray.exe O4 - HKLM\..\Run: [realone_nt2003] C:\WINDOWS\system32\moniker.exe |
| Trojan.Joex | F2 - REG:system.ini: Shell=Explorer.exe commamd.exe O4 - HKCU\..\Run: [ctfnom.exe] C:\WINDOWS\SVOHOST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present もし、下記の設定があれば「Check」&「Fix」 O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756 (file missing) O9 - Extra 'Tools' menuitem: 修???器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 清理上网?? - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) |
| キングソフトインターネットセキュ... | O4 - HKLM\..\Run: [KavStart] "C:\Program Files\Kingsoft\KIS2006\KAVStart.exe"
-startup O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\KIS2006\KavPFW.exe" O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\KIS2006\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\KIS2006\KWatch.EXE |
| Bonjour(Rendezvous) | Running processes: C:\Program Files\Bonjour\mDNSResponder.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O23 - Service: Bonjour サービス (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe |
| W32.Licum (別名 W32/Gael; Tenga)... | それ自体としては現れないと思われる。 |
| Kerio Personal Firewall 4 | Running processes: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe |
| Spyware Doctor 3.2 | Running processes: C:\Program Files\Spyware Doctor\swdoctor.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll アンインストール情報: [Key Name]="Spyware Doctor_is1" "DisplayName"="Spyware Doctor 3.2" "InstallLocation"="C:\Program Files\Spyware Doctor\" "UninstallString"=""C:\Program Files\Spyware Doctor\unins000.exe"" "QuietUninstallString"=""C:\Program Files\Spyware Doctor\unins000.exe" /SILENT" "Publisher"="PC Tools" "HelpLink"="http://www.pctools.com/spyware-doctor/support/" |
| Client Manager2 | Running processes: C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe C:\Program Files\BUFFALO\Client Manager2\bwsvc.exe O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager2\bwsvc.exe |
| Adaptec DirectCD | Running processes: C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe |
| Jog Dial Utility | Running processes: C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe |
| S3Hotkey | Running processes: C:\WINNT\system32\s3hotkey.exe O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe |
| Norton GoBack | Running processes: C:\Program Files\Norton GoBack\GBPoll.exe C:\Program Files\Norton GoBack\GBTray.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe |
| Jetico Personal Firewall | O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" |
| Troj/Dluca-S | O4 - HKLM\..\Run: [sysdxvid] c:\windows\system\sysdxvid.exe /nocomm (青71325) O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm |
| vbsys.dll | 2004年10月前後流行のもの: O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\C\WINDOWS\System32\vbsys.dll 登録時点での例: O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll |
| トレンドマイクロのオンラインスキ... | (英語) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (←Security Scan機能[2005年7月時点]) (日本語) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab |
| RootkitRevealer 1.55 | Running processes: C:\Spyware\RootkitRevealer\RootkitRevealer.exe (←パスは一例) C:\DOCUME~1\<username>\LOCALS~1\Temp\YDVXLKY.exe O23 - Service: YDVXLKY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\<username>\LOCALS~1\Temp\YDVXLKY.exe |
| ewido security suite 3.5 | Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\Program Files\ewido\security suite\ewidoguard.exe (常駐機能) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe (常駐機能) アンインストール情報: [Key Name]="ewidosecuritysuite" "DisplayName"="ewido security suite" "InstallLocation"="C:\Program Files\ewido\security suite" "UninstallString"="C:\Program Files\ewido\security suite\Uninstall.exe" "Publisher"="ewido networks" "HelpLink"="http://www.ewido.net" |
| Microsoft Antispyware (Beta) | Running processes: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (操作画面を起動すると)C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" |
| CWS_Paytime | O4 - HKLM\..\Run: [PayTime] C:\WINNT\System32\paytime.exe O4 - HKCU\..\Run: [PayTime] C:\WINNT\System32\paytime.exe |
| Trojan.Zlob.B | O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\system32\msmsgs.exe |
| Troj/Spyre-E | O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe |
| Win32.Banker.M | O20 - Winlogon Notify: f3dsl - C:\WINDOWS\SYSTEM32\lsd_f3.dll |
| Trojan-Proxy.Win32.Small.bo | O4 - HKLM\..\Run: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe O4 - HKLM\..\RunServices: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe O4 - HKCU\..\Run: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe |
| Trojan-Proxy.Win32.Small.bo | O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe |
| Logicool SetPoint | XP SP1、SP2のログ Running processes: C:\Program Files\Logicool\SetPoint\kem.exe C:\Program Files\Logicool\SetPoint\KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE |
| eTrust AntiVirus Promotional Ver... | XP SP1のログ Running processes: C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe |
| eTrust アンチウイルス 2005 | XP SP1のログ Running processes: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe |
| WareOut | ・プログラム本体 O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe" ・上記の他、O4 - HKLM に2つ、O4 - HKCU に3つのエントリーが作られる。R3 - URLSearchHook が出ることも有る。 (例1) R3 - URLSearchHook: (no name) - {1DDB19E0-B89D-728D-C2F7-4EB6A0335042} - JAguAr.dll (file missing) O4 - HKLM\..\Run: [backd] ATLIEHELPER.exe O4 - HKLM\..\Run: [bhoserv] ActionScr.exe O4 - HKCU\..\Run: [driver64] dialer423.exe O4 - HKCU\..\Run: [backd] bhoserv.exe O4 - HKCU\..\Run: [hyandex] stuffmon.exe (例2) O4 - HKLM\..\Run: [CToolBar] WhatsNewBot.exe O4 - HKLM\..\Run: [10010] CToolBar.exe O4 - HKCU\..\Run: [SpyElim] zantu.exe O4 - HKCU\..\Run: [sysconf16] zxc.exe O4 - HKCU\..\Run: [trycrt] driver32.exe ※エントリー名称に使われる文字列は、上記参考サイトを参照。プログラム本体以外は、エントリー情報だけで、ファイルの実体は無い。 |
| TROJ_STARTPAG.QY | O4 - HKLM\..\Run: [checkrun] c:\winnt\system32\eliteayb32.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteloo32.exe O4 - HKLM\..\Run: [checkrun] C:\Windows\System32\eliteloo32.exe O4 - HKLM\..\Run: [checkrun] C:\Windows\System\eliteloo32.exe のようにelite○○○(3桁英字)32.exeのエントリーが現れる 追加 O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitehoa32.exe |
| Trojan.Desktophijack | プロセスに C:\WP.EXE O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe |
| Backdoor.Staprew | O4 - HKLM\..\Run: [Kodac] C:\OFICEXP.exe |
| AI RoboForm | O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O8 - Extra context menu item: RF ツールバー - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: RF フォーム保存 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: RF フォーム記入 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RF メニューカスタマイズ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: フォーム記入 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF フォーム記入 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: 保存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF フォーム保存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: ロボフォーム - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF ツールバー - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html |
| ACROIEHELPER.DLL | O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL |
| Adware.MediaPass | O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe |
| Trojan.Win32.Stervis.b | O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe |
| AdWare.Apropos.i | O4 - HKCU\..\Run: [d002RPNpW] sqlodc32.exe |
| Trojan.Win32.StartPage.nk | O4 - HKLM\..\Run: [etbrun] c:\winnt\system32\eliteayb32.exe O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\eliteloo32.exe O4 - HKLM\..\Run: [etbrun] C:\Windows\System32\eliteloo32.exe O4 - HKLM\..\Run: [etbrun] C:\Windows\System\eliteloo32.exe のようにelite○○○(3桁英字)32.exeのエントリーが現れる |
| Trojan-PSW.Win32.Small.bk | O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll |
| ALCWZRD.EXE | Running processes: C:\WINDOWS\ALCWZRD.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE |
| ALCMTR.EXE | Running Processesには現れない様子。 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE |
| TabUserW.exe | ランニングプロセス C:\WINDOWS\system32\WTablet\TabUserW.exe |
| TabletService | ランニングプロセス C:\Windows\system32\Tablet.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe |
| IntelliPoint | Running Processes C:\Program Files\Microsoft IntelliPoint\point32.exe 自動起動エントリ O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" |
| Troj.Startpage se.dll | #56938の例 O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall または #57232の例 O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\User\LOCALS~1\Temp\se.dll,DllInstall |
| Trojan.Win32.Small.AZ/Trojan.Win... | O4 - HKLM\..\Run: [Olympic] C:\WINDOWS\Application Data\sgrunt\IE4321.exe O15 - Trusted Zone: www.sgrunt.biz |
| Backdoor.Thunker | O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - "C:\WINDOWS\Application Data\Microsoft\child.dll" |
| Admilli Service | O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c9.cab |
| Trojan.Win32.StartPage.rx | O4 - HKCU\..\Run: [mstask] C:\WINDOWS\mstask.exe |
| Ms4Hd (バージョン3 初期版・後期... | 同じ Ver.3 でも初期版と後期版で若干異なる。 ---初期版--- Running Proccess: C:\WINDOWS\System32\unlodctl.exe C:\WINDOWS\System32\nlsfuncs.exe C:\WINDOWS\System32\openconf.exe C:\WINDOWS\System32\taskopen.exe (※) C:\WINDOWS\System32\qappsrvc32.exe (※) O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\System32\ms??.dll (※) → "??" は任意の英字2文字 O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe (※) O4 - HKLM\..\RunOnce: [qappsrvc32.exe] qappsrvc32.exe (※) ★上記で (※) をつけたエントリは、rootkit による隠蔽のためセーフモードでないと現れない ★Running Processes のファイル名はあくまで一例 ---後期版--- Running Proccess: C:\WINDOWS\system32\usrshutd.exe C:\WINDOWS\system32\winmsdc.exe C:\WINDOWS\system32\vwipxspnt.exe C:\WINDOWS\system32\tlntadmnx.exe O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\System32\ms???.dll (※) → "???" は任意の英字3文字 <以下のようなO4エントリが一つのみ> O4 - HKLM\..\Run: [sp2chk.exe] sp2chk.exe (※) O4 - HKLM\..\Run: [rdspclips.exe] rdspclips.exe (※) ★上記で (※) をつけたエントリは、rootkit による隠蔽のためセーフモードでないと現れない ★Running Processes のファイル名はあくまで一例 ---初期版・後期版共通--- O15 - Trusted Zone: http://*.63.219.181.7 O15 - Trusted Zone: http://*.search-soft.net O17 - HKLM\System\CCS\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS2\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 ★O17 に追加される NameServer の下位2桁はいろいろ、69.50.*.*, 69.31.*.*, 195.225.*.* 辺りがよく見受けられる(2005/01/30現在) ---初期版・後期版共通でほぼ確実に見られる併発症状--- ☆FreshBar O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp1.dll ☆about:blank O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/html - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/plain - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\system32\protect32.dll O18 - Filter: text/html - {random CLSID} - C:\WINDOWS\system32\protect32.dll O18 - Filter: text/plain - {random CLSID} - C:\WINDOWS\system32\protect32.dll ★上記の関連 .dll ファイルのファイル名は可変で、今後も変わる可能性大。 |
| ABox | Running processes: C:\WINDOWS\ABox.exe O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe |
| DLuxjp | O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm |
| GuardBar | O2 - BHO: GuardBar.BHO - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program
Files\GuardBar\GuardBar.dll O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll |
| Spyware Vanisher Free Scan | O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan |
| Adware.EasySearch | O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKLM\..\Run: [Games Acceleration] svshost.exe O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKCU\..\Run: [Games Acceleration] svshost.exe O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe |
| WORM_RBOT.CZ | O4 - HKLM\..\Run: [Microsoft 16Bit Update] wuapdate16.exe O4 - HKLM\..\RunServices: [Microsoft 16Bit Update] wuapdate16.exe O4 - HKCU\..\Run: [Microsoft 16Bit Update] wuapdate16.exe |
| qdiagca.cab | O16 - DPF: {22D16976-00DE-4CD2-807F-E8C63E9EBEEE} (QDiagCAUpdateObj Class) - http://cweb.canon.jp/drv-upd/install/html/qdiagca.cab |
| schedhlp.exe | O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe |
| TrueImageMonitor.exe | O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe |
| htpatch.exe | O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe |
| Search Assistant Utility | O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe |
| ATLAS翻訳 | O2 - BHO: ATLASツールバー - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program
Files\ATLASP2004\ATLIECP.DLL O3 - Toolbar: ATLASツールバー - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLASP2004\ATLIECP.DLL O8 - Extra context menu item: ATLASで翻訳 - C:\Program Files\ATLASP2004\Atlscript.html O9 - Extra button: ATLAS翻訳 - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLASP2004\Atlscript.html ―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐― PCプレインストール関係 O2 - BHO: IAtlIE2 Class - {36AB28F6-4BBF-11D4-9756-00000E492F6A} - C:\Program Files\Atlas Common\ATLIE.DLL |
| Superlogy.com | O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\system32\Zedd4.dll |
| Ms4Hd (バージョン1、およびバージ... | 初期に出た Ver.1 と Ver.2 に関しては本質的な挙動は同じ。 HJTに現れる最小限のエントリは、 ---バージョン1--- O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\WINDOWS\SYSTEM\MSACMX.DLL O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe O4 - HKLM\..\Run: [mqbckup.exe] mqbckup.exe O4 - HKLM\..\RUN: [C:\WINDOWS\System32\pxhping.exe] C:\WINDOWS\System32\pxhping.exe O15 - Trusted Zone: http://*.63.219.181.7 ---バージョン2--- O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe O4 - HKLM\..\Run: [msinfo.exe] msinfo.exe O15 - Trusted Zone: http://*.63.219.181.7 両バージョンとも、 ・O2のCLSIDとdllファイル名は固定 ・O15に追加されるサイトも固定 ・O4はバージョンごとに固定されたリストから選ばれており、数・ファイル名ともに可変 (但し、ファイル名がランダムというわけではない) という特徴がある。 また、O2とO4はセーフモードでPCを起動した場合のみ確認できる(例外あり、メモ参照のこと) Ms4Hd によってシステムフォルダに持ち込まれうる既知の .exe, .dll ファイルの一覧はメモを参照のこと。 |
| Alexa Toolbar | O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) |
| MAFWTray.exe | Running processes: C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\System32\MAFWTray.exe |
| SpyWare Killer | Running processes: C:\Program Files\SpyWare Killer\spywarekiller.exe O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\SpyWare Killer\spywarekiller.exe /BOOT |
| Windows TaskAd他Wind Updates系 | Running processes: C:\Program Files\Windows TaskAd\WinTaskAd.exe C:\Program Files\Windows TaskAd\WinSched.exe O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe |
| RelatedLinks | O2 - BHO: C:\WINDOWS\lbbho.dll - {8AE80213-3160-48B2-8AF7-D98CE4067FE7}
- C:\WINDOWS\lbbho.dll (CLSID可変) |
| WinPatrol | O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" |
| gooスティック | Running processes: C:\Program Files\goo\stick\bandhost.exe O3 - Toolbar: &gooスティック - {C1724158-90ED-413D-AE2D-6360F0CAA755} - C:\PROGRA~1\goo\stick\goostk.dll O4 - HKCU\..\Run: [goo band host] "C:\Program Files\goo\stick\bandhost.exe" O8 - Extra context menu item: &gooでウェブ検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script0.html O8 - Extra context menu item: &gooでニュース検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script1.html O8 - Extra context menu item: &gooで地図検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script6.html O8 - Extra context menu item: &gooで画像検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script5.html O8 - Extra context menu item: &goo和英辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script4.html O8 - Extra context menu item: &goo国語/新語辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script2.html O8 - Extra context menu item: &goo英和辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script3.html O16 - DPF: {B947ABE6-0D16-48D6-819A-9BE79C4A16AA} - http://stick.goo.ne.jp/ver4.0/download/goostk_w.cab |
| Yahoo!ツールバー | O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\YCOMP5~1.DLL O3 - Toolbar: &Yahoo!ツールバー - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\YCOMP5~1.DLL O16 - DPF: {4A88CB42-BBFE-496A-884F-98E8AC316292} (YJInstStarter Control) - http://dl.toolbar.yahoo.co.jp/dl/installs/yjinst.cab |
| TPS108 | O2 - BHO: (no name) - {0000026A-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\TPS108.DLL |
| NEC LowBattery Notification | Running processes: C:\Program Files\NECLOWBAT\lb.exe O4 - HKLM\..\Run: [NEC LowBattery Notification] C:\Program Files\NECLOWBAT\lb.exe (ファイル名はlbserv.exeのこともありそう) |
| Mouse Suite 98 Daemon | Running processes: C:\WINDOWS\system32\ICO.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE ―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐― Running processes: C:\WINNT\system32\ICONSPY.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICONSPY.EXE |
| Sony HotKey Utility | Running processes: C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe |
| SmartHobby 関連 | Running processes: C:\Program Files\SmartHobby\AutoDnP.exe C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe ----- O4 - HKCU\..\Run: [SearchM] C:\Program Files\SmartHobby\PlugIn\CopyFromDigitalCamera\SearchM.exe O4 - HKLM\..\Run: [SHRunOnce] C:\Program Files\SmartHobby\SHRunOnce.exe |
| SoundMAX | Running processes: C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe ----- O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe ----- O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
| ZoneAlarm (Pro)&(無償版) | Running processes: C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe 又は、 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe --------- O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe 又は、 O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ↓ZoneAlarm無償版使用(OS=Me)でみられたもの O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service |
| PCGATE Personal | Running processes: C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\PCGATE Personal\pcgate.exe |
| MaxSpeed | O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} -
C:\WINDOWS\System32\maxspeed.exe O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\maxspeed.exe |
| IP Messenger for Win32 | Running processes: C:\Program Files\IPMsg\ipmsg.exe O4 - Startup: IPMSG for Win32.lnk = C:\Program Files\IPMsg\ipmsg.exe |
| Norton Ghost 9.0 | O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe |
| SigmaTel StacMon | Running processes: C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\C-Major Audio\stacmon.exe |
| SunJavaUpdateSched | O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll |
| TROJ_SMALL.VN(twink64.exe) | O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM32\twink64.exe internat.dll,LoadKeyboardProfile |
| Web Offer | O4 - HKCU\..\Run: [eZWO] C:\PROGRA~1\Web Offer\wo.exe O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezPopStub.exe /UninstPOP2 C:\Program Files\Web Offer |
| ウイルスバスター2005 インターネ... | XP SP2では - Running processes: C:\PROGRA~1\TRENDM~1\VIRUSB~4\PcCtlCom.exe C:\PROGRA~1\TRENDM~1\VIRUSB~4\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\VIRUSB~4\tmproxy.exe C:\PROGRA~1\TRENDM~1\VIRUSB~4\TmPfw.exe C:\Program Files\Trend Micro\Virus Buster 2005\pccguide.exe O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Virus Buster 2005\pccguide.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~2\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~2\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~2\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~2\tmproxy.exe 98 Goldの例 - Running processes: C:\PROGRAM FILES\TREND MICRO\VIRUS BUSTER 2005\PCCTLCOM.EXE C:\PROGRAM FILES\TREND MICRO\VIRUS BUSTER 2005\PCCIOMON.EXE C:\PROGRAM FILES\TREND MICRO\VIRUS BUSTER 2005\PCCGUIDE.EXE C:\PROGRAM FILES\TREND MICRO\VIRUS BUSTER 2005\TMPROXY.EXE O4 - HKLM\..\Run: [pccguide.exe] "c:\Program Files\Trend Micro\Virus Buster 2005\pccguide.exe" O4 - HKLM\..\RunServices: [PcCtlCom] C:\PROGRAM FILES\TREND MICRO\VIRUS BUSTER 2005\PCCTLCOM.EXE |
| VAIO Update | O4 - HKLM\..\Run: [VAIO Update] C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
-backgroundMode O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary |
| Privacy Champion | O4 - HKCU\..\Run: [PrivacyScanner] C:\Program Files\Privacy Champion\pscan.exe |
| Win32.Dyfica | O16 - DPF: {0873478E-E67A-4876-B0A9-9A36D3AB3602} (vviewer control) - http://www.thepaymentcentre.com/build/vviewer.cab O16 - DPF: {037B3D58-D14A-4C41-BDFD-BD779B0B97BA} (vxiewer control) - http://www.thepaymentcentre.com/build/vxiewer.cab O16 - DPF: {0B682CC1-FB40-4006-A5DD-99EDD3C9095D} (vbiewer control) - http://www.thepaymentcentre.com/build/vbiewer.cab O16 - DPF: {03C543A1-C090-418F-A1D0-FB96380D601D} (preload control) - http://www.thepaymentcentre.com/build/preload.cab O16 - DPF: {0733B8F9-8B52-4693-A9FA-829E12D27F78} (preload control) - http://www.thepaymentcentre.com/build/preload2.cab |
| avast! Antivirus 4 | O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) (O23エントリーが出るのは、HijackThis 1.99以降) (Running Processes) C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe |
| scbarのダミーアンインストール情... | R3 - URLSearchHook: WebSearch Class - {9368D063-44BE-49B9-BD14-BB9663FD38FC}
- C:\PROGRAM FILES\SCBAR\V1\SCBAR.DLL (file missing) のようなものを伴う可能性はある。 |
| find.naupoint.com | R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://find.naupoint.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.naupoint.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.naupoint.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.naupoint.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://find.naupoint.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find.naupoint.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find.naupoint.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find.naupoint.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://find.naupoint.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find.naupoint.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find.naupoint.com R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://find.naupoint.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = http://find.naupoint.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://find.naupoint.com [日本語環境で Rはなし] O2 - BHO: No description - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - C:\WINDOWS\DOWNLO~1\iEBINST2.dll O2 - BHO: 1096942332 - {262277EC-5BB5-4849-8BF2-1824330C9CAC} - (no file) [値の名の10桁数字は不定] O2 - BHO: (no name) - {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} - (no file) O2 - BHO: No description - {60261C06-81B0-4DE0-9313-E5BA203A64E9} - C:\WINDOWS\DOWNLO~1\pdfmgr.dll O2 - BHO: No description - {6375B3AD-4440-4C1F-95E5-A24198ED671C} - C:\WINDOWS\DOWNLO~1\sp1.dll O16 - DPF: {44FD0AF8-9D30-4E96-8ECE-306446B5E0D3} (No description) - http://naupoint.com/toolbar/installer/iEBINST2.cab O21 - SSODL: eplrr9 - {76E477BD-4422-45EA-9FFB-53077F8EB205} - C:\WINDOWS\system32\eplrr9.dll [9のところの数字は可変] |
| FTTH Ninja 3 for Windows | Running processes: C:\Program Files\FTTH Ninja\FtthNinja.exe O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9nsp.dll O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9nsp.dll O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9lsp.dll O10 - Unknown file in Winsock LSP: c:\program files\ftth ninja\nwcq9lsp.dll |
| Yahoo!メッセンジャー | O9 - Extra button: Yahoo! メッセンジャ− - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82}
- C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe O9 - Extra 'Tools' menuitem: Yahoo! メッセンジャ− - {CEBF73C0-BA2E-11d4-A73A-00508B33FB82} - C:\PROGRA~1\Yahoo!J\MESSEN~1\YPagerJ.exe |
| msupdsrv.exe | O4 - HKLM\..\Run: [MSUpdSrv] msupdsrv.exe |
| V3 ウイルスブロック インターネッ... | XP SP1 + HJT 1.98.2の例では: Running processes: C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe C:\PROGRA~1\AhnLab\V3ウイ~1\PlugIn\V3PRO2~1\MonSvcNT.exe C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\AhnLab Personal Firewall 2004\NssServ.exe C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\AhnLab Personal Firewall 2004\NssTray.exe C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\V3Pro 2004\V3P3AT.exe C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\V3Pro 2004\V3IMPro.exe O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\Program Files\AhnLab\V3 ウEイCル泣スXブuロ鴻ッbクN 2005 IS\PlugIn\V3Pro 2004\V3Bar.dll (file missing) O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\Program Files\AhnLab\V3 ウEイCル泣スXブuロ鴻ッbクN 2005 IS\PlugIn\V3Pro 2004\V3Bar.dll (file missing) O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\Run: [NssTray] "C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\AhnLab Personal Firewall 2004\NssTray.exe" 98SE + HJT 1.98.2の例(青49943)では: Runnning processes: C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\AHNLAB PERSONAL FIREWALL 2004\NSSSERV.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\V3PRO 2004\MONSYS32.EXE C:\PROGRAM FILES\AHNLAB\SMART UPDATE UTILITY\AHNSD.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\AHNLAB PERSONAL FIREWALL 2004\NSSTRAY.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\V3PRO 2004\MONSYSNT.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\V3PRO 2004\V3P3AT.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\V3PRO 2004\V3IMPRO.EXE C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\ACS.EXE O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\PROGRAM FILES\AHNLAB\V3 ウEイCル泣スXブuロ鴻ッbクN 2005 IS\PLUGIN\V3PRO 2004\V3BAR.DLL (file missing) O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\PROGRAM FILES\AHNLAB\V3 ウEイCル泣スXブuロ鴻ッbクN 2005 IS\PLUGIN\V3PRO 2004\V3BAR.DLL (file missing) O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe" O4 - HKLM\..\RunServices: [NssService] "C:\Program Files\AhnLab\V3 ウイルスブロック 2005 IS\PlugIn\AhnLab Personal Firewall 2004\NssServ.exe" O4 - HKLM\..\RunServices: [Monsys32] "C:\PROGRAM FILES\AHNLAB\V3 ウイルスブロック 2005 IS\PLUGIN\V3PRO 2004\Monsys32.exe" ところが、右98SEの例で HJT 1.97.7でログをとると、O2/O3は: O2 - BHO: V3 - {76EAE03C-F2B1-4397-97E8-390920B7C2DC} - C:\PROGRAM FILES\AHNLAB\V3 O3 - Toolbar: V3 - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - C:\PROGRAM FILES\AHNLAB\V3 と、行の後半が単純に尻切れとんぼになってしまった。 |
| SiSUSBrg.exe | O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe |
| LTSMMSG | O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe |
| Privacy Defender 3.0 | O4 - HKLM\..\Run: [PrvDef3.0] C:\Program Files\PrvDef3.0\PrvDef3.0.exe |
| ダウンロードNinja | O2 - BHO: NinjaBar Internet Explorer Helper - {1FFBCA83-3D73-499C-BA04-18EE64145C0F}
- C:\Program Files\Download Ninja2\njbar.dll O3 - Toolbar: Ninja バー(&J) - {8C39E9C0-D990-11D3-A2FE-0000C0776AF8} - C:\Program Files\Download Ninja2\njbar.dll |
| W32/Rbot-ED とその亜種群 | O4 - HKLM\..\Run: [Microsoft Update] navsvc32.exe O4 - HKLM\..\Run: [Microsoft Update Machine] wuagrd.exe O4 - HKLM\..\Run: [demm386.exe] demm386.exe O4 - HKLM\..\Run: [Microsof#update#] realplayer32.exe O4 - HKLM\..\Run: [Microszoft Update Mach1nezs] svcohst.exe O4 - HKLM\..\RunServices: [Microsoft Update] navsvc32.exe O4 - HKLM\..\RunServices: [demm386.exe] demm386.exe O4 - HKLM\..\RunServices: [Microsof#update#] realplayer32.exe O4 - HKLM\..\RunServices: [Microszoft Update Mach1nezs] svcohst.exe O4 - HKCU\..\Run: [Microsoft Update] navsvc32.exe O4 - HKCU\..\Run: [Microszoft Update Mach1nezs] svcohst.exe O4 - HKCU\..\Run: [Microsof#update#] realplayer32.exe O4 - HKCU\..\Run: [demm386.exe] demm386.exe O4 - HKCU\..\RunServices: [Microsoft Update Machine] wuagrd.exe |
| Adult Onlyのアイコン (Backdoor-C... | ファイル名はもっともらしい英字名で不定、処理中に変化したことがある。 1) 青49436 O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i O4 - HKLM\..\Run: [sssasas] C:\WINDOWS\sssasas.exe 2) スキエロ356 O4 - HKLM\..\Run: [Wampagent] C:\WINDOWS\Winampagent.exe O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\winagent.exe /i ↓ O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i O4 - HKLM\..\Run: [svchostr] C:\WINDOWS\svchostr.exe 3) 青48524 O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\svchst.exe /i O4 - HKLM\..\Run: [Wampagent] C:\WINDOWS\Winampagent.exe |
| Giant AntiSpyware | Running processes: C:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe" O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\PROGRAM FILES\GIANT COMPANY SOFTWARE\GIANT ANTISPYWARE\gcASCleaner.exe |
| DNTUS26.EXE / DWRCS.EXE | Running processes: C:\WINDOWS\SYSTEM32\DNTUS26.EXE C:\WINDOWS\SYSTEM32\DWRCS.EXE |
| Windows AdControl | Running processes: C:\Program Files\Windows AdControl\WinAdCtl.exe C:\Program Files\Windows AdControl\WinAdAlt.exe O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=230270dab455d0e176941480ba0fc85f2978d245429f93809c10f10b815c8a96c9ba5c54063f7603d4945ab86ee97ff22322f046 |
| Windows AdTools / Wind Updates | [Wind Updatesの場合] Running processes: C:\Program Files\WindUpdates\WinUpdt.exe C:\Program Files\WindUpdates\WinKA.exe O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe [Windows AdToolsの場合] Running processes: C:\Program Files\Windows AdTools\WinAdTools.exe C:\Program Files\Windows AdTools\WinRatchet.exe O4 - HKLM\..\Run: [Windows AdTools] C:\Program Files\Windows AdTools\WinAdTools.exe O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=230270dab455d0e176941480ba0fc85f2978d245429f93809c10f10b815c8a96c9ba5c54063f7603d4945ab86ee97ff22322f046:375a82d108ec2e9d584f880889783bc3 |
| Windows SyncroAd | O4 - HKLM\..\Run: [Windows SyncroAd] C:\PROGRAM FILES\WINDOWS SYNCROAD\SYNCROAD.EXE |
| Troj/Dloader-BW (twink64.exe/hos... | O4 - HKLM\..\Run: [Windows] C:\WINDOWS\System32\windows\services.exe O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM32\twink64.exe internat.dll,LoadKeyboardProfile または O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\host32.exe internat.dll,LoadKeyboardProfile |
| Troj/StartPa-MN (explorer32.exe) | O4 - HKLM\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe O4 - HKCU\..\Run: [Win32 Explorer] C:\WINDOWS\SYSTEM\explorer32.exe |
| Trojan.Win32.Scagent | こちらでは、現在までに以下のエントリーが発見されました。 O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\digfilt.dll O18 - Filter: text/html - {EE7A946E-61FA-4979-87B8-A6C462E6FA62} - C:\WINDOWS\httpfilter.dll CLSIDは固定のため亜種があることがわかります。 ちなみに、下側は、Trojan.Win32.Scagent.gとなってます。 startuplistのサービスに Security Agent: "C:\WINDOWS\system32\scagent.exe" start (autostart) があります。 HJTのV1.99よりO23エントリーに出てくるようになりました。 O23 - Service: Security Agent - Unknown - C:\WINDOWS\system32\scagent.exe |
| Kontiki Delivery Manager | CNET Download Managerが追加と削除にあった 青49330 の例: O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201 (BHOのファイル名数字部分は可変) cnetのところは、カスタマイズしているサイトによりzdnetその他となる。 |
| Security iGuard | O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe |
| CouponDeals (O10のcdlsp.dll) | O10 - Unknown file in Winsock LSP: c:\windows\system32\cdlsp.dll (複数のことあり) |
| O10のlspak.dll | O10 - Unknown file in Winsock LSP: c:\windows\system32\lspak.dll (複数のことあり) |
| O21のeplrr?.dll | O21 - SSODL: eplrr - {02DA8700-26CC-11D9-9EF5-00010314F1C7} - C:\WINDOWS\SYSTEM\eplrr3.dll [eplrr?.dllの?は0〜9で可変。CLSIDも一定せず] |
| ATIドライバ関係ユーティリティ | Running Processes: C:\WINDOWS\System32\fryhser.exe O4 - HKLM\..\Run: [frymxins] frymxins StartupListで FGLRYUTIL: C:\WINDOWS\System32\fryhser.exe (autostart) |
| WORM_WOOTBOT.AZ | O4 - HKLM\..\Run: [window2] ieupdate.exe O4 - HKLM\..\Run: [Microsoft Word] BootSector.exe O4 - HKLM\..\RunServices: [window2] ieupdate.exe O4 - HKLM\..\RunServices: [Microsoft Word] BootSector.exe O4 - HKLM\..\RunOnce: [window2] ieupdate.exe O4 - HKLM\..\RunOnce: [Microsoft Word] BootSector.exe O4 - HKCU\..\Run: [window2] ieupdate.exe O4 - HKCU\..\Run: [Microsoft Word] BootSector.exe O4 - HKCU\..\RunOnce: [Microsoft Word] BootSector.exe O4 - HKCU\..\RunOnce: [window2] ieupdate.exe |
| VTPreset | O4 - HKLM\..\Run: [VTPreset] VTPreset.exe |
| Games toolbar | O3 - Toolbar: Games toolbar - {02ffc86e-283e-4faa-95d6-addca024f30a} -
C:\Program Files\Games\tbGame.dll O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB |
| Win Comm | O4 - HKLM\..\Run: [Win Comm] C:\PROGRAM FILES\WIN COMM\WINCOMM.EXE |
| WebRebates | O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe" |
| MStartEnter | R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Program%20Files/MStartEnter/Portal/portal.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Startpagina = file:///C:/Program%20Files/MStartEnter/Portal/portal.html O4 - HKLM\..\Run: [Classes] C:\WINDOWS\System32\mstar2.exe O4 - HKLM\..\Run: [Classes] C:\WINDOWS\system32\mstart.exe |
| TrojanScan | O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB |
| Spyware Stormer | O4 - HKLM\..\Run: [Spyware Stormer] C:\PROGRAM FILES\SPYWARE STORMER\SPYWARESTORMER.Exe O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab |
| Search Assistant Uninstall | (例) O2 - BHO: (no name) - {00DE7814-47AD-463B-99AC-9520ADA1B332} - C:\WINDOWS\SYSTEM\NAH.DLL O18 - Filter: text/html - {3C5A1379-1BA4-4CEE-9717-8136994E87D0} - C:\WINDOWS\SYSTEM\NAH.DLL O18 - Filter: text/plain - {3C5A1379-1BA4-4CEE-9717-8136994E87D0} - C:\WINDOWS\SYSTEM\NAH.DLL 最新のHijackThisバージョンでは上記のように現われる。 ファイル名、CLSIDは不定です。 |
| Mediatickets | O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab |
| BKDR_LASTRAS.A | XPの場合、プロセスに C:\Windows\System32\LASTRAS.EXE C:\Windows\System32\RASINF.EXE C:\Windows\System32\MSVS??.EXE(??はランダム文字列) サービスに、 Receive Binary Data Support: C:\WINNT\System32\rasinf.exe (autostart) が現れる。 |
| hitpointer | O4 - HKLM\..\Run: [任意8文字] c:\windows\system32\任意8文字.exe /install |
| Trojan.Upchan | O4 - HKCU\..\Run: [shellsystem] shellsystem.exe まだ、症例はないが、symantecの情報を参考にすれば、上記になるはず |
| Troj/Dloader-CC | O4 - HKLM\..\Run: [DKTime] C:\WINNT\system32\dktime.exe O4 - HKCU\..\Run: [DKTime] C:\WINNT\system32\dktime.exe |
| Adware.IEPlugin | O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe |
| WSEM Update | O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINNT\wsem302.dll |
| Search Toolbar | O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINNT\System32\MTC.dll O3 - Toolbar: Search Toolbar - {9EAC0102-5E61-2312-BC2D-4D54434D5443} - C:\WINNT\System32\MTC.dll |
| Daily Toolbar | O3 - Toolbar: DailyToolbar - {8333C319-0669-4893-A418-F56D9249FCA6} - C:\WINDOWS\Downloaded
Program Files\DailyToolbar.dll O16 - DPF: IEToolbarCab - http://download.dailytoolbar.com/DailyToolbarAff.CAB |
| Trojan.Win32.Krepper | O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\(任意の英数字の組み合わせ).dll O4 - HKLM\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe O4 - HKCU\..\Run: [romahere] C:\WINDOWS\System32\matrixhere.exe |
| SB soft | 不詳 |
| SeachForIt | O3 - Toolbar: Locmag - {C51C1886-6246-48D4-BA0B-70AFD5A3D672} - C:\WINDOWS\Downloaded
Program Files\locmag.dll O16 - DPF: {C51C1886-6246-48D4-BA0B-70AFD5A3D672} (Locmag) - http://www.locmag.net/cab/00000030.cab |
| Active alert | − プロセスに以下が現れる C:\Program Files\Internet Optimizer\actalert.exe |
| SlotchBar | O4 - HKCU\..\RunOnce: [DeleteSlotchBar] rundll32.exe advpack.dll,DelNodeRunDLL32
"C:\Program Files\ISTbar\istbar.dll" O15 - Trusted Zone: *.slotch.com |
| Winad Client | Running processes: C:\Program Files\Winad Client\Winad.exe C:\Program Files\Winad Client\WinClt.exe --------- O4 - HKLM\..\Run: [Winad Client] C:\PROGRAM FILES\WINAD CLIENT\WINAD.EXE |
| Spider Search | O2 - BHO: ohb - {EB386233-65D7-46DC-A73D-0E02F2F844A9} - C:\WINDOWS\System32\winsps32.dll O3 - Toolbar: SpiderSearch.com Bar - {1D022C27-3771-4D1D-B1B7-1953E271C6CA} - C:\WINDOWS\System32\winsps32.dll おそらく↓これも O16 - DPF: {372DC06F-87DD-48D7-BCED-A815965C0164} (iiittt Class) - http://www.traffichog.com/toolbar2/winalot32.cab ------ unknown-userさんがまとめられた「削除スパイウェア」手引き書に収集されている 03の項目にあらわれた例 ↓ O3 - Toolbar: SpiderSearch.com Bar - {0AAF602E-72A1-45FE-BAB1-06971E07EAA2} - C:\WINDOWS\System32\bmeb.dll このことから、02、03項目にある C:\WINDOWS\System32〜 以下のファイル名は一定していないように思われる。 |
| Search Portal | O2 - BHO: BL Class - {7FE49EAE-AA38-4044-9D10-09DAB477051F} - C:\SEARCHPORTAL\20040830\POPUP_BL.DLL O3 - Toolbar: IEbar Class - {C4AE573B-8CDB-43F2-892B-3EC2D34C4E6C} - C:\SEARCHPORTAL\20040830\DIMIEBAR.DLL |
| NetShow ツール 3.0 | O4 - Global Startup: NetShow PowerPoint Helper.lnk = C:\Program Files\NetShow Services\Tools\nsppthlp.exe |
| WORM SDBOT.NP | O4 - HKLM\..\RunServices: [Micr Update] soundblaster.exe O4 - HKCU\..\Run: [Micr Update] soundblaster.exe |
| Transponder | O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNrd.dll |
| WORM_SDBOT.CC | O4 - HKLM\..\Run: [ati control panel] atiphexx.exe O4 - HKLM\..\RunServices: [ati control panel] atiphexx.exe O4 - HKCU\..\Run: [ati control panel] atiphexx.exe |
| Troj/Muly-A | O4 - HKLM\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe O4 - HKCU\..\Run: [DivX Updater] C:\WINDOWS\System32\DivX.Exe |
| BullsEye Network | O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe |
| Trojan.Win32.StartPage.lz | O4 - HKCU\..\Run: [ziphelp] C:\WINDOWS\ziphelp.exe |
| WORM_AGOBOT.A3 | O4 - HKLM\..\Run: [Configuration Loader] wincffg.exe O4 - HKLM\..\RunServices: [Configuration Loader] wincffg.exe |
| WORM_AGOBOT.PD | O4 - HKLM\..\Run: [Video Process] netsvcs.exe O4 - HKLM\..\RunServices: [Video Process] netsvcs.exe |
| WORM_RBOT.IA | O4 - HKLM\..\Run: [demm386.exe] demm386.exe O4 - HKLM\..\RunServices: [demm386.exe] demm386.exe |
| WORM_SDBOT.RH | O4 - HKLM\..\Run: [NAVSCAN32.EXE] NAVSCAN32.exe O4 - HKCU\..\Run: [NAVSCAN32.EXE] NAVSCAN32.exe |
| TROJ_RHEI.A | O2 - BHO: ie - {2FF5573C-0EB5-43db-A1B2-C4326813468E} - C:\PROGRAM FILES\INTERNET EXPLORER\PLUGINS\IEHR.DLL |
| PE_BAGLE.P | O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe |
| USBのオーディオ、キーボード関連 | O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run |
| IBM ThinkPad トラックポイント ユ... | O4 - HKLM\..\Run: [TP4EX] tp4ex.exe |
| MSN ツールバー | O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN
Apps\ST\01.02.0002.1001\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\ja\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0002.1001\ja\msntb.dll O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\ja\msnappau.exe" |
| Trojan.Mitglieder.L | O4 - HKCU\..\Run: [windll32.exe] C:\WINDOWS\SYSTEM\windll32.exe |
| AdWare & SpyWare | 不明 |
| Nemubar | R3 - URLSearchHook: NemuSearchHook Class - {D8E65B35-D24B-4A59-AD50-32AB5E55A9DA}
- C:\Program Files\Nemubar\CheckSrv.exe (巡回更新チェックを有効にしている場合) O3 - Toolbar: NemuBar - {15F32ED9-C897-4B56-A560-4FD731816B1E} - C:\Program Files\Nemubar\NemuBar.dll (インストール先がProgram Filesの場合) O9 - Extra button: NemuBar (HKLM) O9 - Extra 'Tools' menuitem: NemuBar (HKLM) |
| MSSWCHX.EXE | Running Process C:\WINDOWS\system32\MSSWCHX.EXE |
| NaviSearch | O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe |
| TrojanDownloader.Win32.Agent.bf | O4 - HKLM\..\Run: [WindUpdates] C:\Program Files\WindUpdates\WinUpdt.exe |
| Weather tool | O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.4.5.0\WeatherOnTray.exe |
| Mosearch | O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe |
| Side Find | O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program
Files\SideFind\sfbho.dll O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\Program Files\SideFind\sidefind.dll |
| smart-security | なし |
| Adware.IEPageHelper | O2 - BHO: Var1Helper Class - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll |
| SxgTkBar | O4 - HKLM\..\Run: [SxgTkBar] SxgTkBar.exe |
