HJT DBの登録を一覧にしたものです。ページが重いのはご勘弁を。表示は登録が新しい順です。
(このページは手動更新なので、最新の登録データが反映されてない可能性があります。件数と更新日をご確認下さい)
ちょっと重くなりすぎたので古いものは一覧から削除しました。
| 名称 | HijackThisに現れるエントリ |
| MalwareBytes' RogueRemover | O4 - HKCU\..\Run: [RogueMonitor] C:\Program Files\RogueRemover PRO\RogueRemoverPRO.exe /monitor |
| Sun の Java 関係エントリ | O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun の Java コンソール - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588 |
| WinReanimator | O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe O4 - HKLM\..\Run: [WinReanimator] "C:\Program Files\WinReanimator\winreanimator.exe" /hide O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe |
| 2008年2月出現の Zlob 系 O21 | O21 - SSODL: MonRam - {3583ee48-944f-456a-a94d-0d5aeeb2a755} - C:\WINDOWS\Installer\{3583ee48-944f-456a-a94d-0d5aeeb2a755}\MonRam.dll O21 - SSODL: zip - {48ab9f0a-43b7-4739-81b3-b30e2513b2c6} - C:\WINDOWS\Installer\{48ab9f0a-43b7-4739-81b3-b30e2513b2c6}\zip.dll |
| YAMAHA の O4 - GO4XService.exe | O4 - HKCU\..\Run: [GO4XService] "C:\Program Files\Common Files\YAMAHA\GO4X\common\GO4XService.exe" |
| LiveUpdate Notice | O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe |
| Rising Personal Firewall | O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwsrv.exe |
| Rising AntiVirus | O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O10 - Unknown file in Winsock LSP: c:\program files\rising\rav\hookspi.dll O23 - Service: Rising Confing Manager (cfgload) - Beijing Rising Technology Co., Ltd. - C:\program files\rising\rav\cfgload.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\CCenter.exe O23 - Service: Rising RealTime Monitor (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\Ravmond.exe O23 - Service: Rising Vista Interface (RsVInterface) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Common Files\Rising\vsapisrv.exe O23 - Service: Rising Vista Scanner (RsVScanner) - Beijing Rising Technology Co., Ltd. - C:\program files\rising\rav\scannerd.exe O23 - Service: Rising Vista Update (RsVUpdate) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Common Files\Rising\rsupd.exe |
| G DATA InternetSecurity 2008 | F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,c:\program files\g data internetsecurity\avkkid\avkcks.exe O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA InternetSecurity\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G DATA InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\G DATA InternetSecurity\AVKTray\AVKTray.exe" O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G DATA Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G DATA Scheduler (AVKService) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKService.exe O23 - Service: AntiVirus Monitor (AVKWCtl) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\AVK\AVKWCtl.exe O23 - Service: G DATA パーソナルファイアウォール (GDFwSvc) - G DATA Software AG - C:\Program Files\G DATA InternetSecurity\Firewall\GDFwSvc.exe |
| ウイルスバスター2008 | O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Virus Buster\UfSeAgnt.exe" O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Virus Buster\TMAS_OE\TMAS_OEMon.exe" (同上) O23 - Service: トレンドマイクロ総合管理コンポーネント (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Virus Buster\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Virus Buster\TmProxy.exe |
| O9 - DesktopStrea | O9 - Extra button: DesktopStrea - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - (no file) |
| Mamutu 1.5 | O4 - HKLM\..\Run: [Mamutu Guard] "C:\Program Files\Mamutu\mamutu.exe" /silent O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program Files\Mamutu\a2service.exe |
| TAGIRI Toolbar | O3 - Toolbar: TAGIRI Toolbar - {B3C48858-CC9C-452F-B6A4-48C95C59EB45} - C:\Program Files\TAGIRI Toolbar\ISLIEBand.dll O9 - Extra button: DesktopStrea - {D80B3D84-E1EC-42ab-B630-F1E0C4E8BA97} - (no file) O9 - Extra button: Tagiri Toolbar - {EC113164-2692-482c-A70D-C60DA5C92546} - (no file) |
| ThreatFire | O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe |
| PunkBuster | O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe |
| Yahoo!Anti-Spy | O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll |
| Nero | O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe |
| PowerDVD | O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\ |
| Windowsウェルカムセンター | O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') |
| Windowsサイドバー | O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') |
| System Safety Monitor | O20 - Winlogon Notify: System Safety Monitor - C:\Windows\SYSTEM32\SSMWinlogonEx.dll |
| %ProgramFiles%\[もっともらしい名... | O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe O4 - HKCU\..\Run: [Router] C:\Program Files\Router\Router.exe O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe |
| O4 の [54a58e5f] rundll32.exe や... | O4 - HKLM\..\Run: [54a58e5f] rundll32.exe "C:\WINDOWS\system32\iwqaonlo.dll",b O4 - HKLM\..\Run: [BM5796bdc3] Rundll32.exe "C:\WINDOWS\system32\aydqfrfn.dll",s O4 - HKLM\..\Run: [90c291af] rundll32.exe "C:\WINDOWS\System32\wteghdag.dll",b O4 - HKLM\..\Run: [BM43c4fa5f] Rundll32.exe "C:\WINDOWS\system32\bgwytljd.dll",s O4 - HKLM\..\Run: [5c61e884] rundll32.exe "C:\WINDOWS\system32\tdtsyvjw.dll",b |
| Ask Toolbar (AskTBar) | R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL |
| CDDBUISon.dll | O2 - BHO: (no name) - {69F76916-8654-4CC0-A2F6-977A7624B5F3} - C:\WINDOWS\system32\CDDBUISon.dll O2 - BHO: (no name) - {520EEF75-40F4-4632-B552-CF6E815ED402} - C:\WINDOWS\system32\CDDBUISon.dll |
| Troj/Agent-GNA | F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,C:\WINDOWS\system32\drivers\msbzgh.exe, O4 - HKCU\..\Run: [【未詳】] C:\WINDOWS\system32\drivers\msbzgh.exe O4 - HKCU\..\Run: [【未詳】] C:\Documents and Settings\【user】\Application Data\ayagbf.exe |
| Protector Suite QL 5.3 | O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe" O20 - Winlogon Notify: psfus - C:\WINDOWS\SYSTEM32\fusstub.dll |
| FindFM Toolbar | R3 - URLSearchHook: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll O2 - BHO: XBTB04482 - {EB1BA0FB-F408-4503-9406-3F1BDE0FF91E} - C:\PROGRA~1\FINDFM~1\toolbar.dll O3 - Toolbar: www.find.fm Toolbar - {01E69986-A054-4C52-ABE8-EF63DF1C5211} - C:\Program Files\FindFM Toolbar\toolbar.dll |
| CashFiesta | O4 - HKCU\..\Run: [CashFiesta] C:\Documents and Settings\【user】\デスクトップ\Cashfiesta\Cashfiesta.exe |
| Megaupload Toolbar | O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL |
| FakeAlert・TROJ_AGENT.AASC | F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe O4 - HKLM\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe O4 - HKCU\..\Run: [WinAVX] C:\WINDOWS\System32\WinAvXX.exe O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O20 - AppInit_DLLs: C:\WINDOWS\system32\systems.txt O20 - AppInit_DLLs: C:\WINDOWS\system32\stdole32.dat |
| Spy Sweeper 5.5 | O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O23 - Service: Webroot Spy Sweeper ウェブルート スパイ スウィーパー エンジン (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe |
| VirusLocker | C:\Program Files\VirusLocker\VirusLocker.exe C:\Program Files\VirusLocker\VirusLocker.exe |
| Norton 360 | O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll O3 - Toolbar: Norton ツールバーの表示 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| PeerGuardian | O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe |
| VirusSeigyo(Virus制御) | C:\Program Files\Common Files\VirusSeigyo\uga6pcw.exe C:\Program Files\VirusSeigyo\pgs.exe O4 - HKLM\..\Run: [uga6pcw] "C:\PROGRA~1\COMMON~1\VIRUSS~1\uga6pcw.exe" -start O4 - HKLM\..\Run: [rtasks] C:\Program Files\VirusSeigyo\rtasks.exe O4 - HKLM\..\RunOnce: [atf_reinstall] "C:\Program Files\VirusSeigyo\atf.exe" |
| TrendProtect 1.0 | O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll |
| PrivacyProtector | O4 - HKLM\..\Run: [PrivacyProtector Free] "C:\Program Files\PrivacyProtector Free\UPRP.exe" |
| WORM_SDBOT.BDJ | O4 - HKLM\..\Run: [p2p networking] p2pnetworking.exe O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe |
| WinAntiSpyware 2007 | O4 - HKLM\..\Run: [WinAntiSpyware 2007 Free] "C:\Program Files\WinAntiSpyware 2007\was7.exe" /min O4 - HKLM\..\Run: [DC6_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasdc.exe" O4 - HKLM\..\Run: [ERS_Check] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwasers.exe" O4 - HKLM\..\Run: [uwas7cw] "C:\Program Files\Common Files\WinAntiSpyware 2007\uwas7cw.exe" -c |
| ErrorProtector | O4 - HKLM\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe /min O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Common Files\ErrorProtector Free\startmon.exe" O4 - HKCU\..\Run: [ErrorProtector Free] C:\Program Files\ErrorProtector Free\ertmain.exe |
| NeroChek.exe | O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroChek.exe" |
| Win32/Expiro.C | 走っている実行ファイルは軒並み感染している可能性がある。 |
| W32/Rbot-GOR | O4 - HKLM\..\Run: [Windows LoL Layer] jkgogpaho.exe O4 - HKLM\..\RunServices: [Windows LoL Layer] jkgogpaho.exe O4 - HKCU\..\Run: [Windows LoL Layer] jkgogpaho.exe |
| W32/Rbot-GMI | O4 - HKLM\..\Run: [Universal Plug & Play devices] WinUPPD.exe O4 - HKLM\..\RunServices: [Universal Plug & Play devices] WinUPPD.exe O4 - HKCU\..\Run: [Universal Plug & Play devices] WinUPPD.exe |
| TKEYDRV.EXE | O4 - HKLM\..\Run: [Ten Key] TKEYDRV.EXE |
| O20 の stp68_2007.dll (Trojan.Kl... | O20 - Winlogon Notify: stp68_2007 - C:\WINDOWS\SYSTEM32\stp68_2007.dll O20 - Winlogon Notify: stp68_2007 - stp68_2007.dll (file missing) |
| O10 の lzink.dll (ランダム名かも... | O10 - Unknown file in Winsock LSP: c:\windows\system32\lzink.dll |
| Browser Protection Volume | O2 - BHO: (no name) - {D34F5D71-99E4-4D96-91CA-F4104F69B8AE} - C:\Program Files\Video AX Object\bpvol.dll O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video AX Object\bpmon.exe O22 - SharedTaskScheduler: bedstead - {b23dc537-3e13-44c7-bf67-d8405eb377f7} - C:\WINDOWS\system32\rcohty.dll |
| [CTDrive] ... drv???.dll, startu... | O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\System32\drvhaf.dll,startup |
| O4 - HKLM [WindowsHive] rpcc.exe | O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32\rpcc.exe |
| ウイルスチェイサー | O4 - HKLM\..\Run: [Vcrmon] C:\Program Files\Virus Chaser\vcrmon.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\drwebsp.dll O23 - Service: Virus Chaser Spider NT (spidernt) - New Technology Wave Inc. - C:\Program Files\Virus Chaser\SpiderNT.exe |
| Infostealer.Banker.C | F2 - REG:system.ini:
UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\system32\ntos.exe, O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe O4 - HKUS\S-1-5-18\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe (User 'Default user') |
| AVG Internet Security 7.5 | O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe |
| Trojan-Downloader.Win32.ConHook.... | O2 - BHO: (no name) - {80ef4338-290c-45cf-8104-9d41e7cccdc1} -
C:\WINDOWS\system32\cdm6gt.dll O20 - Winlogon Notify: cdm6gt - C:\WINDOWS\SYSTEM32\cdm6gt.dll O2 - BHO: (no name) - {d364b803-3171-48cf-b723-f39e753de102} - C:\WINDOWS\system32\mscrx3.dll O20 - Winlogon Notify: mscrx3 - C:\WINDOWS\SYSTEM32\mscrx3.dll O2 - BHO: (no name) - {0007703b-5f3f-4008-aef7-77b16292321a} - C:\WINNT\system32\c_1jet.dll O20 - Winlogon Notify: c_1jet - C:\WINNT\SYSTEM32\c_1jet.dll |
| 2007年春型 Vundo に特徴的な O2 ... | O2 - BHO: (no name) - {57E218E6-5A80-4f0c-AB25-83598F25D7E9} -
C:\WINDOWS\system32\tmp158E.tmp.dll O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - C:\WINDOWS\System32\xvtbmhix.dll |
| WinFlyer | O4 - HKLM\..\Run: [WinFlyer32.dll] "rundll32.exe" C:\WINDOWS\system32\WinFlyer32.dll,Run |
| TROJ_AGENT.HYI | O4 - HKLM\..\Run: [Lexmark_X79-55] C:\WINDOWS\System32\lsasss.exe |
| Vundo の出す特定パターン O4 エン... | O4 - HKLM\..\Run: [SoundService] rundll32.exe
"C:\WINNT\vttspo.dll",setvm O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "C:\WINDOWS\system32\dpaojpap.dll",setvm O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\gxaycfaw.dll",setvm O4 - HKLM\..\Run: [2chkdsk] rundll32.exe "C:\WINDOWS\system32\vanbrgev.dll",setvm O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\tuvwvs.dll",realset |
| Infineon TPM Professional Packag... | O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon
Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files\Infineon\Security Platform Software\PSDsrvc.EXE |
| WinAntiVirus Pro 2007 | O2 - BHO: CIEIntegrator Object - {22750ADC-C90F-43C4-9B72-0F9E60CB5119} -
C:\Program Files\WinAntiVirus Pro 2007\winavpgi.dll O2 - BHO: IEFW Object - {67121D62-2C97-4EF0-83EA-2DC643D50B01} - C:\Program Files\WinAntiVirus Pro 2007\fwbho.dll O4 - HKLM\..\Run: [WinAntiVirus Pro 2007] "C:\Program Files\WinAntiVirus Pro 2007\WinAV.exe" /min O4 - HKLM\..\Run: [uwa7pcw] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\uwa7pcw.exe" -c O4 - HKLM\..\Run: [mav_startupmon] "C:\Program Files\Common Files\WinAntiVirus Pro 2007\mav_startupmon.exe" O4 - HKLM\..\RunOnce: [fat.exe] "C:\Program Files\WinAntiVirus Pro 2007\fat.exe" O23 - Service: Firewall service (NtTf) - Unknown owner - C:\Program Files\WinAntiVirus Pro 2007\NtFt.exe |
| FRITZ!Box | O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program
Files\FRITZ!DSL\FwebProt.exe O4 - Global Startup: FRITZ!DSL Startcenter.lnk = C:\Program Files\FRITZ!DSL\StCenter.exe O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O10 - Unknown file in Winsock LSP: c:\program files\fritz!dsl\sarah.dll O23 - Service: AVM IGD CTRL Service - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe |
| InterSafe Personal | O4 - HKLM\..\Run: [nsfcfg] "C:\Program Files\ALSI\IS_PS\nsfcfg.exe" O10 - Broken Internet access because of LSP provider 'nsflsp.dll' missing |
| O16 の MxLogicalTRU Class 他 | O16 - DPF: {223216F6-B9FE-406D-9ED6-143FCE3A07B8} (MxLogicalTRU Class) -
file://C:\Temp\cabfiles\MxLogicalTRU.cab O16 - DPF: {2F98EA90-EAE1-4AB5-AE89-DA073D824589} (MxBinderU Class) - file://C:\Temp\cabfiles\MxBinderU.cab O16 - DPF: {31538FAB-8051-4CFA-ACA4-B2668718B6F8} (MxMenuU Class) - file://C:\Temp\cabfiles\MxMenuU.cab O16 - DPF: {4F57AF1B-5470-47EE-A5AA-D1EA4B3C42A6} (XChartU Class) - file://C:\Temp\cabfiles\XChartU.cab O16 - DPF: {5C32688E-CEBE-419D-9C63-0704A2331EEC} (MxFileControlU Class) - file://C:\Temp\cabfiles\MxFileControlU.cab O16 - DPF: {71E7ACA0-EF63-4055-9894-229B056E9C31} (MxGridU Class) - file://C:\Temp\cabfiles\MxGridU.cab O16 - DPF: {84168FE7-B960-402B-BC0E-E7214D2CFC10} (MxResourceMngU Class) - file://C:\Temp\cabfiles\MxResourceMngU.cab O16 - DPF: {90CAA259-71ED-42CB-BEB8-95281CCF9E58} (MxTabU Class) - file://C:\Temp\cabfiles\MxTabU.cab O16 - DPF: {9683681E-FAD6-45F1-86B3-FD60C7101BC9} (MxReportU Class) - file://C:\Temp\cabfiles\MxReportU.cab O16 - DPF: {9F0AA341-1D10-4B18-B70B-6AA49CE7F5D6} (MxImageSetU Class) - file://C:\Temp\cabfiles\MxImageSetU.cab O16 - DPF: {AF989B7C-8AC3-40BC-B749-EB335BDFD190} (MxDataSetU Class) - file://C:\Temp\cabfiles\MxDataSetU.cab O16 - DPF: {BB4533A0-85E0-4657-9BF2-E8E7B100D47E} (MxComboU Class) - file://C:\Temp\cabfiles\MxComboU.cab O16 - DPF: {C1781C5C-0C32-40F2-8927-46FE4BCB5B87} (MxTreeU Class) - file://C:\Temp\cabfiles\MxTreeU.cab O16 - DPF: {D7779973-9954-464E-9708-DA774CA50E13} (MxMaskEditU Class) - file://C:\Temp\cabfiles\MxMaskEditU.cab O16 - DPF: {F73C0958-D8FE-43A5-9BB0-0F651C5A2BCC} (MxRadioU Class) - file://C:\Temp\cabfiles\MxRadioU.cab |
| Starware Recipe Toolbar | O2 - BHO: (no name) - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program
Files\Starware337\bin\Starware337.dll O3 - Toolbar: Starware Recipe Toolbar - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - C:\Program Files\Starware337\bin\Starware337.dll |
| Starware Toolbar | O2 - BHO: CSBHO - {D14D6793-9B65-11D3-80B6-00500487BDBA} -
C:\PROGRA~1\Comet\Bin\csbho.dll O3 - Toolbar: Starware Toolbar - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\PROGRA~1\Comet\Bin\csietb.dll |
| McAfee VirusScan Enterprise | O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network
Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe |
| EnvyHFCPL | O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Audio Deck\EnMixCPL.exe 1 |
| ipTray.exe | O4 - HKLM\..\Run: [ipTray.exe] "C:\Program Files\Intel\IDU\iptray.exe" O23 - Service: Admin Works Agent X8 (AWService) - OSA Technologies Inc., An Avocent Company - C:\Program Files\Intel\IDU\awServ.exe |
| 「驚速パソコン」類と about:blank | Running processes: C:\Program Files\SOURCENEXT\驚速パソコン\SFBRun.exe |
| ctpmon.exe | O4 - HKCU\..\Run: [ctpmon] ctpmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
| DinopSearchBar | O3 - Toolbar: DinopSearchBar - {4B37CC9B-FBF4-4EFB-BCAB-64293358362F} -
C:\Program Files\dinop\DinopSearchBar\bar.dll O11 - Options group: [DinopSearchBar] DinopSearchBar |
| AltaVista Toolbar | O2 - BHO: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} -
C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL O3 - Toolbar: ALTAVISTA - {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - C:\WINDOWS\DOWNLO~1\ALTAVI~1.DLL O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} (ALTAVISTA) - http://toolbar.altavista.com/static/toolbar/altavista.cab?r=1169261225 |
| Backdoor.Win32.SdBot.bcf... | O4 - HKLM\..\RunServices: [mstdcs] C:\WINNT\System32\mstdcs.exe O4 - HKLM\..\RunServices: [msrdc] C:\WINNT\System32\msrdc.exe |
| Backdoor.Win32.IRCBot.xt | O23 - Service: nSecure - Unknown owner - C:\WINNT\System32\nSecure.exe |
| W32/Agobot-AHR | O23 - Service: nservice - Unknown owner - C:\WINNT\System32\nservice.exe |
| セキュリティ対策ツール | O4 - HKLM\..\Run: [pccguide.exe] "C:\program
files\NTTW\Security\pccguide.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\NTTW\Security\PcCtlCom.exe O23 - Service: Tango Service (TangoService) - Unknown owner - C:\Program Files\NTTW\Flets\app\TangoService.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\NTTW\Security\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\NTTW\Security\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\NTTW\Security\tmproxy.exe |
| インターネット 悪質サイトブロック | O2 - BHO: 悪質サイトブロック BHO - {E51900C1-1D23-475D-921E-10E20D13ECC1} - C:\Program
Files\NetSTAR\NSFR\nsfbnd.dll O3 - Toolbar: 悪質サイトブロック - {EA7785EA-2640-49A2-832E-A882AD6D2A77} - C:\Program Files\NetSTAR\NSFR\nsfbnd.dll |
| BroadJump Client Foundation | O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe |
| O2 の BAE.dll | O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll |
| SpyMarshal | O4 - HKCU\..\Run: [SpyMarshal] C:\Program Files\SpyMarshal\SpyMarshal.exe |
| ウイルスバスター Corp. クライア... | O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend
Micro\OfficeScan Client\pccntmon.exe" -HideWindow O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://192.1.4.61/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://192.1.4.61/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://192.1.4.61/officescan/console/ClientInstall/setup.cab O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://192.1.4.61/officescan/console/html/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrlClass) - http://192.1.4.61/officescan/console/ClientInstall/RemoveCtrl.cab O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe |
| AVG Anti-Spyware 7.5 | O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe |
| MyDoom.A の lsasrv.exe | F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\System32\lsasrv.exe O4 - HKLM\..\Run: [lsass] C:\WINDOWS\System32\lsasrv.exe |
| O23 エントリを出す新種マルウェア... | O23 - Service: [もっともらしいサービス名]([その略称めいたもの]) - Unknown owner - [フルパス\もっともらしい名前(しばしばシステムファイルと同名).exe] |
| T-Online DSL Manager 6.0 | O4 - HKLM\..\Run: [T-Online DSL-Manager] C:\Program
Files\T-Online\DSL-Manager\TODslMgr.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\spacklsp.dll O23 - Service: T-Online DSL-Manager (TODslService) - T-Systems International GmbH - C:\Program Files\T-Online\DSL-Manager\TODslSvc.exe |
| SpamSubstract Pro 1.70 | Running processes: C:\Program Files\InterMute\SpamSubtract\SpamSubtract.exe |
| ウイルスバスター2007 | O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Virus Buster
2007\pccguide.exe" O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Virus Buster 2007\TMAS_OE\TMAS_OEMon.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcScnSrv.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe |
| 新種Bot? - Events Log (Event) | O23 - Service: Events Log (Event) - Unknown owner - C:\WINNT\system32\drivers\csrss.exe |
| WORM_SDBOT.AWG | O23 - Service: wlmsngr - Unknown owner - C:\WINNT\wlmsngr.exe (file missing) |
| W32/Tilebot-HQ | O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINNT\lsass.exe (file missing) |
| WORM_RBOT.EOB | O4 - HKLM\..\Run: [ActiveX File Registration Service] filereg.exe O4 - HKLM\..\RunServices: [ActiveX File Registration Service] filereg.exe O4 - HKCU\..\Run: [ActiveX File Registration Service] filereg.exe O4 - HKCU\..\RunServices: [ActiveX File Registration Service] filereg.exe |
| Norton Internet Security 2007 | O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program
Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O3 - Toolbar: Norton ツールバーの表示 - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe |
| 常時安全 セキュリティ24アシスタ... | O3 - Toolbar: セキュリティ24 - {41EFC95A-E013-4284-8C99-EB5CFD168DED} - C:\Program
Files\@nifty Security\s24iebar.dll O4 - HKLM\..\Run: [s24ctrl] "C:\Program Files\@nifty Security\s24ctrl.exe" /s O16 - DPF: {BCDE5531-8A86-47B9-8E10-76E991EA3950} (@nifty Assistant Web Installer) - https://bbsrv.nifty.com/security24/downloads/webinst.cab O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe |
| EnrollWiz | O2 - BHO: CSecDepotIeHlprObj Class - {40F83F83-6C95-4D99-A2EB-6599DE81A6BE} -
C:\WINDOWS\system32\SDSecDepotIe.dll O4 - HKLM\..\Run: [EnrollWiz] SdUsrEnrollWiz.exe enroll O9 - Extra button: Desktop Security Depot for Internet Explorer - {F61F9C2D-0A2F-4b09-B17B-7955B8610940} - C:\WINDOWS\system32\SDSecDepotIe.dll |
| バイドクター | O4 - HKLM\..\Run: [vidr] "C:\Program Files\vidr\vidrUp.exe" -b O4 - HKLM\..\Run: [PC最適化] C:\Program Files\optimizejp\optimizeupdjp.exe -update O4 - HKLM\..\Run: [バイドクター] C:\Program Files\vidoctorjp\vidoctorupdjp.exe -update |
| VVSN.exe | O4 - HKLM\..\Run: [VVSN] C:\Program Files\VVSN\VVSN.exe |
| Windows Defender Beta2 | C:\Program Files\Windows Defender\MsMpEng.exe C:\Program Files\Windows Defender\MSASCui.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hidee |
| AVIRA AntiVir PersonalEdition Cl... | O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition
Classic\avgnt.exe" /min O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe |
| オプトサーブ | O4 - HKLM\..\Run: [optserve] C:\WINDOWS\System32\optserve.exe O4 - HKLM\..\Run: [LP] C:\WINDOWS\system32\LP.exe |
| Trojan-Downloader.Win32.Agent.aqr | O4 - HKLM\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe O4 - HKCU\..\Run: [Realplayer.exe] C:\WINDOWS\system32\Realplayer.exe |
| SystemStable | C:\Program Files\SystemStable\SystemStableMonitor.exe C:\Program Files\SystemStable\SystemStable.exe O4 - HKCU\..\Run: [SystemStableMonitor] C:\Program Files\SystemStable\SystemStableMonitor.exe |
| W32.Randex.YR | O4 - HKLM\..\Run: [Symantec Anti Virus] symantec32.exe O4 - HKLM\..\RunServices: [Symantec Anti Virus] symantec32.exe O4 - HKCU\..\Run: [Symantec Anti Virus] symantec32.exe |
| WORM_WOOTBOT.CE | O4 - HKLM\..\Run: [Windows Update] vgcntfy.exe O4 - HKLM\..\RunServices: [Windows Update] vgcntfy.exe O4 - HKCU\..\Run: [Windows Update] vgcntfy.exe |
| W32/Forbot-BH | O4 - HKLM\..\Run: [Win32 SSL Driver] winssv.exe O4 - HKCU\..\Run: [Win32 SSL Driver] winssv.exe O4 - HKLM\..\RunServices: [Win32 SSL Driver] winssv.exe |
| WORM_SDBOT.VM | O4 - HKLM\..\Run: [msjava service] xpcd.exe O4 - HKLM\..\RunServices: [msjava service] xpcd.exe |
| WORM_WOOTBOT.AS | O4 - HKCU\..\Run: [Windows DNS Daemon] windnsd.exe O4 - HKLM\..\Run: [Windows DNS Daemon] windnsd.exe O4 - HKLM\..\RunServices: [Windows DNS Daemon] windnsd.exe |
| W32.Narcs | O4 - HKLM\..\Run: [Microsoft Updates] Botnet.exe O4 - HKLM\..\RunServices: [Microsoft Updates] Botnet.exe |
| crsss32.exe | O4 - HKLM\..\Run: [CRC Value Verifier] crsss32.exe O4 - HKLM\..\RunServices: [CRC Value Verifier] crsss32.exe |
| WORM_WOOTBOT.BR | O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe |
| Shockwave Flash Object | O2 - BHO: Shockwave Flash Object - {14A21378-5BB1-4BC4-95D5-5D3F51527F6F} -
C:\WINDOWS\system32\smflash.ocx O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present |
| DriveCleaner 2006 | C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe O4 - HKLM\..\Run: [DriveCleaner 2006 Free] "C:\Program Files\DriveCleaner 2006 Free\UDC2006.exe" /min |
| Win32/IRCBot.worm.188416.D | Running processes: C:\WINNT\system32\msjava.exe F2 - REG:system.ini: Shell=Explorer.exe msjava.exe F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msjava.exe O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msjava.exe O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msjava.exe O23 - Service: Remote Procedure Call (RPC) Remote (RpcRemote) - Unknown owner - C:\WINNT\system32\remote.exe (file missing) |
| ワンクリック詐欺(←通称)Eros B... | O4 - HKLM\..\Run: [ImageViewer] C:\WINDOWS\ImageViewer.exe
/s C:\WINDOWS\ImageViewer.exe |
| SystemDoctor 2006 | C:\Program Files\SystemDoctor 2006 Free\sd2006.exe O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan |
| WORM_ANTINNY.AF | O4 - HKLM\..\Run: [Windows Security Manager]
C:\WINNT\system32\drivers\etc\svchost.exe -c -ax O23 - Service: Windows Security Manager (WindowsSecurityManager) - Unknown owner - C:\WINNT\system32\w32secm.exe |
| PC-Clean | O2 - BHO: Web Class - {D03B6018-E880-4A89-99A2-7354FE52DDAE} -
C:\PROGRA~1\NLIA\Nlia.dll O4 - HKLM\..\Run: [PC-Clean] C:\Program Files\PC-Clean\PC-Clean.exe /h |
| DownUp2U | O2 - BHO: DUIE Class - {CECD8E44-D53E-427B-89FB-3DF0A5C8BECD} - C:\Program
Files\DownUp2U\DU_BHO.dll O8 - Extra context menu item: Download *.swf By DownUp2U - C:\Program Files\DownUp2U\du_link_all_swf.htm O8 - Extra context menu item: Download All By DownUp2U - C:\Program Files\DownUp2U\du_link_all.htm O8 - Extra context menu item: Download By DownUp2U - C:\Program Files\DownUp2U\du_link.htm O9 - Extra button: DownUp2U - {ACC4BE27-3308-4D1B-8430-5FB2DACA774F} - C:\Program Files\DownUp2U\DownUp2U.exe |
| BitSpirit | C:\Program Files\BitSpirit\BitSpirit.exe O8 - Extra context menu item: BitSpiritでダウンロード(&B) - C:\Program Files\BitSpirit\bsurl.htm |
| Drag'n Drop CD+DVD | O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp |
| TOSHIBA Smooth View | O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Smooth View\SmoothView.exe |
| BitDefender Free Edition | O4 - HKLM\..\Run: [BDNewsAgent] c:\program files\softwin\bitdefender free
edition\bdnagent.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe |
| HD Tune | O4 - HKLM\..\Run: [HD Tune] C:\PROGRA~1\HDTUNE~1\HDTune.exe |
| Spyware Terminator | O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" |
| Max Antispyware | O4 - HKLM\..\Run: [MASAutoLiveupdate] C:\Program
Files\MaxAntiSpyware\LiveUpdateMAS.exe -AUTO O20 - Winlogon Notify: SDNotify - C:\Program Files\MaxAntiSpyware\SDNotify.dll O23 - Service: MASService - Max Secure Software - C:\Program Files\MaxAntiSpyware\SDService.exe |
| i-フィルター 4 | O4 - HKLM\..\Run: [IFP4] C:\Program Files\Digital Arts\IFP4\app\ifp4.exe
/s O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\iflsp.dll |
| Ultimate Defender | O4 - HKCU\..\Run: [Ultimate Defender] "C:\Program Files\Ultimate Defender\App.exe" hide |
| WinSOS | O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\WINSOS\WINSOS.EXE" MINI |
| downloadmax.net (ワンクリウェア) | C:\WINDOWS\system32\downloadmax.net.bat C:\WINDOWS\system32\downloadmax.net.exe O4 - HKLM\..\Run: [downloadmax.net] C:\WINDOWS\system32\downloadmax.net.bat |
| Norton Ghost 10.0 | O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Program Files\Norton
Ghost\Agent\GhostTray.exe" O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe |
| Error Safe | O4 - HKLM\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe
/scan O4 - HKCU\..\Run: [Error Safe] C:\Program Files\Error Safe Free\ers.exe /scan |
| 1-2-3 Spyware Free Monitor | O4 - HKCU\..\Run: [123Monitor] C:\Program Files\1-2-3 Spyware Free\SpywareFreeMonitor.exe |
| FunWebProducts | R3 - URLSearchHook: (no name) - {06860C16-7110-4059-A410-44578348328E} -
C:\Program Files\AskJeevesJapan\SrchAstt\2.bin\AJJSRCAS.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: AskJeevesJapan Search Assistant BHO - {06860C11-7110-4059-A410-44578348328E} - C:\Program Files\AskJeevesJapan\SrchAstt\2.bin\AJJSRCAS.DLL O2 - BHO: ajjscBar BHO - {3DA56661-F9C5-42a8-B943-849CA2DCD36A} - C:\Program Files\AskJeevesJapan\scbar\3.bin\AJJSCBAR.DLL O3 - Toolbar: Ask Jeeves Japan &Smiley Central Bar - {3DA56669-F9C5-42a8-B943-849CA2DCD36A} - C:\Program Files\AskJeevesJapan\scbar\3.bin\AJJSCBAR.DLL O4 - HKLM\..\Run: [AskJeevesJapan Email Plugin] C:\PROGRA~1\ASKJEE~1\scbar\3.bin\ajjoemon.exe O4 - HKCU\..\Run: [AskJeevesJapan Email Plugin] C:\PROGRA~1\ASKJEE~1\scbar\3.bin\ajjoemon.exe O8 - Extra context menu item: &Ask.jp で検索 - http://cfg.smileycentral.jp/askjpmenusearch.html?p=JSxdm001YYJP_JSHVDIS012 O16 - DPF: {7EE35792-6430-420F-B635-315E1F5A4AC1} - http://ak.nocache.smileycentral.jp/ei/AskJeevesJapanInitialSetup1.0.0.10-5.cab |
| PcoqU4kQ (ワンクリウェア) | C:\WINDOWS\System32\PcoqU4kQs.exe C:\WINDOWS\PcoqU4kQw.exe O4 - HKCU\..\Run: [PcoqU4kQ] C:\WINDOWS\System32\PcoqU4kQs.exe |
| McAfee Wi-FiScan | O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
http://us.mcafee.com/Apps/WSC/en-us/WscWlanScannerCtrl.cab O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} - http://jp.mcafee.com/Apps/WSC/jp/WscWlanScannerCtrl.cab |
| Ad-Watch | O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" |
| TLCigN5O (ワンクリウェア) | C:\WINDOWS\system32\TLCigN5Os.exe C:\WINDOWS\TLCigN5Ow.exe O4 - HKCU\..\Run: [TLCigN5O] C:\WINDOWS\system32\TLCigN5Os.exe |
| WinAntiVirusPRO 2006 | O2 - BHO: CIEIntegrator Object - {2178F3FB-2560-458F-BDEE-631E2FE0DFE4} -
C:\Program Files\WinAntiVirus Pro 2006\winpgi.dll O4 - HKLM\..\Run: [WinAntiVirusPro2006] "C:\Program Files\WinAntiVirus Pro 2006\WinAV.exe" /min O4 - HKLM\..\RunOnce: [fat.exe] C:\Program Files\WinAntiVirus Pro 2006\fat.exe O4 - HKLM\..\Run: [CompanionWizard] "C:\Program Files\Common Files\Companion Wizard\compwiz.exe" /silent O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe |
| Kaspersky On-line Scanner | O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.co.jp/virusscanner/kavwebscan_ansi.cab |
| SpywareQuake | O4 - HKLM\..\Run: [SpywareQuake] C:\ProgramFiles\SpywareQuake\SpywareQuake.exe
/h O4 - HKLM\..\Run: [SpywareQuake.com] C:\Program Files\SpywareQuake.com\Spyware-Quake.exe /h |
| SpyFalcon | O4 - HKLM\..\Run: [SpyFalcon] C:\Program Files\SpyFalcon\SpyFalcon.exe /h |
| MP3 Toolbar | O3 - Toolbar: YourSiteBar - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - C:\PROGRAM FILES\YOURSITEBAR\YSB.DLL |
| SiteAdvisor | O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\saIE.dll O3 - Toolbar: SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\saIE.dll |
| ワンクリック詐欺・完全無料動画像... | O4 - HKCU\..\Run: [MagPlayerWatcher_cwzjp] C:\Program Files\MagPlayer\MagPlayer.exe /Register |
| WinFixer 2005 | O4 - HKCU\..\Run: [WinFixer 2005] D:\Program Files\WinFixer 2005\uwfx5.exe
/scan O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://locator1.cdn.imagesrvr.com/sites/winfixer.com/www/pages/scanner_jp/WinFixer2005ScannerInstall_jp.cab |
| F5 Networks | O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) -
https://【ドメインまたはIP】/vdesk/cachecleaner.cab O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://【ドメインまたはIP】/vdesk/terminal/urxvpn.cab#version=5400,0,50316,1 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://【ドメインまたはIP】/vdesk/terminal/urTermProxy.cab#version=5400,0,50412,1 O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://【ドメインまたはIP】/vdesk/terminal/urxshost.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://【ドメインまたはIP】/vdesk/terminal/urxhost.cab#version=5400,0,50316,1 ------------------------------------------ O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} (F5 Networks VPN Manager) - https://【ドメインまたはIP】/vdesk/terminal/urxvpn.cab#version=5500,0,50524,1 O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://【ドメインまたはIP】/vdesk/terminal/urTermProxy.cab#version=5500,0,50510,1 O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://【ドメインまたはIP】/vdesk/terminal/urxshost.cab O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://【ドメインまたはIP】/vdesk/terminal/urxhost.cab#version=5500,0,50517,1 |
| ワンクリック詐欺 In a | O4 - HKCU\..\Run: [! In a] C:\WINDOWS\SYSTEM\! In as.exe O4 - HKCU\..\RunServices: [! In a] C:\WINDOWS\SYSTEM\! In as.exe |
| EcoPassIE II | O8 - Extra context menu item: EcoIE2 で入力 - C:\Program
Files\Eco-Soft\EcoPassIE2\EcoIe2Menu1.htm O8 - Extra context menu item: EcoIE2 で全入力 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu2.htm O8 - Extra context menu item: EcoIE2 に追加 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu3.htm O8 - Extra context menu item: EcoIE2 を表示 - C:\Program Files\Eco-Soft\EcoPassIE2\EcoIe2Menu4.htm |
| WebSecureAlert | O4 - Startup: WebSecureAlert.lnk = C:\PROGRA~1\WEBSEC~1\WebSecureAlert.exe |
| SpywareStrike 2.5 | O4 - HKLM\..\Run: [SpywareStrike] C:\Program Files\SpywareStrike\SpywareStrike.exe /h |
| ワンクリック詐欺 l lo | C:\WINNT\system32\l los.exe C:\WINNT\l low.exe O4 - HKCU\..\Run: [l lo] C:\WINNT\system32\l los.exe |
| ワンクリック詐欺 @ at 2 | C:\WINNT\system32\@ at 2s.exe C:\WINNT\@ at 2w.exe O4 - HKCU\..\Run: [@ at 2] C:\WINNT\system32\@ at 2s.exe |
| ワンクリック詐欺サイト「po @ t ... | C:\WINNT\po a tw.exe C:\WINNT\system32\po a ts.exe O4 - HKCU\..\Run: [po a t] C:\WINNT\system32\po a ts.exe |
| NT Meter | O23 - Service: NT Meter - Unknown owner - C:\WINDOWS\system32\NTMETER.EXE |
| PerfectDiskのスケジューラ | O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program
Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe |
| igfxsrvc.dll | O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll |
| Windows Overlay Components | Running processes: C:\WINDOWS\egsktdr.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\egsktdr.exe [Key Name]="OvMon" "DisplayName"="Windows Overlay Components" "UninstallString"="C:\WINDOWS\offun.exe" |
| BKDR_DELF.IG | Running processes: C:\PROGRAM FILES\INTERNET EXPLORER\SYSSMSS.EXE O4 - HKLM\..\Run: [WinsSystem] C:\Program Files\Internet Explorer\syssmss.exe |
| ItalMgr | O2 - BHO: PicShow Class - {4487598C-2EC7-43A2-870E-6D8D720FDD9F} -
C:\WINDOWS\system32\pkshaucy.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\System32\italkwwy.dll |
| TROJ_KAKKEYSの亜種 | F2 - REG:system.ini: Shell=C:\:.exe -s explorer.exe O4 - HKLM\..\Run: [Shell] C:/RECYCLER/S-1-5-21-1202660629-583907252-725345543-1003/iexplore.exe -e |
| Troj/Puper類 | Running
processes: C:\WINDOWS\popuper.exe C:\WINDOWS\System32\shnlog.exe C:\WINDOWS\System32\msole32.exe C:\WINDOWS\System32\intmon.exe (システムフォルダのファイル名は他にもありうる、例: paint.exe) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.security2k.net/bar.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.security2k.net/search.php?qq=%1 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.security2k.net/search.php?qq=%1 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.security2k.net/ (上記はRが出る環境の場合の一例) O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\System32\hp86A5.tmp (hpの次はランダム) |
| W32/Rbot-APA | O4 - HKLM\..\Run: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKLM\..\RunServices: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKCU\..\Run: [Microsoft Messenger Management Controls] msmgmctl.exe O4 - HKCU\..\RunServices: [Microsoft Messenger Management Controls] msmgmctl.exe |
| W32/Rbot-ALE (またはW32/Rbot-AU... | O4 - HKLM\..\Run: [Service Monitor] msnfilen.exe O4 - HKLM\..\RunServices: [Service Monitor] msnfilen.exe |
| WORM_RBOT.BMY | O4 - HKLM\..\Run: [System Event Manager] secsvc.exe O4 - HKLM\..\RunServices: [System Event Manager] secsvc.exe |
| W32/Rbot-ALC | O4 - HKLM\..\Run: [Windows Update Service] update32.pif O4 - HKLM\..\RunServices: [Windows Update Service] update32.pif O4 - HKCU\..\Run: [Windows Update Service] update32.pif O4 - HKCU\..\RunServices: [Windows Update Service] update32.pif |
| O4 - [Microsoft Security GManage... | O4 - HKLM\..\Run: [Microsoft Security GManagers] vutblab.exe O4 - HKLM\..\RunServices: [Microsoft Security GManagers] vutblab.exe |
| W32/Rbot-AHK または W32/Rbot-ALJ | O4 - HKLM\..\Run: [Microsoftf DDEs Control] soff.pif O4 - HKLM\..\RunServices: [Microsoftf DDEs Control] soff.pif |
| WORM_RBOT.BUZ | O4 - HKLM\..\Run: [Windows Spool Server] spoolsrv.exe O4 - HKLM\..\RunServices: [Windows Spool Server] spoolsrv.exe |
| W32/Rbot-ATE | O4 - HKLM\..\Run: [HTML32 Help System] hhs32.pif O4 - HKLM\..\RunServices: [HTML32 Help System] hhs32.pif O4 - HKCU\..\Run: [HTML32 Help System] hhs32.pif O4 - HKCU\..\RunServices: [HTML32 Help System] hhs32.pif |
| W32/Rbot-AWJ | O4 - HKLM\..\Run: [MICROSFT RAMA UPDATE SUPPORT] MSN32.EXE O4 - HKLM\..\RunServices: [MICROSFT RAMA UPDATE SUPPORT] MSN32.EXE |
| ウイルスバスター2006 | [XPの場合] Running processes: C:\PROGRA~1\TRENDM~1\VIRUSB~1\PCCTLCOM.EXE C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe C:\PROGRA~1\TRENDM~1\VIRUSB~1\TMPFW.EXE C:\Program Files\Trend Micro\Virus Buster 2006\pccguide.exe O2 - BHO: フィッシング詐欺対策ツールバー - {06647158-359E-4D10-A8DE-E6145DA90BE9} - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PccIeBar.dll O3 - Toolbar: フィッシング詐欺対策ツールバー - {871F91FD-3A92-4988-A842-16AB2CFF5AF1} - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PccIeBar.dll O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Virus Buster 2006\pccguide.exe" O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\PcCtlCom.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\VIRUSB~1\tmproxy.exe |
| Adware.Webtext | O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsa130.dll (一例。ファイル名はns*.dllで可変) |
| W32/Rbot-AVQ | Running Processes: C:\WINDOWS\System32\BHSV.EXE O4 - HKLM\..\Run: [Browser Help Svc] BHSV.EXE O4 - HKLM\..\RunServices: [Browser Help Svc] BHSV.EXE O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE |
| W32/Rbot-ARP | Running processes: C:\WINDOWS\System32\scorti.exe O4 - HKLM\..\Run: [MCX Updte] scorti.exe O4 - HKLM\..\RunServices: [MCX Updte] scorti.exe |
| W32/Rbot-AQS | Running processes: C:\WINDOWS\System32\winssx.exe O4 - HKLM\..\Run: [Microft Update 32] winssx.exe O4 - HKLM\..\RunServices: [Microft Update 32] winssx.exe |
| W32/Rbot-AUZ | Running processes: C:\WINDOWS\System32\winmx32.EXE O4 - HKLM\..\Run: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE O4 - HKLM\..\RunServices: [MICROSFT MX UPDATE SUPPORT] winmx32.EXE |
| mssearchnet.exe | Running processes: C:\WINDOWS\system32\mssearchnet.exe C:\WINDOWS\System32\nvctrl.exe O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\System32\hp8DA9.tmp |
| PRunOnce.exe | O4 - HKLM\..\Run: [PRunOnce] C:\util\prunonce\PRunOnce.exe |
| msqsearc (TROJ_DLUCA.CN) | Running processes: C:\windows\system32\msqsearc.exe O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm O4 - HKLM\..\Run: [msqsearc] c:\windows\system32\msqsearc.exe /install "DisplayName"="dxvid" "DisplayName"="msqsearc" |
| Secure Application Manager | O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application
manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll O10 - Unknown file in Winsock LSP: c:\program files\neoteris\secure application manager\gapsp.dll |
| xpdiag.exe | Running processes: C:\WINDOWS\XPDIAG.EXE O4 - HKLM\..\Run: [XpDiag] xpdiag.exe -off |
| MSN Messenger 7.5のO18 | O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
| PhishWall | O2 - BHO: PhishWall - {8CA7E745-EF75-4E7B-BB86-8065C0CE29CA} - C:\Program
Files\SecureBrain\PhishWall\sbpw32.dll O3 - Toolbar: PhishWall - {BB62FFF4-41CB-4AFC-BB8C-2A4D4B42BBDC} - C:\Program Files\SecureBrain\PhishWall\sbpw32.dll アンインストール情報 [Key Name]="{8C0B0C9E-60E6-48CD-8080-615A6D271C0F}" "DisplayName"="PhishWall" "Version"="0x01000000" "InstallDate"="20051014" "InstallLocation"="C:\Program Files\SecureBrain\PhishWall" "InstallSource"="C:\Documents and Settings\[username]\My Documents\AppSetupExe\phishwall\"[パスはあくまで一例] "UninstallString"="RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8C0B0C9E-60E6-48CD-8080-615A6D271C0F}\setup.exe" -l0x11 -removeonly" "Publisher"="SecureBrain Corporation" |
| ewido online scanner beta | O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab |
| PSGuard | O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe |
| SSA-KeyLogger spyware | O1 - Hosts: 85.192.32.112 name of a bank O1 - Hosts 82.146.42.123 name of a bank O1 - Hosts 209.160.64.29 name of a bank O1 - Hosts: 64.34.84.76 name of a bank O1 - Hosts: 17.145.117.11 name of a bank O1 - Hosts: 128.250.24.84 name of a bank O1 - Hosts: 141.225.152.142 ibank.barclays.co.uk O4 - HKLM\\..\\Run: [load32] C:\\WINDOWS\\System32\\winldra.exe O4 - HKLM\..\Run: [load32] C:\WINDOWS\SYSTEM32\winldra.exe |
| WORM_SNONE.A | O4 - HKLM\..\Run: [WinMsgService] C:\WINDOWS\system32\explorer.exe O4 - HKLM\..\Run: [realone_nt2004] C:\WINDOWS\system32\syslray.exe O4 - HKLM\..\Run: [realone_nt2003] C:\WINDOWS\system32\moniker.exe |
| Trojan.Joex | F2 - REG:system.ini: Shell=Explorer.exe commamd.exe O4 - HKCU\..\Run: [ctfnom.exe] C:\WINDOWS\SVOHOST.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present もし、下記の設定があれば「Check」&「Fix」 O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm?pid=U_superrsoft_62756 (file missing) O9 - Extra 'Tools' menuitem: 修???器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing) O9 - Extra 'Tools' menuitem: 清理上网?? - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing) |
| キングソフトインターネットセキュ... | O4 - HKLM\..\Run: [KavStart] "C:\Program Files\Kingsoft\KIS2006\KAVStart.exe"
-startup O4 - HKCU\..\Run: [KavPFW] "C:\Program Files\Kingsoft\KIS2006\KavPFW.exe" O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\KIS2006\KPfwSvc.EXE O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\Program Files\Kingsoft\KIS2006\KWatch.EXE |
| Bonjour(Rendezvous) | Running processes: C:\Program Files\Bonjour\mDNSResponder.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O23 - Service: Bonjour サービス (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe |
| W32.Licum (別名 W32/Gael; Tenga)... | それ自体としては現れないと思われる。 |
| Kerio Personal Firewall 4 | Running processes: C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe |
| Spyware Doctor 3.2 | Running processes: C:\Program Files\Spyware Doctor\swdoctor.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll アンインストール情報: [Key Name]="Spyware Doctor_is1" "DisplayName"="Spyware Doctor 3.2" "InstallLocation"="C:\Program Files\Spyware Doctor\" "UninstallString"=""C:\Program Files\Spyware Doctor\unins000.exe"" "QuietUninstallString"=""C:\Program Files\Spyware Doctor\unins000.exe" /SILENT" "Publisher"="PC Tools" "HelpLink"="http://www.pctools.com/spyware-doctor/support/" |
| Client Manager2 | Running processes: C:\Program Files\BUFFALO\Client Manager2\ClientMgr2.exe C:\Program Files\BUFFALO\Client Manager2\bwsvc.exe O23 - Service: Buffalo Wireless Service (BWSVC) - BUFFALO INC. - C:\Program Files\BUFFALO\Client Manager2\bwsvc.exe |
| Adaptec DirectCD | Running processes: C:\PROGRA~1\Adaptec\DirectCD\directcd.exe O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\Adaptec\DirectCD\directcd.exe |
| Jog Dial Utility | Running processes: C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Utility\JogServ2.exe |
| S3Hotkey | Running processes: C:\WINNT\system32\s3hotkey.exe O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe |
| Norton GoBack | Running processes: C:\Program Files\Norton GoBack\GBPoll.exe C:\Program Files\Norton GoBack\GBTray.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe |
| Jetico Personal Firewall | O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe" |
| Troj/Dluca-S | O4 - HKLM\..\Run: [sysdxvid] c:\windows\system\sysdxvid.exe /nocomm (青71325) O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install O4 - HKLM\..\Run: [dxvid] c:\windows\system32\dxvid.exe /nocomm |
| vbsys.dll | 2004年10月前後流行のもの: O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O21 - SSODL: SystemCheck - {54645654-2225-4455-44A1-9F4543D34544} - C:\C\WINDOWS\System32\vbsys.dll 登録時点での例: O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll |
| トレンドマイクロのオンラインスキ... | (英語) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab (←Security Scan機能[2005年7月時点]) (日本語) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (ウイルスバスター On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab |
| RootkitRevealer 1.55 | Running processes: C:\Spyware\RootkitRevealer\RootkitRevealer.exe (←パスは一例) C:\DOCUME~1\<username>\LOCALS~1\Temp\YDVXLKY.exe O23 - Service: YDVXLKY - Sysinternals - www.sysinternals.com - C:\DOCUME~1\<username>\LOCALS~1\Temp\YDVXLKY.exe |
| ewido security suite 3.5 | Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\SecuritySuite.exe C:\Program Files\ewido\security suite\ewidoguard.exe (常駐機能) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe (常駐機能) アンインストール情報: [Key Name]="ewidosecuritysuite" "DisplayName"="ewido security suite" "InstallLocation"="C:\Program Files\ewido\security suite" "UninstallString"="C:\Program Files\ewido\security suite\Uninstall.exe" "Publisher"="ewido networks" "HelpLink"="http://www.ewido.net" |
| Microsoft Antispyware (Beta) | Running processes: C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe (操作画面を起動すると)C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" |
| CWS_Paytime | O4 - HKLM\..\Run: [PayTime] C:\WINNT\System32\paytime.exe O4 - HKCU\..\Run: [PayTime] C:\WINNT\System32\paytime.exe |
| Trojan.Zlob.B | O4 - HKLM\..\Run: [RegSvr32] C:\WINNT\system32\msmsgs.exe |
| Troj/Spyre-E | O4 - HKCU\..\Run: [Intel system tool] C:\WINNT\system32\hookdump.exe |
| Win32.Banker.M | O20 - Winlogon Notify: f3dsl - C:\WINDOWS\SYSTEM32\lsd_f3.dll |
| Trojan-Proxy.Win32.Small.bo | O4 - HKLM\..\Run: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe O4 - HKLM\..\RunServices: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe O4 - HKCU\..\Run: [updatelavasoft] C:\WINNT\system32\updatelavasoft.exe |
| Trojan-Proxy.Win32.Small.bo | O4 - HKLM\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe O4 - HKCU\..\Run: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe |
| Logicool SetPoint | XP SP1、SP2のログ Running processes: C:\Program Files\Logicool\SetPoint\kem.exe C:\Program Files\Logicool\SetPoint\KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE |
| eTrust AntiVirus Promotional Ver... | XP SP1のログ Running processes: C:\Program Files\CA\eTrust Antivirus\InoRpc.exe C:\Program Files\CA\eTrust Antivirus\InoRT.exe C:\Program Files\CA\eTrust Antivirus\InoTask.exe O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe |
| eTrust アンチウイルス 2005 | XP SP1のログ Running processes: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe |
| WareOut | ・プログラム本体 O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe" ・上記の他、O4 - HKLM に2つ、O4 - HKCU に3つのエントリーが作られる。R3 - URLSearchHook が出ることも有る。 (例1) R3 - URLSearchHook: (no name) - {1DDB19E0-B89D-728D-C2F7-4EB6A0335042} - JAguAr.dll (file missing) O4 - HKLM\..\Run: [backd] ATLIEHELPER.exe O4 - HKLM\..\Run: [bhoserv] ActionScr.exe O4 - HKCU\..\Run: [driver64] dialer423.exe O4 - HKCU\..\Run: [backd] bhoserv.exe O4 - HKCU\..\Run: [hyandex] stuffmon.exe (例2) O4 - HKLM\..\Run: [CToolBar] WhatsNewBot.exe O4 - HKLM\..\Run: [10010] CToolBar.exe O4 - HKCU\..\Run: [SpyElim] zantu.exe O4 - HKCU\..\Run: [sysconf16] zxc.exe O4 - HKCU\..\Run: [trycrt] driver32.exe ※エントリー名称に使われる文字列は、上記参考サイトを参照。プログラム本体以外は、エントリー情報だけで、ファイルの実体は無い。 |
| TROJ_STARTPAG.QY | O4 - HKLM\..\Run: [checkrun] c:\winnt\system32\eliteayb32.exe O4 - HKLM\..\Run: [checkrun] C:\winnt\system32\eliteloo32.exe O4 - HKLM\..\Run: [checkrun] C:\Windows\System32\eliteloo32.exe O4 - HKLM\..\Run: [checkrun] C:\Windows\System\eliteloo32.exe のようにelite○○○(3桁英字)32.exeのエントリーが現れる 追加 O4 - HKLM\..\Run: [antiware] C:\windows\system32\elitehoa32.exe |
| Trojan.Desktophijack | プロセスに C:\WP.EXE O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe |
| Backdoor.Staprew | O4 - HKLM\..\Run: [Kodac] C:\OFICEXP.exe |
| AI RoboForm | O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program
Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O8 - Extra context menu item: RF ツールバー - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: RF フォーム保存 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: RF フォーム記入 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RF メニューカスタマイズ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O9 - Extra button: フォーム記入 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: RF フォーム記入 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: 保存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: RF フォーム保存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: ロボフォーム - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF ツールバー - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html |
| ACROIEHELPER.DLL | O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL |
| Adware.MediaPass | O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Media Pass] C:\Program Files\Media Pass\MediaPassK.exe |
| Trojan.Win32.Stervis.b | O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe |
| AdWare.Apropos.i | O4 - HKCU\..\Run: [d002RPNpW] sqlodc32.exe |
| Trojan.Win32.StartPage.nk | O4 - HKLM\..\Run: [etbrun] c:\winnt\system32\eliteayb32.exe O4 - HKLM\..\Run: [etbrun] C:\winnt\system32\eliteloo32.exe O4 - HKLM\..\Run: [etbrun] C:\Windows\System32\eliteloo32.exe O4 - HKLM\..\Run: [etbrun] C:\Windows\System\eliteloo32.exe のようにelite○○○(3桁英字)32.exeのエントリーが現れる |
| Trojan-PSW.Win32.Small.bk | O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\thun32.dll |
| ALCWZRD.EXE | Running processes: C:\WINDOWS\ALCWZRD.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE |
| ALCMTR.EXE | Running Processesには現れない様子。 O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE |
| TabUserW.exe | ランニングプロセス C:\WINDOWS\system32\WTablet\TabUserW.exe |
| TabletService | ランニングプロセス C:\Windows\system32\Tablet.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe |
| IntelliPoint | Running Processes C:\Program Files\Microsoft IntelliPoint\point32.exe 自動起動エントリ O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" |
| Troj.Startpage se.dll | #56938の例 O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall または #57232の例 O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\User\LOCALS~1\Temp\se.dll,DllInstall |
| Trojan.Win32.Small.AZ/Trojan.Win... | O4 - HKLM\..\Run: [Olympic] C:\WINDOWS\Application Data\sgrunt\IE4321.exe O15 - Trusted Zone: www.sgrunt.biz |
| Backdoor.Thunker | O21 - SSODL: OLE Automation Module - {3F143C3A-1457-6CCA-03A7-7AA23B61E40F} - "C:\WINDOWS\Application Data\Microsoft\child.dll" |
| Admilli Service | O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c9.cab |
| Trojan.Win32.StartPage.rx | O4 - HKCU\..\Run: [mstask] C:\WINDOWS\mstask.exe |
| Ms4Hd (バージョン3 初期版・後期... | 同じ Ver.3 でも初期版と後期版で若干異なる。 ---初期版--- Running Proccess: C:\WINDOWS\System32\unlodctl.exe C:\WINDOWS\System32\nlsfuncs.exe C:\WINDOWS\System32\openconf.exe C:\WINDOWS\System32\taskopen.exe (※) C:\WINDOWS\System32\qappsrvc32.exe (※) O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\System32\ms??.dll (※) → "??" は任意の英字2文字 O4 - HKLM\..\Run: [taskopen.exe] taskopen.exe (※) O4 - HKLM\..\RunOnce: [qappsrvc32.exe] qappsrvc32.exe (※) ★上記で (※) をつけたエントリは、rootkit による隠蔽のためセーフモードでないと現れない ★Running Processes のファイル名はあくまで一例 ---後期版--- Running Proccess: C:\WINDOWS\system32\usrshutd.exe C:\WINDOWS\system32\winmsdc.exe C:\WINDOWS\system32\vwipxspnt.exe C:\WINDOWS\system32\tlntadmnx.exe O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\System32\ms???.dll (※) → "???" は任意の英字3文字 <以下のようなO4エントリが一つのみ> O4 - HKLM\..\Run: [sp2chk.exe] sp2chk.exe (※) O4 - HKLM\..\Run: [rdspclips.exe] rdspclips.exe (※) ★上記で (※) をつけたエントリは、rootkit による隠蔽のためセーフモードでないと現れない ★Running Processes のファイル名はあくまで一例 ---初期版・後期版共通--- O15 - Trusted Zone: http://*.63.219.181.7 O15 - Trusted Zone: http://*.search-soft.net O17 - HKLM\System\CCS\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS1\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 O17 - HKLM\System\CS2\Services\Tcpip\..\{A81D8FDF-206E-471D-A5B3-59F4D56CE8D6}: NameServer = 69.50.166.94,69.31.80.244 ★O17 に追加される NameServer の下位2桁はいろいろ、69.50.*.*, 69.31.*.*, 195.225.*.* 辺りがよく見受けられる(2005/01/30現在) ---初期版・後期版共通でほぼ確実に見られる併発症状--- ☆FreshBar O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iecust.dll O3 - Toolbar: FreshBar - {06ABAA2D-34AB-4902-A326-409BD9B9A7A5} - C:\WINDOWS\System32\iesp1.dll ☆about:blank O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/html - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O18 - Filter: text/plain - {random CLSID} - C:\WINDOWS\system32\snnpapi.dll O2 - BHO: (no name) - {random CLSID} - C:\WINDOWS\system32\protect32.dll O18 - Filter: text/html - {random CLSID} - C:\WINDOWS\system32\protect32.dll O18 - Filter: text/plain - {random CLSID} - C:\WINDOWS\system32\protect32.dll ★上記の関連 .dll ファイルのファイル名は可変で、今後も変わる可能性大。 |
| ABox | Running processes: C:\WINDOWS\ABox.exe O4 - HKLM\..\Run: [ABox] C:\WINDOWS\ABox.exe O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://207.234.185.217/ABoxInst_int4.exe |
| DLuxjp | O4 - HKLM\..\Run: [DLuxjp] c:\program files\dialers\dluxjp\dluxjp.exe /nocomm |
| GuardBar | O2 - BHO: GuardBar.BHO - {62F5BBB6-A71E-46E7-AE78-73D25185EDC8} - C:\Program
Files\GuardBar\GuardBar.dll O3 - Toolbar: GuardBar - {7F4D8DE6-AC92-4A13-9DE9-F360736F2464} - C:\Program Files\GuardBar\GuardBar.dll |
| Spyware Vanisher Free Scan | O4 - HKCU\..\Run: [Spyware Vanisher] C:\spywarevanisher-free\FreeScanner.exe -FastScan |
| Adware.EasySearch | O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKLM\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKLM\..\Run: [Games Acceleration] svshost.exe O4 - HKLM\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKLM\..\Run: [Microsoft Management Console] lssas.exe O4 - HKLM\..\Run: [Multimedia extensions] mservice.exe O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe O4 - HKCU\..\Run: [Games Acceleration] svshost.exe O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe |
| WORM_RBOT.CZ | O4 - HKLM\..\Run: [Microsoft 16Bit Update] wuapdate16.exe O4 - HKLM\..\RunServices: [Microsoft 16Bit Update] wuapdate16.exe O4 - HKCU\..\Run: [Microsoft 16Bit Update] wuapdate16.exe |
| qdiagca.cab | O16 - DPF: {22D16976-00DE-4CD2-807F-E8C63E9EBEEE} (QDiagCAUpdateObj Class) - http://cweb.canon.jp/drv-upd/install/html/qdiagca.cab |
| schedhlp.exe | O4 - HKLM\..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe |
| TrueImageMonitor.exe | O4 - HKLM\..\Run: [Acronis True Image Monitor] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe |
| htpatch.exe | O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe |
| Search Assistant Utility | O2 - BHO: DOMPeek Class - {834261E1-DD97-4177-853B-C907E5D5BD6E} - C:\WINDOWS\dpe.dll O4 - HKCU\..\Run: [MSMsgSvc] C:\WINDOWS\System\MSMSGSVC.exe |
| ATLAS翻訳 | O2 - BHO: ATLASツールバー - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program
Files\ATLASP2004\ATLIECP.DLL O3 - Toolbar: ATLASツールバー - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files\ATLASP2004\ATLIECP.DLL O8 - Extra context menu item: ATLASで翻訳 - C:\Program Files\ATLASP2004\Atlscript.html O9 - Extra button: ATLAS翻訳 - {B7707A72-4355-11D4-82BD-00000EBBEF8D} - C:\Program Files\ATLASP2004\Atlscript.html ―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐― PCプレインストール関係 O2 - BHO: IAtlIE2 Class - {36AB28F6-4BBF-11D4-9756-00000E492F6A} - C:\Program Files\Atlas Common\ATLIE.DLL |
| Superlogy.com | O2 - BHO: Zedd4Proj.clsUnoOne - {08227B4B-54FE-4C4D-809F-BCA46292FC5B} - C:\WINDOWS\system32\Zedd4.dll |
| Ms4Hd (バージョン1、およびバージ... | 初期に出た Ver.1 と Ver.2 に関しては本質的な挙動は同じ。 HJTに現れる最小限のエントリは、 ---バージョン1--- O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\WINDOWS\SYSTEM\MSACMX.DLL O4 - HKLM\..\Run: [dllhostxp.exe] dllhostxp.exe O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe O4 - HKLM\..\Run: [mqbckup.exe] mqbckup.exe O4 - HKLM\..\RUN: [C:\WINDOWS\System32\pxhping.exe] C:\WINDOWS\System32\pxhping.exe O15 - Trusted Zone: http://*.63.219.181.7 ---バージョン2--- O2 - BHO: (no name) - {E9590744-812B-46C3-96EB-33212855927D} - C:\WINDOWS\System32\netcfg.dll O4 - HKLM\..\Run: [clfmon.exe] clfmon.exe O4 - HKLM\..\Run: [msinfo.exe] msinfo.exe O15 - Trusted Zone: http://*.63.219.181.7 両バージョンとも、 ・O2のCLSIDとdllファイル名は固定 ・O15に追加されるサイトも固定 ・O4はバージョンごとに固定されたリストから選ばれており、数・ファイル名ともに可変 (但し、ファイル名がランダムというわけではない) という特徴がある。 また、O2とO4はセーフモードでPCを起動した場合のみ確認できる(例外あり、メモ参照のこと) Ms4Hd によってシステムフォルダに持ち込まれうる既知の .exe, .dll ファイルの一覧はメモを参照のこと。 |
| Alexa Toolbar | O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: Alexa - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra 'Tools' menuitem: Alexa Toolbar - {9D74677A-E227-40fb-9511-F7E92EA4083A} - C:\WINDOWS\system32\SHDOCVW.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing) |
| MAFWTray.exe | Running processes: C:\WINDOWS\System32\MAFWTray.exe O4 - HKLM\..\Run: [MAFWTaskbarApp] C:\WINDOWS\System32\MAFWTray.exe |
| SpyWare Killer | Running processes: C:\Program Files\SpyWare Killer\spywarekiller.exe O4 - HKCU\..\Run: [ANONYMIZER_SPYWAREKILLER] C:\Program Files\SpyWare Killer\spywarekiller.exe /BOOT |
| Windows TaskAd他Wind Updates系 | Running processes: C:\Program Files\Windows TaskAd\WinTaskAd.exe C:\Program Files\Windows TaskAd\WinSched.exe O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe |
| RelatedLinks | O2 - BHO: C:\WINDOWS\lbbho.dll - {8AE80213-3160-48B2-8AF7-D98CE4067FE7}
- C:\WINDOWS\lbbho.dll (CLSID可変) |
| WinPatrol | O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe" |
| gooスティック | Running processes: C:\Program Files\goo\stick\bandhost.exe O3 - Toolbar: &gooスティック - {C1724158-90ED-413D-AE2D-6360F0CAA755} - C:\PROGRA~1\goo\stick\goostk.dll O4 - HKCU\..\Run: [goo band host] "C:\Program Files\goo\stick\bandhost.exe" O8 - Extra context menu item: &gooでウェブ検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script0.html O8 - Extra context menu item: &gooでニュース検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script1.html O8 - Extra context menu item: &gooで地図検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script6.html O8 - Extra context menu item: &gooで画像検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script5.html O8 - Extra context menu item: &goo和英辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script4.html O8 - Extra context menu item: &goo国語/新語辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script2.html O8 - Extra context menu item: &goo英和辞典で検索 - C:\Documents and Settings\river8\Application Data\goo\stick\script3.html O16 - DPF: {B947ABE6-0D16-48D6-819A-9BE79C4A16AA} - http://stick.goo.ne.jp/ver4.0/download/goostk_w.cab |
| Yahoo!ツールバー | O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670}
- C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\YCOMP5~1.DLL O3 - Toolbar: &Yahoo!ツールバー - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\YCOMP5~1.DLL O16 - DPF: {4A88CB42-BBFE-496A-884F-98E8AC316292} (YJInstStarter Control) - http://dl.toolbar.yahoo.co.jp/dl/installs/yjinst.cab |
| TPS108 | O2 - BHO: (no name) - {0000026A-8230-4DD4-BE4F-6889D1E74167} - C:\WINDOWS\TPS108.DLL |
| NEC LowBattery Notification | Running processes: C:\Program Files\NECLOWBAT\lb.exe O4 - HKLM\..\Run: [NEC LowBattery Notification] C:\Program Files\NECLOWBAT\lb.exe (ファイル名はlbserv.exeのこともありそう) |
| Mouse Suite 98 Daemon | Running processes: C:\WINDOWS\system32\ICO.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE ―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐―‐― Running processes: C:\WINNT\system32\ICONSPY.EXE O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICONSPY.EXE |
| Sony HotKey Utility | Running processes: C:\Program Files\Sony\HotKey Utility\HKserv.exe C:\Program Files\Sony\HotKey Utility\HKWnd.exe O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe |