ADW_PLUSHED
AdWare.Win32.Agent.ajdu (Kaspersky); Adware.Agent (Sunbelt)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
マルウェアタイプ:
アドウェア
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
アドウェアは、以下のファイルを作成します。
- %User Temp%\Plus-HD-8.1Installer_{10 digits}.log
- %User Temp%\{random 1}.tmp\Qqybqqkyxe.exe
- %User Temp%\{random 1}.tmp\StdUtils.dll
- %User Temp%\{random 1}.tmp\System.dll
- %User Temp%\{random 1}.tmp\WrapperUtils.dll
- %User Temp%\{random 1}.tmp\Xklwvazkvmjd.tmp
- %User Temp%\{random 2}\ExecDos.dll
- %User Temp%\{random 2}\extensionData\manifest.xml
- %User Temp%\{random 2}\extensionData\plugins.json
- %User Temp%\{random 2}\extensionData\plugins\1_base.js
- %User Temp%\{random 2}\extensionData\plugins\104_jollywallet_m.js
- %User Temp%\{random 2}\extensionData\plugins\13_CrossriderAppUtils.js
- %User Temp%\{random 2}\extensionData\plugins\14_CrossriderUtils.js
- %User Temp%\{random 2}\extensionData\plugins\17_jQuery.js
- %User Temp%\{random 2}\extensionData\plugins\177_crossriderDashboard.js
- %User Temp%\{random 2}\extensionData\plugins\182_openUrl.js
- %User Temp%\{random 2}\extensionData\plugins\183_tabsWrapper.js
- %User Temp%\{random 2}\extensionData\plugins\198_superfish_no_search_no_coupons_plushd_m.js
- %User Temp%\{random 2}\extensionData\plugins\2_ie8_fix_1.js
- %User Temp%\{random 2}\extensionData\plugins\207_dbWrapper.js
- %User Temp%\{random 2}\extensionData\plugins\21_debug.js
- %User Temp%\{random 2}\extensionData\plugins\213_dealply_no_google_m.js
- %User Temp%\{random 2}\extensionData\plugins\22_resources.js
- %User Temp%\{random 2}\extensionData\plugins\28_initializer.js
- %User Temp%\{random 2}\extensionData\plugins\3_ie8_fix_2.js
- %User Temp%\{random 2}\extensionData\plugins\35_IEAjax.js
- %User Temp%\{random 2}\extensionData\plugins\36_IEBackground.js
- %User Temp%\{random 2}\extensionData\plugins\37_IEBrowserEvents.js
- %User Temp%\{random 2}\extensionData\plugins\38_IECallbacks.js
- %User Temp%\{random 2}\extensionData\plugins\39_IEDatabase.js
- %User Temp%\{random 2}\extensionData\plugins\4_jquery_1_7_1.js
- %User Temp%\{random 2}\extensionData\plugins\40_IEExtension.js
- %User Temp%\{random 2}\extensionData\plugins\41_IEInfo.js
- %User Temp%\{random 2}\extensionData\plugins\42_IEInternal.js
- %User Temp%\{random 2}\extensionData\plugins\43_IEMessaging.js
- %User Temp%\{random 2}\extensionData\plugins\44_IEMisc.js
- %User Temp%\{random 2}\extensionData\plugins\45_IEOnRequest.js
- %User Temp%\{random 2}\extensionData\plugins\46_IETimers.js
- %User Temp%\{random 2}\extensionData\plugins\47_resources_background.js
- %User Temp%\{random 2}\extensionData\plugins\64_appApiMessage.js
- %User Temp%\{random 2}\extensionData\plugins\72_appApiValidation.js
- %User Temp%\{random 2}\extensionData\plugins\78_CrossriderInfo.js
- %User Temp%\{random 2}\extensionData\plugins\91_monetizationLoader.js.js
- %User Temp%\{random 2}\extensionData\plugins\94_IEPopup.js
- %User Temp%\{random 2}\extensionData\userCode\background.js
- %User Temp%\{random 2}\extensionData\userCode\extension.js
- %User Temp%\{random 2}\inetc.dll
- %User Temp%\{random 2}\InstallerUtils.dll
- %User Temp%\{random 2}\InstallerUtils2.dll
- %User Temp%\{random 2}\md5dll.dll
- %User Temp%\{random 2}\nsislog.dll
- %User Temp%\{random 2}\nsisos.dll
- %User Temp%\{random 2}\StdUtils.dll
- %User Temp%\{random 2}\System.dll
- %User Temp%\{random 2}\temp_file_after.tmp
- %User Temp%\{random 2}\temp_file_before.tmp
- %User Temp%\{random 2}\update.json
- %User Temp%\{random 2}\UserInfo.dll
- %Program Files%\Plus-HD-8.1\background.html
- %Program Files%\Plus-HD-8.1\Plus-HD-8.1.ico
- %Program Files%\Plus-HD-8.1\utils.exe
- %Windows%\Tasks\Plus-HD-8.1-codedownloader.job
- %Windows%\Tasks\Plus-HD-8.1-enabler.job
- %Windows%\Tasks\Plus-HD-8.1-firefoxinstaller.job
- %Windows%\Tasks\Plus-HD-8.1-updater.job
- %Windows%\Tasks\temp_Plus-HD-8.1-enabler.job
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。. %Windows%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、"C:\Windows" です。)
アドウェアは、以下のフォルダを作成します。
- %User Temp%\{random 1}.tmp
- %User Temp%\{random 2}.tmp
- %User Temp%\{random 2}.tmp\extensionData
- %User Temp%\{random 2}.tmp\extensionData\plugins
- %User Temp%\{random 2}.tmp\extensionData\userCode
- %Program Files%\Plus-HD-8.1
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。)
自動実行方法
アドウェアは、以下のレジストリキーを追加し、自身をBrowser Helper Object(BHO)として登録します。これにより、Internet Explorer(IE)が起動するとアドウェアが自動実行されます。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{11111111-1111-1111-1111-110511111108}
他のシステム変更
アドウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
HKEY_LOCAL_MACHINE\Software\Plus-HD-8.1\
Installer
HKEY_LOCAL_MACHINE\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Microsoft\Internet Explorer\Low Rights\
ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
HKEY_LOCAL_MACHINE\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Microsoft\Internet Explorer\Low Rights\
ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
HKEY_CURRENT_USER\Software\Plus-HD-8.1
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Update
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Crossrider
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Installer
HKEY_LOCAL_MACHINE\Software\Plus-HD-8.1\
IE\Profiles
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Manifest
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Code
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Plugins
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Plugins\207
HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\
Plus-HD-8.1\Plugins\177
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Debug
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\177
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Log
HKEY_CLASSES_ROOT\CrossriderApp0051108.Sandbox.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.Sandbox.1\CLSID
HKEY_CLASSES_ROOT\CrossriderApp0051108.BHO.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.BHO.1\CLSID
HKEY_CLASSES_ROOT\CrossriderApp0051108.Sandbox
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.Sandbox\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.Sandbox\CurVer
HKEY_CLASSES_ROOT\CrossriderApp0051108.BHO
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.BHO\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CrossriderApp0051108.BHO\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\Implemented Categories\
{59fb2056-d625-48d0-a944-1a85b5ab2640}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\Programmable
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}\1.0\
FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}\1.0\
0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}\1.0\
0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{44444444-4444-4444-4444-440544114408}\1.0\
HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550555115508}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550555115508}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550555115508}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550555115508}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660566116608}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660566116608}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660566116608}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660566116608}\TypeLib
アドウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
DisplayName = "Plus-HD-8.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
DisplayIcon = "%Program Files%\Plus-HD-8.1\utils.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
DisplayVersion = "1.34.1.29"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
Publisher = "Plus HD"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
CrPublisherId = "19979"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
CrAppId = "51108"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
Plus-HD-8.1
UninstallString = "%Program Files%\Plus-HD-8.1\Uninstall.exe /fromcontrolpanel=1"
HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\
Installer
BundledFirefox = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\
Installer
BundledIe = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
AppName = "Plus-HD-8.1-codedownloader.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
AppPath = "%Program Files%\Plus-HD-8.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
Policy = "3"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
AppName = "Plus-HD-8.1-codedownloader.exe"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
AppPath = "%Program Files%\Plus-HD-8.1"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{4736d593-3374-4867-9707-30eb39a57ead}
Policy = "3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Main\FeatureControl\
FEATURE_BROWSER_EMULATION
Plus-HD-8.1-bg.exe = "1f4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
AppName = "Plus-HD-8.1-bg.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
AppPath = "%Program Files%\Plus-HD-8.1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
Policy = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
AppName = "Plus-HD-8.1-bg.exe"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
AppPath = "%Program Files%\Plus-HD-8.1"
HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{f61b834c-85c4-45e9-8a64-66c97e7621d4}
Policy = "1"
HKEY_CURRENT_USER\Software\Plus-HD-8.1
ActiveAppId = "51108"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Update
LastCheck = "53799deb"
HKEY_CURRENT_USER\Software\Crossrider
Bic = "8AB9ACB724264F98B99A3A9B2199E10EIE"
HKEY_CURRENT_USER\Software\Crossrider
Verifier = "cd26e988747c2b8ef9e05fd677345eb5"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
Time = "1400479150"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
StatsDomain = "http://stats.{BLOCKED}tsdata.com"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
ErrorsDomain = "http://errors.{BLOCKED}tsdata.com"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
CodeDownloadDomain = "http://app-static.{BLOCKED}ider.com"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
FullVersion = "1.34.1.29"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
FullVersionForUrl = "1_34_1_29"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
SrcId = "001071"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
SubId = "0"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
ZData = "0"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
DefaultBrowser = "ie"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
OsName = "XP32"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Installer
Params = "{ source_id : 001071, sub_id : 0, uzid : 0}"
HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\
IE\Profiles
S-1-5-21-1645522239-1292428093-682003330-1003 = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\
IE
TotalProfiles = "1"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
Name = "Plus-HD-8.1"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
Manifest = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
Description = "Turn YouTube videos to High Definition by default"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
PublisherName = "Plus HD"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
HomePageUrl = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
RunInFrame = "false"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
ThanksUrl = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
DisableIe = "true"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
EnableSearchIE = "false"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
Version = "8"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
UpdateInterval = "168"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
BgVersion = "1"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
AddressbarURL = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
ChangePrevious = "false"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
SetNewTab = "false"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
PublisherId = "19979"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
ModeType = "production"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
PluginsManifestVersion = "5"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
IsButtonEnabled = "false"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
UninstallerOfferUrl = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
UninstallerOfferAction = "NA"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Code
AppJavaScript = "{random characters}"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Code
BgJavaScript = "{random characters}"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
Version = "2"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
Name = "dbWrapper"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
JavaScript = "{random characters}"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
Url = "http://app-static.{BLOCKED}ider.com/plugins/mins/dbWrapper.js"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\177
Version = "2"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\177
Name = "crossriderDashboard"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\177
JavaScript = "{random characters}"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Debug
IsDebuggingPlugins = "0"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
Version = "61"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Manifest
PluginsManifestVersion = "58"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Plugins\207
Url = "http://js.{BLOCKED}staticserv.com/plugins/mins/dbWrapper.js"
HKEY_CURRENT_USER\Software\Plus-HD-8.1\
Log
plus-hd-8.1-bho = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{11111111-1111-1111-1111-110511111108}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{22222222-2222-2222-2222-220522112208}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{11111111-1111-1111-1111-110511111108}
NoExplorer = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{55555555-5555-5555-5555-550555115508}\TypeLib
Version = "1.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{66666666-6666-6666-6666-660566116608}\TypeLib
Version = "1.0"
その他
アドウェアは、以下の不正なWebサイトにアクセスします。
- http://update.{BLOCKED}tsdata.com/installer_updates/001071/update.json
- http://update.{BLOCKED}tsdata.com/installer-error.gif?{random characters}
- http://update.{BLOCKED}tsdata.com/installer.gif?{random characters}
- http://update.{BLOCKED}tsdata.com/monetization.gif?{random characters}
- http://update.{BLOCKED}tsdata.com/apps.gif?{random characters}
- http://update.{BLOCKED}tsdata.com/plugin/apps/51108/manifest/1_34_1_29/ie6/manifest.xml?ver=8&rnd=364
- http://update.{BLOCKED}tsdata.com/plugin/apps/51108/js/1_34_1_29/ie6/app_code.js?ver=61&rnd=4643
- http://update.{BLOCKED}tsdata.com/plugin/apps/51108/plugins/1_34_1_29/ie6/plugins.json?ver=58&rnd=1356
- http://js.{BLOCKED}staticserv.com/plugins/mins/tabsWrapper.js?ver=4&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/openUrl.js?ver=3&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IETimers.js?ver=5&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/appApiMessage.js?ver=3&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/appApiValidation.js?ver=5&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/CrossriderInfo.js?ver=5&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEOnRequest.js?ver=4&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEPopup.js?ver=2&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEMisc.js?ver=6&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEMessaging.js?ver=5&rnd=41
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEInternal.js?ver=9&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEExtension.js?ver=4&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEInfo.js?ver=7&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEDatabase.js?ver=5&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IECallbacks.js?ver=4&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEBrowserEvents.js?ver=6&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEAjax.js?ver=4&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie/IEBackground.js?ver=8&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/jQuery.js?ver=4&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/CrossriderUtils.js?ver=11&rnd=8467
- http://js.{BLOCKED}staticserv.com/plugins/mins/CrossriderAppUtils.js?ver=7&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/engageya_inner_m.js?ver=2&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/sl_mobile_m.js?ver=1&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/revizer_ws_dynamic_2_m.js?ver=4&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/imonomy_m.js?ver=5&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/icm_downloads_m.js?ver=2&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/dealply_no_google_m.js?ver=1&rnd=6334
- http://js.{BLOCKED}staticserv.com/{random path}?ver=6&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/icm_convertmedia_m.js?ver=25&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/icm_base_m.js?ver=8&rnd=6334
- http://js.{BLOCKED}staticserv.com/plugins/mins/hooks.js?ver=2&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/searchengines_hook.js?ver=3&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/ciuvo_m.js?ver=5&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/pops_5_m.js?ver=3&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/bpo_serp_m.js?ver=10&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/revizer_p_dynamic_m.js?ver=8&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/revizer_ws_dynamic_m.js?ver=6&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/ibario_pops_m.js?ver=3&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/intext_adv_m.js?ver=9&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/similar_web_m.js?ver=3&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/jollywallet_m.js?ver=9&rnd=6500
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/monetization/geo/intext_5_m.js?ver=8&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/dealply_m.js?ver=7&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/geo/superfish_no_coupons_m.js?ver=10&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/monetizationLoader.js?ver=46&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/monetization/setup.js?ver=9&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/resources_background.js?ver=3&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/resources.js?ver=5&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/debug.js?ver=5&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/initializer.js?ver=4&rnd=9169
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie8_fix_2.js?ver=2&rnd=5724
- http://js.{BLOCKED}staticserv.com/plugins/mins/ie8_fix_1.js?ver=2&rnd=5724
- http://js.{BLOCKED}staticserv.com/plugins/javascripts/jquery-1_7_1_min.js?ver=4&rnd=5724
- http://js.{BLOCKED}staticserv.com/plugins/mins/base.js?ver=10&rnd=5724
- {BLOCKED}175.10
- {BLOCKED}175.42
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
起動中ブラウザのウインドウを全て閉じてください。
手順 3
不明なレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- Plus-HD-8.1
- In HKEY_LOCAL_MACHINE\Software\Plus-HD-8.1
- Installer
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {4736d593-3374-4867-9707-30eb39a57ead}
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {4736d593-3374-4867-9707-30eb39a57ead}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl
- FEATURE_BROWSER_EMULATION
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {f61b834c-85c4-45e9-8a64-66c97e7621d4}
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {f61b834c-85c4-45e9-8a64-66c97e7621d4}
- In HKEY_CURRENT_USER\Software
- Plus-HD-8.1
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1
- Update
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software
- Crossrider
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1
- Installer
- In HKEY_LOCAL_MACHINE\Software\Plus-HD-8.1\IE
- Profiles
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1
- Manifest
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1
- Code
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1
- Plugins
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1\Plugins
- 207
- In HKEY_USERS\S-1-5-21-1645522239-1292428093-682003330-1003\Software\Plus-HD-8.1\Plugins
- 177
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1
- Debug
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1
- Plugins
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins
- 207
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins
- 177
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1
- Log
- In HKEY_CLASSES_ROOT
- CrossriderApp0051108.Sandbox.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.Sandbox.1
- CLSID
- In HKEY_CLASSES_ROOT
- CrossriderApp0051108.BHO.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.BHO.1
- CLSID
- In HKEY_CLASSES_ROOT
- CrossriderApp0051108.Sandbox
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.Sandbox
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.Sandbox
- CurVer
- In HKEY_CLASSES_ROOT
- CrossriderApp0051108.BHO
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.BHO
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CrossriderApp0051108.BHO
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {11111111-1111-1111-1111-110511111108}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}
- Implemented Categories
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}\Implemented Categories
- {59fb2056-d625-48d0-a944-1a85b5ab2640}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {22222222-2222-2222-2222-220522112208}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
- Programmable
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
- {44444444-4444-4444-4444-440544114408}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}
- 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}\1.0
- FLAGS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}\1.0
- 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}\1.0\0
- win32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544114408}\1.0
- HELPDIR
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {55555555-5555-5555-5555-550555115508}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {66666666-6666-6666-6666-660566116608}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}
- ProxyStubClsid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}
- TypeLib
手順 4
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- DisplayName = Plus-HD-8.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- DisplayIcon = %Program Files%\Plus-HD-8.1\utils.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- DisplayVersion = 1.34.1.29
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- Publisher = Plus HD
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- CrPublisherId = 19979
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- CrAppId = 51108
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-8.1
- UninstallString = %Program Files%\Plus-HD-8.1\Uninstall.exe /fromcontrolpanel=1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\Installer
- BundledFirefox = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\Installer
- BundledIe = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- AppName = Plus-HD-8.1-codedownloader.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- AppPath = %Program Files%\Plus-HD-8.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- Policy = 3
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- AppName = Plus-HD-8.1-codedownloader.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- AppPath = %Program Files%\Plus-HD-8.1
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4736d593-3374-4867-9707-30eb39a57ead}
- Policy = 3
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION
- Plus-HD-8.1-bg.exe = 1f4
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- AppName = Plus-HD-8.1-bg.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- AppPath = %Program Files%\Plus-HD-8.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- Policy = 1
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- AppName = Plus-HD-8.1-bg.exe
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- AppPath = %Program Files%\Plus-HD-8.1
- In HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f61b834c-85c4-45e9-8a64-66c97e7621d4}
- Policy = 1
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1
- ActiveAppId = 51108
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Update
- LastCheck = 53799deb
- In HKEY_CURRENT_USER\Software\Crossrider
- Bic = 8AB9ACB724264F98B99A3A9B2199E10EIE
- In HKEY_CURRENT_USER\Software\Crossrider
- Verifier = cd26e988747c2b8ef9e05fd677345eb5
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- Time = 1400479150
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- StatsDomain = http://stats.{BLOCKED}tsdata.com
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- ErrorsDomain = http://errors.{BLOCKED}tsdata.com
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- CodeDownloadDomain = http://app-static.{BLOCKED}ider.com
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- FullVersion = 1.34.1.29
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- FullVersionForUrl = 1_34_1_29
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- SrcId = 001071
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- SubId = 0
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- ZData = 0
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- DefaultBrowser = ie
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- OsName = XP32
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Installer
- Params = { source_id : 001071, sub_id : 0, uzid : 0}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\IE\Profiles
- S-1-5-21-1645522239-1292428093-682003330-1003 = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-8.1\IE
- TotalProfiles = 1
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- Name = Plus-HD-8.1
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- Manifest = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- Description = Turn YouTube videos to High Definition by default
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- PublisherName = Plus HD
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- HomePageUrl = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- RunInFrame = false
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- ThanksUrl = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- DisableIe = true
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- EnableSearchIE = false
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- Version = 8
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- UpdateInterval = 168
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- BgVersion = 1
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- AddressbarURL = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- ChangePrevious = false
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- SetNewTab = false
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- PublisherId = 19979
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- ModeType = production
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- PluginsManifestVersion = 5
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- IsButtonEnabled = false
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- UninstallerOfferUrl = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- UninstallerOfferAction = NA
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Code
- AppJavaScript = {random characters}
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Code
- BgJavaScript = {random characters}
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\207
- Version = 2
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\207
- Name = dbWrapper
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\207
- JavaScript = {random characters}
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\207
- Url = http://app-static.{BLOCKED}ider.com/plugins/mins/dbWrapper.js
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\177
- Version = 2
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\177
- Name = crossriderDashboard
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\177
- JavaScript = {random characters}
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Debug
- IsDebuggingPlugins = 0
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- Version = 61
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Manifest
- PluginsManifestVersion = 58
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Plugins\207
- Url = http://js.{BLOCKED}staticserv.com/plugins/mins/dbWrapper.js
- In HKEY_CURRENT_USER\Software\Plus-HD-8.1\Log
- plus-hd-8.1-bho = 0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110511111108}\InprocServer32
- ThreadingModel = Apartment
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522112208}\InprocServer32
- ThreadingModel = Apartment
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511111108}
- NoExplorer = 1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555115508}\TypeLib
- Version = 1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566116608}\TypeLib
- Version = 1.0
手順 5
以下のフォルダを検索し削除します。
- %User Temp%\{random 1}.tmp
- %User Temp%\{random 2}.tmp
- %Program Files%\Plus-HD-8.1
手順 6
以下のファイルを検索し削除します。
- %User Temp%\Plus-HD-8.1Installer_{10 digits}.log
- %Windows%\Tasks\Plus-HD-8.1-codedownloader.job
- %Windows%\Tasks\Plus-HD-8.1-enabler.job
- %Windows%\Tasks\Plus-HD-8.1-firefoxinstaller.job
- %Windows%\Tasks\Plus-HD-8.1-updater.job
- %Windows%\Tasks\temp_Plus-HD-8.1-enabler.job
手順 7
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「ADW_PLUSHED」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
ご利用はいかがでしたか? アンケートにご協力ください