Adware.Win32.OpenCandy.GISFM

2019年4月12日

解析者: John Anthony Banes

別名:

Adware/OpenCandy (Fortinet); AdWare.Win32.OpenCandy (Ikarus); Win32/OpenCandy (NOD32)

プラットフォーム:

Windows

危険度:

ダメージ度:

感染力:

感染確認数:

情報漏えい:

マルウェアタイプ:
アドウェア
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい

概要

アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。アドウェアは、ユーザの手動インストールにより、コンピュータに侵入します。

詳細

ファイルサイズ 4,997,432 bytes

タイプ EXE

メモリ常駐なし

発見日 2019年4月10日

侵入方法

アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。

アドウェアは、ユーザの手動インストールにより、コンピュータに侵入します。

インストール

アドウェアは、以下のフォルダを追加します。

%AppDataLocalLow%\IEPro
%Program Files%\IEPro
%Program Files%\IEPro\language
%Program Files%\IEPro\language\MiniDM
%Program Files%\IEPro\modules
%Program Files%\IEPro\plugins
%Program Files%\IEPro\plugins\accuweather
%Program Files%\IEPro\plugins\accuweather\css
%Program Files%\IEPro\plugins\accuweather\images
%Program Files%\IEPro\plugins\accuweather\js
%Program Files%\IEPro\plugins\searchstatus
%Program Files%\IEPro\plugins\serverinfo
%Program Files%\IEPro\spelldic
%Program Files%\IEPro\spelldic\en_US
%Program Files%\IEPro\userscripts
%User Temp%\ns{random}.tmp

(註：%AppDataLocalLow%フォルダは、LocalLow アプリケーションデータフォルダです。Windows Vista、7、8の場合、通常 "C:\Users\＜ユーザ名＞\AppData\LocalLow" です。. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。Windows 2000、Server 2003、XP（32-bit）,Vista（32-bit）、7（32-bit）、8（32-bit）の場合、通常 "C:\Program Files"です。また、Windows XP（64-bit）、Vista（64-bit）、7（64-bit）、8（64-bit）の場合、通常 "C:\Program Files（x86）" です。. %User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000、XP、Server 2003の場合、通常 "C:\Documents and Settings\＜ユーザー名＞\Local Settings\Temp"です。また、Windows Vista、7、8の場合、通常 "C:\Users\＜ユーザ名＞\AppData\Local\Temp" です。)

アドウェアは、以下のファイルを作成します。

%User Temp%\ns{random}.tmp
%User Temp%\ns{random}.tmp\LangDLL.dll
%User Temp%\ns{random}.tmp\System.dll
%User Temp%\ns{random}.tmp\ioSpecial.ini
%User Temp%\ns{random}.tmp\modern-wizard.bmp
%User Temp%\ns{random}.tmp\InstallOptions.dll
%User Temp%\ns{random}.tmp\nsDialogs.dll
%User Temp%\ns{random}.tmp\saction.dll
%AppDataLocalLow%\IEPro\conf.ini
%AppDataLocalLow%\IEPro\module.ini
%User Temp%\ns{random}.tmp\PGSetupHlp.dll
%Program Files%\IEPro\IEProRecorder.dll
%Program Files%\IEPro\winfile.dll
%Program Files%\IEPro\GrabKernel.dll
%Program Files%\IEPro\filter.ini
%Program Files%\IEPro\IEPro.dll
%Program Files%\IEPro\IEProCx.exe
%Program Files%\IEPro\IEProRs.dll
%Program Files%\IEPro\IEProRes.dll
%Program Files%\IEPro\IEProFrm.dll
%Program Files%\IEPro\ProgSenseSetup.exe
%Program Files%\IEPro\language\proara.ini
%Program Files%\IEPro\language\probel.ini
%Program Files%\IEPro\language\probgr.ini
%Program Files%\IEPro\language\prochs.ini
%Program Files%\IEPro\language\procht.ini
%Program Files%\IEPro\language\procsy.ini
%Program Files%\IEPro\language\prodan.ini
%Program Files%\IEPro\language\prodeu.ini
%Program Files%\IEPro\language\proell.ini
%Program Files%\IEPro\language\proeng.ini
%Program Files%\IEPro\language\proesm.ini
%Program Files%\IEPro\language\proesp.ini
%Program Files%\IEPro\language\profar.ini
%Program Files%\IEPro\language\profin.ini
%Program Files%\IEPro\language\profra.ini
%Program Files%\IEPro\language\proheb.ini
%Program Files%\IEPro\language\prohun.ini
%Program Files%\IEPro\language\proita.ini
%Program Files%\IEPro\language\projpn.ini
%Program Files%\IEPro\language\prokor.ini
%Program Files%\IEPro\language\prolth.ini
%Program Files%\IEPro\language\pronld.ini
%Program Files%\IEPro\language\pronor.ini
%Program Files%\IEPro\language\proplk.ini
%Program Files%\IEPro\language\proptb.ini
%Program Files%\IEPro\language\proptg.ini
%Program Files%\IEPro\language\prorom.ini
%Program Files%\IEPro\language\prorus.ini
%Program Files%\IEPro\language\prosky.ini
%Program Files%\IEPro\language\proslv.ini
%Program Files%\IEPro\language\prosqi.ini
%Program Files%\IEPro\language\prosrl.ini
%Program Files%\IEPro\language\prosve.ini
%Program Files%\IEPro\language\protha.ini
%Program Files%\IEPro\language\protrk.ini
%Program Files%\IEPro\language\proukr.ini
%Program Files%\IEPro\language\provit.ini
%Program Files%\IEPro\language\MiniDM\mdmara.ini
%Program Files%\IEPro\language\MiniDM\mdmbgr.ini
%Program Files%\IEPro\language\MiniDM\mdmchs.ini
%Program Files%\IEPro\language\MiniDM\mdmcht.ini
%Program Files%\IEPro\language\MiniDM\mdmcsy.ini
%Program Files%\IEPro\language\MiniDM\mdmdan.ini
%Program Files%\IEPro\language\MiniDM\mdmdeu.ini
%Program Files%\IEPro\language\MiniDM\mdmell.ini
%Program Files%\IEPro\language\MiniDM\mdmeng.ini
%Program Files%\IEPro\language\MiniDM\mdmesp.ini
%Program Files%\IEPro\language\MiniDM\mdmfar.ini
%Program Files%\IEPro\language\MiniDM\mdmfin.ini
%Program Files%\IEPro\language\MiniDM\mdmfra.ini
%Program Files%\IEPro\language\MiniDM\mdmheb.ini
%Program Files%\IEPro\language\MiniDM\mdmhun.ini
%Program Files%\IEPro\language\MiniDM\mdmita.ini
%Program Files%\IEPro\language\MiniDM\mdmjpn.ini
%Program Files%\IEPro\language\MiniDM\mdmkor.ini
%Program Files%\IEPro\language\MiniDM\mdmnld.ini
%Program Files%\IEPro\language\MiniDM\mdmnor.ini
%Program Files%\IEPro\language\MiniDM\mdmplk.ini
%Program Files%\IEPro\language\MiniDM\mdmptb.ini
%Program Files%\IEPro\language\MiniDM\mdmrom.ini
%Program Files%\IEPro\language\MiniDM\mdmrus.ini
%Program Files%\IEPro\language\MiniDM\mdmsky.ini
%Program Files%\IEPro\language\MiniDM\mdmslv.ini
%Program Files%\IEPro\language\MiniDM\mdmsqi.ini
%Program Files%\IEPro\language\MiniDM\mdmsve.ini
%Program Files%\IEPro\language\MiniDM\mdmtha.ini
%Program Files%\IEPro\language\MiniDM\mdmtrk.ini
%Program Files%\IEPro\lgpl.txt
%Program Files%\IEPro\ProEula.txt
%Program Files%\IEPro\readme.txt
%Program Files%\IEPro\MiniDM.exe
%Program Files%\IEPro\modules\adblock.dll
%Program Files%\IEPro\modules\autoform.dll
%Program Files%\IEPro\modules\basemod.dll
%Program Files%\IEPro\modules\downmod.dll
%Program Files%\IEPro\modules\fasterie.dll
%Program Files%\IEPro\modules\findbar.dll
%Program Files%\IEPro\modules\ie6mod.dll
%Program Files%\IEPro\modules\iecleaner.dll
%Program Files%\IEPro\modules\iescript.dll
%Program Files%\IEPro\modules\liveserv.dll
%Program Files%\IEPro\modules\singleie.dll
%Program Files%\IEPro\modules\spellchk.dll
%Program Files%\IEPro\modules\adblock.ini
%Program Files%\IEPro\modules\autoform.ini
%Program Files%\IEPro\modules\basemod.ini
%Program Files%\IEPro\modules\downmod.ini
%Program Files%\IEPro\modules\fasterie.ini
%Program Files%\IEPro\modules\findbar.ini
%Program Files%\IEPro\modules\ie6mod.ini
%Program Files%\IEPro\modules\iecleaner.ini
%Program Files%\IEPro\modules\iescript.ini
%Program Files%\IEPro\modules\liveserv.ini
%Program Files%\IEPro\modules\singleie.ini
%Program Files%\IEPro\modules\spellchk.ini
%Program Files%\IEPro\plugins\accuweather\css\findLocation.chs.css
%Program Files%\IEPro\plugins\accuweather\css\findLocation.css
%Program Files%\IEPro\plugins\accuweather\findLocation.chs.html
%Program Files%\IEPro\plugins\accuweather\findLocation.eng.html
%Program Files%\IEPro\plugins\accuweather\plugin.js
%Program Files%\IEPro\plugins\accuweather\images\01.png
%Program Files%\IEPro\plugins\accuweather\images\02.png
%Program Files%\IEPro\plugins\accuweather\images\03.png
%Program Files%\IEPro\plugins\accuweather\images\04.png
%Program Files%\IEPro\plugins\accuweather\images\05.png
%Program Files%\IEPro\plugins\accuweather\images\06.png
%Program Files%\IEPro\plugins\accuweather\images\07.png
%Program Files%\IEPro\plugins\accuweather\images\08.png
%Program Files%\IEPro\plugins\accuweather\images\11.png
%Program Files%\IEPro\plugins\accuweather\images\12.png
%Program Files%\IEPro\plugins\accuweather\images\13.png
%Program Files%\IEPro\plugins\accuweather\images\14.png
%Program Files%\IEPro\plugins\accuweather\images\15.png
%Program Files%\IEPro\plugins\accuweather\images\16.png
%Program Files%\IEPro\plugins\accuweather\images\17.png
%Program Files%\IEPro\plugins\accuweather\images\18.png
%Program Files%\IEPro\plugins\accuweather\images\19.png
%Program Files%\IEPro\plugins\accuweather\images\20.png
%Program Files%\IEPro\plugins\accuweather\images\21.png
%Program Files%\IEPro\plugins\accuweather\images\22.png
%Program Files%\IEPro\plugins\accuweather\images\23.png
%Program Files%\IEPro\plugins\accuweather\images\24.png
%Program Files%\IEPro\plugins\accuweather\images\25.png
%Program Files%\IEPro\plugins\accuweather\images\26.png
%Program Files%\IEPro\plugins\accuweather\images\29.png
%Program Files%\IEPro\plugins\accuweather\images\30.png
%Program Files%\IEPro\plugins\accuweather\images\31.png
%Program Files%\IEPro\plugins\accuweather\images\32.png
%Program Files%\IEPro\plugins\accuweather\images\33.png
%Program Files%\IEPro\plugins\accuweather\images\34.png
%Program Files%\IEPro\plugins\accuweather\images\35.png
%Program Files%\IEPro\plugins\accuweather\images\36.png
%Program Files%\IEPro\plugins\accuweather\images\37.png
%Program Files%\IEPro\plugins\accuweather\images\38.png
%Program Files%\IEPro\plugins\accuweather\images\39.png
%Program Files%\IEPro\plugins\accuweather\images\40.png
%Program Files%\IEPro\plugins\accuweather\images\41.png
%Program Files%\IEPro\plugins\accuweather\images\42.png
%Program Files%\IEPro\plugins\accuweather\images\43.png
%Program Files%\IEPro\plugins\accuweather\images\44.png
%Program Files%\IEPro\plugins\accuweather\images\flag.png
%Program Files%\IEPro\plugins\accuweather\images\magnify.gif
%Program Files%\IEPro\plugins\accuweather\js\findLocation.js
%Program Files%\IEPro\plugins\accuweather\findLocation.chs.html
%Program Files%\IEPro\plugins\accuweather\findLocation.eng.html
%Program Files%\IEPro\plugins\accuweather\plugin.js
%Program Files%\IEPro\plugins\searchstatus\plugin.js
%Program Files%\IEPro\plugins\serverinfo\plugin.js
%Program Files%\IEPro\spelldic\en_US\README_en_US.txt
%Program Files%\IEPro\spelldic\en_US\en_US.aff
%Program Files%\IEPro\spelldic\en_US\en_US.dic
%Program Files%\IEPro\spelldic\WordNet_license.txt
%Program Files%\IEPro\userscripts\BookBurro.ieuser.js
%Program Files%\IEPro\userscripts\DownloadVideo.ieuser.js
%Program Files%\IEPro\userscripts\FlickrRichEdit.ieuser.js
%Program Files%\IEPro\userscripts\GMailCssSkin.ieuser.js
%Program Files%\IEPro\userscripts\GoogleBlogSearch.ieuser.js
%Program Files%\IEPro\userscripts\GoogleImagesNF.ieuser.js
%Program Files%\IEPro\userscripts\GoogleLinkPreview.ieuser.js
%Program Files%\IEPro\userscripts\GoogleX.ieuser.js
%Program Files%\IEPro\userscripts\MyspaceCustomStyleRemover.ieuser.js
%Program Files%\IEPro\userscripts\MyspaceNotifier.ieuser.js
%Program Files%\IEPro\userscripts\RSS+AtomFeedSubscribeButtonGenerator.ieuser.js
%Program Files%\IEPro\userscripts\ShowPasswordOnMouseOver.ieuser.js
%Program Files%\IEPro\userscripts\YoutubeDarkGrayRedesign.ieuser.js
%Program Files%\IEPro\userscripts\YoutubeResizer.ieuser.js
%Program Files%\IEPro\userscripts\YoutubeVideoDownload.ieuser.js
%Program Files%\IEPro\uninst.exe
%Program Files%\IEPro\Lang.ini
%Program Files%\IEPro\mdmlang.ini

(註：%User Temp%フォルダは、現在ログオンしているユーザの一時フォルダです。Windows 2000、XP、Server 2003の場合、通常 "C:\Documents and Settings\＜ユーザー名＞\Local Settings\Temp"です。また、Windows Vista、7、8の場合、通常 "C:\Users\＜ユーザ名＞\AppData\Local\Temp" です。. %AppDataLocalLow%フォルダは、LocalLow アプリケーションデータフォルダです。Windows Vista、7、8の場合、通常 "C:\Users\＜ユーザ名＞\AppData\LocalLow" です。. %Program Files%フォルダは、デフォルトのプログラムファイルフォルダです。Windows 2000、Server 2003、XP（32-bit）,Vista（32-bit）、7（32-bit）、8（32-bit）の場合、通常 "C:\Program Files"です。また、Windows XP（64-bit）、Vista（64-bit）、7（64-bit）、8（64-bit）の場合、通常 "C:\Program Files（x86）" です。)

他のシステム変更

アドウェアは、以下のレジストリキーを追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\IE7Pro.DLL

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
PreApproved\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar.1\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar\CLSID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar\CurVer

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\VersionIndependentProgID

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Programmable

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\InprocServer32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Ext\Settings

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Ext\Settings\
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Ext\Settings\
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Flags

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Implemented Categories

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Implemented Categories\
{7DD95801-9882-11CF-9FA9-00AA006C42C4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Implemented Categories\
{7DD95802-9882-11CF-9FA9-00AA006C42C4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
FLAGS

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
0\win32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
HELPDIR

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\ProxyStubClsid

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\ProxyStubClsid32

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\TypeLib

HKEY_LOCAL_MACHINE\SOFTWARE\IEPro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{64374705-AFDE-4dec-AA16-3614F1A53F54}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{646D40CB-9519-4690-8CF8-111F78D5AC5A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
IEProCx.exe

アドウェアは、以下のレジストリ値を追加します。

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{01815C98-84B5-4D03-A402-9558B43950EA}
(Default) = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\IE7Pro.DLL
AppID = {01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho.1
(Default) = IE7Pro BHO

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho.1\CLSID
(Default) = {00011268-E188-40DF-A514-835FCD78B1BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho
(Default) = IE7Pro BHO

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho\CLSID
(Default) = {00011268-E188-40DF-A514-835FCD78B1BF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.IEbho\CurVer
(Default) = IE7Pro.IEbho.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}
(Default) = IE7Pro BHO

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\ProgID
(Default) = IE7Pro.IEbho.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\VersionIndependentProgID
(Default) = IE7Pro.IEbho

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32
(Default) = %Program Files%\IEPro\iepro.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}
AppID = {01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}
(Default) = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr.1
(Default) = CustomDlMgr Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr.1\CLSID
(Default) = {E173AFB2-5B1E-481C-9A76-82F60D0A21D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr
(Default) = CustomDlMgr Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr\CLSID
(Default) = {E173AFB2-5B1E-481C-9A76-82F60D0A21D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.CustomDlMgr\CurVer
(Default) = IE7Pro.CustomDlMgr.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}
(Default) = CustomDlMgr Class

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\ProgID
(Default) = IE7Pro.CustomDlMgr.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\VersionIndependentProgID
(Default) = IE7Pro.CustomDlMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\InprocServer32
(Default) = %Program Files%\IEPro\iepro.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}
AppID = {01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{E173AFB2-5B1E-481C-9A76-82F60D0A21D4}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer
DownloadUI = {E173AFB2-5B1E-481C-9A76-82F60D0A21D4}

HKEY_CURRENT_USER\Software\Microsoft\
Internet Explorer
DownloadUI = {E173AFB2-5B1E-481C-9A76-82F60D0A21D4}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn.1
(Default) = IE7Pro GrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn.1\CLSID
(Default) = {CD275D4E-791A-4993-9D4D-6A071EDD2709}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn
(Default) = IE7Pro GrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn\CLSID
(Default) = {CD275D4E-791A-4993-9D4D-6A071EDD2709}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.GrabDragBtn\CurVer
(Default) = IE7Pro.GrabDragBtn.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}
(Default) = IE7Pro GrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\ProgID
(Default) = IE7Pro.GrabDragBtn.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\VersionIndependentProgID
(Default) = IE7Pro.GrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\InprocServer32
(Default) = %Program Files%\IEPro\iepro.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}
AppID = {01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{CD275D4E-791A-4993-9D4D-6A071EDD2709}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
(Default) = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
CLSID = {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
ClsidExtension = {CD275D4E-791A-4993-9D4D-6A071EDD2709}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
ButtonText = IE7Pro Grab and Drag

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
MenuText = IE7Pro Grab and Drag

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
MenuStatusBar = IE7Pro Grab and Drag

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
Icon = %Program Files%\IEPro\iepro.dll,309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
HotIcon = %Program Files%\IEPro\iepro.dll,309

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
MenuCustomize = Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{000002a3-84fe-43f1-b958-f2c3ca804f1a}
Default Visible = yes

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt.1
(Default) = IE7Pro ToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt.1\CLSID
(Default) = {B119EB0C-C021-46CF-85B0-34A760E0D5FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt
(Default) = IE7Pro ToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt\CLSID
(Default) = {B119EB0C-C021-46CF-85B0-34A760E0D5FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
IE7Pro.ToolsExt\CurVer
(Default) = IE7Pro.ToolsExt.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}
(Default) = IE7Pro ToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\ProgID
(Default) = IE7Pro.ToolsExt.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\VersionIndependentProgID
(Default) = IE7Pro.ToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\InprocServer32
(Default) = %Program Files%\IEPro\iepro.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}
AppID = {01815C98-84B5-4D03-A402-9558B43950EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
(Default) = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
CLSID = {1FBA04EE-3024-11D2-8F1F-0000F87ABD16}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
ClsidExtension = {B119EB0C-C021-46CF-85B0-34A760E0D5FE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
ButtonText = IE7Pro Preferences

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
MenuText = IE7Pro Preferences

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
MenuStatusBar = IE7Pro Preferences

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
Icon = %Program Files%\IEPro\iepro.dll,201

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
HotIcon = %Program Files%\IEPro\iepro.dll,201

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
MenuCustomize = Tools

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Extensions\{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}
Default Visible = yes

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
PreApproved\{B119EB0C-C021-46CF-85B0-34A760E0D5FE}
(Default) = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0
(Default) = IE7Pro 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
0\win32
(Default) = %Program Files%\IEPro\iepro.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{547E3434-7CF2-4805-9CEE-53624610D9C7}\1.0\
HELPDIR
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}
(Default) = IIEbho

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{D56C2004-5A52-457A-BDDA-593AACA5A89E}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}
(Default) = IToolsExt

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{16C19134-8270-4334-B138-D8F68348D495}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}
(Default) = ICustomDlMgr

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{41893377-3483-43D4-9D56-C7A3C0D50A15}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}
(Default) = IGrabDragBtn

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\TypeLib
(Default) = {547E3434-7CF2-4805-9CEE-53624610D9C7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{4D42430E-D458-410B-B863-14EE88FC7983}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar.1
(Default) = Grab Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar.1\CLSID
(Default) = {C55BBCD6-41AD-48AD-9953-3609C48EACC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar
(Default) = Grab Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar\CLSID
(Default) = {C55BBCD6-41AD-48AD-9953-3609C48EACC7}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
GrabPro.FindBar\CurVer
(Default) = GrabPro.FindBar.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}
(Default) = Grab Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\ProgID
(Default) = GrabPro.FindBar.1

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\VersionIndependentProgID
(Default) = GrabPro.FindBar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\InprocServer32
(Default) = %Program Files%\IEPro\IEProRecorder.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\InprocServer32
ThreadingModel = Apartment

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\TypeLib
(Default) = {8091D09E-B01D-4D32-AC66-BBF8916BB1CF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SOFTWARE\Microsoft\Windows\
CurrentVersion\Ext\Settings\
{C55BBCD6-41AD-48AD-9953-3609C48EACC7}\Flags
(Default) = 4

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0
(Default) = Grab Pro 1.0 Type Library

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
FLAGS
(Default) = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
0\win32
(Default) = %Program Files%\IEPro\IEProRecorder.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
TypeLib\{8091D09E-B01D-4D32-AC66-BBF8916BB1CF}\1.0\
HELPDIR
(Default) = ""

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}
(Default) = IFindBar

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\ProxyStubClsid
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\ProxyStubClsid32
(Default) = {00020424-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\TypeLib
(Default) = {8091D09E-B01D-4D32-AC66-BBF8916BB1CF}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{B04D1BFE-5C70-4AB2-97A1-342A470F0862}\TypeLib
Version = 1.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
IEProCx.exe
(Default) = %Program Files%\IEPro\IEProCx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\IEPro
path = %Program Files%\IEPro\

HKEY_LOCAL_MACHINE\SOFTWARE\IEPro
ShowGrabPro = 1

HKEY_LOCAL_MACHINE\SOFTWARE\IEPro
ver = 2.5.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
DisplayName = IE7Pro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
UninstallString = %Program Files%\IEPro\uninst.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
DisplayIcon = %Program Files%\IEPro\IEProCx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
DisplayVersion = 2.5.1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
URLInfoAbout = http://www.i{BLOCKED}.com

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
Publisher = IE7Pro Team

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%Program Files%\IEPro\MiniDM.exe = %Program Files%\IEPro\MiniDM.exe:*:Enabled:MiniDM

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{64374705-AFDE-4dec-AA16-3614F1A53F54}
AppName = IEProCx.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{64374705-AFDE-4dec-AA16-3614F1A53F54}
AppPath = %Program Files%\IEPro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{64374705-AFDE-4dec-AA16-3614F1A53F54}
Policy = 3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{646D40CB-9519-4690-8CF8-111F78D5AC5A}
AppName = MiniDM.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{646D40CB-9519-4690-8CF8-111F78D5AC5A}
AppPath = %Program Files%\IEPro

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{646D40CB-9519-4690-8CF8-111F78D5AC5A}
Policy = 3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
IE7Pro
NSIS:Language = 1041

その他

アドウェアは、以下の不正なWebサイトにアクセスします。

http://www.{BLOCKED}o.com/firstrun

対応方法

対応検索エンジン: 9.850

SSAPI パターンバージョン: 2.163.00

SSAPI パターンリリース日: 2019年4月4日

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

このマルウェアもしくはアドウェア等の実行により、手順中に記載されたすべてのファイル、フォルダおよびレジストリキーや値がコンピュータにインストールされるとは限りません。インストールが不完全である場合の他、オペレーティングシステム（OS）の条件によりインストールがされない場合が考えられます。手順中に記載されたファイル／フォルダ／レジストリ情報が確認されない場合、該当の手順の操作は不要ですので、次の手順に進んでください。

手順 3

「Adware.Win32.OpenCandy.GISFM」で検出したファイル名を確認し、そのファイルを終了します。

[ 詳細 ]

すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
セーフモードについては、こちらをご参照下さい。
検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 4

自身のアンインストールオプションを使用し、「Adware.Win32.OpenCandy.GISFM」を削除します。

[ 詳細 ]

マルウェアのプロセスの削除

手順 5

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「Adware.Win32.OpenCandy.GISFM」と検出したファイルはすべて削除してください。検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

ご利用はいかがでしたか？　アンケートにご協力ください

Adware.Win32.OpenCandy.GISFM

概要

詳細

対応方法

リソース

サポート

会社概要

東京本社

Adware.Win32.OpenCandy.GISFM

概要

詳細

対応方法

リソース

サポート

会社概要

東京本社

The Americas

Asia Pacific

Europe, Middle East & Africa