TROJ_BRDLAB.SMEP
TrojanDropper:Win32/Agent.BAD (Microsoft); BackDoor-CEP!b2z (McAfee); Backdoor.Bifrose!gen (Symantec); ARC:MoleboxUltra, [STELPACK]:Backdoor.Win32.Rbot.hyj (Kaspersky); Packed.Win32.Rebhip.a (v) (Sunbelt); Trojan:W32/Agent.DQKQ (FSecure)
Windows 2000, Windows XP, Windows Server 2003
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のフォルダを作成します。
- %System%\driver
(註:%System%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では "C:\Windows\System32" です。)
自動実行方法
マルウェアは、自身のコピーがWindows起動時に自動実行されるよう以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
stubpath = "%System%\driver\adv9nt5.dll.exe s"
他のシステム変更
マルウェアは、以下のレジストリキーを追加します。
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
HKEY_CURRENT_USER\SOFTWARE\Bifrost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\MediaResources\msvideo
マルウェアは、以下のレジストリ値を追加します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
GlobalUserOffline = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Temp%\server.exe = "%User Temp%\server.exe:*:Enabled:ipsec"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
1768776769 = "f5"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
-757413758 = "0"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
1011363011 = "0"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
-1514827516 = "23"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
253949253 = "151"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
2022726022 = "{random characters}"
HKEY_CURRENT_USER\Software\Administrator914\
-993627007
-503464505 = "{random characters}"
HKEY_CURRENT_USER\Software\Administrator914
A1_0 = "12da4c5e"
HKEY_CURRENT_USER\Software\Administrator914
A2_0 = "6cf"
HKEY_CURRENT_USER\Software\Administrator914
A3_0 = "136641"
HKEY_CURRENT_USER\Software\Administrator914
A4_0 = "0"
HKEY_CURRENT_USER\Software\Administrator914
A1_1 = "b1a3281f"
HKEY_CURRENT_USER\Software\Administrator914
A2_1 = "696d628e"
HKEY_CURRENT_USER\Software\Administrator914
A3_1 = "686e2"
HKEY_CURRENT_USER\Software\Administrator914
A4_1 = "696d6441"
HKEY_CURRENT_USER\Software\Administrator914
A1_2 = "e817f34b"
HKEY_CURRENT_USER\Software\Administrator914
A2_2 = "d2dadaa8"
HKEY_CURRENT_USER\Software\Administrator914
A3_2 = "d3d9aec3"
HKEY_CURRENT_USER\Software\Administrator914
A4_2 = "d2dac882"
HKEY_CURRENT_USER\Software\Administrator914
A1_3 = "be249eea"
HKEY_CURRENT_USER\Software\Administrator914
A2_3 = "3c483ac1"
HKEY_CURRENT_USER\Software\Administrator914
A3_3 = "3d4b4a82"
HKEY_CURRENT_USER\Software\Administrator914
A4_3 = "3c482cc3"
HKEY_CURRENT_USER\Software\Administrator914
A1_4 = "9da66f66"
HKEY_CURRENT_USER\Software\Administrator914
A2_4 = "a5b587"
HKEY_CURRENT_USER\Software\Administrator914
A3_4 = "a4b6f745"
HKEY_CURRENT_USER\Software\Administrator914
A4_4 = "a5b5914"
HKEY_CURRENT_USER\Software\Administrator914
A1_5 = "ebcca4b"
HKEY_CURRENT_USER\Software\Administrator914
A2_5 = "f22ed57"
HKEY_CURRENT_USER\Software\Administrator914
A3_5 = "e21934"
HKEY_CURRENT_USER\Software\Administrator914
A4_5 = "f22f545"
HKEY_CURRENT_USER\Software\Administrator914
A1_6 = "c3ec8fa8"
HKEY_CURRENT_USER\Software\Administrator914
A2_6 = "7894cfa"
HKEY_CURRENT_USER\Software\Administrator914
A3_6 = "79933fc7"
HKEY_CURRENT_USER\Software\Administrator914
A4_6 = "7895986"
HKEY_CURRENT_USER\Software\Administrator914
A1_7 = "971899b"
HKEY_CURRENT_USER\Software\Administrator914
A2_7 = "e1fda8e"
HKEY_CURRENT_USER\Software\Administrator914
A3_7 = "efedb86"
HKEY_CURRENT_USER\Software\Administrator914
A4_7 = "e1fdbdc7"
HKEY_CURRENT_USER\Software\Administrator914
A1_8 = "aea4957"
HKEY_CURRENT_USER\Software\Administrator914
A2_8 = "4b6b37b5"
HKEY_CURRENT_USER\Software\Administrator914
A3_8 = "4a684449"
HKEY_CURRENT_USER\Software\Administrator914
A4_8 = "4b6b228"
HKEY_CURRENT_USER\Software\Administrator914
A1_9 = "a3a7621"
HKEY_CURRENT_USER\Software\Administrator914
A2_9 = "b4d899e6"
HKEY_CURRENT_USER\Software\Administrator914
A3_9 = "b5dbe8"
HKEY_CURRENT_USER\Software\Administrator914
A4_9 = "b4d88649"
HKEY_CURRENT_USER\Software\Administrator914
A1_10 = "faa8c6d3"
HKEY_CURRENT_USER\Software\Administrator914
A2_10 = "1e45fc88"
HKEY_CURRENT_USER\Software\Administrator914
A3_10 = "1f468ccb"
HKEY_CURRENT_USER\Software\Administrator914
A4_10 = "1e45ea8a"
HKEY_CURRENT_USER\Software\Administrator914
A1_11 = "67db294"
HKEY_CURRENT_USER\Software\Administrator914
A2_11 = "87b355ad"
HKEY_CURRENT_USER\Software\Administrator914
A3_11 = "86b288a"
HKEY_CURRENT_USER\Software\Administrator914
A4_11 = "87b34ecb"
HKEY_CURRENT_USER\Software\Administrator914
A1_12 = "e72d9c13"
HKEY_CURRENT_USER\Software\Administrator914
A2_12 = "f12a8f4"
HKEY_CURRENT_USER\Software\Administrator914
A3_12 = "f23d54d"
HKEY_CURRENT_USER\Software\Administrator914
A4_12 = "f12b3c"
HKEY_CURRENT_USER\Software\Administrator914
A1_13 = "3b283"
HKEY_CURRENT_USER\Software\Administrator914
A2_13 = "5a8e225"
HKEY_CURRENT_USER\Software\Administrator914
A3_13 = "5b8d71c"
HKEY_CURRENT_USER\Software\Administrator914
A4_13 = "5a8e174d"
HKEY_CURRENT_USER\Software\Administrator914
A1_14 = "19daacd7"
HKEY_CURRENT_USER\Software\Administrator914
A2_14 = "c3fb6941"
HKEY_CURRENT_USER\Software\Administrator914
A3_14 = "c2f81dcf"
HKEY_CURRENT_USER\Software\Administrator914
A4_14 = "c3fb7b8e"
HKEY_CURRENT_USER\Software\Administrator914
A1_15 = "4373a38"
HKEY_CURRENT_USER\Software\Administrator914
A2_15 = "2d68cc93"
HKEY_CURRENT_USER\Software\Administrator914
A3_15 = "2c6bb98e"
HKEY_CURRENT_USER\Software\Administrator914
A4_15 = "2d68dfcf"
HKEY_CURRENT_USER\Software\Administrator914
A1_16 = "8df495d"
HKEY_CURRENT_USER\Software\Administrator914
A2_16 = "96d651f4"
HKEY_CURRENT_USER\Software\Administrator914
A3_16 = "97d52251"
HKEY_CURRENT_USER\Software\Administrator914
A4_16 = "96d6441"
HKEY_CURRENT_USER\Software\Administrator914
A1_17 = "c277c27"
HKEY_CURRENT_USER\Software\Administrator914
A2_17 = "43bf9"
HKEY_CURRENT_USER\Software\Administrator914
A3_17 = "14ce1"
HKEY_CURRENT_USER\Software\Administrator914
A4_17 = "43a851"
HKEY_CURRENT_USER\Software\Administrator914
A1_18 = "2498292c"
HKEY_CURRENT_USER\Software\Administrator914
A2_18 = "69b11fc2"
HKEY_CURRENT_USER\Software\Administrator914
A3_18 = "68b26ad3"
HKEY_CURRENT_USER\Software\Administrator914
A4_18 = "69b1c92"
HKEY_CURRENT_USER\Software\Administrator914
A1_19 = "749e3963"
HKEY_CURRENT_USER\Software\Administrator914
A2_19 = "d31e68c1"
HKEY_CURRENT_USER\Software\Administrator914
A3_19 = "d21d1692"
HKEY_CURRENT_USER\Software\Administrator914
A4_19 = "d31e7d3"
HKEY_CURRENT_USER\Software\Administrator914
A1_20 = "68cd4caa"
HKEY_CURRENT_USER\Software\Administrator914
A2_20 = "3c8bc2d1"
HKEY_CURRENT_USER\Software\Administrator914
A3_20 = "3d88b355"
HKEY_CURRENT_USER\Software\Administrator914
A4_20 = "3c8bd514"
HKEY_CURRENT_USER\Software\Administrator914
A1_21 = "6b6612c"
HKEY_CURRENT_USER\Software\Administrator914
A2_21 = "a5f922ad"
HKEY_CURRENT_USER\Software\Administrator914
A3_21 = "a4fa5f14"
HKEY_CURRENT_USER\Software\Administrator914
A4_21 = "a5f93955"
HKEY_CURRENT_USER\Software\Administrator914
A1_22 = "5322edcb"
HKEY_CURRENT_USER\Software\Administrator914
A2_22 = "f668ec6"
HKEY_CURRENT_USER\Software\Administrator914
A3_22 = "e65fbd7"
HKEY_CURRENT_USER\Software\Administrator914
A4_22 = "f669d96"
HKEY_CURRENT_USER\Software\Administrator914
A1_23 = "37bf759b"
HKEY_CURRENT_USER\Software\Administrator914
A2_23 = "78d4181a"
HKEY_CURRENT_USER\Software\Administrator914
A3_23 = "79d76796"
HKEY_CURRENT_USER\Software\Administrator914
A4_23 = "78d41d7"
HKEY_CURRENT_USER\Software\Administrator914
A1_24 = "3692caa"
HKEY_CURRENT_USER\Software\Administrator914
A2_24 = "e2417258"
HKEY_CURRENT_USER\Software\Administrator914
A3_24 = "e34259"
HKEY_CURRENT_USER\Software\Administrator914
A4_24 = "e2416618"
HKEY_CURRENT_USER\Software\Administrator914
A1_25 = "a324a46"
HKEY_CURRENT_USER\Software\Administrator914
A2_25 = "4baed9d6"
HKEY_CURRENT_USER\Software\Administrator914
A3_25 = "4aadac18"
HKEY_CURRENT_USER\Software\Administrator914
A4_25 = "4baeca59"
HKEY_CURRENT_USER\Software\Administrator914
A1_26 = "e7cecc3"
HKEY_CURRENT_USER\Software\Administrator914
A2_26 = "b51c398a"
HKEY_CURRENT_USER\Software\Administrator914
A3_26 = "b41f48db"
HKEY_CURRENT_USER\Software\Administrator914
A4_26 = "b51c2e9a"
HKEY_CURRENT_USER\Software\Administrator914
A1_27 = "fcbacea"
HKEY_CURRENT_USER\Software\Administrator914
A2_27 = "1e898b16"
HKEY_CURRENT_USER\Software\Administrator914
A3_27 = "1f8af49a"
HKEY_CURRENT_USER\Software\Administrator914
A4_27 = "1e8992db"
HKEY_CURRENT_USER\Software\Administrator914
A1_28 = "929fb84e"
HKEY_CURRENT_USER\Software\Administrator914
A2_28 = "87f6e514"
HKEY_CURRENT_USER\Software\Administrator914
A3_28 = "86f5915d"
HKEY_CURRENT_USER\Software\Administrator914
A4_28 = "87f6f71c"
HKEY_CURRENT_USER\Software\Administrator914
A1_29 = "9587a3"
HKEY_CURRENT_USER\Software\Administrator914
A2_29 = "f16443ad"
HKEY_CURRENT_USER\Software\Administrator914
A3_29 = "f673d1c"
HKEY_CURRENT_USER\Software\Administrator914
A4_29 = "f1645b5d"
HKEY_CURRENT_USER\Software\Administrator914
A1_30 = "49f3e64c"
HKEY_CURRENT_USER\Software\Administrator914
A2_30 = "5ad1a6d5"
HKEY_CURRENT_USER\Software\Administrator914
A3_30 = "5bd2d9df"
HKEY_CURRENT_USER\Software\Administrator914
A4_30 = "5ad1bf9e"
HKEY_CURRENT_USER\Software\Administrator914
A1_31 = "2f34d588"
HKEY_CURRENT_USER\Software\Administrator914
A2_31 = "c43f38cf"
HKEY_CURRENT_USER\Software\Administrator914
A3_31 = "c53c459e"
HKEY_CURRENT_USER\Software\Administrator914
A4_31 = "c43f23df"
HKEY_CURRENT_USER\Software\Administrator914
A1_32 = "77d7775"
HKEY_CURRENT_USER\Software\Administrator914
A2_32 = "2dac992b"
HKEY_CURRENT_USER\Software\Administrator914
A3_32 = "2cafee61"
HKEY_CURRENT_USER\Software\Administrator914
A4_32 = "2dac882"
HKEY_CURRENT_USER\Software\Administrator914
A1_33 = "b95b9c3c"
HKEY_CURRENT_USER\Software\Administrator914
A2_33 = "9719f799"
HKEY_CURRENT_USER\Software\Administrator914
A3_33 = "961a8a2"
HKEY_CURRENT_USER\Software\Administrator914
A4_33 = "9719ec61"
HKEY_CURRENT_USER\Software\Administrator914
A1_34 = "9d19521e"
HKEY_CURRENT_USER\Software\Administrator914
A2_34 = "874d24"
HKEY_CURRENT_USER\Software\Administrator914
A3_34 = "18436e3"
HKEY_CURRENT_USER\Software\Administrator914
A4_34 = "875a2"
HKEY_CURRENT_USER\Software\Administrator914
A1_35 = "b89e5ae"
HKEY_CURRENT_USER\Software\Administrator914
A2_35 = "69f4aecb"
HKEY_CURRENT_USER\Software\Administrator914
A3_35 = "68f7d2a2"
HKEY_CURRENT_USER\Software\Administrator914
A4_35 = "69f4b4e3"
HKEY_CURRENT_USER\Software\Administrator914
A1_36 = "b37e786a"
HKEY_CURRENT_USER\Software\Administrator914
A2_36 = "d362af8"
HKEY_CURRENT_USER\Software\Administrator914
A3_36 = "d2617f65"
HKEY_CURRENT_USER\Software\Administrator914
A4_36 = "d3621924"
HKEY_CURRENT_USER\Software\Administrator914
A1_37 = "83bfe2b"
HKEY_CURRENT_USER\Software\Administrator914
A2_37 = "3ccf6494"
HKEY_CURRENT_USER\Software\Administrator914
A3_37 = "3dcc1b24"
HKEY_CURRENT_USER\Software\Administrator914
A4_37 = "3ccf7d65"
HKEY_CURRENT_USER\Software\Administrator914
A1_38 = "1e6cd372"
HKEY_CURRENT_USER\Software\Administrator914
A2_38 = "a63cf49d"
HKEY_CURRENT_USER\Software\Administrator914
A3_38 = "a73f87e7"
HKEY_CURRENT_USER\Software\Administrator914
A4_38 = "a63ce1a6"
HKEY_CURRENT_USER\Software\Administrator914
A1_39 = "76537ba"
HKEY_CURRENT_USER\Software\Administrator914
A2_39 = "faa52f3"
HKEY_CURRENT_USER\Software\Administrator914
A3_39 = "ea923a6"
HKEY_CURRENT_USER\Software\Administrator914
A4_39 = "faa45e7"
HKEY_CURRENT_USER\Software\Administrator914
A1_40 = "4a15771"
HKEY_CURRENT_USER\Software\Administrator914
A2_40 = "7917be91"
HKEY_CURRENT_USER\Software\Administrator914
A3_40 = "7814cc69"
HKEY_CURRENT_USER\Software\Administrator914
A4_40 = "7917aa28"
HKEY_CURRENT_USER\Software\Administrator914
A1_41 = "bf7c4324"
HKEY_CURRENT_USER\Software\Administrator914
A2_41 = "e2851b52"
HKEY_CURRENT_USER\Software\Administrator914
A3_41 = "e3866828"
HKEY_CURRENT_USER\Software\Administrator914
A4_41 = "e285e69"
HKEY_CURRENT_USER\Software\Administrator914
A1_42 = "d5e9ee5"
HKEY_CURRENT_USER\Software\Administrator914
A2_42 = "4bf26122"
HKEY_CURRENT_USER\Software\Administrator914
A3_42 = "4af114eb"
HKEY_CURRENT_USER\Software\Administrator914
A4_42 = "4bf272aa"
HKEY_CURRENT_USER\Software\Administrator914
A1_43 = "dbc98a6"
HKEY_CURRENT_USER\Software\Administrator914
A2_43 = "b55fc642"
HKEY_CURRENT_USER\Software\Administrator914
A3_43 = "b45cbaa"
HKEY_CURRENT_USER\Software\Administrator914
A4_43 = "b55fd6eb"
HKEY_CURRENT_USER\Software\Administrator914
A1_44 = "1e8eae5"
HKEY_CURRENT_USER\Software\Administrator914
A2_44 = "1ecd1b96"
HKEY_CURRENT_USER\Software\Administrator914
A3_44 = "1fce5d6d"
HKEY_CURRENT_USER\Software\Administrator914
A4_44 = "1ecd3b2c"
HKEY_CURRENT_USER\Software\Administrator914
A1_45 = "1a91dd3"
HKEY_CURRENT_USER\Software\Administrator914
A2_45 = "883a845"
HKEY_CURRENT_USER\Software\Administrator914
A3_45 = "8939f92c"
HKEY_CURRENT_USER\Software\Administrator914
A4_45 = "883a9f6d"
HKEY_CURRENT_USER\Software\Administrator914
A1_46 = "41f329f7"
HKEY_CURRENT_USER\Software\Administrator914
A2_46 = "f1a81fb"
HKEY_CURRENT_USER\Software\Administrator914
A3_46 = "fab65ef"
HKEY_CURRENT_USER\Software\Administrator914
A4_46 = "f1a83ae"
HKEY_CURRENT_USER\Software\Administrator914
A1_47 = "3ee83a"
HKEY_CURRENT_USER\Software\Administrator914
A2_47 = "5b1573c6"
HKEY_CURRENT_USER\Software\Administrator914
A3_47 = "5a161ae"
HKEY_CURRENT_USER\Software\Administrator914
A4_47 = "5b1567ef"
HKEY_CURRENT_USER\Software\Administrator914
A1_48 = "2495b7f"
HKEY_CURRENT_USER\Software\Administrator914
A2_48 = "c482dab6"
HKEY_CURRENT_USER\Software\Administrator914
A3_48 = "c581aa71"
HKEY_CURRENT_USER\Software\Administrator914
A4_48 = "c482cc3"
HKEY_CURRENT_USER\Software\Administrator914
A1_49 = "859ce4cd"
HKEY_CURRENT_USER\Software\Administrator914
A2_49 = "2df222b"
HKEY_CURRENT_USER\Software\Administrator914
A3_49 = "2cf3563"
HKEY_CURRENT_USER\Software\Administrator914
A4_49 = "2df371"
HKEY_CURRENT_USER\Software\Administrator914
A1_50 = "ab4583"
HKEY_CURRENT_USER\Software\Administrator914
A2_50 = "975d8f93"
HKEY_CURRENT_USER\Software\Administrator914
A3_50 = "965ef2f3"
HKEY_CURRENT_USER\Software\Administrator914
A4_50 = "975d94b2"
HKEY_CURRENT_USER\Software\Administrator914
A1_51 = "a779dd3a"
HKEY_CURRENT_USER\Software\Administrator914
A2_51 = "cae12"
HKEY_CURRENT_USER\Software\Administrator914
A3_51 = "1c99eb2"
HKEY_CURRENT_USER\Software\Administrator914
A4_51 = "caf8f3"
HKEY_CURRENT_USER\Software\Administrator914
A1_52 = "18291b79"
HKEY_CURRENT_USER\Software\Administrator914
A2_52 = "6a3848f"
HKEY_CURRENT_USER\Software\Administrator914
A3_52 = "6b3b3b75"
HKEY_CURRENT_USER\Software\Administrator914
A4_52 = "6a385d34"
HKEY_CURRENT_USER\Software\Administrator914
A1_53 = "8ae59629"
HKEY_CURRENT_USER\Software\Administrator914
A2_53 = "d3a5ce15"
HKEY_CURRENT_USER\Software\Administrator914
A3_53 = "d2a6a734"
HKEY_CURRENT_USER\Software\Administrator914
A4_53 = "d3a5c175"
HKEY_CURRENT_USER\Software\Administrator914
A1_54 = "581df7c"
HKEY_CURRENT_USER\Software\Administrator914
A2_54 = "3d13375c"
HKEY_CURRENT_USER\Software\Administrator914
A3_54 = "3c143f7"
HKEY_CURRENT_USER\Software\Administrator914
A4_54 = "3d1325b6"
HKEY_CURRENT_USER\Software\Administrator914
A1_55 = "493f45a2"
HKEY_CURRENT_USER\Software\Administrator914
A2_55 = "a689ea4"
HKEY_CURRENT_USER\Software\Administrator914
A3_55 = "a783efb6"
HKEY_CURRENT_USER\Software\Administrator914
A4_55 = "a6889f7"
HKEY_CURRENT_USER\Software\Administrator914
A1_56 = "11e7a65"
HKEY_CURRENT_USER\Software\Administrator914
A2_56 = "fedf5c"
HKEY_CURRENT_USER\Software\Administrator914
A3_56 = "eee8879"
HKEY_CURRENT_USER\Software\Administrator914
A4_56 = "fedee38"
HKEY_CURRENT_USER\Software\Administrator914
A1_57 = "3edbc148"
HKEY_CURRENT_USER\Software\Administrator914
A2_57 = "795b4352"
HKEY_CURRENT_USER\Software\Administrator914
A3_57 = "78583438"
HKEY_CURRENT_USER\Software\Administrator914
A4_57 = "795b5279"
HKEY_CURRENT_USER\Software\Administrator914
A1_58 = "2f24c9ec"
HKEY_CURRENT_USER\Software\Administrator914
A2_58 = "e2c8a45a"
HKEY_CURRENT_USER\Software\Administrator914
A3_58 = "e3cbdfb"
HKEY_CURRENT_USER\Software\Administrator914
A4_58 = "e2c8b6ba"
HKEY_CURRENT_USER\Software\Administrator914
A1_59 = "21f92a2"
HKEY_CURRENT_USER\Software\Administrator914
A2_59 = "4c369db"
HKEY_CURRENT_USER\Software\Administrator914
A3_59 = "4d357cba"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Temp%\Women Measure Of Beauty.exe = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
nck = "{random values}"
HKEY_CURRENT_USER\Software\Bifrost
klg = "{random values}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Temp%\winmgecbc.exe = "%User Temp%\winmgecbc.exe:*:Enabled:ipsec"
HKEY_CURRENT_USER\Software\Administrator914
A4_0 = "82"
HKEY_CURRENT_USER\Software\Administrator914
A4_1 = "696d64c3"
HKEY_CURRENT_USER\Software\Administrator914
A1_2 = "c84dc"
HKEY_CURRENT_USER\Software\Administrator914
A2_2 = "d2dace4d"
HKEY_CURRENT_USER\Software\Administrator914
A4_2 = "d2dac8"
HKEY_CURRENT_USER\Software\Administrator914
A1_3 = "e48669d"
HKEY_CURRENT_USER\Software\Administrator914
A2_3 = "3c482ac"
HKEY_CURRENT_USER\Software\Administrator914
A4_3 = "3c482c41"
HKEY_CURRENT_USER\Software\Administrator914
A1_4 = "b76fdd5a"
HKEY_CURRENT_USER\Software\Administrator914
A2_4 = "a5b597cb"
HKEY_CURRENT_USER\Software\Administrator914
A4_4 = "a5b59186"
HKEY_CURRENT_USER\Software\Administrator914
A1_5 = "d7ecb91b"
HKEY_CURRENT_USER\Software\Administrator914
A2_5 = "f22f38a"
HKEY_CURRENT_USER\Software\Administrator914
A4_5 = "f22f5c7"
HKEY_CURRENT_USER\Software\Administrator914
A1_6 = "6a4a15d8"
HKEY_CURRENT_USER\Software\Administrator914
A2_6 = "7895f49"
HKEY_CURRENT_USER\Software\Administrator914
A4_6 = "789594"
HKEY_CURRENT_USER\Software\Administrator914
A1_7 = "3933f199"
HKEY_CURRENT_USER\Software\Administrator914
A2_7 = "e1fdbb8"
HKEY_CURRENT_USER\Software\Administrator914
A4_7 = "e1fdbd45"
HKEY_CURRENT_USER\Software\Administrator914
A1_8 = "59b16e56"
HKEY_CURRENT_USER\Software\Administrator914
A2_8 = "4b6b24c7"
HKEY_CURRENT_USER\Software\Administrator914
A4_8 = "4b6b228a"
HKEY_CURRENT_USER\Software\Administrator914
A1_9 = "6c16ca17"
HKEY_CURRENT_USER\Software\Administrator914
A2_9 = "b4d8886"
HKEY_CURRENT_USER\Software\Administrator914
A4_9 = "b4d886cb"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Temp%\winjchivn.exe = "%User Temp%\winjchivn.exe:*:Enabled:ipsec"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%User Temp%\wineydt.exe = "%User Temp%\wineydt.exe:*:Enabled:ipsec"
マルウェアは、以下のレジストリキーを削除します。
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AFD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Browser
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ip6fw.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Messenger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Network
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NtLmSsp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpcdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpwd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdpipe.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdtcp.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
termservice
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WZCSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network
作成活動
マルウェアは、以下のファイルを作成します。
- %User Temp%\server.exe
- %User Temp%\Women Measure Of Beauty.exe
- %System%\drivers\khilp.sys
- %User Temp%\wingdcip.exe
- %User Temp%\winmgecbc.exe
- B:\b9e9
- %System Root%\be00
- D:\c227
- E:\c62e
- F:\ca45
- G:\ceb9
- H:\d2c1
- I:\d86e
- J:\dc75
- K:\e07c
- L:\e520
- %User Temp%\winjchivn.exe
- M:\e937
- N:\ed3e
- %User Temp%\winmfmdrh.exe
- P:\f155
- P:\f55c
- Q:\f963
- %User Temp%\winfhnggl.exe
- %User Temp%\wineydt.exe
- R:\fd7a
- S:\10191
- T:\105e6
- U:\109fd
- V:\10e05
- W:\1123b
- X:\11642
- Y:\11a49
- MICROSOFT TERMINAL SERVICES\128e0
- MICROSOFT WINDOWS NETWORK\12d16
- %System%\driver\adv9nt5.dll.exe
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %System%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では "C:\Windows\System32" です。. %System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
その他
マルウェアは、以下の不正なWebサイトにアクセスします。
- http://www.{BLOCKED}fqwieluoi.info/?a836=387558
- http://{BLOCKED}ustnet777.info/?ae8f=89374
- http://{BLOCKED}li.ir/logo.gif?a894=431560
- http://steviadolce.{BLOCKED}m.py/img/logo.gif?b70b=328013
- http://{BLOCKED}ndhudson.com/images/logo.gif?b749=328447
- http://{BLOCKED}arrar.com/images/logo.gif?b8e0=378624
- http://btwebtasarim.{BLOCKED}e.com/images/logo.gif?c256=248750
- http://www.{BLOCKED}ancamusic.com/home/images/logo.gif?c265=49765
- http://{BLOCKED}olab.com/image/logo.gif?c294=249060
- http://www.{BLOCKED}ydroponics.com/generator/logof.gif?eee4=244624
- http://{BLOCKED}li.ir/logo.gif?f07a=246248
- http://steviadolce.{BLOCKED}m.py/img/logo.gif?fa5d=512744
- http://{BLOCKED}ndhudson.com/images/logo.gif?fbf4=258000
- http://{BLOCKED}arrar.com/images/logo.gif?fc9f=582039
- http://btwebtasarim.{BLOCKED}e.com/images/logo.gif?105d7=268124
- http://www.{BLOCKED}ancamusic.com/home/images/logo.gif?10635=67125
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
Windowsをセーフモードで再起動します。
手順 3
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Administrator914
- -993627007
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components
- {9B71D88C-C598-4935-C5D1-43AA4DB90836}
- In HKEY_LOCAL_MACHINE\SOFTWARE
- Bifrost
- In HKEY_CURRENT_USER\SOFTWARE
- Bifrost
- In HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources
- msvideo
手順 4
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9B71D88C-C598-4935-C5D1-43AA4DB90836}
- stubpath = "%System%\driver\adv9nt5.dll.exe s"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Temp%\server.exe = "%User Temp%\server.exe:*:Enabled:ipsec"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- 1768776769 = "f5"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- -757413758 = "0"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- 1011363011 = "0"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- -1514827516 = "23"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- 253949253 = "151"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- 2022726022 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Administrator914\-993627007
- -503464505 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_0 = "12da4c5e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_0 = "6cf"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_0 = "136641"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_0 = "0"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_1 = "b1a3281f"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_1 = "696d628e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_1 = "686e2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_1 = "696d6441"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_2 = "e817f34b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_2 = "d2dadaa8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_2 = "d3d9aec3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_2 = "d2dac882"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_3 = "be249eea"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_3 = "3c483ac1"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_3 = "3d4b4a82"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_3 = "3c482cc3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_4 = "9da66f66"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_4 = "a5b587"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_4 = "a4b6f745"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_4 = "a5b5914"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_5 = "ebcca4b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_5 = "f22ed57"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_5 = "e21934"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_5 = "f22f545"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_6 = "c3ec8fa8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_6 = "7894cfa"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_6 = "79933fc7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_6 = "7895986"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_7 = "971899b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_7 = "e1fda8e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_7 = "efedb86"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_7 = "e1fdbdc7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_8 = "aea4957"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_8 = "4b6b37b5"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_8 = "4a684449"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_8 = "4b6b228"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_9 = "a3a7621"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_9 = "b4d899e6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_9 = "b5dbe8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_9 = "b4d88649"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_10 = "faa8c6d3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_10 = "1e45fc88"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_10 = "1f468ccb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_10 = "1e45ea8a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_11 = "67db294"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_11 = "87b355ad"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_11 = "86b288a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_11 = "87b34ecb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_12 = "e72d9c13"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_12 = "f12a8f4"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_12 = "f23d54d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_12 = "f12b3c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_13 = "3b283"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_13 = "5a8e225"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_13 = "5b8d71c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_13 = "5a8e174d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_14 = "19daacd7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_14 = "c3fb6941"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_14 = "c2f81dcf"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_14 = "c3fb7b8e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_15 = "4373a38"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_15 = "2d68cc93"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_15 = "2c6bb98e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_15 = "2d68dfcf"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_16 = "8df495d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_16 = "96d651f4"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_16 = "97d52251"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_16 = "96d6441"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_17 = "c277c27"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_17 = "43bf9"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_17 = "14ce1"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_17 = "43a851"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_18 = "2498292c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_18 = "69b11fc2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_18 = "68b26ad3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_18 = "69b1c92"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_19 = "749e3963"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_19 = "d31e68c1"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_19 = "d21d1692"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_19 = "d31e7d3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_20 = "68cd4caa"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_20 = "3c8bc2d1"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_20 = "3d88b355"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_20 = "3c8bd514"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_21 = "6b6612c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_21 = "a5f922ad"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_21 = "a4fa5f14"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_21 = "a5f93955"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_22 = "5322edcb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_22 = "f668ec6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_22 = "e65fbd7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_22 = "f669d96"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_23 = "37bf759b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_23 = "78d4181a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_23 = "79d76796"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_23 = "78d41d7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_24 = "3692caa"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_24 = "e2417258"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_24 = "e34259"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_24 = "e2416618"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_25 = "a324a46"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_25 = "4baed9d6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_25 = "4aadac18"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_25 = "4baeca59"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_26 = "e7cecc3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_26 = "b51c398a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_26 = "b41f48db"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_26 = "b51c2e9a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_27 = "fcbacea"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_27 = "1e898b16"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_27 = "1f8af49a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_27 = "1e8992db"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_28 = "929fb84e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_28 = "87f6e514"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_28 = "86f5915d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_28 = "87f6f71c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_29 = "9587a3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_29 = "f16443ad"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_29 = "f673d1c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_29 = "f1645b5d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_30 = "49f3e64c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_30 = "5ad1a6d5"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_30 = "5bd2d9df"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_30 = "5ad1bf9e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_31 = "2f34d588"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_31 = "c43f38cf"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_31 = "c53c459e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_31 = "c43f23df"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_32 = "77d7775"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_32 = "2dac992b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_32 = "2cafee61"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_32 = "2dac882"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_33 = "b95b9c3c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_33 = "9719f799"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_33 = "961a8a2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_33 = "9719ec61"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_34 = "9d19521e"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_34 = "874d24"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_34 = "18436e3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_34 = "875a2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_35 = "b89e5ae"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_35 = "69f4aecb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_35 = "68f7d2a2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_35 = "69f4b4e3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_36 = "b37e786a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_36 = "d362af8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_36 = "d2617f65"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_36 = "d3621924"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_37 = "83bfe2b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_37 = "3ccf6494"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_37 = "3dcc1b24"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_37 = "3ccf7d65"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_38 = "1e6cd372"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_38 = "a63cf49d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_38 = "a73f87e7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_38 = "a63ce1a6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_39 = "76537ba"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_39 = "faa52f3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_39 = "ea923a6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_39 = "faa45e7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_40 = "4a15771"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_40 = "7917be91"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_40 = "7814cc69"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_40 = "7917aa28"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_41 = "bf7c4324"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_41 = "e2851b52"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_41 = "e3866828"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_41 = "e285e69"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_42 = "d5e9ee5"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_42 = "4bf26122"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_42 = "4af114eb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_42 = "4bf272aa"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_43 = "dbc98a6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_43 = "b55fc642"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_43 = "b45cbaa"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_43 = "b55fd6eb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_44 = "1e8eae5"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_44 = "1ecd1b96"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_44 = "1fce5d6d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_44 = "1ecd3b2c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_45 = "1a91dd3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_45 = "883a845"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_45 = "8939f92c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_45 = "883a9f6d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_46 = "41f329f7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_46 = "f1a81fb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_46 = "fab65ef"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_46 = "f1a83ae"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_47 = "3ee83a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_47 = "5b1573c6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_47 = "5a161ae"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_47 = "5b1567ef"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_48 = "2495b7f"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_48 = "c482dab6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_48 = "c581aa71"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_48 = "c482cc3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_49 = "859ce4cd"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_49 = "2df222b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_49 = "2cf3563"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_49 = "2df371"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_50 = "ab4583"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_50 = "975d8f93"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_50 = "965ef2f3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_50 = "975d94b2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_51 = "a779dd3a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_51 = "cae12"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_51 = "1c99eb2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_51 = "caf8f3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_52 = "18291b79"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_52 = "6a3848f"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_52 = "6b3b3b75"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_52 = "6a385d34"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_53 = "8ae59629"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_53 = "d3a5ce15"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_53 = "d2a6a734"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_53 = "d3a5c175"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_54 = "581df7c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_54 = "3d13375c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_54 = "3c143f7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_54 = "3d1325b6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_55 = "493f45a2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_55 = "a689ea4"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_55 = "a783efb6"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_55 = "a6889f7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_56 = "11e7a65"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_56 = "fedf5c"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_56 = "eee8879"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_56 = "fedee38"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_57 = "3edbc148"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_57 = "795b4352"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_57 = "78583438"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_57 = "795b5279"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_58 = "2f24c9ec"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_58 = "e2c8a45a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_58 = "e3cbdfb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_58 = "e2c8b6ba"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_59 = "21f92a2"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_59 = "4c369db"
- In HKEY_CURRENT_USER\Software\Administrator914
- A3_59 = "4d357cba"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Temp%\Women Measure Of Beauty.exe = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost
- nck = "{random values}"
- In HKEY_CURRENT_USER\Software\Bifrost
- klg = "{random values}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Temp%\winmgecbc.exe = "%User Temp%\winmgecbc.exe:*:Enabled:ipsec"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_0 = "82"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_1 = "696d64c3"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_2 = "c84dc"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_2 = "d2dace4d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_2 = "d2dac8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_3 = "e48669d"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_3 = "3c482ac"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_3 = "3c482c41"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_4 = "b76fdd5a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_4 = "a5b597cb"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_4 = "a5b59186"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_5 = "d7ecb91b"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_5 = "f22f38a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_5 = "f22f5c7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_6 = "6a4a15d8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_6 = "7895f49"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_6 = "789594"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_7 = "3933f199"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_7 = "e1fdbb8"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_7 = "e1fdbd45"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_8 = "59b16e56"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_8 = "4b6b24c7"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_8 = "4b6b228a"
- In HKEY_CURRENT_USER\Software\Administrator914
- A1_9 = "6c16ca17"
- In HKEY_CURRENT_USER\Software\Administrator914
- A2_9 = "b4d8886"
- In HKEY_CURRENT_USER\Software\Administrator914
- A4_9 = "b4d886cb"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Temp%\winjchivn.exe = "%User Temp%\winjchivn.exe:*:Enabled:ipsec"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %User Temp%\wineydt.exe = "%User Temp%\wineydt.exe:*:Enabled:ipsec"
手順 5
以下のファイルを検索し削除します。
- %User Temp%\server.exe
- %User Temp%\Women Measure Of Beauty.exe
- %System%\drivers\khilp.sys
- %User Temp%\wingdcip.exe
- %User Temp%\winmgecbc.exe
- B:\b9e9
- %System Root%\be00
- D:\c227
- E:\c62e
- F:\ca45
- G:\ceb9
- H:\d2c1
- I:\d86e
- J:\dc75
- K:\e07c
- L:\e520
- %User Temp%\winjchivn.exe
- M:\e937
- N:\ed3e
- %User Temp%\winmfmdrh.exe
- P:\f155
- P:\f55c
- Q:\f963
- %User Temp%\winfhnggl.exe
- %User Temp%\wineydt.exe
- R:\fd7a
- S:\10191
- T:\105e6
- U:\109fd
- V:\10e05
- W:\1123b
- X:\11642
- Y:\11a49
- MICROSOFT TERMINAL SERVICES\128e0
- MICROSOFT WINDOWS NETWORK\12d16
- %System%\driver\adv9nt5.dll.exe
手順 6
以下のフォルダを検索し削除します。
- %System%\driver
手順 7
コンピュータを通常モードで再起動し、最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、「TROJ_BRDLAB.SMEP」と検出したファイルの検索を実行してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 8
以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。
※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Minimal
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AFD
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Browser
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Dhcp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DnsCache
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ip6fw.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ipnat.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanServer
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanWorkstation
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LmHosts
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Messenger
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS Wrapper
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Ndisuio
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOSGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBT
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetDDEGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetMan
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetworkProvider
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NtLmSsp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP_TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpcdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpwd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdsessmgr
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SharedAccess
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Streams Drivers
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Tcpip
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdpipe.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdtcp.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- termservice
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WZCSVC
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E972-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E973-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E974-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E975-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
ご利用はいかがでしたか? アンケートにご協力ください