TROJ_RANSOM.DWB
TrojanProxy:Win32/Hioles.B (Microsoft); Ransom!hm (McAfee); Trojan.Gen (Symantec); Trojan-Ransom.Win32.Gimemo.awlb (Kaspersky); Backdoor.Win32.Tofsee.fa (v) (Sunbelt); Trojan horse SHeur4.AXXM (AVG)
Windows 2000, Windows XP, Windows Server 2003
マルウェアタイプ:
トロイの木馬型
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
他のシステム変更
マルウェアは、以下のファイルを削除します。
- %User Temp%\vdxb.exe
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
マルウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
マルウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UacDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusOverride = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
AntiVirusDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
FirewallOverride = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UpdatesDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center\Svc
UacDisableNotify = "1"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Internet Settings
GlobalUserOffline = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
{malware path and file name} = "{malware path and file name}:*:enabled:ipsec"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
EnableFirewall = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
DoNotAllowExceptions = "0"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile
DisableNotifications = "1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
1768776769 = "b3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
-757413758 = "0"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
1011363011 = "0"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
-1514827516 = "23"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
253949253 = "14f"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
2022726022 = "{random characters}"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs\
-993627007
-503464505 = "{random characters}"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_0 = "f323654f"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_0 = "1f9c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_0 = "136a29"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_0 = "0"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_1 = "6cbb95fd"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_1 = "696d4416"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_1 = "686ee68"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_1 = "696d6441"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_2 = "47d41f3e"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_2 = "d2dad2f5"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_2 = "d3d9a2ab"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_2 = "d2dac882"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_3 = "c6c69a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_3 = "3c4832fc"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_3 = "3d4b46ea"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_3 = "3c482cc3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_4 = "87f2aac"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_4 = "a5b5b229"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_4 = "a4b6fb2d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_4 = "a5b5914"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_5 = "5f3aa299"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_5 = "f22d572"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_5 = "e219f6c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_5 = "f22f545"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_6 = "2fd2ad3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_6 = "789c499"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_6 = "799333af"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_6 = "7895986"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_7 = "aa7a998"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_7 = "e1fda4b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_7 = "efed7ee"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_7 = "e1fdbdc7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_8 = "227d4346"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_8 = "4b6b39f7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_8 = "4a684821"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_8 = "4b6b228"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_9 = "694b3ff7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_9 = "b4d89332"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_9 = "b5dbec6"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_9 = "b4d88649"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_10 = "1ef82d5"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_10 = "1e45cadd"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_10 = "1f468a3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_10 = "1e45ea8a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_11 = "f35b117"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_11 = "87b36dea"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_11 = "86b24e2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_11 = "87b34ecb"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_12 = "8894f55"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_12 = "f1292ed"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_12 = "f23d925"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_12 = "f12b3c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_13 = "18ecc73"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_13 = "5a8edf2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_13 = "5b8d7d64"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_13 = "5a8e174d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_14 = "ebcd2cd1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_14 = "c3fb6253"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_14 = "c2f811a7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_14 = "c3fb7b8e"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_15 = "ff29f262"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_15 = "2d68c5"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_15 = "2c6bb5e6"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_15 = "2d68dfcf"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_16 = "989aada2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_16 = "96d664b9"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_16 = "97d52e39"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_16 = "96d6441"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_17 = "ec9373e3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_17 = "43dda"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_17 = "14c278"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_17 = "43a851"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_18 = "e448144b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_18 = "69b11357"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_18 = "68b266bb"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_18 = "69b1c92"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_19 = "f9a4cb7b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_19 = "d31e67ec"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_19 = "d21d1afa"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_19 = "d31e7d3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_20 = "336e8459"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_20 = "3c8bf519"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_20 = "3d88bf3d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_20 = "3c8bd514"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_21 = "7128898"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_21 = "a5f91952"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_21 = "a4fa537c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_21 = "a5f93955"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_22 = "e269d428"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_22 = "f6683e1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_22 = "e65f7bf"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_22 = "f669d96"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_23 = "e9ed288e"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_23 = "78d41c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_23 = "79d76bfe"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_23 = "78d41d7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_24 = "74622ba6"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_24 = "e2417bfa"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_24 = "e342c31"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_24 = "e2416618"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_25 = "1f811"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_25 = "4baed83"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_25 = "4aada7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_25 = "4baeca59"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_26 = "ef7d44d7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_26 = "b51c364f"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_26 = "b41f44b3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_26 = "b51c2e9a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_27 = "decdbff"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_27 = "1e898b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_27 = "1f8af8f2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_27 = "1e8992db"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_28 = "2d323767"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_28 = "87f6d65b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_28 = "86f59d35"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_28 = "87f6f71c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_29 = "e46234"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_29 = "f16445d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_29 = "f673174"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_29 = "f1645b5d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_30 = "3dacdc7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_30 = "5ad1a64"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_30 = "5bd2d5b7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_30 = "5ad1bf9e"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_31 = "8abd7b82"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_31 = "c43f3be4"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_31 = "c53c49f6"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_31 = "c43f23df"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_32 = "7ca7bd7c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_32 = "2dac9349"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_32 = "2cafe29"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_32 = "2dac882"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_33 = "bc8286b2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_33 = "9719ff34"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_33 = "961a8648"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_33 = "9719ec61"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_34 = "f1e8328c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_34 = "87482a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_34 = "1843a8b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_34 = "875a2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_35 = "e2a95f8c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_35 = "69f4ad78"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_35 = "68f7deca"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_35 = "69f4b4e3"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_36 = "5144bdee"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_36 = "d3623a1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_36 = "d26173d"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_36 = "d3621924"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_37 = "a3b992d7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_37 = "3ccf5d27"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_37 = "3dcc174c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_37 = "3ccf7d65"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_38 = "5efeb56e"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_38 = "a63cfb4f"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_38 = "a73f8b8f"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_38 = "a63ce1a6"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_39 = "71c36259"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_39 = "faa5a1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_39 = "ea92fce"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_39 = "faa45e7"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_40 = "61f6fb65"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_40 = "7917bc1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_40 = "7814c1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_40 = "7917aa28"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_41 = "a8f3ae36"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_41 = "e285173"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_41 = "e386644"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_41 = "e285e69"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_42 = "6b8597a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_42 = "4bf25187"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_42 = "4af11883"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_42 = "4bf272aa"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_43 = "45a6f156"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_43 = "b55ff6b1"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_43 = "b45cbcc2"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_43 = "b55fd6eb"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_44 = "566f72"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_44 = "1ecd26ce"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_44 = "1fce515"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A4_44 = "1ecd3b2c"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A1_45 = "de5ae53b"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A2_45 = "883a888a"
HKEY_CURRENT_USER\Software\Aasppapmmxkvs
A3_45 = "8939f544"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%Program Files%\Messenger\msmsgs.exe = "%Program Files%\Messenger\msmsgs.exe:*:Enabled:ipsec"
マルウェアは、以下のレジストリ値を変更します。
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced
Hidden = "2"
(註:変更前の上記レジストリ値は、「2」となります。)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiVirusOverride = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
AntiVirusDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
FirewallDisableNotify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
FirewallOverride = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UpdatesDisableNotify = "1"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SecurityProviders
SecurityProviders = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OnrijleyRaqw.dll"
(註:変更前の上記レジストリ値は、「msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll」となります。)
マルウェアは、以下のレジストリキーを削除します。
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Minimal
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AFD
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
AppMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Base
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Boot file system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Browser
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
CryptSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DcomLaunch
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Dhcp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmadmin
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmboot.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmio.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmload.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
dmserver
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
DnsCache
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
EventLog
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
File system
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
HelpSvc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ip6fw.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
ipnat.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LanmanWorkstation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
LmHosts
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Messenger
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NDIS Wrapper
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Ndisuio
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBIOSGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetBT
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetDDEGroup
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Netlogon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetMan
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Network
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NetworkProvider
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
NtLmSsp
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PCI Configuration
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PlugPlay
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP Filter
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
PNP_TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Primary disk
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpcdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpdd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdpwd.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
rdsessmgr
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
RpcSs
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SCSI Class
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sermouse.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SharedAccess
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
sr.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
SRService
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Streams Drivers
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
System Bus Extender
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
Tcpip
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
TDI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdpipe.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
tdtcp.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
termservice
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vga.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
vgasave.sys
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WinMgmt
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
WZCSVC
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{36FC9E60-C465-11CF-8056-444553540000}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E965-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E967-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E969-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96A-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E96F-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E972-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E973-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E974-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E975-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E977-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97B-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E97D-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{4D36E980-E325-11CE-BFC1-08002BE10318}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{71A27CDD-812A-11D0-BEC7-08002BE2092F}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network\
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\SafeBoot\Network
作成活動
マルウェアは、以下のファイルを作成します。
- %System%\OnrijleyRaqw.dll
- %System%\drivers\mrqnn.sys
- %User Temp%\ejmym.exe
(註:%System%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では "C:\Windows\System32" です。. %User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。)
その他
マルウェアは、以下の不正なWebサイトにアクセスします。
- http://kilicteknik.{BLOCKED}m.tr/logo.gif?ba66=334026
- http://{BLOCKED}1.27.112/logof.gif?c4e6=453654
- http://lifefm.{BLOCKED}s.lt/logo.gif?116de=71390
- http://joanmarc.{BLOCKED}m.ar/logo.gif?11d47=365155
- http://en.{BLOCKED}nb.com/images/logof.gif?11e41=146562
- http://{BLOCKED}smet.com/slideshow/logo.gif?1272a=528934
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- Svc
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- -993627007
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- UacDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- AntiVirusOverride = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- AntiVirusDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- FirewallDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- FirewallOverride = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- UpdatesDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc
- UacDisableNotify = "1"
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
- GlobalUserOffline = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
- EnableLUA = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- {malware path and file name} = "{malware path and file name}:*:enabled:ipsec"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- EnableFirewall = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DoNotAllowExceptions = "0"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
- DisableNotifications = "1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- 1768776769 = "b3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- -757413758 = "0"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- 1011363011 = "0"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- -1514827516 = "23"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- 253949253 = "14f"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- 2022726022 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs\-993627007
- -503464505 = "{random characters}"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_0 = "f323654f"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_0 = "1f9c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_0 = "136a29"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_0 = "0"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_1 = "6cbb95fd"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_1 = "696d4416"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_1 = "686ee68"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_1 = "696d6441"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_2 = "47d41f3e"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_2 = "d2dad2f5"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_2 = "d3d9a2ab"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_2 = "d2dac882"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_3 = "c6c69a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_3 = "3c4832fc"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_3 = "3d4b46ea"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_3 = "3c482cc3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_4 = "87f2aac"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_4 = "a5b5b229"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_4 = "a4b6fb2d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_4 = "a5b5914"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_5 = "5f3aa299"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_5 = "f22d572"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_5 = "e219f6c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_5 = "f22f545"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_6 = "2fd2ad3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_6 = "789c499"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_6 = "799333af"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_6 = "7895986"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_7 = "aa7a998"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_7 = "e1fda4b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_7 = "efed7ee"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_7 = "e1fdbdc7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_8 = "227d4346"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_8 = "4b6b39f7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_8 = "4a684821"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_8 = "4b6b228"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_9 = "694b3ff7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_9 = "b4d89332"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_9 = "b5dbec6"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_9 = "b4d88649"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_10 = "1ef82d5"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_10 = "1e45cadd"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_10 = "1f468a3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_10 = "1e45ea8a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_11 = "f35b117"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_11 = "87b36dea"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_11 = "86b24e2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_11 = "87b34ecb"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_12 = "8894f55"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_12 = "f1292ed"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_12 = "f23d925"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_12 = "f12b3c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_13 = "18ecc73"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_13 = "5a8edf2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_13 = "5b8d7d64"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_13 = "5a8e174d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_14 = "ebcd2cd1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_14 = "c3fb6253"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_14 = "c2f811a7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_14 = "c3fb7b8e"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_15 = "ff29f262"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_15 = "2d68c5"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_15 = "2c6bb5e6"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_15 = "2d68dfcf"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_16 = "989aada2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_16 = "96d664b9"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_16 = "97d52e39"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_16 = "96d6441"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_17 = "ec9373e3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_17 = "43dda"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_17 = "14c278"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_17 = "43a851"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_18 = "e448144b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_18 = "69b11357"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_18 = "68b266bb"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_18 = "69b1c92"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_19 = "f9a4cb7b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_19 = "d31e67ec"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_19 = "d21d1afa"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_19 = "d31e7d3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_20 = "336e8459"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_20 = "3c8bf519"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_20 = "3d88bf3d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_20 = "3c8bd514"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_21 = "7128898"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_21 = "a5f91952"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_21 = "a4fa537c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_21 = "a5f93955"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_22 = "e269d428"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_22 = "f6683e1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_22 = "e65f7bf"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_22 = "f669d96"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_23 = "e9ed288e"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_23 = "78d41c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_23 = "79d76bfe"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_23 = "78d41d7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_24 = "74622ba6"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_24 = "e2417bfa"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_24 = "e342c31"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_24 = "e2416618"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_25 = "1f811"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_25 = "4baed83"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_25 = "4aada7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_25 = "4baeca59"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_26 = "ef7d44d7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_26 = "b51c364f"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_26 = "b41f44b3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_26 = "b51c2e9a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_27 = "decdbff"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_27 = "1e898b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_27 = "1f8af8f2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_27 = "1e8992db"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_28 = "2d323767"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_28 = "87f6d65b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_28 = "86f59d35"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_28 = "87f6f71c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_29 = "e46234"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_29 = "f16445d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_29 = "f673174"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_29 = "f1645b5d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_30 = "3dacdc7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_30 = "5ad1a64"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_30 = "5bd2d5b7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_30 = "5ad1bf9e"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_31 = "8abd7b82"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_31 = "c43f3be4"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_31 = "c53c49f6"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_31 = "c43f23df"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_32 = "7ca7bd7c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_32 = "2dac9349"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_32 = "2cafe29"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_32 = "2dac882"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_33 = "bc8286b2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_33 = "9719ff34"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_33 = "961a8648"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_33 = "9719ec61"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_34 = "f1e8328c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_34 = "87482a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_34 = "1843a8b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_34 = "875a2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_35 = "e2a95f8c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_35 = "69f4ad78"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_35 = "68f7deca"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_35 = "69f4b4e3"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_36 = "5144bdee"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_36 = "d3623a1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_36 = "d26173d"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_36 = "d3621924"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_37 = "a3b992d7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_37 = "3ccf5d27"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_37 = "3dcc174c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_37 = "3ccf7d65"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_38 = "5efeb56e"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_38 = "a63cfb4f"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_38 = "a73f8b8f"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_38 = "a63ce1a6"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_39 = "71c36259"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_39 = "faa5a1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_39 = "ea92fce"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_39 = "faa45e7"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_40 = "61f6fb65"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_40 = "7917bc1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_40 = "7814c1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_40 = "7917aa28"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_41 = "a8f3ae36"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_41 = "e285173"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_41 = "e386644"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_41 = "e285e69"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_42 = "6b8597a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_42 = "4bf25187"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_42 = "4af11883"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_42 = "4bf272aa"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_43 = "45a6f156"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_43 = "b55ff6b1"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_43 = "b45cbcc2"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_43 = "b55fd6eb"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_44 = "566f72"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_44 = "1ecd26ce"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_44 = "1fce515"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A4_44 = "1ecd3b2c"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A1_45 = "de5ae53b"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A2_45 = "883a888a"
- In HKEY_CURRENT_USER\Software\Aasppapmmxkvs
- A3_45 = "8939f544"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
- %Program Files%\Messenger\msmsgs.exe = "%Program Files%\Messenger\msmsgs.exe:*:Enabled:ipsec"
手順 4
変更されたレジストリ値を修正します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
- From: Hidden = "2"
To: Hidden = ""2""
- From: Hidden = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AntiVirusOverride = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- AntiVirusDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- FirewallDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- FirewallOverride = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
- UpdatesDisableNotify = "1"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SecurityProviders
- From: SecurityProviders = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OnrijleyRaqw.dll"
To: SecurityProviders = ""msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll""
- From: SecurityProviders = "msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, OnrijleyRaqw.dll"
手順 5
以下のファイルを検索し削除します。
- %System%\OnrijleyRaqw.dll
- %System%\drivers\mrqnn.sys
- %User Temp%\ejmym.exe
手順 6
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_RANSOM.DWB」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 7
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\vdxb.exe
手順 8
以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。
※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Minimal
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AFD
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- AppMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Base
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Boot file system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Browser
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- CryptSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DcomLaunch
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Dhcp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmadmin
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmboot.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmio.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmload.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- dmserver
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- DnsCache
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- EventLog
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- File system
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- HelpSvc
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ip6fw.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- ipnat.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanServer
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LanmanWorkstation
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- LmHosts
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Messenger
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NDIS Wrapper
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Ndisuio
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOS
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBIOSGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetBT
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetDDEGroup
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Netlogon
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetMan
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NetworkProvider
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- NtLmSsp
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PCI Configuration
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PlugPlay
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP Filter
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- PNP_TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Primary disk
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpcdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpdd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdpwd.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- rdsessmgr
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- RpcSs
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SCSI Class
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sermouse.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SharedAccess
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- sr.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- SRService
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Streams Drivers
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- System Bus Extender
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- Tcpip
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- TDI
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdpipe.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- tdtcp.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- termservice
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vga.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- vgasave.sys
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WinMgmt
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- WZCSVC
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {36FC9E60-C465-11CF-8056-444553540000}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E965-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E967-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E969-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96A-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E96F-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E972-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E973-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E974-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E975-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E977-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97B-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E97D-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {4D36E980-E325-11CE-BFC1-08002BE10318}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {71A27CDD-812A-11D0-BEC7-08002BE2092F}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network
- {745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot
- Network
ご利用はいかがでしたか? アンケートにご協力ください