TROJ_VBINDER_FE31029F.UVPM

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

不明なレジストリキーを削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat
  • 10.0

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer
  • 10.0

• In HKEY_LOCAL_MACHINE\System
  • Acrobatbrokerserverdispatchercpp789

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Installer
  • Migrated

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0
  • Originals

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0
  • AVGeneral

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\10.0
  • Acrobat.com

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Synchronizer\10.0
  • Acrobat.com.v2

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\10.0
  • DiskCabs

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0
  • Collab

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab
  • cDocumentCenter

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • cSettings

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab
  • cEmailDistribution

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • cSettings

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab
  • cInitiationWizardFirstLaunch

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0
  • Security

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security
  • cHandlers

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security
  • cASPKI

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security
  • cASPKI

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI
  • cCustomCertPrefs

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs
  • c290FA7E61053E8763C6055E6333A99EFB83ECACB

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c290FA7E61053E8763C6055E6333A99EFB83ECACB
  • cAdobe_OCSPRevChecker

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c290FA7E61053E8763C6055E6333A99EFB83ECACB\cAdobe_OCSPRevChecker
  • cAuthorizedResponder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c290FA7E61053E8763C6055E6333A99EFB83ECACB\cAdobe_OCSPRevChecker\cAuthorizedResponder
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs
  • c312E322E3834302E3131343032312E310000

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000
  • cAdobe_ChainBuilder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
  • cAcceptablePolicyOIDs

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • cValue

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs
  • c1

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • cValue

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000
  • cAdobe_OCSPRevChecker

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker
  • cAuthorizedResponder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cAuthorizedResponder
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker
  • cSendNonce

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSendNonce
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker
  • cSignCertOID

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSignCertOID
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker
  • cSignRequest

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSignRequest
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker
  • cURLToConsult

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cURLToConsult
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs
  • c312E322E3834302E3131343032312E312E312E310000

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000
  • cAdobe_ChainBuilder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder
  • cAcceptablePolicyOIDs

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • cValue

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs
  • c1

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • cValue

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000
  • cAdobe_OCSPRevChecker

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker
  • cAuthorizedResponder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cAuthorizedResponder
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker
  • cSendNonce

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSendNonce
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker
  • cSignCertOID

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSignCertOID
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker
  • cSignRequest

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSignRequest
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker
  • cURLToConsult

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cURLToConsult
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs
  • c312E332E33362E382E312E310000

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000
  • cAdobe_CRLRevChecker

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_CRLRevChecker
  • cRequireAKI

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_CRLRevChecker\cRequireAKI
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000
  • cAdobe_ChainBuilder

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder
  • cAllowCAToIssueAC

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder\cAllowCAToIssueAC
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder
  • cCheckCABasicConstraints

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder\cCheckCABasicConstraints
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000
  • cAdobe_OCSPRevChecker

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker
  • cAllowOCSPNoCheck

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker\cAllowOCSPNoCheck
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker
  • cRequireOCSPCertHash

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker\cRequireOCSPCertHash
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000
  • cAdobe_Validation

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_Validation
  • cValidityModel

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_Validation\cValidityModel
  • c0

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security
  • cPPKHandler

• In HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates
  • ADDRESSBOOK

• In HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\ADDRESSBOOK
  • Certificates

• In HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\ADDRESSBOOK
  • CRLs

• In HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\ADDRESSBOOK
  • CTLs

• In HKEY_LOCAL_MACHINE\Software\Adobe\Acrobat Reader\10.0
  • AdobeViewer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft
  • BITS

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
  • CtlGuid

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
  • BITS

手順 3

このレジストリ値を削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  • Wallpaper = "%System Root%\ProgramData\Wallpaper\wallpaper.bmp"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  • WallpaperStyle = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
  • TileWallpaper = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Installer\Migrated
  • {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Originals
  • bDisplayedSplash = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AVGeneral
  • bLastExitNormal = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • bAlwaysUseServer = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • bAlwaysUseServerFD = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • bDefault = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • bDefaultFD = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • tDistMethod = "UPLOAD"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter\cSettings
  • tcSetting = "https://api.{BLOCKED}e.acrobat.com"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • tUI = "Acrobat.com (Recommended)"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cDocumentCenter
  • tURL = "urn://ns.{BLOCKED}e.com/Collaboration/SharedReview/Acrobat.com"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • bAlwaysUseServerFD = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • bDefaultFD = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • tDistMethod = "EMAIL"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • tUI = "Manually collect responses in my email inbox"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cEmailDistribution
  • tURL = "urn://ns.{BLOCKED}e.com/Collaboration/Forms/Email"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cInitiationWizardFirstLaunch
  • bIsFirstLaunchER = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cInitiationWizardFirstLaunch
  • bIsFirstLaunchFD = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cInitiationWizardFirstLaunch
  • bIsFirstLaunchSF = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cInitiationWizardFirstLaunch
  • bIsFirstLaunchSR = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Collab\cInitiationWizardFirstLaunch
  • bIsFirstLaunchUF = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cHandlers
  • aPrivKey = "Adobe.PPKLite"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c290FA7E61053E8763C6055E6333A99EFB83ECACB\cAdobe_OCSPRevChecker\cAuthorizedResponder\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • iEnd = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • iStart = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0\cValue
  • s0 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0\cValue
  • s1 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • iEnd = "2"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • iStart = "2"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s0 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s1 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s2 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s3 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s4 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s5 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s6 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s7 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s8 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s9 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s10 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s11 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cAuthorizedResponder\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSendNonce\c0
  • iValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSignCertOID\c0
  • sValue = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cSignRequest\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E310000\cAdobe_OCSPRevChecker\cURLToConsult\c0
  • iValue = "3"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • iEnd = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0
  • iStart = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0\cValue
  • s0 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c0\cValue
  • s1 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • iEnd = "2"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1
  • iStart = "2"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s0 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s1 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s2 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s3 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s4 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s5 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s6 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s7 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s8 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s9 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s10 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\c1\cValue
  • s11 = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cAuthorizedResponder\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSendNonce\c0
  • iValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSignCertOID\c0
  • sValue = "{random values}"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cSignRequest\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E322E3834302E3131343032312E312E312E310000\cAdobe_OCSPRevChecker\cURLToConsult\c0
  • iValue = "3"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_CRLRevChecker\cRequireAKI\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder\cAllowCAToIssueAC\c0
  • bValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_ChainBuilder\cCheckCABasicConstraints\c0
  • bValue = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker\cAllowOCSPNoCheck\c0
  • bValue = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_OCSPRevChecker\cRequireOCSPCertHash\c0
  • bValue = "0"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cASPKI\cASPKI\cCustomCertPrefs\c312E332E33362E382E312E310000\cAdobe_Validation\cValidityModel\c0
  • iValue = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Security\cPPKHandler
  • bCustomPrefsCreated = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\10.0\DiskCabs
  • bForms_AdhocWorkflowBackup = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat Reader\10.0\AdobeViewer
  • EULA = "1"

• In HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\AdobeViewer
  • EULA = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
  • Blob = "{random values}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
  • LogSessionName = "stdout"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
  • Active = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
  • ControlFlags = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
  • Guid = "4a8aaa94-cfc4-46a7-8e4e-17bc45608f0a"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
  • BitNames = "{random characters}"

• In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup
  • BITS_metadata = "%User Profile%\Downloader\*"

手順 4

変更されたレジストリ値を修正します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
事前に意図的に対象の設定を変更していた場合は、意図するオリジナルの設定に戻してください。変更する値が分からない場合は、システム管理者にお尋ねいただき、レジストリの編集はお客様の責任として行なって頂くようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_CURRENT_USER\Control Panel\Desktop
  • From: Wallpaper = "%System Root%\ProgramData\Wallpaper\wallpaper.bmp"
    To: Wallpaper = ""%Windows%\web\wallpaper\Bliss.bmp""

• In HKEY_CURRENT_USER\Control Panel\Desktop
  • From: WallpaperStyle = "1"
    To: WallpaperStyle = ""2""

• In HKEY_CURRENT_USER\Control Panel\Desktop
  • From: TileWallpaper = "0"
    To: TileWallpaper = ""0""

手順 5

以下のファイルを検索し削除します。

• %User Profile%\Application Data\smrss32.exe
• %User Profile%\Application Data\Ref#_5374e01b3a65.bmp
• %User Profile%\Application Data\Ref#_5374e01b3a65.key
• %System Root%\Voucher de Presente - R$500.pdf
• %System Root%\AUTOEXEC.BAT.encrypted
• %System Root%\boot.ini.encrypted
• %System Root%\NTDETECT.COM.encrypted
• %System Root%\Voucher de Presente - R$500.pdf.encrypted
• %Desktop%.ini.encrypted
• %User Profile%\0008044E\Plylst1.wpl.encrypted
• %User Profile%\0008044E\Plylst10.wpl.encrypted
• %User Profile%\0008044E\Plylst11.wpl.encrypted
• %User Profile%\0008044E\Plylst12.wpl.encrypted
• %User Profile%\0008044E\Plylst13.wpl.encrypted
• %User Profile%\0008044E\Plylst14.wpl.encrypted
• %User Profile%\0008044E\Plylst15.wpl.encrypted
• %User Profile%\0008044E\Plylst2.wpl.encrypted
• %User Profile%\0008044E\Plylst3.wpl.encrypted
• %User Profile%\0008044E\Plylst4.wpl.encrypted
• %User Profile%\0008044E\Plylst5.wpl.encrypted
• %User Profile%\0008044E\Plylst6.wpl.encrypted
• %User Profile%\0008044E\Plylst7.wpl.encrypted
• %User Profile%\0008044E\Plylst8.wpl.encrypted
• %User Profile%\0008044E\Plylst9.wpl.encrypted
• %User Profile%\DRM\drmv2.lic.encrypted
• %Start Menu%\desktop.ini.encrypted
• %Start Menu%\Set Program Access and Defaults.lnk.encrypted
• %Start Menu%\Windows Catalog.lnk.encrypted
• %Start Menu%\Windows Update.lnk.encrypted
• %Start Menu%\Programs\Adobe Reader X.lnk.encrypted
• %Start Menu%\Programs\desktop.ini.encrypted
• %Start Menu%\Programs\MSN.lnk.encrypted
• %Start Menu%\Programs\Windows Messenger.lnk.encrypted
• %Start Menu%\Programs\Windows Movie Maker.lnk.encrypted
• %Start Menu%\Programs\Accessories\Calculator.lnk.encrypted
• %Start Menu%\Programs\Accessories\desktop.ini.encrypted
• %Start Menu%\Programs\Accessories\Paint.lnk.encrypted
• %Start Menu%\Programs\Accessories\WordPad.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\Accessibility Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\desktop.ini.encrypted
• %Start Menu%\Programs\Accessories\Communications\desktop.ini.encrypted
• %Start Menu%\Programs\Accessories\Communications\HyperTerminal.lnk.encrypted
• %Start Menu%\Programs\Accessories\Communications\Network Connections.lnk.encrypted
• %Start Menu%\Programs\Accessories\Communications\Network Setup Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Communications\New Connection Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Communications\Remote Desktop Connection.lnk.encrypted
• %Start Menu%\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Entertainment\desktop.ini.encrypted
• %Start Menu%\Programs\Accessories\Entertainment\Sound Recorder.lnk.encrypted
• %Start Menu%\Programs\Accessories\Entertainment\Volume Control.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Backup.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Character Map.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\desktop.ini.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Disk Cleanup.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Disk Defragmenter.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Scheduled Tasks.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\Security Center.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\System Information.lnk.encrypted
• %Start Menu%\Programs\Accessories\System Tools\System Restore.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Component Services.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Computer Management.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Data Sources (ODBC).lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\desktop.ini.encrypted
• %Start Menu%\Programs\Administrative Tools\Event Viewer.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Local Security Policy.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Performance.lnk.encrypted
• %Start Menu%\Programs\Administrative Tools\Services.lnk.encrypted
• %Common Startup%\desktop.ini.encrypted
• %Start Menu%\Programs\WinPcap\Uninstall WinPcap 4.1.2.lnk.encrypted
• %Start Menu%\Programs\WinPcap\WinPcap Web Site.url.encrypted
• %User Profile%\NTUSER.DAT.encrypted
• %User Profile%\ntuser.dat.LOG.encrypted
• %User Profile%\Cookies\index.dat.encrypted
• %User Profile%\History.IE5\index.dat.encrypted
• %Start Menu%\Programs\Remote Assistance.lnk.encrypted
• %Start Menu%\Programs\Windows Media Player.lnk.encrypted
• %Start Menu%\Programs\Accessories\Command Prompt.lnk.encrypted
• %Start Menu%\Programs\Accessories\Notepad.lnk.encrypted
• %Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Synchronize.lnk.encrypted
• %Start Menu%\Programs\Accessories\Tour Windows XP.lnk.encrypted
• %Start Menu%\Programs\Accessories\Windows Explorer.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk.encrypted
• %Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk.encrypted
• %Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk.encrypted
• %User Startup%\desktop.ini.encrypted
• %User Profile%\ntuser.ini.encrypted
• %User Profile%\Cookies\wilbert@atdmt[2].txt.encrypted
• %User Profile%\Cookies\wilbert@bing[2].txt.encrypted
• %User Profile%\Cookies\wilbert@c.atdmt[2].txt.encrypted
• %User Profile%\Cookies\wilbert@c.msn[2].txt.encrypted
• %User Profile%\Cookies\wilbert@doubleclick[1].txt.encrypted
• %User Profile%\Cookies\wilbert@microsoft[1].txt.encrypted
• %User Profile%\Cookies\wilbert@msnportal.112.2o7[1].txt.encrypted
• %User Profile%\Cookies\wilbert@msn[2].txt.encrypted
• %User Profile%\Cookies\wilbert@scorecardresearch[2].txt.encrypted
• %User Profile%\Cookies\wilbert@www.bing[2].txt.encrypted
• %User Profile%\Cookies\wilbert@www.msn[1].txt.encrypted
• %Favorites%\MSN.com.url.encrypted
• %Favorites%\Radio Station Guide.url.encrypted
• %Favorites%\Links\Customize Links.url.encrypted
• %Favorites%\Links\Free Hotmail.url.encrypted
• %Favorites%\Links\Windows Marketplace.url.encrypted
• %Favorites%\Links\Windows Media.url.encrypted
• %Favorites%\Links\Windows.url.encrypted
• %User Profile%\MSHist012013061320130614\index.dat.encrypted
• %User Profile%\My Music\Sample Music.lnk.encrypted
• %User Profile%\My Pictures\Sample Pictures.lnk.encrypted
• %Start Menu%\Programs\Internet Explorer.lnk.encrypted
• %Start Menu%\Programs\Outlook Express.lnk.encrypted
• %Start Menu%\Programs\Accessories\Address Book.lnk.encrypted
• %Application Data%\Adobe\Color\ACECache11.lst
• %Application Data%\Adobe\Acrobat\10.0\UserCache.bin
• %User Temp%\Temporary Internet Files
• %User Temp%\Temporary Internet Files\Content.IE5
• %User Temp%\Temporary Internet Files\Content.IE5\APOF0VMX
• %User Temp%\Temporary Internet Files\Content.IE5\Q7F9BPVZ
• %User Temp%\Temporary Internet Files\Content.IE5\4H6RGLIB
• %User Temp%\Temporary Internet Files\Content.IE5\KWYAJ2GZ
• %User Temp%\Cookies
• %User Temp%\History
• %User Temp%\History\History.IE5
• %User Profile%\10.0\rdrmessage.zip
• %User Profile%\10.0\Forms
• %User Profile%\10.0\Collab
• %User Profile%\10.0\Security
• %User Profile%\Security\CRLCache
• %User Profile%\CRLCache\A9B8213768ADC68AF64FCC6409E8BE414726687F.crl
• %User Profile%\CRLCache\48B76449F3D5FEFA1133AA805E420F0FCA643651.crl
• %User Profile%\Security\addressbook.acrodata
• %User Temp%\ArmUI.ini
• %User Temp%\Cab168.tmp
• %User Temp%\Tar16A.tmp
• %System Root%\ProgramData\Wallpaper\wallpaper.bmp
• %System Root%\_HOW_TO_Decrypt.bmp
• %Desktop%\HOW_TO_Decrypt.bmp
• %Desktop%\_HOW_TO_Decrypt.bmp

手順 6

以下のフォルダを検索し削除します。

• %System Root%\ProgramData
• %System Root%\ProgramData\Wallpaper
• %User Profile%\My\Certificates
• %User Profile%\SystemCertificates\My
• %User Profile%\Microsoft\SystemCertificates
• %User Profile%\My\CRLs
• %User Profile%\My\CTLs
• %User Profile%\10.0\Forms
• %User Profile%\10.0\Collab
• %User Profile%\10.0\Security
• %User Profile%\Security\CRLCache
• %User Profile%\Network\Downloader

手順 7

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TROJ_VBINDER_FE31029F.UVPM」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 8

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア／グレイウェア／スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

• %System Root%\AUTOEXEC.BAT
• %System Root%\boot.ini
• %Desktop%.ini
• %User Profile%\0008044E\Plylst10.wpl
• %System Root%\NTDETECT.COM
• %User Profile%\0008044E\Plylst1.wpl
• %User Profile%\0008044E\Plylst11.wpl
• %User Profile%\0008044E\Plylst12.wpl
• %User Profile%\0008044E\Plylst14.wpl
• %User Profile%\0008044E\Plylst13.wpl
• %User Profile%\0008044E\Plylst15.wpl
• %User Profile%\0008044E\Plylst2.wpl
• %User Profile%\0008044E\Plylst3.wpl
• %User Profile%\0008044E\Plylst4.wpl
• %User Profile%\0008044E\Plylst5.wpl
• %User Profile%\0008044E\Plylst6.wpl
• %User Profile%\0008044E\Plylst8.wpl
• %User Profile%\0008044E\Plylst7.wpl
• %User Profile%\0008044E\Plylst9.wpl
• %Start Menu%\desktop.ini
• %User Profile%\DRM\drmv2.lic
• %Start Menu%\Set Program Access and Defaults.lnk
• %Start Menu%\Windows Catalog.lnk
• %Start Menu%\Windows Update.lnk
• %Start Menu%\Programs\Adobe Reader X.lnk
• %Start Menu%\Programs\desktop.ini
• %Start Menu%\Programs\MSN.lnk
• %Start Menu%\Programs\Windows Messenger.lnk
• %Start Menu%\Programs\Windows Movie Maker.lnk
• %Start Menu%\Programs\Accessories\Calculator.lnk
• %Start Menu%\Programs\Accessories\desktop.ini
• %Start Menu%\Programs\Accessories\Paint.lnk
• %Start Menu%\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
• %Start Menu%\Programs\Accessories\WordPad.lnk
• %Start Menu%\Programs\Accessories\Accessibility\desktop.ini
• %Start Menu%\Programs\Accessories\Communications\desktop.ini
• %Start Menu%\Programs\Accessories\Communications\HyperTerminal.lnk
• %Start Menu%\Programs\Accessories\Communications\Network Connections.lnk
• %Start Menu%\Programs\Accessories\Communications\New Connection Wizard.lnk
• %Start Menu%\Programs\Accessories\Communications\Network Setup Wizard.lnk
• %Start Menu%\Programs\Accessories\Communications\Remote Desktop Connection.lnk
• %Start Menu%\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
• %Start Menu%\Programs\Accessories\Entertainment\desktop.ini
• %Start Menu%\Programs\Accessories\Entertainment\Sound Recorder.lnk
• %Start Menu%\Programs\Accessories\System Tools\Backup.lnk
• %Start Menu%\Programs\Accessories\Entertainment\Volume Control.lnk
• %Start Menu%\Programs\Accessories\System Tools\Character Map.lnk
• %Start Menu%\Programs\Accessories\System Tools\desktop.ini
• %Start Menu%\Programs\Accessories\System Tools\Disk Cleanup.lnk
• %Start Menu%\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
• %Start Menu%\Programs\Accessories\System Tools\Disk Defragmenter.lnk
• %Start Menu%\Programs\Accessories\System Tools\Scheduled Tasks.lnk
• %Start Menu%\Programs\Accessories\System Tools\Security Center.lnk
• %Start Menu%\Programs\Accessories\System Tools\System Information.lnk
• %Start Menu%\Programs\Accessories\System Tools\System Restore.lnk
• %Start Menu%\Programs\Administrative Tools\Component Services.lnk
• %Start Menu%\Programs\Administrative Tools\Computer Management.lnk
• %Start Menu%\Programs\Administrative Tools\Data Sources (ODBC).lnk
• %Start Menu%\Programs\Administrative Tools\desktop.ini
• %Start Menu%\Programs\Administrative Tools\Event Viewer.lnk
• %Start Menu%\Programs\Administrative Tools\Local Security Policy.lnk
• %Start Menu%\Programs\Administrative Tools\Performance.lnk
• %Start Menu%\Programs\Administrative Tools\Services.lnk
• %Common Startup%\desktop.ini
• %Start Menu%\Programs\WinPcap\Uninstall WinPcap 4.1.2.lnk
• %Start Menu%\Programs\WinPcap\WinPcap Web Site.url
• %User Profile%\Cookies\index.dat
• %User Profile%\NTUSER.DAT
• %User Profile%\ntuser.dat.LOG
• %User Profile%\History.IE5\index.dat
• %Start Menu%\Programs\Remote Assistance.lnk
• %Start Menu%\Programs\Accessories\Command Prompt.lnk
• %Start Menu%\Programs\Windows Media Player.lnk
• %Start Menu%\Programs\Accessories\Notepad.lnk
• %Start Menu%\Programs\Accessories\Program Compatibility Wizard.lnk
• %Start Menu%\Programs\Accessories\Synchronize.lnk
• %Start Menu%\Programs\Accessories\Tour Windows XP.lnk
• %Start Menu%\Programs\Accessories\Windows Explorer.lnk
• %Start Menu%\Programs\Accessories\Accessibility\Magnifier.lnk
• %Start Menu%\Programs\Accessories\Accessibility\Narrator.lnk
• %Start Menu%\Programs\Accessories\Accessibility\Utility Manager.lnk
• %Start Menu%\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
• %Start Menu%\Programs\Accessories\Entertainment\Windows Media Player.lnk
• %User Startup%\desktop.ini
• %User Profile%\ntuser.ini
• %User Profile%\Cookies\wilbert@atdmt[2].txt
• %User Profile%\Cookies\wilbert@bing[2].txt
• %User Profile%\Cookies\wilbert@c.atdmt[2].txt
• %User Profile%\Cookies\wilbert@c.msn[2].txt
• %User Profile%\Cookies\wilbert@doubleclick[1].txt
• %User Profile%\Cookies\wilbert@microsoft[1].txt
• %User Profile%\Cookies\wilbert@msnportal.112.2o7[1].txt
• %User Profile%\Cookies\wilbert@msn[2].txt
• %User Profile%\Cookies\wilbert@scorecardresearch[2].txt
• %User Profile%\Cookies\wilbert@www.bing[2].txt
• %User Profile%\Cookies\wilbert@www.msn[1].txt
• %Favorites%\MSN.com.url
• %Favorites%\Links\Customize Links.url
• %Favorites%\Radio Station Guide.url
• %Favorites%\Links\Free Hotmail.url
• %Favorites%\Links\Windows Marketplace.url
• %Favorites%\Links\Windows Media.url
• %Favorites%\Links\Windows.url
• %User Profile%\MSHist012013061320130614\index.dat
• %User Profile%\My Music\Sample Music.lnk
• %User Profile%\My Pictures\Sample Pictures.lnk
• %Start Menu%\Programs\Internet Explorer.lnk
• %Start Menu%\Programs\Outlook Express.lnk
• %Start Menu%\Programs\Accessories\Address Book.lnk
• %User Profile%\10.0\ReaderMessages-journal
• %Application Data%\Adobe\Acrobat\10.0\SharedDataEvents-journal
• %User Profile%\10.0\RDRMES~1.ZIP
• %User Profile%\10.0\READER~1
• %User Profile%\INTERN~1\brndlog.bak
• %User Profile%\INTERN~1\brndlog.txt
• %Desktop%.htt
• %User Profile%\QUICKL~1\LAUNCH~1.LNK
• %User Profile%\QUICKL~1\SHOWDE~1.SCF
• %User Profile%\MMC\secpol
• %User Profile%\Themes\CUSTOM~1.THE