TSPY_BANCOS.ATL
Adware.ADH (Symantec)
Windows 2000, Windows XP, Windows Server 2003
マルウェアタイプ:
スパイウェア
破壊活動の有無:
なし
暗号化:
感染報告の有無 :
はい
概要
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
スパイウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
スパイウェアは、以下のフォルダを作成します。
- %User Temp%\$inst
- %User Temp%\Formats
- %User Profile%\Application Data\WinRAR
- %Start Menu%\Programs\WinRAR
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)
他のシステム変更
スパイウェアは、以下のファイルを削除します。
- %User Temp%\Uninstall.exe
- %Desktop%\WinRAR.lnk
- %Start Menu%\WinRAR.lnk
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Desktop%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\デスクトップ"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\デスクトップ" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)
スパイウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
HKEY_CURRENT_USER\Software\WinRAR\
Formats\7z.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\ace.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\arj.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\bz2.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\cab.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\gz.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\iso.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\lzh.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\tar.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\uue.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Formats\z.fmt
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
HKEY_CURRENT_USER\Software\WinRAR\
General
HKEY_CURRENT_USER\Software\WinRAR\
Interface\Themes
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.rar
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.zip
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.cab
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.arj
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.lzh
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.ace
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.7z
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.tar
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.gz
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.uue
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.bz2
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.jar
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.iso
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.z
HKEY_CURRENT_USER\Software\WinRAR\
Setup\Links
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\App Paths\
WinRAR.exe
HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\
InProcServer32
HKEY_CLASSES_ROOT\WinRAR\shellex\
ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\WinRAR\shellex\
PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex\
ContextMenuHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex\
PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\exefile\shellex\
PropertySheetHandlers\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
HKEY_CLASSES_ROOT\WinRAR\shellex\
DropHandler
HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex\
DropHandler
HKEY_CLASSES_ROOT\*\shellex\
ContextMenuHandlers\WinRAR
HKEY_CLASSES_ROOT\Folder\shellex\
ContextMenuHandlers\WinRAR
HKEY_CLASSES_ROOT\Folder\shellex\
DragDropHandlers\WinRAR
HKEY_CLASSES_ROOT\Drive\shellex\
DragDropHandlers\WinRAR
HKEY_CLASSES_ROOT\Directory\shellex\
ContextMenuHandlers\WinRAR
HKEY_CLASSES_ROOT\Directory\shellex\
DragDropHandlers\WinRAR
HKEY_CLASSES_ROOT\WinRAR\shell\
open\command
HKEY_CLASSES_ROOT\WinRAR\DefaultIcon
HKEY_CLASSES_ROOT\WinRAR.ZIP\shell\
open\command
HKEY_CLASSES_ROOT\WinRAR.ZIP\DefaultIcon
HKEY_CLASSES_ROOT\.rev
HKEY_CLASSES_ROOT\WinRAR.REV
HKEY_CLASSES_ROOT\WinRAR.REV\shell\
open\command
HKEY_CLASSES_ROOT\WinRAR.REV\DefaultIcon
スパイウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
DisplayName = "WinRAR (USB Edition) 3.79"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
DisplayIcon = "%User Temp%\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
UninstallString = "%User Temp%\Uninstall.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
NoModify = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
WinRAR (USB Edition) 3.79
NoRepair = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\7z.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\7z.fmt
Ident = "e721d80015c00"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\ace.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\ace.fmt
Ident = "e721d800dc00"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\arj.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\arj.fmt
Ident = "e721d800d000"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\bz2.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\bz2.fmt
Ident = "e721d80012000"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\cab.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\cab.fmt
Ident = "e721d800c800"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\gz.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\gz.fmt
Ident = "e721d800f800"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\iso.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\iso.fmt
Ident = "e721d80012000"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\lzh.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\lzh.fmt
Ident = "e721d800e400"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\tar.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\tar.fmt
Ident = "e721d800d800"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\uue.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\uue.fmt
Ident = "e721d800bc00"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\z.fmt
Info = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Formats\z.fmt
Ident = "e721d800e800"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Name = "Default Profile"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Default = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ImmExec = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
UseRAR = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
SFXElevate = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
CmtTextData = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
VolumeSize = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
VolPause = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
OldVolNames = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
RecVolNumber = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Update = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Fresh = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
SyncFiles = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Move = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Solid = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
AV = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Test = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Recovery = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
EraseDest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
AddArcOnly = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ClearArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Lock = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Method = "3"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
DictSizeLZ = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Background = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
WaitForOther = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Shutdown = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
Password = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
EncryptHeaders = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
OpenShared = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ProcessOwners = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
SaveStreams = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
GenerateArcName = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
VersionControl = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
GenerateMask = "yyyymmddhhnnss"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileTimeMode = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileDays = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileHours = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileMinutes = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileTimeBefore = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
FileTimeAfter = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ArcTimeOriginal = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ArcTimeLatest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
mtime = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
ctime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
atime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
PathsAbs = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
PathsNone = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
PathsAbsDrive = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
SeparateArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\0
PackDetails = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Name = "Create e-mail attachment"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Default = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ImmExec = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
UseRAR = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
SFXElevate = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
CmtTextData = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
VolumeSize = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
VolPause = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
OldVolNames = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
RecVolNumber = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Update = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Fresh = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
SyncFiles = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Move = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Solid = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
AV = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Test = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Recovery = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
EraseDest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
AddArcOnly = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ClearArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Lock = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Method = "5"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
DictSizeLZ = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Background = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
WaitForOther = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Shutdown = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
Password = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
EncryptHeaders = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
OpenShared = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ProcessOwners = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
SaveStreams = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
GenerateArcName = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
VersionControl = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
GenerateMask = "yyyymmddhhnnss"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileTimeMode = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileDays = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileHours = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileMinutes = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileTimeBefore = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
FileTimeAfter = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ArcTimeOriginal = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ArcTimeLatest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
mtime = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
ctime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
atime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
PathsAbs = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
PathsNone = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
PathsAbsDrive = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
SeparateArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\1
PackDetails = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Name = "Backup selected files"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Default = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ImmExec = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
UseRAR = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
SFXElevate = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
CmtTextData = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
VolumeSize = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
VolPause = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
OldVolNames = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
RecVolNumber = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Update = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Fresh = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
SyncFiles = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Move = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Solid = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
AV = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Test = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Recovery = "ffffffff"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
EraseDest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
AddArcOnly = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ClearArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Lock = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Method = "3"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
DictSizeLZ = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Background = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
WaitForOther = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Shutdown = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
Password = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
EncryptHeaders = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
OpenShared = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ProcessOwners = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
SaveStreams = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
GenerateArcName = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
VersionControl = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
GenerateMask = "yyyymmddhhnnss"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileTimeMode = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileDays = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileHours = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileMinutes = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileTimeBefore = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
FileTimeAfter = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ArcTimeOriginal = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ArcTimeLatest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
mtime = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
ctime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
atime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
PathsAbs = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
PathsNone = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
PathsAbsDrive = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
SeparateArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\2
PackDetails = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Name = "Create 1.44MB volumes"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Default = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ImmExec = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
UseRAR = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
SFXElevate = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
CmtTextData = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
VolumeSize = "1457664"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
VolPause = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
OldVolNames = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
RecVolNumber = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Update = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Fresh = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
SyncFiles = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Move = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Solid = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
AV = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Test = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Recovery = "ffffffff"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
EraseDest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
AddArcOnly = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ClearArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Lock = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Method = "5"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
DictSizeLZ = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Background = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
WaitForOther = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Shutdown = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
Password = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
EncryptHeaders = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
OpenShared = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ProcessOwners = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
SaveStreams = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
GenerateArcName = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
VersionControl = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
GenerateMask = "yyyymmddhhnnss"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileTimeMode = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileDays = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileHours = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileMinutes = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileTimeBefore = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
FileTimeAfter = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ArcTimeOriginal = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ArcTimeLatest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
mtime = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
ctime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
atime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
PathsAbs = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
PathsNone = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
PathsAbsDrive = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
SeparateArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\3
PackDetails = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Name = "ZIP archive (low compression)"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Default = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ImmExec = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
UseRAR = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
SFXElevate = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
CmtTextData = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
VolumeSize = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
VolPause = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
OldVolNames = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
RecVolNumber = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Update = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Fresh = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
SyncFiles = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Move = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Solid = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
AV = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Test = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Recovery = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
EraseDest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
AddArcOnly = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ClearArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Lock = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Method = "5"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
DictSizeLZ = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Background = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
WaitForOther = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Shutdown = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
Password = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
EncryptHeaders = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
OpenShared = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ProcessOwners = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
SaveStreams = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
GenerateArcName = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
VersionControl = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
GenerateMask = "yyyymmddhhnnss"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileTimeMode = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileDays = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileHours = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileMinutes = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileTimeBefore = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
FileTimeAfter = "88"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ArcTimeOriginal = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ArcTimeLatest = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
mtime = "4"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
ctime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
atime = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
PathsAbs = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
PathsNone = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
PathsAbsDrive = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
SeparateArc = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Profiles\4
PackDetails = "{random values}"
HKEY_CURRENT_USER\Software\WinRAR\
General
AppDataCopied = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.rar
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.zip
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.cab
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.arj
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.lzh
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.ace
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.7z
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.tar
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.gz
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.uue
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.bz2
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.jar
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.iso
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\.z
Set = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\Links
Desktop = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\Links
StartMenu = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup\Links
Programs = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Setup
ShellExt = "1"
HKEY_CURRENT_USER\Software\WinRAR\
Setup
CascadedMenu = "0"
HKEY_CURRENT_USER\Software\WinRAR\
Setup
MenuIcons = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\App Paths\
WinRAR.exe
Path = "%User Temp%"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Shell Extensions\
Approved
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = "WinRAR shell extension"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\advapi32.dll[MofResourceName] = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\DRIVERS\ACPI.sys[ACPIMOFResource] = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\DRIVERS\mssmbios.sys[MofResource] = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\DRIVERS\intelppm.sys[PROCESSORWMI] = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\DRIVERS\ipnat.sys[IPNATMofResource] = "{random characters}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
WBEM\WDM
%System%\Drivers\HTTP.sys[UlMofResource] = "{random characters}"
スパイウェアは、以下のレジストリキーを削除します。
HKEY_CLASSES_ROOT\CLSID\{DDF7D820-8355-11CF-B357-444553540000}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Explorer\
ControlPanel\NameSpace\{7A9D77BD-5403-11d2-8785-2E0420524153}
作成活動
スパイウェアは、以下のファイルを作成します。
- %User Temp%\$inst\2.tmp
- %User Temp%\$inst\temp_0.tmp
- %User Temp%\Uninstall.ini
- %Start Menu%\Programs\WinRAR\WinRAR.lnk
- %Start Menu%\Programs\WinRAR\WinRAR help.lnk
- %Start Menu%\Programs\WinRAR\Console RAR manual.lnk
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
このレジストリキーを削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- WinRAR (USB Edition) 3.79
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- 7z.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- ace.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- arj.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- bz2.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- cab.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- gz.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- iso.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- lzh.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- tar.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- uue.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Formats
- z.fmt
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles
- 0
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles
- 1
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles
- 2
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles
- 3
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles
- 4
- In HKEY_CURRENT_USER\Software\WinRAR
- General
- In HKEY_CURRENT_USER\Software\WinRAR\Interface
- Themes
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .rar
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .zip
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .cab
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .arj
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .lzh
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .ace
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .7z
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .tar
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .gz
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .uue
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .bz2
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .jar
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .iso
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- .z
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- Links
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths
- WinRAR.exe
- In HKEY_CLASSES_ROOT\CLSID
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
- InProcServer32
- In HKEY_CLASSES_ROOT\WinRAR\shellex\ContextMenuHandlers
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\WinRAR\shellex\PropertySheetHandlers
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex\ContextMenuHandlers
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex\PropertySheetHandlers
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\exefile\shellex\PropertySheetHandlers
- {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- In HKEY_CLASSES_ROOT\WinRAR\shellex
- DropHandler
- In HKEY_CLASSES_ROOT\WinRAR.ZIP\shellex
- DropHandler
- In HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\Folder\shellex\DragDropHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\Drive\shellex\DragDropHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers
- WinRAR
- In HKEY_CLASSES_ROOT\WinRAR\shell\open
- command
- In HKEY_CLASSES_ROOT\WinRAR
- DefaultIcon
- In HKEY_CLASSES_ROOT\WinRAR.ZIP\shell\open
- command
- In HKEY_CLASSES_ROOT\WinRAR.ZIP
- DefaultIcon
- In HKEY_CLASSES_ROOT
- .rev
- In HKEY_CLASSES_ROOT
- WinRAR.REV
- In HKEY_CLASSES_ROOT\WinRAR.REV\shell\open
- command
- In HKEY_CLASSES_ROOT\WinRAR.REV
- DefaultIcon
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR (USB Edition) 3.79
- DisplayName = "WinRAR (USB Edition) 3.79"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR (USB Edition) 3.79
- DisplayIcon = "%User Temp%\Uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR (USB Edition) 3.79
- UninstallString = "%User Temp%\Uninstall.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR (USB Edition) 3.79
- NoModify = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR (USB Edition) 3.79
- NoRepair = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\7z.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\7z.fmt
- Ident = "e721d80015c00"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\ace.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\ace.fmt
- Ident = "e721d800dc00"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\arj.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\arj.fmt
- Ident = "e721d800d000"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\bz2.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\bz2.fmt
- Ident = "e721d80012000"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\cab.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\cab.fmt
- Ident = "e721d800c800"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\gz.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\gz.fmt
- Ident = "e721d800f800"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\iso.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\iso.fmt
- Ident = "e721d80012000"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\lzh.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\lzh.fmt
- Ident = "e721d800e400"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\tar.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\tar.fmt
- Ident = "e721d800d800"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\uue.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\uue.fmt
- Ident = "e721d800bc00"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\z.fmt
- Info = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Formats\z.fmt
- Ident = "e721d800e800"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Name = "Default Profile"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Default = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ImmExec = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- UseRAR = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- SFXElevate = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- CmtTextData = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- VolumeSize = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- VolPause = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- OldVolNames = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- RecVolNumber = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Update = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Fresh = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- SyncFiles = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Move = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Solid = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- AV = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Test = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Recovery = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- EraseDest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- AddArcOnly = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ClearArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Lock = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Method = "3"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- DictSizeLZ = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Background = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- WaitForOther = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Shutdown = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- Password = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- EncryptHeaders = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- OpenShared = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ProcessOwners = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- SaveStreams = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- GenerateArcName = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- VersionControl = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- GenerateMask = "yyyymmddhhnnss"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileTimeMode = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileDays = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileHours = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileMinutes = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileTimeBefore = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- FileTimeAfter = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ArcTimeOriginal = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ArcTimeLatest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- mtime = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- ctime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- atime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- PathsAbs = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- PathsNone = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- PathsAbsDrive = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- SeparateArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\0
- PackDetails = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Name = "Create e-mail attachment"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Default = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ImmExec = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- UseRAR = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- SFXElevate = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- CmtTextData = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- VolumeSize = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- VolPause = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- OldVolNames = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- RecVolNumber = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Update = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Fresh = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- SyncFiles = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Move = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Solid = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- AV = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Test = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Recovery = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- EraseDest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- AddArcOnly = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ClearArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Lock = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Method = "5"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- DictSizeLZ = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Background = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- WaitForOther = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Shutdown = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- Password = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- EncryptHeaders = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- OpenShared = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ProcessOwners = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- SaveStreams = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- GenerateArcName = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- VersionControl = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- GenerateMask = "yyyymmddhhnnss"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileTimeMode = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileDays = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileHours = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileMinutes = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileTimeBefore = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- FileTimeAfter = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ArcTimeOriginal = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ArcTimeLatest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- mtime = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- ctime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- atime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- PathsAbs = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- PathsNone = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- PathsAbsDrive = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- SeparateArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\1
- PackDetails = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Name = "Backup selected files"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Default = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ImmExec = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- UseRAR = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- SFXElevate = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- CmtTextData = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- VolumeSize = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- VolPause = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- OldVolNames = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- RecVolNumber = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Update = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Fresh = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- SyncFiles = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Move = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Solid = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- AV = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Test = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Recovery = "ffffffff"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- EraseDest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- AddArcOnly = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ClearArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Lock = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Method = "3"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- DictSizeLZ = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Background = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- WaitForOther = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Shutdown = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- Password = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- EncryptHeaders = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- OpenShared = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ProcessOwners = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- SaveStreams = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- GenerateArcName = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- VersionControl = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- GenerateMask = "yyyymmddhhnnss"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileTimeMode = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileDays = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileHours = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileMinutes = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileTimeBefore = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- FileTimeAfter = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ArcTimeOriginal = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ArcTimeLatest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- mtime = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- ctime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- atime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- PathsAbs = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- PathsNone = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- PathsAbsDrive = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- SeparateArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\2
- PackDetails = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Name = "Create 1.44MB volumes"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Default = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ImmExec = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- UseRAR = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- SFXElevate = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- CmtTextData = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- VolumeSize = "1457664"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- VolPause = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- OldVolNames = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- RecVolNumber = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Update = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Fresh = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- SyncFiles = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Move = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Solid = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- AV = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Test = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Recovery = "ffffffff"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- EraseDest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- AddArcOnly = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ClearArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Lock = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Method = "5"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- DictSizeLZ = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Background = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- WaitForOther = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Shutdown = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- Password = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- EncryptHeaders = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- OpenShared = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ProcessOwners = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- SaveStreams = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- GenerateArcName = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- VersionControl = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- GenerateMask = "yyyymmddhhnnss"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileTimeMode = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileDays = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileHours = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileMinutes = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileTimeBefore = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- FileTimeAfter = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ArcTimeOriginal = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ArcTimeLatest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- mtime = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- ctime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- atime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- PathsAbs = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- PathsNone = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- PathsAbsDrive = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- SeparateArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\3
- PackDetails = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Name = "ZIP archive (low compression)"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Default = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ImmExec = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- UseRAR = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- SFXElevate = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- CmtTextData = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- VolumeSize = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- VolPause = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- OldVolNames = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- RecVolNumber = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Update = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Fresh = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- SyncFiles = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Move = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Solid = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- AV = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Test = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Recovery = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- EraseDest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- AddArcOnly = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ClearArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Lock = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Method = "5"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- DictSizeLZ = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Background = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- WaitForOther = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Shutdown = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- Password = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- EncryptHeaders = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- OpenShared = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ProcessOwners = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- SaveStreams = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- GenerateArcName = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- VersionControl = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- GenerateMask = "yyyymmddhhnnss"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileTimeMode = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileDays = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileHours = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileMinutes = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileTimeBefore = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- FileTimeAfter = "88"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ArcTimeOriginal = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ArcTimeLatest = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- mtime = "4"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- ctime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- atime = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- PathsAbs = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- PathsNone = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- PathsAbsDrive = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- SeparateArc = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Profiles\4
- PackDetails = "{random values}"
- In HKEY_CURRENT_USER\Software\WinRAR\General
- AppDataCopied = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.rar
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.zip
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.cab
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.arj
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.lzh
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.ace
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.7z
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.tar
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.gz
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.uue
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.bz2
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.jar
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.iso
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\.z
- Set = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\Links
- Desktop = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\Links
- StartMenu = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup\Links
- Programs = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- ShellExt = "1"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- CascadedMenu = "0"
- In HKEY_CURRENT_USER\Software\WinRAR\Setup
- MenuIcons = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WinRAR.exe
- Path = "%User Temp%"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}\InProcServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
- {B41DB860-8EE4-11D2-9906-E49FADC173CA} = "WinRAR shell extension"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\advapi32.dll[MofResourceName] = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\DRIVERS\ACPI.sys[ACPIMOFResource] = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\DRIVERS\mssmbios.sys[MofResource] = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\DRIVERS\intelppm.sys[PROCESSORWMI] = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\DRIVERS\ipnat.sys[IPNATMofResource] = "{random characters}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\WDM
- %System%\Drivers\HTTP.sys[UlMofResource] = "{random characters}"
手順 4
以下のファイルを検索し削除します。
- %User Temp%\$inst\2.tmp
- %User Temp%\$inst\temp_0.tmp
- %User Temp%\Uninstall.ini
- %Start Menu%\Programs\WinRAR\WinRAR.lnk
- %Start Menu%\Programs\WinRAR\WinRAR help.lnk
- %Start Menu%\Programs\WinRAR\Console RAR manual.lnk
手順 5
以下のフォルダを検索し削除します。
- %User Temp%\$inst
- %User Temp%\Formats
- %User Profile%\Application Data\WinRAR
- %Start Menu%\Programs\WinRAR
手順 6
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「TSPY_BANCOS.ATL」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 7
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\Uninstall.exe
- %Desktop%\WinRAR.lnk
- %Start Menu%\WinRAR.lnk
手順 8
以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。
※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。
- In HKEY_CLASSES_ROOT\CLSID
- {DDF7D820-8355-11CF-B357-444553540000}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel\NameSpace
- {7A9D77BD-5403-11d2-8785-2E0420524153}
ご利用はいかがでしたか? アンケートにご協力ください