ADW_BOXORE
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
- マルウェアタイプ: アドウェア
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
侵入方法
アドウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
アドウェアは、以下のフォルダを作成します。
- %User Temp%\GUM1.tmp
- %Application Data%\Software
- %Application Data%\Software\CrashReports
- %Program Files%\Software
- %Program Files%\Software\CrashReports
- %Program Files%\Software\Update
- %Program Files%\Software\Update\1.2.201.0
- %Program Files%\Software\Update\Offline
- %User Profile%\Application Data\Software
- %User Profile%\Software\Update
- %User Profile%\Update\Download
- %System Root%\MSI234c3.tmp
- %System Root%\MSI234c6.tmp
- %Application Data%\Software\Update
- %Application Data%\Software\Update\Manifest
- %Application Data%\Software\Update\Manifest\Initial
- %User Profile%\Network\Downloader
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Application Data%フォルダは、Windows 2000、XP および Server 2003 の場合、通常 "C:\Documents and Settings\<ユーザ名>\Local Settings\Application Data"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming" です。. %Program Files%フォルダは、Windows 2000、Server 2003、XP (32ビット)、通常 Vista (32ビット) および 7 (32ビット) の場合、通常 "C:\Program Files"、Windows XP (64ビット)、Vista (64ビット) および 7 (64ビット) の場合、通常 "C:\Program Files (x86)" です。. %User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>" です。. %System Root%フォルダは、標準設定では "C:" です。また、オペレーティングシステムが存在する場所です。)
他のシステム変更
アドウェアは、以下のファイルを削除します。
- %User Temp%\GUM1.tmp
- %User Temp%\GUT4.tmp
- %Windows%\Tasks\SoftwareUpdateTask.job
- %Windows%\Tasks\SoftwareUpdateTaskMachine.job
- %Temp%\GUR98.exe
- %Temp%\GUR98.tmp
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Windows%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、"C:\Windows" です。. %Temp%フォルダは、標準設定では "C:\Windows\Temp" です。)
アドウェアは、以下のフォルダを削除します。
- %User Profile%\My Documents\My Pictures
- %Start Menu%\Programs\Administrative Tools
(註:%User Profile% フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Documents and Settings\<ユーザ名>"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>" です。. %Start Menu%フォルダは、Windows 2000、XP および Server 2003 の場合、通常、"C:\Windows\Start Menu" または "C:\Documents and Settings\<ユーザ名>\Start Menu"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Roaming\Microsoft\Windows\Start Menu" です。)
アドウェアは、以下のレジストリキーを追加します。
HKEY_LOCAL_MACHINE\Software\Software\
Update\network
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\network\{random key}
HKEY_LOCAL_MACHINE\Software\Software\
Update\UsageStats\Daily
HKEY_LOCAL_MACHINE\Software\Software\
Update\Clients\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
HKEY_LOCAL_MACHINE\Software\Software\
Update\ClientState
HKEY_LOCAL_MACHINE\Software\Software\
Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
HKEY_LOCAL_MACHINE\Software\Software\
Update\ClientStateMedium
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\SoftwareUpdate.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.CoreClass.1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.CoreClass.1\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.CoreClass
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.CoreClass\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.CoreClass\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
@www.dlmanager.net/omaha/tools//Software Update;version=8\MimeTypes
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
@www.dlmanager.net/omaha/tools//Software Update;version=8\MimeTypes\application/x-vnd.software.oneclickctrl.8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
PreApproved
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
PreApproved\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
Stats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\iexplore
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\iexplore\
AllowedDomains
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Ext\
Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\iexplore\
AllowedDomains\*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Software.OneClickCtrl.8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Software.OneClickCtrl.8\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-vnd.software.oneclickctrl.8
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
InProgress
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
DDA484E0EDB80C24F9BF67BE0A6EEA99
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\Usage
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Features\64A6E60055D801F4BB8AC269354B72B8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\Features
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\Patches
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList\Net
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList\Media
HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Installer\
TempPackages
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}\InProcServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}\NumMethods
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdateProcessLauncher.1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdateProcessLauncher.1.0\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdateProcessLauncher
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdateProcessLauncher\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdateProcessLauncher\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.OnDemandCOMClassMachine.1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.OnDemandCOMClassMachine.1.0\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.OnDemandCOMClassMachine
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.OnDemandCOMClassMachine\CLSID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
SoftwareUpdate.OnDemandCOMClassMachine\CurVer
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\VersionIndependentProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\Elevation
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\network\secure-S-1-5-18
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS\CtlGuid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\BITS
アドウェアは、以下のレジストリ値を追加します。
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily
LastTransmission = "53c698cb"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\Clients\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
pv = "1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update
path = "%Program Files%\Software\Update\SoftwareUpdate.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
brand = "GGLS"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
InstallTime = "53c698d9"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
pv = "1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\SoftwareUpdate.exe
AppID = "{32451DFC-C23B-4E12-866C-FC7982238504}"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
LocalService = "supdate"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
ServiceParameters = "/comsvc"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
AppID = "{32451DFC-C23B-4E12-866C-FC7982238504}"
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
Path = "%Program Files%\Software\Update\1.2.201.0\npSoftwareOneClick8.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
Description = "Software Update"
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
ProductName = "Software Update"
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
Vendor = "Software"
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\
{random key}
Version = "8"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
AppName = "SoftwareUpdate.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
AppPath = "%Program Files%\Software\Update"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Internet Explorer\Low Rights\ElevationPolicy\
{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
Policy = "3"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\InprocServer32
ThreadingModel = "Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
MIME\Database\Content Type\
application/x-vnd.software.oneclickctrl.8
CLSID = "{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update
version = "1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Components\
DDA484E0EDB80C24F9BF67BE0A6EEA99
64A6E60055D801F4BB8AC269354B72B8 = "02:\SOFTWARE\Software\Update\MsiStubRun"
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update
MsiStubRun = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
LocalPackage = "%Windows%\Installer\234c5.msi"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
DisplayVersion = "1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
InstallDate = "20140716"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
InstallSource = "%Program Files%\Software\Update\1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
ModifyPath = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
Publisher = "Boxore OU."
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
EstimatedSize = "2c"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
SystemComponent = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
UninstallString = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
VersionMajor = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
VersionMinor = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
WindowsInstaller = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
Version = "12c9"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
DisplayVersion = "1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
InstallDate = "20140716"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
InstallSource = "%Program Files%\Software\Update\1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
ModifyPath = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Publisher = "Boxore OU."
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
EstimatedSize = "2c"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
SystemComponent = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
UninstallString = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
VersionMajor = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
VersionMinor = "2"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
WindowsInstaller = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Version = "12c9"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\InstallProperties
DisplayName = "Software Update Helper"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
DisplayName = "Software Update Helper"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8\Features
Complete = "Q73Z'@UZN9}2_btMdNIY"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
ProductName = "Software Update Helper"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
PackageCode = "FEC987A1E3BBF1D42B4C4B4C5965C5E9"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Language = "49"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Version = "12c9"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
Assignment = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
AdvertiseFlags = "184"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
InstanceType = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8
AuthorizedLUAApp = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList
PackageName = "SoftwareUpdateHelper.msi"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList\Net
1 = "%Program Files%\Software\Update\1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList\Media
1 = ";"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Installer\Products\64A6E60055D801F4BB8AC269354B72B8\
SourceList
LastUsedSource = "n;1;%Program Files%\Software\Update\1.2.201.0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
TempPackages
%Windows%\Installer\234c5.msi = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}\InProcServer32
ThreadingModel = "Both"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
LocalizedString = "@%Program Files%\Software\Update\1.2.201.0\goopdate.dll,-3000"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\Elevation
Enabled = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\Elevation
IconReference = "@%Program Files%\Software\Update\1.2.201.0\goopdate.dll,-1004"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS
LogSessionName = "stdout"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS
Active = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS
ControlFlags = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS\CtlGuid
Guid = "4a8aaa94-cfc4-46a7-8e4e-17bc45608f0a"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows NT\CurrentVersion\Tracing\
Microsoft\BITS\CtlGuid
BitNames = "{random characters}"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\BackupRestore\FilesNotToBackup
BITS_metadata = "%User Profile%\Downloader\*"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\BITS
StateIndex = "0"
アドウェアは、以下のレジストリキーを削除します。
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily\
Counts
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily\
Timings
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily\
Integers
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily\
Booleans
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\Clients\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\Clients
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientState
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\ClientStateMedium
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\network
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats\Daily
HKEY_LOCAL_MACHINE\SOFTWARE\Software\
Update\UsageStats
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UpgradeCodes\BA086F2D38A8E1A47912955A68B3AD24
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Uninstall\
{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
UserData\S-1-5-18\Products\
64A6E60055D801F4BB8AC269354B72B8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Installer\
TempPackages
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}\AsynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}\AsynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}\AsynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}\AsynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}\AsynchronousInterface
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}\AsynchronousInterface
作成活動
アドウェアは、以下のファイルを作成します。
- %User Temp%\GUM1.tmp\SoftwareUpdate.exe
- %User Temp%\GUM1.tmp\SoftwareCrashHandler.exe
- %User Temp%\GUM1.tmp\goopdate.dll
- %User Temp%\GUM1.tmp\npSoftwareOneClick8.dll
- %User Temp%\GUM1.tmp\GoopdateBho.dll
- %User Temp%\GUM1.tmp\SoftwareUpdateHelper.msi
- %User Temp%\GUM1.tmp\goopdateres_ar.dll
- %User Temp%\GUM1.tmp\goopdateres_bg.dll
- %User Temp%\GUM1.tmp\goopdateres_bn.dll
- %User Temp%\GUM1.tmp\goopdateres_ca.dll
- %User Temp%\GUM1.tmp\goopdateres_cs.dll
- %User Temp%\GUM1.tmp\goopdateres_da.dll
- %User Temp%\GUM1.tmp\goopdateres_de.dll
- %User Temp%\GUM1.tmp\goopdateres_el.dll
- %User Temp%\GUM1.tmp\goopdateres_en.dll
- %User Temp%\GUM1.tmp\goopdateres_en-GB.dll
- %User Temp%\GUM1.tmp\goopdateres_es.dll
- %User Temp%\GUM1.tmp\goopdateres_es-419.dll
- %User Temp%\GUM1.tmp\goopdateres_et.dll
- %User Temp%\GUM1.tmp\goopdateres_fa.dll
- %User Temp%\GUM1.tmp\goopdateres_fi.dll
- %User Temp%\GUM1.tmp\goopdateres_fil.dll
- %User Temp%\GUM1.tmp\goopdateres_fr.dll
- %User Temp%\GUM1.tmp\goopdateres_gu.dll
- %User Temp%\GUM1.tmp\goopdateres_hi.dll
- %User Temp%\GUM1.tmp\goopdateres_hr.dll
- %User Temp%\GUM1.tmp\goopdateres_hu.dll
- %User Temp%\GUM1.tmp\goopdateres_id.dll
- %User Temp%\GUM1.tmp\goopdateres_is.dll
- %User Temp%\GUM1.tmp\goopdateres_it.dll
- %User Temp%\GUM1.tmp\goopdateres_iw.dll
- %User Temp%\GUM1.tmp\goopdateres_ja.dll
- %User Temp%\GUM1.tmp\goopdateres_kn.dll
- %User Temp%\GUM1.tmp\goopdateres_ko.dll
- %User Temp%\GUM1.tmp\goopdateres_lt.dll
- %User Temp%\GUM1.tmp\goopdateres_lv.dll
- %User Temp%\GUM1.tmp\goopdateres_ml.dll
- %User Temp%\GUM1.tmp\goopdateres_mr.dll
- %User Temp%\GUM1.tmp\goopdateres_ms.dll
- %User Temp%\GUM1.tmp\goopdateres_nl.dll
- %User Temp%\GUM1.tmp\goopdateres_no.dll
- %User Temp%\GUM1.tmp\goopdateres_or.dll
- %User Temp%\GUM1.tmp\goopdateres_pl.dll
- %User Temp%\GUM1.tmp\goopdateres_pt-BR.dll
- %User Temp%\GUM1.tmp\goopdateres_pt-PT.dll
- %User Temp%\GUM1.tmp\goopdateres_ro.dll
- %User Temp%\GUM1.tmp\goopdateres_ru.dll
- %User Temp%\GUM1.tmp\goopdateres_sk.dll
- %User Temp%\GUM1.tmp\goopdateres_sl.dll
- %User Temp%\GUM1.tmp\goopdateres_sr.dll
- %User Temp%\GUM1.tmp\goopdateres_sv.dll
- %User Temp%\GUM1.tmp\goopdateres_ta.dll
- %User Temp%\GUM1.tmp\goopdateres_te.dll
- %User Temp%\GUM1.tmp\goopdateres_th.dll
- %User Temp%\GUM1.tmp\goopdateres_tr.dll
- %User Temp%\GUM1.tmp\goopdateres_uk.dll
- %User Temp%\GUM1.tmp\goopdateres_ur.dll
- %User Temp%\GUM1.tmp\goopdateres_vi.dll
- %User Temp%\GUM1.tmp\goopdateres_zh-CN.dll
- %User Temp%\GUM1.tmp\goopdateres_zh-TW.dll
- %Windows%\Tasks\SoftwareUpdateTaskMachineCore.job
- %Windows%\Tasks\SoftwareUpdateTaskMachineUA.job
- %Windows%\Installer\234c2.msi
- %Windows%\Installer\234c4.ipi
- %Windows%\Installer\MSI8F.tmp
- %Windows%\Installer\234c5.msi
- %Windows%\Installer\234c7.ipi
- %Windows%\Installer\MSIA7.tmp
(註:%User Temp%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、Windows 2000、XP および Server 2003 の場合、"C:\Documents and Settings\<ユーザー名>\Local Settings\Temp"、Windows Vista および 7 の場合、"C:\Users\<ユーザ名>\AppData\Local\Temp" です。. %Windows%フォルダはWindowsの種類とインストール時の設定などにより異なります。標準設定では、"C:\Windows" です。)
その他
アドウェアは、以下の不正なWebサイトにアクセスします。
- {BLOCKED}0.1
このウイルス情報は、自動解析システムにより作成されました。
対応方法
手順 1
Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。
手順 2
不明なレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\Software\Software\Update
- network
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\network
- {random key}
- In HKEY_LOCAL_MACHINE\Software\Software\Update\UsageStats
- Daily
- In HKEY_LOCAL_MACHINE\Software\Software\Update\Clients
- {8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- In HKEY_LOCAL_MACHINE\Software\Software\Update
- ClientState
- In HKEY_LOCAL_MACHINE\Software\Software\Update\ClientState
- {8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- In HKEY_LOCAL_MACHINE\Software\Software\Update
- ClientStateMedium
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- {32451DFC-C23B-4E12-866C-FC7982238504}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
- SoftwareUpdate.exe
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdate.CoreClass.1
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.CoreClass.1
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdate.CoreClass
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.CoreClass
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.CoreClass
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {32451DFC-C23B-4E12-866C-FC7982238504}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins
- {random key}
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8
- MimeTypes
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@www.dlmanager.net/omaha/tools//Software Update;version=8\MimeTypes
- application/x-vnd.software.oneclickctrl.8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
- Ext
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
- PreApproved
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved
- {42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext
- Stats
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats
- {42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- iexplore
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\iexplore
- AllowedDomains
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\iexplore\AllowedDomains
- *
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
- {42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- Software.OneClickCtrl.8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software.OneClickCtrl.8
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- InprocServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type
- application/x-vnd.software.oneclickctrl.8
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer
- InProgress
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components
- DDA484E0EDB80C24F9BF67BE0A6EEA99
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
- InstallProperties
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
- {006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes
- BA086F2D38A8E1A47912955A68B3AD24
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
- Usage
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features
- 64A6E60055D801F4BB8AC269354B72B8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
- Features
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8
- Patches
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products
- 64A6E60055D801F4BB8AC269354B72B8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes
- BA086F2D38A8E1A47912955A68B3AD24
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- SourceList
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList
- Net
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList
- Media
- In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer
- TempPackages
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}
- InProcServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {7A1BCE27-099C-4628-B63A-AEC00C6376B3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {DBE82879-914A-422F-BAE9-2ECC80BE536F}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
- {F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
- ProxyStubClsid32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
- NumMethods
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdateProcessLauncher.1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdateProcessLauncher.1.0
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdateProcessLauncher
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdateProcessLauncher
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdateProcessLauncher
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
- LocalServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{092A2C6B-43EE-4F9F-8F8E-14ED5E11C14B}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdate.OnDemandCOMClassMachine.1.0
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine.1.0
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes
- SoftwareUpdate.OnDemandCOMClassMachine
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
- CLSID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SoftwareUpdate.OnDemandCOMClassMachine
- CurVer
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
- {257A6158-1416-4B31-9BF8-29FF49F3814F}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- ProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- VersionIndependentProgID
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- LocalServer32
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- TypeLib
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- Elevation
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\network
- secure-S-1-5-18
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft
- BITS
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
- CtlGuid
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
- BITS
手順 3
このレジストリ値を削除します。
警告:レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats\Daily
- LastTransmission = "53c698cb"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\Clients\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- pv = "1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- path = "%Program Files%\Software\Update\SoftwareUpdate.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- brand = "GGLS"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- InstallTime = "53c698d9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\ClientState\{8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- pv = "1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
- AppID = "{32451DFC-C23B-4E12-866C-FC7982238504}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
- LocalService = "supdate"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{32451DFC-C23B-4E12-866C-FC7982238504}
- ServiceParameters = "/comsvc"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32451DFC-C23B-4E12-866C-FC7982238504}
- AppID = "{32451DFC-C23B-4E12-866C-FC7982238504}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\{random key}
- Path = "%Program Files%\Software\Update\1.2.201.0\npSoftwareOneClick8.dll"
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\{random key}
- Description = "Software Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\{random key}
- ProductName = "Software Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\{random key}
- Vendor = "Software"
- In HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\{random key}
- Version = "8"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- AppName = "SoftwareUpdate.exe"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- AppPath = "%Program Files%\Software\Update"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}
- Policy = "3"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}\InprocServer32
- ThreadingModel = "Apartment"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/x-vnd.software.oneclickctrl.8
- CLSID = "{42AEFAF9-09D6-4185-87AE-DEDF6E955CB4}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- version = "1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA484E0EDB80C24F9BF67BE0A6EEA99
- 64A6E60055D801F4BB8AC269354B72B8 = "02:\SOFTWARE\Software\Update\MsiStubRun"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- MsiStubRun = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- LocalPackage = "%Windows%\Installer\234c5.msi"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- DisplayVersion = "1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- InstallDate = "20140716"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- InstallSource = "%Program Files%\Software\Update\1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- ModifyPath = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- Publisher = "Boxore OU."
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- EstimatedSize = "2c"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- SystemComponent = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- UninstallString = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- VersionMajor = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- VersionMinor = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- WindowsInstaller = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- Version = "12c9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- Language = "49"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- DisplayVersion = "1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- InstallDate = "20140716"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- InstallSource = "%Program Files%\Software\Update\1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- ModifyPath = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- Publisher = "Boxore OU."
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- EstimatedSize = "2c"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- SystemComponent = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- UninstallString = "MsiExec.exe /I{006E6A46-8D55-4F10-BBA8-2C9653B4278B}"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- VersionMajor = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- VersionMinor = "2"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- WindowsInstaller = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- Version = "12c9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- Language = "49"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\InstallProperties
- DisplayName = "Software Update Helper"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- DisplayName = "Software Update Helper"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\64A6E60055D801F4BB8AC269354B72B8\Features
- Complete = "Q73Z'@UZN9}2_btMdNIY"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- ProductName = "Software Update Helper"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- PackageCode = "FEC987A1E3BBF1D42B4C4B4C5965C5E9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- Language = "49"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- Version = "12c9"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- Assignment = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- AdvertiseFlags = "184"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- InstanceType = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8
- AuthorizedLUAApp = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList
- PackageName = "SoftwareUpdateHelper.msi"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList\Net
- 1 = "%Program Files%\Software\Update\1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList\Media
- 1 = ";"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\64A6E60055D801F4BB8AC269354B72B8\SourceList
- LastUsedSource = "n;1;%Program Files%\Software\Update\1.2.201.0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\TempPackages
- %Windows%\Installer\234c5.msi = "0"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC5C4189-A8A0-4C9D-8910-C9CEF8360077}\InProcServer32
- ThreadingModel = "Both"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}
- LocalizedString = "@%Program Files%\Software\Update\1.2.201.0\goopdate.dll,-3000"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\Elevation
- Enabled = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{257A6158-1416-4B31-9BF8-29FF49F3814F}\Elevation
- IconReference = "@%Program Files%\Software\Update\1.2.201.0\goopdate.dll,-1004"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
- LogSessionName = "stdout"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
- Active = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS
- ControlFlags = "1"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
- Guid = "4a8aaa94-cfc4-46a7-8e4e-17bc45608f0a"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\BITS\CtlGuid
- BitNames = "{random characters}"
- In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\BackupRestore\FilesNotToBackup
- BITS_metadata = "%User Profile%\Downloader\*"
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS
- StateIndex = "0"
手順 4
以下のファイルを検索し削除します。
- %User Temp%\GUM1.tmp\SoftwareUpdate.exe
- %User Temp%\GUM1.tmp\SoftwareCrashHandler.exe
- %User Temp%\GUM1.tmp\goopdate.dll
- %User Temp%\GUM1.tmp\npSoftwareOneClick8.dll
- %User Temp%\GUM1.tmp\GoopdateBho.dll
- %User Temp%\GUM1.tmp\SoftwareUpdateHelper.msi
- %User Temp%\GUM1.tmp\goopdateres_ar.dll
- %User Temp%\GUM1.tmp\goopdateres_bg.dll
- %User Temp%\GUM1.tmp\goopdateres_bn.dll
- %User Temp%\GUM1.tmp\goopdateres_ca.dll
- %User Temp%\GUM1.tmp\goopdateres_cs.dll
- %User Temp%\GUM1.tmp\goopdateres_da.dll
- %User Temp%\GUM1.tmp\goopdateres_de.dll
- %User Temp%\GUM1.tmp\goopdateres_el.dll
- %User Temp%\GUM1.tmp\goopdateres_en.dll
- %User Temp%\GUM1.tmp\goopdateres_en-GB.dll
- %User Temp%\GUM1.tmp\goopdateres_es.dll
- %User Temp%\GUM1.tmp\goopdateres_es-419.dll
- %User Temp%\GUM1.tmp\goopdateres_et.dll
- %User Temp%\GUM1.tmp\goopdateres_fa.dll
- %User Temp%\GUM1.tmp\goopdateres_fi.dll
- %User Temp%\GUM1.tmp\goopdateres_fil.dll
- %User Temp%\GUM1.tmp\goopdateres_fr.dll
- %User Temp%\GUM1.tmp\goopdateres_gu.dll
- %User Temp%\GUM1.tmp\goopdateres_hi.dll
- %User Temp%\GUM1.tmp\goopdateres_hr.dll
- %User Temp%\GUM1.tmp\goopdateres_hu.dll
- %User Temp%\GUM1.tmp\goopdateres_id.dll
- %User Temp%\GUM1.tmp\goopdateres_is.dll
- %User Temp%\GUM1.tmp\goopdateres_it.dll
- %User Temp%\GUM1.tmp\goopdateres_iw.dll
- %User Temp%\GUM1.tmp\goopdateres_ja.dll
- %User Temp%\GUM1.tmp\goopdateres_kn.dll
- %User Temp%\GUM1.tmp\goopdateres_ko.dll
- %User Temp%\GUM1.tmp\goopdateres_lt.dll
- %User Temp%\GUM1.tmp\goopdateres_lv.dll
- %User Temp%\GUM1.tmp\goopdateres_ml.dll
- %User Temp%\GUM1.tmp\goopdateres_mr.dll
- %User Temp%\GUM1.tmp\goopdateres_ms.dll
- %User Temp%\GUM1.tmp\goopdateres_nl.dll
- %User Temp%\GUM1.tmp\goopdateres_no.dll
- %User Temp%\GUM1.tmp\goopdateres_or.dll
- %User Temp%\GUM1.tmp\goopdateres_pl.dll
- %User Temp%\GUM1.tmp\goopdateres_pt-BR.dll
- %User Temp%\GUM1.tmp\goopdateres_pt-PT.dll
- %User Temp%\GUM1.tmp\goopdateres_ro.dll
- %User Temp%\GUM1.tmp\goopdateres_ru.dll
- %User Temp%\GUM1.tmp\goopdateres_sk.dll
- %User Temp%\GUM1.tmp\goopdateres_sl.dll
- %User Temp%\GUM1.tmp\goopdateres_sr.dll
- %User Temp%\GUM1.tmp\goopdateres_sv.dll
- %User Temp%\GUM1.tmp\goopdateres_ta.dll
- %User Temp%\GUM1.tmp\goopdateres_te.dll
- %User Temp%\GUM1.tmp\goopdateres_th.dll
- %User Temp%\GUM1.tmp\goopdateres_tr.dll
- %User Temp%\GUM1.tmp\goopdateres_uk.dll
- %User Temp%\GUM1.tmp\goopdateres_ur.dll
- %User Temp%\GUM1.tmp\goopdateres_vi.dll
- %User Temp%\GUM1.tmp\goopdateres_zh-CN.dll
- %User Temp%\GUM1.tmp\goopdateres_zh-TW.dll
- %Windows%\Tasks\SoftwareUpdateTaskMachineCore.job
- %Windows%\Tasks\SoftwareUpdateTaskMachineUA.job
- %Windows%\Installer\234c2.msi
- %Windows%\Installer\234c4.ipi
- %Windows%\Installer\MSI8F.tmp
- %Windows%\Installer\234c5.msi
- %Windows%\Installer\234c7.ipi
- %Windows%\Installer\MSIA7.tmp
手順 5
以下のフォルダを検索し削除します。
- %User Temp%\GUM1.tmp
- %Application Data%\Software
- %Application Data%\Software\CrashReports
- %Program Files%\Software
- %Program Files%\Software\CrashReports
- %Program Files%\Software\Update
- %Program Files%\Software\Update\1.2.201.0
- %Program Files%\Software\Update\Offline
- %User Profile%\Application Data\Software
- %User Profile%\Software\Update
- %User Profile%\Update\Download
- %System Root%\MSI234c3.tmp
- %System Root%\MSI234c6.tmp
- %Application Data%\Software\Update
- %Application Data%\Software\Update\Manifest
- %Application Data%\Software\Update\Manifest\Initial
- %User Profile%\Network\Downloader
手順 6
最新のバージョン(エンジン、パターンファイル)を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「ADW_BOXORE」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。
手順 7
以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア/グレイウェア/スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。
- %User Temp%\GUM1.tmp
- %User Temp%\GUT4.tmp
- %Windows%\Tasks\SoftwareUpdateTask.job
- %Windows%\Tasks\SoftwareUpdateTaskMachine.job
- %Temp%\GUR98.exe
- %Temp%\GUR98.tmp
手順 8
以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。
※註:マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats\Daily
- Counts
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats\Daily
- Timings
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats\Daily
- Integers
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats\Daily
- Booleans
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\Clients
- {8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- Clients
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\ClientState
- {8D358B02-92A9-4150-8A80-11B40FCCA1DC}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- ClientState
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- ClientStateMedium
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- network
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update\UsageStats
- Daily
- In HKEY_LOCAL_MACHINE\SOFTWARE\Software\Update
- UsageStats
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes
- BA086F2D38A8E1A47912955A68B3AD24
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
- {006E6A46-8D55-4F10-BBA8-2C9653B4278B}
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products
- 64A6E60055D801F4BB8AC269354B72B8
- In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer
- TempPackages
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7A1BCE27-099C-4628-B63A-AEC00C6376B3}
- AsynchronousInterface
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E12D7149-73EF-45E4-A1E9-99FD7DAE62D3}
- AsynchronousInterface
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBE82879-914A-422F-BAE9-2ECC80BE536F}
- AsynchronousInterface
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF3AFF7C-B9E9-48DD-9002-212B6DEAAC02}
- AsynchronousInterface
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{736EF78E-5A04-46F9-893E-EDEC6EA5DF45}
- AsynchronousInterface
- In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F2B184F1-547C-4EE9-BFC4-AC489C7077D9}
- AsynchronousInterface
ご利用はいかがでしたか? アンケートにご協力ください