PUA.Win32.Conduit.GN

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

起動中ブラウザのウインドウを全て閉じてください。

手順 3

「PUA.Win32.Conduit.GN」で検出したファイル名を確認し、そのファイルを終了します。

• すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
• 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
  セーフモードについては、こちらをご参照下さい。
• 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 4

不明なレジストリキーを削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_CURRENT_USER\Software
  • Headlight

• In HKEY_CURRENT_USER\Software\Headlight
  • GetRightToGo

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo
  • SharedConfig

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo
  • CustomizedApps

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo
  • NoRange-0

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo
  • NoRange-X

• In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme
  • toolbar

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • BrotherSoft_Extreme Toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • IE5

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • settings

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • URLSearchHooks

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
  • {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

• In HKEY_LOCAL_MACHINE\Software\Conduit
  • HomePage

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • Toolbar

• In HKEY_LOCAL_MACHINE\Software\BrotherSoft_Extreme
  • Communicator

• In HKEY_LOCAL_MACHINE\Software\Conduit\Platforms
  • {{GUID}}

• In HKEY_LOCAL_MACHINE\Software\conduitEngine
  • toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • IE5

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Settings

• In HKEY_LOCAL_MACHINE\Software\conduitEngine\toolbar
  • InstalledApps

• In HKEY_LOCAL_MACHINE\Software\Conduit\Platforms
  • {30F9B915-B755-4826-820B-08FBA6BD249D}

• In HKEY_LOCAL_MACHINE\Software\conduitEngine
  • Communicator

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitEngine\toolbar
  • Log

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Monitored

• In HKEY_CLASSES_ROOT\CLSID
  • {30F9B915-B755-4826-820B-08FBA6BD249D}

• In HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\Software\Conduit
  • Toolbars

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Repository

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository
  • conduit_ConduitEngine

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine
  • Coordinator

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • Conduit Engine

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
  • {296C382F-2879-4DD9-9B93-EC37D12FF383}

• In HKEY_CLASSES_ROOT\CLSID
  • {599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}

• In HKEY_CLASSES_ROOT\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}
  • InprocServer32

• In HKEY_CLASSES_ROOT\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}
  • ProgID

• In HKEY_CLASSES_ROOT\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}
  • VersionIndependentProgID

• In HKEY_CLASSES_ROOT
  • Conduit.Engine

• In HKEY_CLASSES_ROOT\Conduit.Engine
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved
  • {599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Platforms
  • {599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}

• In HKEY_CURRENT_USER\Software\AppDataLow
  • Toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Toolbar
  • RegisteredSources

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • conduitEngine

• In HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
  • naipdapbimiiikbbgjcpbgmfhnlbagpj

手順 5

このレジストリ値を削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\CustomizedApps
  • 1ae33d5bb6432da3b026aa1f1f9161b88fb00d9f = "1"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • BusyPause = "15"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • FileCache = "0"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • FileCacheKB = "100"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • Rollback = "0"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • DotGetRight = "0"

• In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached
  • {random string} = "\x01\x00\x00\x00\x00\x00\x00\x00\xf8beX\xf06\xd5\x01"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • LastX = "474"

• In HKEY_CURRENT_USER\Software\Headlight\GetRightToGo\SharedConfig
  • LastY = "337"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • MarkOldApps = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
  • DisplayName = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
  • UninstallString = "%Program Files%\BROTHE~1\UNINST~1.EXE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • CabinetVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • ExplorerVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • FirstTime = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • Visible = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • FixPageNotFoundError = "1"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • GroupingServerURL = "http://grouping.{BLOCKED}es.conduit.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • SearchServerUrl = "http://search.{BLOCKED}t.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • Server = "users.conduit.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • ShouldPerformGroupByOS = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • UsageURL = "http://usage.{BLOCKED}s.conduit.com/UsersWebService.asmx/UsersRequests"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • WebServerUrl = "http://BrotherSoftExtreme.OurToolbar.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • Write us link = "brothersoft_toolbar@brothersoft.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • ShouldSendReferalCookie = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • OpenSetupFinishPage = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • SocialDomains = "http://apps.conduit.com; http://social.conduit.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • EnableSearchFromAddress = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • SearchFromAddressUrl = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
  • {{GUID}} = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • DisplayName = "BrotherSoft Extreme Customized Web Search"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • URL = "http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
  • DefaultScope = "{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • BrowserSearchURL = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage
  • {{GUID}} = "http://search.{BLOCKED}t.com?SearchSource=10&ctid=CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {{GUID}} = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{{GUID}}
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\Communicator
  • Url = "http://servicemap.{BLOCKED}t-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ComId = "{{GUID}}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • DisplayName = "BrotherSoft Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • DisplayTitle = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • GroupingEnabled = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • InstallationId = "brothersoftextreme_ct2776682.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • InstallationType = "conduitintegration"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • MultiCommunityEnabled = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • Path = "%Program Files%\BrotherSoft_Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • Server = "users.conduit.com"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldPerformGroupByOS = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldShowPersonalComponentDlg = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • SponsorId = "CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ToolbarHelperFileName = "%Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{{GUID}}
  • Name = "BrotherSoft_Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • PlatformType = "ConduitToolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • IsEngineHost = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AllowToUninstallFromEngine = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ForceEngineUninstall = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ToolbarDllName = "tbBrot.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • IphoneUpdateURL = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AutoUpdateHelperPath = "%AppDataLocal%\Conduit\CT2776682\BrotherSoft_ExtremeAutoUpdateHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AllowUntrustedApps = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ProtectHomePage = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldSendToolbarAge = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
  • Enable Browser Extensions = "yes"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
  • Use Search Asst = "no"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ShouldShowFirstTimeDlg = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • CabinetVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • ExplorerVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • FirstTime = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • Visible = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Settings
  • EnableAppssAlerts = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {30F9B915-B755-4826-820B-08FBA6BD249D} = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • Path = "%Program Files%\ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ComId = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DisplayTitle = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DisplayName = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar\InstalledApps
  • (Default) = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DefaultSettingsServiceURL = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • Name = "conduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • PlatformType = "ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • SponsorId = "ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\Communicator
  • Url = "http://servicemap.{BLOCKED}t-services.com/Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ToolbarDllName = "ConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ShouldSendToolbarAge = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • HostID = "{{GUID}}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • EngineHelperFileName = "%Program Files%\ConduitEngine\ConduitEngineHelper.exe"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • ToolbarDllName = "ConduitEngine.dll"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Log
  • LogLevelsString = ""

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Monitored
  • SHRINK_TOOLBAR = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ProxyDllPath = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • version = "6.3.3.3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • (Default) = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
  • (Default) = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
  • ThreadingModel = "Apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {30F9B915-B755-4826-820B-08FBA6BD249D} = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit
  • GlobalUserId = "{D0249B87-D08A-487E-AF79-E88E18EFD030}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars
  • Conduit Engine = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • ToolbarRunFirstTimeAfterInstall = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine\Coordinator
  • ResetServiceMap = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
  • DisplayVersion = "6.3.3.3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • VistaElevationComId = "{296C382F-2879-4DD9-9B93-EC37D12FF383}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{296C382F-2879-4DD9-9B93-EC37D12FF383}
  • AppPath = "%Program Files%\ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{296C382F-2879-4DD9-9B93-EC37D12FF383}
  • AppName = "ConduitEngineHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{296C382F-2879-4DD9-9B93-EC37D12FF383}
  • Policy = "3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • EngineAPIComId = "{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}
  • (Default) = "Conduit Engine API Server"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}\InprocServer32
  • (Default) = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}\InprocServer32
  • ThreadingModel = "Apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}\ProgID
  • (Default) = "Conduit.Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}\VersionIndependentProgID
  • (Default) = "Conduit.Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine\CLSID
  • (Default) = "{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{599D12FA-9D73-4DD0-9D9B-45C2A1B9E227}
  • HostID = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • (Default) = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • NoExplorer = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • UserID = "UN42799387882476486"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • UserID = "UN42799387882476486"

• In HKEY_CURRENT_USER\Software\AppDataLow\Toolbar\RegisteredSources
  • ConduitEngine = "0"

• In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER
  • PendingFileRenameOperations = "\x00"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayName = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • UninstallString = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayIcon = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayVersion = "6.3.3.3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Publisher = "Conduit Ltd."

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Comments = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Contact = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayIcon = "%Program Files%\CONDUI~1\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayVersion = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • HelpLink = " "

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • UninstallString = "%Program Files%\CONDUI~1\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • URLInfoAbout = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
  • path = "%User Temp%\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\naipdapbimiiikbbgjcpbgmfhnlbagpj
  • version = "2.0.1.4"

手順 6

以下のファイルを検索し削除します。

• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0056.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007f.TMP
• %AppDataLocal%\Conduit\CT2776682\~GLH0006.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0072.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH0079.TMP
• %Program Files%\ConduitEngine\~GLH0004.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0068.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007e.TMP
• %Application Data%\GetRightToGo\1ae33d5bb6432da3b026aa1f1f9161b88fb00d9f.data0
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0046.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0077.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004d.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0004.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0073.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0045.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0054.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH0062.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH000c.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0003.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006e.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0063.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH0048.TMP
• %Program Files%\ConduitEngine\~GLH0003.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0005.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0050.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0070.TMP
• %Program Files%\ConduitEngine\~GLH0006.TMP
• %User Profile%\Documents\Downloads\spyPhone.zip
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH006f.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005d.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0007.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0057.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0069.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0051.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0009.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH005f.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage\~GLH0059.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome\~GLH0047.TMP
• %Program Files%\ConduitEngine\~GLH000a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH007a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome\~GLH0066.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0044.TMP
• %Program Files%\ConduitEngine\~GLH0005.TMP
• %Application Data%\GetRightToGo\1ae33d5bb6432da3b026aa1f1f9161b88fb00d9f.data
• %Application Data%\GetRightToGo\1ae33d5bb6432da3b026aa1f1f9161b88fb00d9f.htm
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0053.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0058.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH007b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\setup.ini
• %Program Files%\BrotherSoft_Extreme\~GLH0008.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0071.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0065.TMP
• %Program Files%\ConduitEngine\~GLH0002.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0064.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH000b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004f.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib\~GLH0078.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004e.TMP
• %Application Data%\GetRightToGo\1ae33d5bb6432da3b026aa1f1f9161b88fb00d9f.d000
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004c.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH000a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH005e.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH0060.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH0080.TMP
• %User Temp%\CCIS\ccsqlh.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH0049.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib\~GLH005a.TMP
• %User Profile%\Documents\Downloads\Integrated_BrotherSoft_TB.exe
• %AppDataLocal%Low\ConduitEngine\~GLH0007.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0075.TMP
• %AppDataLocal%\Microsoft\Internet Explorer\MSIMGSIZ.DAT
• %AppDataLocal%Low\ConduitEngine\ConduitEngine.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH0061.TMP
• %System%\GLBSINST.%$D
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0055.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0052.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0067.TMP
• %User Temp%\CCIS\sqlite3.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006b.TMP
• %Program Files%\ConduitEngine\~GLH0009.TMP
• %Program Files%\ConduitEngine\INSTALL.LOG
• %Program Files%\ConduitEngine\~GLH0008.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0074.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0076.TMP

手順 7

以下のフォルダを検索し削除します。

• %Program Files%\ConduitEngine
• %AppDataLocal%Low\ConduitEngine\Logs
• %User Temp%\{}\conduitengine\components
• %User Temp%\{}\conduitengine\defaults
• %User Temp%\{}\toolbar
• %User Profile%\AppData
• %User Temp%\{}\conduitengine\searchplugin
• %User Temp%\{}
• %User Temp%\{}\toolbar\chrome
• %Application Data%\Mozilla\Firefox
• %User Temp%\{}\toolbar\searchplugin
• %User Temp%\{}\META-INF
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome
• %User Temp%\{}\conduitengine\META-INF
• %AppDataLocal%Low\Temp
• %User Temp%\{}\conduitengine
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib
• %User Temp%\CCIS
• %User Profile%\Documents\Downloads
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin
• %User Temp%\{}\toolbar\defaults
• %AppDataLocal%Low\ConduitEngine
• %User Temp%\{}\toolbar\META-INF
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default
• %User Temp%\{}\conduitengine\lib
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}
• %Application Data%\GetRightToGo
• %User Temp%\{}\toolbar\components
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults
• %User Temp%\{}\toolbar\lib
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage
• %AppDataLocal%Low\Temp\Logs
• %User Temp%\{}\conduitengine\chrome
• %User Profile%\Documents
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components
• %AppDataLocal%Low
• %System Root%\Users
• %User Temp%\{}\conduitengine\DualPackage
• %Application Data%\Mozilla
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF
• %Program Files%\BrotherSoft_Extreme
• %AppDataLocal%\Conduit
• %AppDataLocal%\Conduit\CT2776682
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF

手順 8

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA.Win32.Conduit.GN」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 9

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア／グレイウェア／スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

• %User Temp%\{}\conduitengine\searchplugin\conduit.PNG
• %User Temp%\{}\toolbar\META-INF\zigbert.sf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\fbAlert.js
• %Program Files%\ConduitEngine\EngineSettings.json
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.ico
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome\conduitengine.jar
• %User Temp%\{}\conduitengine\components\ConduitAutoCompleteSearch.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.idl
• %Program Files%\ConduitEngine\ConduitEngineUninstall.exe
• %User Temp%\{}\toolbar\components\RadioWMPCore.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\alertSettingsComponent.xml
• %User Temp%\conduitcbi.exe
• %User Temp%\{}\conduitengine\install.rdf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome\brothersoft_extreme.jar
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
• %User Temp%\{}\conduitengine\defaults\postAppsContextMenu.xml
• %User Temp%\{}\conduitengine\defaults\appContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
• %Program Files%\ConduitEngine\appContextMenu.xml
• %User Temp%\{}\META-INF\zigbert.rsa
• %User Temp%\{}\toolbar\searchplugin\conduit.PNG
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\zigbert.sf
• %User Temp%\{}\conduitengine\components\RadioWMPCoreGecko19.dll
• %User Temp%\{}\conduitengine\DualPackage\install.rdf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.src
• %User Temp%\prxGLFBF3E.tmp.tbBrot.dll
• %User Temp%\{}\conduitengine\searchplugin\conduit.src
• %User Temp%\{}\conduitengine\components\ConduitToolbar.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitAutoCompleteSearch.xpt
• %Program Files%\BrotherSoft_Extreme\toolbar.cfg
• %User Temp%\{}\install.rdf
• %User Temp%\GLFC804.tmp.ConduitEngine.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\unsharedAppsContextMenu.xml
• %User Temp%\{}\toolbar\defaults\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.xpt
• %Program Files%\ConduitEngine\toolbar.cfg
• %User Profile%\Documents\Downloads\H\xef\xbe\x84\xef\xbf\x91p\xef\xbf\x94\xef\xbf\x9b\xef\xbe\xaa\xef\xbe\xa6\xef\xbf\xb6\xef\xbf\xbf\xef\xbf\x9dt\xef\xbe\xa2&@
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\install.rdf
• %User Temp%\{}\conduitengine\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\engineSettings.json
• %User Temp%\{}\conduitengine\defaults\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCoreGecko19.dll
• %User Temp%\chrome.txt
• %User Temp%\{}\toolbar\install.rdf
• %User Temp%\{}\conduitengine\defaults\toolbarContextMenu.xml
• %User Temp%\{}\toolbar\META-INF\manifest.mf
• %Program Files%\ConduitEngine\prxConduitEngine.dll
• %Program Files%\BrotherSoft_Extreme\tbBrot.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
• %User Temp%\{}\toolbar\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\appContextMenu.xml
• %User Temp%\{}\toolbar\version.txt
• %User Temp%\{}\toolbar\components\ConduitToolbar.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.src
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage\install.rdf
• %User Temp%\{}\META-INF\zigbert.sf
• %User Temp%\{}\conduitengine\defaults\alertSettingsComponent.xml
• %User Temp%\{}\toolbar\components\ConduitToolbar.js
• %User Temp%\naipdapbimiiikbbgjcpbgmfhnlbagpj.crx
• %User Temp%\{}\xpis.txt
• %User Temp%\{}\conduitengine\version.txt
• %User Temp%\{}\conduitengine\defaults\engineSettings.json
• %Program Files%\BrotherSoft_Extreme\ToolbarContextMenu.xml
• %Program Files%\ConduitEngine\ConduitEngineHelper.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.PNG
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\version.txt
• %User Temp%\{}\toolbar\defaults\engineSettings.json
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitAutoCompleteSearch.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
• %User Temp%\{}\toolbar\chrome\brothersoft_extreme.jar
• %User Temp%\{}\toolbar\searchplugin\conduit.xml
• %Program Files%\BrotherSoft_Extreme\SharedAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.xml
• %AppDataLocal%Low\ConduitEngine\toolbar.cfg
• %User Temp%\{}\conduitengine\META-INF\zigbert.rsa
• %User Temp%\{}\toolbar\defaults\appContextMenu.xml
• %User Temp%\{}\conduitengine\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.ico
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCore.dll
• %User Temp%\{}\toolbar\components\ConduitToolbar.idl
• %User Temp%\{}\toolbar\components\RadioWMPCoreGecko19.dll
• %User Temp%\{}\conduitengine\META-INF\zigbert.sf
• %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.xpt
• %User Temp%\{}\toolbar\defaults\fbAlert.js
• %User Temp%\{}\conduitengine\defaults\unsharedAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
• %User Temp%\GLFBF3E.tmp.tbBrot.dll
• %User Temp%\{}\toolbar\searchplugin\conduit.src
• %User Temp%\{}\conduitengine\components\ConduitToolbar.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
• %User Temp%\{}\toolbar\defaults\getAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\prxtbBrot.dll
• %User Temp%\{}\toolbar\chrome.manifest
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.gif
• %User Temp%\{}\conduitengine\META-INF\manifest.mf
• %User Temp%\{}\conduitengine\chrome\conduitengine.jar
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
• %Program Files%\ConduitEngine\ConduitEngine.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\getAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
• %Program Files%\BrotherSoft_Extreme\GottenAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome.manifest
• %Program Files%\BrotherSoft_Extreme\OtherAppsContextMenu.xml
• %User Temp%\{}\conduitengine\components\ConduitAutoCompleteSearch.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\zigbert.sf
• %User Temp%\GLFBF3E.tmp.ConduitEngineSetup.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\postAppsContextMenu.xml
• %User Temp%\{}\toolbar\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome.manifest
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\fbAlert.js
• %User Temp%\{}\conduitengine\searchplugin\conduit.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\zigbert.rsa
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.gif
• %User Temp%\{}\toolbar\components\RadioWMPCore.dll
• %User Temp%\{}\toolbar\META-INF\zigbert.rsa
• %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.js
• %User Temp%\{}\conduitengine\components\RadioWMPCore.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\install.rdf
• %User Temp%\{}\conduitengine\components\RadioWMPCore.dll
• %AppDataLocal%\Conduit\CT2776682\BrotherSoft_ExtremeAutoUpdateHelper.exe
• %User Temp%\{}\conduitengine\components\ConduitToolbar.idl
• %User Temp%\{}\conduitengine\defaults\fbAlert.js
• %User Temp%\{}\conduitengine\defaults\getAppsContextMenu.xml
• %User Temp%\{}\conduitengine\searchplugin\conduit.ico
• %User Temp%\CT2776682.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\engineSettings.json
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
• %User Temp%\{}\toolbar\defaults\unsharedAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCore.xpt
• %Program Files%\BrotherSoft_Extreme\uninstall.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\version.txt
• %User Temp%\{}\META-INF\manifest.mf
• %User Temp%\{}\toolbar\searchplugin\conduit.ico
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.js
• %User Temp%\{}\toolbar\defaults\postAppsContextMenu.xml
• %User Temp%\{}\conduitengine\chrome.manifest
• %Program Files%\ConduitEngine\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\toolbarContextMenu.xml
• %User Temp%\{}\toolbar\defaults\toolbarContextMenu.xml
• %User Temp%\{}\toolbar\defaults\alertSettingsComponent.xml

手順 10

以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。

※註：マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • Deleted