PUA.Win32.Montiera.AB

手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

「PUA.Win32.Montiera.AB」で検出したファイル名を確認し、そのファイルを終了します。

• すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
• 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
  セーフモードについては、こちらをご参照下さい。
• 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 3

不明なレジストリキーを削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl
  • data

• In HKEY_CURRENT_USER\SOFTWARE
  • tuvaro

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • {4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • escorTlbr.DLL

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvarodskBnd.1

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1
  • CLSID

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvarodskBnd

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {6F001652-AF51-45C6-B029-86E0265A1851}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • TypeLib

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • Toolbar

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
  • {E40E840E-5A15-4A29-9C51-9A060EEB192B}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
  • {5CB02877-EFBC-4317-B608-9E24B11BAB40}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • {09C554C3-109B-483C-A06B-F14172F1A947}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • escort.DLL

• In HKEY_CLASSES_ROOT
  • escort.escortIEPane.1

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
  • CLSID

• In HKEY_CLASSES_ROOT
  • escort.escortIEPane

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {2A3FF0D3-4417-492B-8929-11AB24EA0A90}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • TypeLib

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvaroHlpr.1

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1
  • CLSID

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvaroHlpr

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {5CB02877-EFBC-4317-B608-9E24B11BAB40}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • {D7EE8177-D51E-4F89-92B6-83EA2EC40800}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • escortApp.DLL

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvaroappCore.1

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1
  • CLSID

• In HKEY_CLASSES_ROOT
  • tuvaro.tuvaroappCore

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {240A6AD4-4868-4513-A8DD-3ABF47E1F146}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {DD973375-0904-4886-8F63-6FC3A2BE6544}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {C6712CEF-79A8-440E-A7AC-4EF00C856922}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {23D1685B-A018-430F-B3AB-F517B471569E}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {033998B0-0745-472D-8F2B-EB55EBA42F58}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {B98D2F59-0329-4A5A-B112-B989B4D4BACA}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {4F3868C3-C08B-490E-93AD-834413F7FD22}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {4C694E60-4549-466D-83FB-C4C162FB53E2}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {A88A4515-66BC-413B-9526-3FF53B5F21C8}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {6BE4B879-4E7D-4AE8-A356-DCBD7029612E}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface
  • {33278AD4-8305-49E1-A58B-E5A9057BFDC3}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
  • ProxyStubClsid32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
  • TypeLib

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • {B12E99ED-69BD-437C-86BE-C862B9E5444D}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • escortEng.DLL

• In HKEY_CLASSES_ROOT
  • t

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {4CBF0FC8-4222-435B-9E57-0DE807350D39}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • TypeLib

• In HKEY_CLASSES_ROOT\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl
  • dfltLng

• In HKEY_LOCAL_MACHINE\SOFTWARE\Google\chrome\Extensions
  • omgjkafaoidbgamjoklhaiiciahohkbh

• In HKEY_LOCAL_MACHINE\SOFTWARE\tuvaro\tuvaro
  • Instl

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • tuvaro

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • {2792F312-417E-4517-A824-7F55A2F18BE5}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
  • esrv.EXE

• In HKEY_CLASSES_ROOT
  • esrv.tuvaroESrvc.1

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1
  • CLSID

• In HKEY_CLASSES_ROOT
  • esrv.tuvaroESrvc

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
  • CurVer

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID
  • {1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • ProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • VersionIndependentProgID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • Programmable

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • LocalServer32

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • TypeLib

手順 4

このレジストリ値を削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • trace = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • cam = ""

• In HKEY_CURRENT_USER\Software\tuvaro\tuvaro
  • tlbrSrchUrl = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
  • (Default) = "escorTlbr"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL
  • AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1
  • (Default) = "CDskBnd Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd.1\CLSID
  • (Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd
  • (Default) = "CDskBnd Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CLSID
  • (Default) = "{6F001652-AF51-45C6-B029-86E0265A1851}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvarodskBnd\CurVer
  • (Default) = "tuvaro.tuvarodskBnd.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • (Default) = "CDskBnd Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\ProgID
  • (Default) = "tuvaro.tuvarodskBnd.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\VersionIndependentProgID
  • (Default) = "tuvaro.tuvarodskBnd"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\InprocServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}\TypeLib
  • (Default) = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {6F001652-AF51-45C6-B029-86E0265A1851} = "Tuvaro Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F001652-AF51-45C6-B029-86E0265A1851}
  • (Default) = "Tuvaro Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
  • Policy = "3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
  • AppName = "tuvarosrv.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E40E840E-5A15-4A29-9C51-9A060EEB192B}
  • AppPath = "%Program Files%\tuvaro\tuvaro\1.8.12.7"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • (Default) = "tuvaro Helper Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • NoExplorer = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
  • (Default) = "escort"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL
  • AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1
  • (Default) = "escortIEPane Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane.1\CLSID
  • (Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane
  • (Default) = "escortIEPane Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CLSID
  • (Default) = "{2A3FF0D3-4417-492B-8929-11AB24EA0A90}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer
  • (Default) = "escort.escortIEPane.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • (Default) = "escortIEPane Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\ProgID
  • (Default) = "escort.escortIEPane.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\VersionIndependentProgID
  • (Default) = "escort.escortIEPane"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\InprocServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}
  • AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2A3FF0D3-4417-492B-8929-11AB24EA0A90}\TypeLib
  • (Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1
  • (Default) = "CescrtHlpr Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr.1\CLSID
  • (Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr
  • (Default) = "CescrtHlpr Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CLSID
  • (Default) = "{5CB02877-EFBC-4317-B608-9E24B11BAB40}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroHlpr\CurVer
  • (Default) = "tuvaro.tuvaroHlpr.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • (Default) = "CescrtHlpr Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\ProgID
  • (Default) = "tuvaro.tuvaroHlpr.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\VersionIndependentProgID
  • (Default) = "tuvaro.tuvaroHlpr"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\InprocServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • AppID = "{09C554C3-109B-483C-A06B-F14172F1A947}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}\TypeLib
  • (Default) = "{09C554C3-109B-483C-A06B-F14172F1A947}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5CB02877-EFBC-4317-B608-9E24B11BAB40}
  • (Default) = "tuvaro Helper Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
  • (Default) = "escortApp"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortApp.DLL
  • AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1
  • (Default) = "appCore Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore.1\CLSID
  • (Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore
  • (Default) = "appCore Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CLSID
  • (Default) = "{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\tuvaro.tuvaroappCore\CurVer
  • (Default) = "tuvaro.tuvaroappCore.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • (Default) = "appCore Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\ProgID
  • (Default) = "tuvaro.tuvaroappCore.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\VersionIndependentProgID
  • (Default) = "tuvaro.tuvaroappCore"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\InprocServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}
  • AppID = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9389BE07-565A-45A0-B1A3-3DE01AA1C5CA}\TypeLib
  • (Default) = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • hrdId = "1cca0df5000000000000005056bc6dd2"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • instlDay = "18098"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}
  • (Default) = "Ixtrnlmain"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{240A6AD4-4868-4513-A8DD-3ABF47E1F146}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}
  • (Default) = "IappCore"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DD973375-0904-4886-8F63-6FC3A2BE6544}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}
  • (Default) = "IXtrnlBsc"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C6712CEF-79A8-440E-A7AC-4EF00C856922}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}
  • (Default) = "IEHostWnd"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{23D1685B-A018-430F-B3AB-F517B471569E}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}
  • (Default) = "IXmlCnfg"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{427F9EE7-35CB-4EC6-ACCA-122AE77C68B8}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}
  • (Default) = "IRegmapDisp"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{033998B0-0745-472D-8F2B-EB55EBA42F58}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}
  • (Default) = "IIEWndFct"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B98D2F59-0329-4A5A-B112-B989B4D4BACA}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}
  • (Default) = "IxpEmphszr"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4F3868C3-C08B-490E-93AD-834413F7FD22}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}
  • (Default) = "IwebAtrbts"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F77B6A63-1EC9-45FB-A7AB-F9930CBBAD32}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}
  • (Default) = "IEvntCntr"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4C694E60-4549-466D-83FB-C4C162FB53E2}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}
  • (Default) = "IesrvXtrnl"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A88A4515-66BC-413B-9526-3FF53B5F21C8}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}
  • (Default) = "IEscortFctry"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6BE4B879-4E7D-4AE8-A356-DCBD7029612E}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}
  • (Default) = "IescrtSrvc"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\ProxyStubClsid32
  • (Default) = "{00020424-0000-0000-C000-000000000046}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib
  • (Default) = "{A02005FA-FFF4-4099-9D14-E097378574C4}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{33278AD4-8305-49E1-A58B-E5A9057BFDC3}\TypeLib
  • Version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
  • (Default) = "escortEng"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL
  • AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t
  • (Default) = "escrtAx Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CLSID
  • (Default) = "{4CBF0FC8-4222-435B-9E57-0DE807350D39}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\t\CurVer
  • (Default) = "t"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • (Default) = "escrtAx Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\ProgID
  • (Default) = "t"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\VersionIndependentProgID
  • (Default) = "t"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\InprocServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}
  • AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4CBF0FC8-4222-435B-9E57-0DE807350D39}\TypeLib
  • (Default) = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • vrsni = "1.8.12.7"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • afltId = "orgnl"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • aflt = "orgnl"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • smplGrp = "none"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • tlbrId = "base"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • instlRef = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\dfltLng
  • dfltLng = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • vrsnTs = "1.8.12.77:29:30"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • tlbrSrchUrl = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • uninstallAll = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • autoRvrt = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • rvrt = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • admin = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • postUninstall = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • newTab = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • dpblck = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • ds_url = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • excTlbr = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • ffxUnstlRst = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • chrInstl = "all"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • ffxInstl = "all"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • ieInstl = "all"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • uninstExt = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • hp_url = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • hp_chrm = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • hp_ffx = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • nt_url = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • dsIE = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • dsFFX = "Tuvaro"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • dpk = "a3f0955cbf5582a1c1e9b51b717c3b0f"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh
  • path = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\omgjkafaoidbgamjoklhaiiciahohkbh
  • version = "1.0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\tuvaro\tuvaro\Instl
  • InstallDir = "%Program Files%\tuvaro\tuvaro\1.8.12.7"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • DisplayName = "Tuvaro toolbar on IE and Chrome"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • UninstallString = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • DisplayIcon = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • DisplayVersion = "1.8.12.7"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • Comments = "Tuvaro toolbar "

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • Publisher = "tuvaro"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • NoModify = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • NoRepair = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\tuvaro
  • EstimatedSize = "2500"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2768469C-717B-401F-8532-C6D88BAE0339}\instl\data
  • uninstaller = "%Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{2792F312-417E-4517-A824-7F55A2F18BE5}
  • (Default) = "esrv"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\esrv.EXE
  • AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1
  • (Default) = "escrtSrvc Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc.1\CLSID
  • (Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc
  • (Default) = "escrtSrvc Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CLSID
  • (Default) = "{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\esrv.tuvaroESrvc\CurVer
  • (Default) = "esrv.tuvaroESrvc.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • (Default) = "escrtSrvc Object"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\ProgID
  • (Default) = "esrv.tuvaroESrvc.1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\VersionIndependentProgID
  • (Default) = "esrv.tuvaroESrvc"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32
  • (Default) = "%Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\LocalServer32
  • ThreadingModel = "apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}
  • AppID = "{2792F312-417E-4517-A824-7F55A2F18BE5}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1E8F8EDE-EB73-4CA9-A139-6DA2B576FD69}\TypeLib
  • (Default) = "{2792F312-417E-4517-A824-7F55A2F18BE5}"

手順 5

以下のファイルを検索し削除します。

• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
• %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ie.exe
• %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroTlbr.dll
• %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaro.crx
• %Program Files%\tuvaro\tuvaro\1.8.12.7\bh\tuvaro.dll
• %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvarosrv.exe
• %User Temp%\tuvaro\tuvaro\1.8.12.7\nsis.js
• %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7\tuvaro.xpi
• %Program Files%\tuvaro\tuvaro\1.8.12.7\escortShld.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins\tuvaro.xml
• %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroApp.dll
• %User Temp%\tuvaro\tuvaro\1.8.12.7\C\Users\{username}\AppData\Roaming\Mozilla\Firefox\Profiles\lj5mikyj.default\user.js
• %Program Files%\tuvaro\tuvaro\1.8.12.7\uninstall.exe
• %System Root%\user.js
• %Application Data%\tuvaro\sqlite3.dll
• %Program Files%\tuvaro\tuvaro\1.8.12.7\tuvaroEng.dll
• %User Temp%\tuvaro\tuvaro\1.8.12.7\tuvaro4ffx.exe

手順 6

以下のフォルダを検索し削除します。

• %Application Data%\Mozilla\Firefox\Profiles
• %Program Files%\tuvaro\tuvaro\1.8.12.7\bh
• %User Temp%\tuvaro\tuvaro
• %User Temp%\mt_ffx
• %User Temp%\mt_ffx\tuvaro\tuvaro
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions
• %User Temp%\mt_ffx\tuvaro\tuvaro\1.8.12.7
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default
• %User Temp%\mt_ffx\tuvaro
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\searchplugins
• %System Root%\Users
• %Application Data%\Mozilla\Firefox
• %Application Data%\Mozilla
• %User Temp%\tuvaro
• %Program Files%\tuvaro\tuvaro
• %Program Files%\tuvaro
• %Application Data%\tuvaro
• %Program Files%\tuvaro\tuvaro\1.8.12.7
• %User Temp%\tuvaro\tuvaro\1.8.12.7
• %User Profile%\AppData

手順 7

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA.Win32.Montiera.AB」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 8

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア／グレイウェア／スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

• %User Temp%\nsuC5AF.tmp
• %User Temp%\nsuC5FD.tmp
• %User Temp%\nspBE02.tmp