手順 1

Windows XP、Windows Vista および Windows 7 のユーザは、コンピュータからマルウェアもしくはアドウェア等を完全に削除するために、ウイルス検索の実行前には必ず「システムの復元」を無効にしてください。

手順 2

起動中ブラウザのウインドウを全て閉じてください。

手順 3

「PUA.Win32.Conduit.GQ」で検出したファイル名を確認し、そのファイルを終了します。

• すべての実行中プロセスが、Windows のタスクマネージャに表示されない場合があります。この場合、"Process Explorer" などのツールを使用しマルウェアのファイルを終了してください。"Process Explorer" については、こちらをご参照下さい。
• 検出ファイルが、Windows のタスクマネージャまたは "Process Explorer" に表示されるものの、削除できない場合があります。この場合、コンピュータをセーフモードで再起動してください。
  セーフモードについては、こちらをご参照下さい。
• 検出ファイルがタスクマネージャ上で表示されない場合、次の手順にお進みください。

手順 4

不明なレジストリキーを削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_LOCAL_MACHINE\SOFTWARE\BrotherSoft_Extreme
  • toolbar

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • BrotherSoft_Extreme Toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • IE5

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • settings

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • URLSearchHooks

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes
  • {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

• In HKEY_LOCAL_MACHINE\Software\Conduit
  • HomePage

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer
  • Toolbar

• In HKEY_LOCAL_MACHINE\Software\BrotherSoft_Extreme
  • Communicator

• In HKEY_LOCAL_MACHINE\Software\Conduit\Platforms
  • {{GUID}}

• In HKEY_LOCAL_MACHINE\Software\conduitEngine
  • toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • IE5

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Settings

• In HKEY_LOCAL_MACHINE\Software\conduitEngine\toolbar
  • InstalledApps

• In HKEY_LOCAL_MACHINE\Software\Conduit\Platforms
  • {30F9B915-B755-4826-820B-08FBA6BD249D}

• In HKEY_LOCAL_MACHINE\Software\conduitEngine
  • Communicator

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\ConduitEngine\toolbar
  • Log

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Monitored

• In HKEY_CLASSES_ROOT\CLSID
  • {30F9B915-B755-4826-820B-08FBA6BD249D}

• In HKEY_CLASSES_ROOT\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • InprocServer32

• In HKEY_LOCAL_MACHINE\Software\Conduit
  • Toolbars

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • Repository

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository
  • conduit_ConduitEngine

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine
  • Coordinator

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • Conduit Engine

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy
  • {98FC663F-DDE9-427C-8691-9CA2CD13F6FA}

• In HKEY_CLASSES_ROOT\CLSID
  • {328C5016-7254-457D-B3CD-3B30941B51EA}

• In HKEY_CLASSES_ROOT\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}
  • InprocServer32

• In HKEY_CLASSES_ROOT\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}
  • ProgID

• In HKEY_CLASSES_ROOT\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}
  • VersionIndependentProgID

• In HKEY_CLASSES_ROOT
  • Conduit.Engine

• In HKEY_CLASSES_ROOT\Conduit.Engine
  • CLSID

• In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved
  • {328C5016-7254-457D-B3CD-3B30941B51EA}

• In HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Platforms
  • {328C5016-7254-457D-B3CD-3B30941B51EA}

• In HKEY_CURRENT_USER\Software\AppDataLow
  • Toolbar

• In HKEY_CURRENT_USER\Software\AppDataLow\Toolbar
  • RegisteredSources

• In HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • conduitEngine

手順 5

このレジストリ値を削除します。

警告：レジストリはWindowsの構成情報が格納されているデータベースであり、レジストリの編集内容に問題があると、システムが正常に動作しなくなる場合があります。
レジストリの編集はお客様の責任で行っていただくようお願いいたします。弊社ではレジストリの編集による如何なる問題に対しても補償いたしかねます。
レジストリの編集前にこちらをご参照ください。

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • MarkOldApps = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
  • DisplayName = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BrotherSoft_Extreme Toolbar
  • UninstallString = "%Program Files%\BROTHE~1\UNINST~1.EXE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • CabinetVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • ExplorerVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • FirstTime = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\IE5
  • Visible = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • EnableSearchFromAdress = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • FixPageNotFoundError = "1"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • SearchFromAdressUrl = "{random characters}"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • GroupingServerURL = "http://grouping.{BLOCKED}es.conduit.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • SearchServerUrl = "http://search.{BLOCKED}t.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • Server = "users.conduit.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • ShouldPerformGroupByOS = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • UsageURL = "http://usage.{BLOCKED}s.conduit.com/UsersWebService.asmx/UsersRequests"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • WebServerUrl = "http://BrotherSoftExtreme.OurToolbar.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar
  • Write us link = "brothersoft_toolbar@brothersoft.com"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • ShouldSendReferalCookie = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • OpenSetupFinishPage = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\BrotherSoft_Extreme\toolbar\settings
  • SocialDomains = "http://apps.conduit.com; http://social.conduit.com"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks
  • {{GUID}} = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • DisplayName = "BrotherSoft Extreme Customized Web Search"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • URL = "http://search.{BLOCKED}t.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes
  • DefaultScope = "{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • BrowserSearchURL = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage
  • {{GUID}} = "http://search.{BLOCKED}t.com?SearchSource=10&ctid=CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {{GUID}} = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{{GUID}}
  • (Default) = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\Communicator
  • Url = "http://servicemap.{BLOCKED}t-services.com/Toolbar/?ownerId=EB_ORIGINAL_CTID"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ComId = "{{GUID}}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • DisplayName = "BrotherSoft Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • DisplayTitle = "BrotherSoft_Extreme Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • GroupingEnabled = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • InstallationId = "integrated_brothersoft_tb.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • InstallationType = "conduitintegration"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • MultiCommunityEnabled = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • Path = "%Program Files%\BrotherSoft_Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • Server = "users.conduit.com"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldPerformGroupByOS = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldShowPersonalComponentDlg = "false"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • SponsorId = "CT2776682"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ToolbarHelperFileName = "%Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{{GUID}}
  • Name = "BrotherSoft_Extreme"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • PlatformType = "ConduitToolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • IsEngineHost = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AllowToUninstallFromEngine = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ForceEngineUninstall = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ToolbarDllName = "tbBrot.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • IphoneUpdateURL = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AutoUpdateHelperPath = "%AppDataLocal%\Conduit\CT2776682\BrotherSoft_ExtremeAutoUpdateHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • AllowUntrustedApps = "FALSE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BrotherSoft_Extreme\toolbar
  • ShouldSendToolbarAge = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
  • Enable Browser Extensions = "yes"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN
  • Use Search Asst = "no"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ShouldShowFirstTimeDlg = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • CabinetVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • ExplorerVisible = "FALSE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • FirstTime = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • Visible = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Settings
  • EnableAppssAlerts = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {30F9B915-B755-4826-820B-08FBA6BD249D} = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • Path = "%Program Files%\ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ComId = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DisplayTitle = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DisplayName = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar\InstalledApps
  • (Default) = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • DefaultSettingsServiceURL = "{random characters}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • Name = "conduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • PlatformType = "ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • SponsorId = "ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\Communicator
  • Url = "http://servicemap.{BLOCKED}t-services.com/Toolbar"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ToolbarDllName = "ConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ShouldSendToolbarAge = "TRUE"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • HostID = "{{GUID}}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • EngineHelperFileName = "%Program Files%\ConduitEngine\ConduitEngineHelper.exe"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • ToolbarDllName = "ConduitEngine.dll"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Log
  • LogLevelsString = ""

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Monitored
  • SHRINK_TOOLBAR = "0"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • ProxyDllPath = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • version = "6.3.2.90"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • (Default) = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
  • (Default) = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\InprocServer32
  • ThreadingModel = "Apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar
  • {30F9B915-B755-4826-820B-08FBA6BD249D} = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit
  • GlobalUserId = "{317EBDA9-C3A3-48D9-AF90-1117299C5ED0}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Toolbars
  • Conduit Engine = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\IE5
  • ToolbarRunFirstTimeAfterInstall = "TRUE"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine\Coordinator
  • ResetServiceMap = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
  • DisplayVersion = "6.3.2.90"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • VistaElevationComId = "{98FC663F-DDE9-427C-8691-9CA2CD13F6FA}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC663F-DDE9-427C-8691-9CA2CD13F6FA}
  • AppPath = "%Program Files%\ConduitEngine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC663F-DDE9-427C-8691-9CA2CD13F6FA}
  • AppName = "ConduitEngineHelper.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98FC663F-DDE9-427C-8691-9CA2CD13F6FA}
  • Policy = "3"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • EngineAPIComId = "{328C5016-7254-457D-B3CD-3B30941B51EA}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}
  • (Default) = "Conduit Engine API Server"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}\InprocServer32
  • (Default) = "%Program Files%\ConduitEngine\prxConduitEngine.dll"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}\InprocServer32
  • ThreadingModel = "Apartment"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}\ProgID
  • (Default) = "Conduit.Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{328C5016-7254-457D-B3CD-3B30941B51EA}\VersionIndependentProgID
  • (Default) = "Conduit.Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Conduit.Engine\CLSID
  • (Default) = "{328C5016-7254-457D-B3CD-3B30941B51EA}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Platforms\{328C5016-7254-457D-B3CD-3B30941B51EA}
  • HostID = "{30F9B915-B755-4826-820B-08FBA6BD249D}"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • (Default) = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
  • NoExplorer = "1"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\conduitEngine\toolbar
  • UserID = "UN39524488118393269"

• In HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitEngine\toolbar
  • UserID = "UN39524488118393269"

• In HKEY_CURRENT_USER\Software\AppDataLow\Toolbar\RegisteredSources
  • ConduitEngine = "0"

• In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SESSION MANAGER
  • PendingFileRenameOperations = "\x00"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayName = "Conduit Engine"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • UninstallString = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayIcon = "%Program Files%\ConduitEngine\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayVersion = "6.3.2.90"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Publisher = "Conduit Ltd."

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Comments = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • Contact = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayIcon = "%Program Files%\CONDUI~1\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • DisplayVersion = ""

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • HelpLink = " "

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • UninstallString = "%Program Files%\CONDUI~1\ConduitEngineUninstall.exe"

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
  • URLInfoAbout = ""

手順 6

以下のファイルを検索し削除します。

• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0066.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome\~GLH0065.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0057.TMP
• %Program Files%\ConduitEngine\~GLH0005.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007f.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0075.TMP
• %Program Files%\ConduitEngine\~GLH0003.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0068.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0070.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0005.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0053.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0054.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH005e.TMP
• %Program Files%\ConduitEngine\~GLH0004.TMP
• %Program Files%\ConduitEngine\~GLH0002.TMP
• %System Root%\%User Temp%\INSTALL.LOG
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0045.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0063.TMP
• %Program Files%\ConduitEngine\~GLH0006.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007e.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH007a.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH000a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0071.TMP
• %AppDataLocal%Low\ConduitEngine\ConduitEngine.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH005d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH006e.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0050.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0009.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\setup.ini
• %Program Files%\BrotherSoft_Extreme\~GLH000c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0043.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0076.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH0060.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH0061.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0056.TMP
• %AppDataLocal%Low\ConduitEngine\~GLH0007.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0073.TMP
• %Program Files%\ConduitEngine\~GLH0009.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0072.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0004.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH006f.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH0047.TMP
• %Program Files%\ConduitEngine\~GLH0008.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\~GLH005f.TMP
• %System%\GLBSINST.%$D
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\~GLH0044.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004e.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0055.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0069.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0003.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0008.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH0049.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0064.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\~GLH0074.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007c.TMP
• %AppDataLocal%\Conduit\CT2776682\~GLH0006.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004a.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\~GLH0062.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH000b.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0052.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH0078.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage\~GLH0058.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\~GLH0079.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH0067.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH0048.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH004f.TMP
• %Program Files%\ConduitEngine\~GLH000a.TMP
• %Program Files%\BrotherSoft_Extreme\~GLH0007.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\~GLH0051.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\~GLH005b.TMP
• %Program Files%\ConduitEngine\INSTALL.LOG
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\~GLH007d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib\~GLH0059.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome\~GLH0046.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\~GLH006d.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\~GLH004c.TMP
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib\~GLH0077.TMP

手順 7

以下のフォルダを検索し削除します。

• %Program Files%\BrotherSoft_Extreme
• %User Temp%\{}
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib
• %AppDataLocal%\Conduit
• %AppDataLocal%Low\ConduitEngine\Logs
• %User Temp%\{}\conduitengine\chrome
• %User Temp%\{}\toolbar\searchplugin
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default
• %User Temp%\{}\conduitengine\META-INF
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com
• %User Profile%\AppData
• %User Temp%\{}\META-INF
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome
• %User Temp%\{}\toolbar\components
• %System Root%\%System Root%\Users
• %Application Data%\Mozilla\Firefox
• %Application Data%\Mozilla
• %AppDataLocal%\Conduit\CT2776682
• %AppDataLocal%Low\Temp
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults
• %User Temp%\{}\conduitengine\searchplugin
• %User Temp%\{}\toolbar\lib
• %System Root%\%User Profile%\AppData
• %User Temp%\{}\conduitengine
• %User Temp%\{}\toolbar\META-INF
• %AppDataLocal%Low\ConduitEngine
• %User Temp%\{}\toolbar
• %User Temp%\{}\toolbar\defaults
• %User Temp%\{}\conduitengine\defaults
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF
• %User Temp%\{}\conduitengine\lib
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib
• %System Root%\Users
• %User Temp%\{}\toolbar\chrome
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components
• %AppDataLocal%Low
• %Program Files%\ConduitEngine
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions
• %User Temp%\{}\conduitengine\components
• %AppDataLocal%Low\Temp\Logs
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}
• %User Temp%\{}\conduitengine\DualPackage

手順 8

最新のバージョン（エンジン、パターンファイル）を導入したウイルス対策製品を用い、ウイルス検索を実行してください。「PUA.Win32.Conduit.GQ」と検出したファイルはすべて削除してください。 検出されたファイルが、弊社ウイルス対策製品により既に駆除、隔離またはファイル削除の処理が実行された場合、ウイルスの処理は完了しており、他の削除手順は特にありません。

手順 9

以下のファイルをバックアップを用いて修復します。なお、マイクロソフト製品に関連したファイルのみ修復されます。このマルウェア／グレイウェア／スパイウェアが同社製品以外のプログラムをも削除した場合には、該当プログラムを再度インストールする必要があります。

• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt
• %User Temp%\{}\META-INF\zigbert.sf
• %User Temp%\{}\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\alertSettingsComponent.xml
• %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.idl
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\toolbar.cfg
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml
• %User Temp%\{}\conduitengine\components\ConduitAutoCompleteSearch.js
• %User Temp%\{}\conduitengine\components\RadioWMPCore.xpt
• %User Temp%\{}\conduitengine\defaults\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\getAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\GottenAppsContextMenu.xml
• %User Temp%\{}\conduitengine\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml
• %User Temp%\{}\toolbar\chrome\brothersoft_extreme.jar
• %User Temp%\{}\toolbar\install.rdf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\DualPackage\install.rdf
• %AppDataLocal%Low\ConduitEngine\toolbar.cfg
• %User Temp%\{}\conduitengine\defaults\postAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.xml
• %User Temp%\{}\toolbar\components\ConduitToolbar.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome\conduitengine.jar
• %User Temp%\H\xef\xbe\x84\xef\xbf\xafs9N]Z\xef\xbf\xb6\xef\xbf\xbf-t\xef\xbe\xa2&@
• %User Temp%\{}\conduitengine\chrome\conduitengine.jar
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\postAppsContextMenu.xml
• %User Temp%\{}\toolbar\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\engineSettings.json
• %User Temp%\{}\conduitengine\defaults\getAppsContextMenu.xml
• %User Temp%\{}\conduitengine\defaults\fbAlert.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.src
• %User Temp%\{}\conduitengine\META-INF\zigbert.rsa
• %User Temp%\{}\conduitengine\chrome.manifest
• %User Temp%\{}\conduitengine\defaults\unsharedAppsContextMenu.xml
• %Program Files%\ConduitEngine\ConduitEngine.dll
• %User Temp%\{}\toolbar\defaults\unsharedAppsContextMenu.xml
• %User Temp%\{}\conduitengine\defaults\appContextMenu.xml
• %User Temp%\{}\toolbar\defaults\fbAlert.js
• %User Temp%\{}\toolbar\defaults\getAppsContextMenu.xml
• %User Temp%\{}\toolbar\searchplugin\conduit.src
• %Program Files%\ConduitEngine\appContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCoreGecko19.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\toolbarContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\unsharedAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\prxtbBrot.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitAutoCompleteSearch.xpt
• %User Temp%\BrotherSoft_Extreme.exe
• %Program Files%\ConduitEngine\prxConduitEngine.dll
• %User Temp%\{}\toolbar\META-INF\zigbert.rsa
• %User Temp%\{}\conduitengine\defaults\toolbarContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt
• %User Temp%\{}\conduitengine\META-INF\zigbert.sf
• %User Temp%\GLFB2CF.tmp.ConduitEngineSetup.exe
• %User Temp%\{}\conduitengine\components\ConduitToolbar.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.ico
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\fbAlert.js
• %User Temp%\{}\conduitengine\components\RadioWMPCore.dll
• %User Temp%\GLFB2CF.tmp.tbBrot.dll
• %User Temp%\{}\conduitengine\components\ConduitToolbar.xpt
• %User Temp%\GLFBBB5.tmp.ConduitEngine.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\lib\xpcom.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\appContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\appContextMenu.xml
• %User Temp%\{}\conduitengine\searchplugin\conduit.PNG
• %User Temp%\{}\conduitengine\defaults\alertSettingsComponent.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\zigbert.sf
• %User Temp%\{}\toolbar\searchplugin\conduit.ico
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.idl
• %User Temp%\{}\conduitengine\searchplugin\conduit.src
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.src
• %Program Files%\BrotherSoft_Extreme\OtherAppsContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\ToolbarContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\version.txt
• %User Temp%\prxGLFB2CF.tmp.tbBrot.dll
• %AppDataLocal%\Conduit\CT2776682\BrotherSoft_ExtremeAutoUpdateHelper.exe
• %User Temp%\{}\conduitengine\defaults\engineSettings.json
• %User Temp%\{}\toolbar\searchplugin\conduit.PNG
• %Program Files%\ConduitEngine\ConduitEngineUninstall.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome.manifest
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\lib\xpcom.js
• %User Temp%\{}\conduitengine\components\ConduitToolbar.idl
• %User Temp%\{}\toolbar\defaults\alertSettingsComponent.xml
• %Program Files%\BrotherSoft_Extreme\uninstall.exe
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.xml
• %User Temp%\{}\toolbar\searchplugin\conduit.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\zigbert.rsa
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
• %User Temp%\{}\toolbar\lib\xpcom.js
• %User Temp%\{}\toolbar\defaults\engineContextMenu.xml
• %Program Files%\BrotherSoft_Extreme\BrotherSoft_ExtremeToolbarHelper.exe
• %User Temp%\{}\toolbar\components\RadioWMPCoreGecko19.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\chrome\brothersoft_extreme.jar
• %User Temp%\{}\toolbar\chrome.manifest
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\engineContextMenu.xml
• %User Temp%\{}\toolbar\components\ConduitAutoCompleteSearch.xpt
• %Program Files%\BrotherSoft_Extreme\SharedAppsContextMenu.xml
• %User Temp%\{}\conduitengine\version.txt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\install.rdf
• %User Temp%\{}\conduitengine\components\RadioWMPCoreGecko19.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\zigbert.rsa
• %User Temp%\{}\conduitengine\DualPackage\install.rdf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitToolbar.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\install.rdf
• %User Temp%\{}\toolbar\defaults\engineSettings.json
• %User Temp%\{}\toolbar\version.txt
• %User Temp%\{}\conduitengine\searchplugin\conduit.ico
• %User Temp%\{}\toolbar\defaults\toolbarContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCore.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\searchplugin\conduit.PNG
• %Program Files%\ConduitEngine\toolbar.cfg
• %Program Files%\ConduitEngine\engineContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\fbAlert.js
• %User Temp%\{}\conduitengine\searchplugin\conduit.gif
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\version.txt
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\META-INF\zigbert.sf
• %User Temp%\H\xef\xbe\x84\xef\xbf\xafs\xef\xbe\x83\x13O\xef\xbf\xb6\xef\xbf\xbf-t\xef\xbe\xa2&@
• %User Temp%\{}\toolbar\components\ConduitToolbar.idl
• %User Temp%\{}\toolbar\META-INF\zigbert.sf
• %User Temp%\{}\toolbar\defaults\postAppsContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitAutoCompleteSearch.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\RadioWMPCore.xpt
• %User Temp%\{}\toolbar\components\RadioWMPCore.dll
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js
• %User Temp%\{}\META-INF\zigbert.rsa
• %User Temp%\{}\conduitengine\components\ConduitAutoCompleteSearch.xpt
• %User Temp%\{}\install.rdf
• %User Temp%\{}\xpis.txt
• %User Temp%\{}\toolbar\components\ConduitToolbar.js
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\defaults\engineSettings.json
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.PNG
• %User Temp%\{}\conduitengine\install.rdf
• %User Temp%\{}\conduitengine\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\chrome.manifest
• %Program Files%\BrotherSoft_Extreme\tbBrot.dll
• %User Temp%\{}\toolbar\components\RadioWMPCore.xpt
• %Program Files%\ConduitEngine\ConduitEngineHelper.exe
• %Program Files%\ConduitEngine\EngineSettings.json
• %User Temp%\{}\toolbar\META-INF\manifest.mf
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\{{GUID}}\components\ConduitToolbar.js
• %User Temp%\{}\conduitengine\searchplugin\conduit.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\searchplugin\conduit.ico
• %User Temp%\{}\toolbar\defaults\appContextMenu.xml
• %Application Data%\Mozilla\Firefox\Profiles\lj5mikyj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

手順 10

以下の削除されたレジストリキーまたはレジストリ値をバックアップを用いて修復します。

※註：マイクロソフト製品に関連したレジストリキーおよびレジストリ値のみが修復されます。このマルウェアもしくはアドウェア等が同社製品以外のプログラムも削除した場合には、該当プログラムを再度インストールする必要があります。

• In HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
  • Deleted