-
1:もも:
2015/02/22 (Sun) 21:21:08
-
どうもももといいます。
先日フリーソフトをダウンロードした際にマルウェアーをダウンロードしたみたいです
いきなりDMMの広告が出てきたりyoutubeをみるにしても変な広告が出てきます
助けてください
ログを張ります
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 21:11:29, on 2015/02/22
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
FIREFOX: 35.0 (x86 ja)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Users\侑央\AppData\Roaming\RakutenToolbarHelper\RakutenToolbarHelper.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
C:\Users\侑央\Desktop\game\ytclock128b\ytclock.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Users\侑央\Desktop\a\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo!ツールバーフィッシング警告 - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files (x86)\Yahoo!J\Toolbar\8_0_0_3\Modules\ypho.dll
O2 - BHO: 楽天ツールバー ブラウザヘルパ オブジェクト - {227B8061-B95B-4092-9C9B-6CE5759EE8E5} - C:\Program Files (x86)\RakutenToolbar\RTBHelper_32.dll
O2 - BHO: DiscoeunnTEoxxtensii - {4bf082b8-7177-40e1-97c7-764735ab0e43} - C:\Program Files (x86)\DiscoeunnTEoxxtensii\My4r7ePYWUQYeu.dll
O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O2 - BHO: AllSavver - {5a80efcc-059a-4fcf-b64f-6c3da761b78d} - C:\Program Files (x86)\AllSavver\Ebtl826GLXxJpm.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O2 - BHO: Yahoo!ツールバーヘルパー - {EEBA90E6-2B14-413F-9BF8-61A8BDF92258} - C:\Program Files (x86)\Yahoo!J\Toolbar\8_0_0_3\Modules\YahooToolBar.dll
O3 - Toolbar: Yahoo!ツールバー - {AEF44653-C059-42CB-A5B7-41C640DA4A67} - C:\Program Files (x86)\Yahoo!J\Toolbar\8_0_0_3\Modules\YahooToolBar.dll
O3 - Toolbar: 楽天ツールバー - {4FD20E5F-825F-476F-8B45-5E3FF6502692} - C:\Program Files (x86)\RakutenToolbar\RakutenToolbar_32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - HKCU\..\Run: [YahooDesktop] "C:\Program Files\Yahoo!J\Desktop\Modules\YahooDesktop.exe"
O4 - HKCU\..\Run: [RakutenToolbarHelper] C:\Program Files (x86)\RakutenToolbarHelper\RakutenToolbarHelper.exe
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E0FA44F0AD6463988ED68B8A9A8A514C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\侑央\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
O4 - HKCU\..\Run: [Softonic for Windows] "C:\Users\侑央\AppData\Local\Softonic\Softonic.exe" -minimize
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O4 - Startup: .mp3.lnk = C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
O4 - Startup: ii.lnk = C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
O4 - Startup: YTClock.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.287\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11163 bytes
ccのログです
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 206 MB 11.0.10
Apple Application Support(32 ビット) Apple Inc. 2015/02/03 94.3 MB 3.1.1
Apple Application Support(64 ビット) Apple Inc. 2015/02/03 109 MB 3.1.1
Apple Mobile Device Support Apple Inc. 2015/02/03 27.9 MB 8.1.0.18
Apple Software Update Apple Inc. 2014/10/24 2.38 MB 2.1.3.127
ApplicationManager 2011.4.27.209 kingsoft 2014/12/14 2011.4.27.209
Bandicam Bandisoft.com 2014/12/26 26.3 MB 2.1.0.708
Bandisoft MPEG-1 Decoder Bandisoft.com 2014/12/26
Bonjour Apple Inc. 2014/10/24 2.00 MB 3.0.0.10
CCleaner Piriform 2015/02/22 5.02
Craving Explorer Version 1.6.11 T-Craft 2014/11/30 26.6 MB 1.6.11.0
CyberLink PowerDVD 9.5 CyberLink Corp. 2014/09/29 135 MB 9.5.1.6523
Dell WLAN and Bluetooth Client Installation Dell Inc. 2014/10/02 10.0
FINAL FANTASY XIV - A Realm Reborn SQUARE ENIX CO., LTD. 2015/01/10 1.0.0000
Google Chrome Google Inc. 2014/11/08 40.0.2214.115
Google Earth Google 2014/11/08 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 2014/11/24 7.5.5111.1712
Intel(R) Management Engine Components Intel Corporation 2014/10/02 9.5.23.1766
Intel(R) Processor Graphics Intel Corporation 2015/01/16 10.18.10.3960
IObit Uninstaller IObit 2015/02/20 4.2.6.2
iTunes Apple Inc. 2015/02/03 234 MB 12.1.0.71
Java 8 Update 31 Oracle Corporation 2015/01/22 74.0 MB 8.0.310
Kingsoft Office 2013 (9.1.0.4840) Kingsoft Corp. 2014/12/14 9.1.0.4840
Logicool ゲーム ソフトウェア 8.57 Logicool 2014/12/25 110 MB 8.57.145
McAfee Security Scan Plus McAfee, Inc. 2014/11/24 10.2 MB 3.0.287.1
Microsoft OneDrive Microsoft Corporation 2014/10/31 29.3 MB 17.3.1229.0918
Microsoft Silverlight Microsoft Corporation 2015/01/16 50.7 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2014/10/26 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/10/26 3.22 MB 8.0.61001
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2014/12/25 20.5 MB 11.0.61030.0
Mozilla Firefox 35.0 (x86 ja) Mozilla 2015/01/24 82.9 MB 35.0
Mozilla Maintenance Service Mozilla 2015/01/24 214 KB 35.0
Nero 12 Kwik Burn Express Essentials Nero AG 2014/09/29 628 MB 12.1.00200
NoMore Ads NoMore Ads 2014/02/22
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/10/02 6.0.1.7016
Robocraft Freejam 2014/11/09
RPGツクールVX Ace RTP Enterbrain 2014/12/27 194 MB 1.00
Search App by Ask APN, LLC 2015/02/16 6.05 MB 12.25.2.60
Softonic for Windows Softonic International S.L. 2014/12/20 1.5.11
Steam Valve Corporation 2014/11/09 2.10.91.91
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/10/29 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/21 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/09/25 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/21 17.0 KB 16.0.1016.1
VirtualDJ 8 Atomix Productions 2015/01/16 55.5 MB 8.0.2094.0
Windows Live Essentials Microsoft Corporation 2014/10/26 16.4.3528.0331
Yahoo!ツールバー Yahoo! JAPAN. 2014/12/20 4.01 MB 8.0.0.3
Yahoo!ボックス Yahoo Japan Corporation. 2014/11/24 5.89 MB 1.2.0
ドラゴンクエストX オンライン SQUARE ENIX CO., LTD. 2014/12/28 1.0.1.0
楽天ツールバー 2014/11/24 2014.111201
-
2:悪代官@鳥頭
:
2015/02/22 (Sun) 22:09:40
-
こんばんは。
ここの管理人の悪代官です。
夜8時45分頃に成敗されるのが嫌なので、日曜朝8時45分頃の美少女戦士にお仕置きされてます。
♪この無駄なアフォがいる限り!
♪この伏魔殿は無益なんだから!(爆
説明とログを見せていただきました。
悪名高いサイトのsoftonic経由で仕込まれたようですね。
入り込んだものが数だけはやたらと多いので、時間はかかってもいいですから落ち着いてひとつずつ進めてください。
それと、明らかに怪しいmp3ファイル等をダウンロードした痕跡も見えてます。
>O4 - Startup: .mp3.lnk = C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
>O4 - Startup: ii.lnk = C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
上記ファイルをどこからどういう経緯でDLしたか、次回レスで教えてください。
場合によってはこれでかなり危険な状態に陥っている疑いも平気でありえます。
では順番に作業にかかりましょう。
まず最初にお伝えしておきます。
見てのとおり現在相談者さん多数のため、相談受けてから皆さんに順番にレスできるまで、毎回1日かそれ以上かかる可能性もあるので、すみませんがご了承ください。
では以下の説明をよく見てから、順番に作業をお願いします。
既に準備した物もあるはずですが、一応説明を再度見ておいてください。
隠しファイルと拡張子を表示設定にしてください(やり方↓)
http://pasofaq.jp/windows/mycomputer/hiddenfile.htm
http://support.microsoft.com/kb/978449/ja
下記のツールをダウンロードして、基本の使い方を把握しておいてください。
ただし、配布サイトで他のアプリをダウンロードしろと勧めてくるような広告も出てきたらそれらは絶対にクリックしないでください。
「ATF-Cleaner」(通称:ATF)
説明↓
http://freesoft.tvbok.com/freesoft/pc_system/atf-cleaner.html
ダウンロード↓
http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25
中央の赤い文字がダウンロードリンクです。
片付けるときはファイルを直接削除してください。
Iobit Uninstaller(通称・IU)
公式ページ↓
http://jp.iobit.com/free/iou.html
解説↓
http://www.japan-secure.com/entry/blog-entry-282.html
片付けのときは以下のサイト様の説明を参考に、
http://www.japan-secure.com/entry/blog-entry-396.html
コントロールパネルからアンインストールですが、ポータブル版をお使いの場合はフォルダごと削除してください。
また、2014年ごろからIUはスポンサーサイトの広告も1週間に1度ほどのペースで表示するようになりました。
以下のページのような広告が表示されても慌てずに、一度PC再起動すればあとはまた次の週まで広告も出ないでしょう
http://okwave.jp/qa/q8644647.html
「CCleaner」(通称:CC)
説明↓
http://www.gigafree.net/system/clean/ccleaner.html
http://note.chiebukuro.yahoo.co.jp/detail/n178757
ダウンロード↓
http://www.piriform.com/ccleaner/download/standard
最新バージョンをダウンロードしてください。なお、インストール時におまけのアプリも勧めてくることがありますが、それらはチェック外してインストールは避けてください。
片付けるときはアンインストールしてください。
ここで重要な注意です。
CCは本来は高い性能を持つメンテナンスソフトですが、間違った使い方すると
【Windowsにダメージを与えてしまうおそれもある】
ので、ここでは解析ツールとしてのみ使います。
説明をしっかり読んで、自分が指示した以外の操作はしないように。
「AdwCleaner」(通称:AC)
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/
ファイル直リンです。アクセスしてファイルをデスクトップにでも保存しておいてください。
片付けるときは起動後に「uninstall」ボタンを押せば自動で削除されます。
使い方は下記サイト様に詳しい説明があるのでサンショウウオ↓
http://www.japan-secure.com/entry/adwcleaner.html
準備できたら作業開始です。
少なくとも下記のアプリは旧バージョンです。
>Mozilla Firefox 35.0 (x86 ja) Mozilla 2015/01/24 82.9 MB 35.0
各種アプリの更新を怠っただけでも、脆弱性を悪用されて深刻な感染はあっさり起きます。
使うなら最新版に更新してください。使わないアプリならアンインストールが安全です。
他にも旧バージョンないか調べて、あれば同様に更新するか、アンインストールしてください。
>Google Toolbar for Internet Explorer Google Inc. 2014/11/24 7.5.5111.1712
>Yahoo!ツールバー Yahoo! JAPAN. 2014/12/20 4.01 MB 8.0.0.3
>楽天ツールバー 2014/11/24 2014.111201
ツールバーの複数併用はそれだけで不具合のもとになります。
使うならひとつだけ残して、他はIUを使ってアンインストールしてください。
事前に他のプログラムを終了してからIU起動して、該当のアプリを選択して、アンインストール→パワースキャンの順にスキャンして、残骸ファイル、レジストリも表示されたらそれにチェックして削除です。
なお、IUは削除後ごくまれに異常が出ることもあるので、もし異常があればWindows標準のシステムの復元で、削除時の復元ポイントに戻してください。
>Craving Explorer Version 1.6.11 T-Craft 2014/11/30 26.6 MB 1.6.11.0
ダウンロード支援ツールはできればアンインストールをお勧めします。
DLツールは各社のアンチウイルスソフトでサポート外です。
つまり、これらDLツールを使って危険なサイトやファイルにアクセスすると、マルウェアがあってもブロックできずに感染してしまう危険が高くなります。
ただでさえDLツールを使う人が多い動画サイトは現在、その隙を狙う危険な罠リンクや悪質広告の巣窟に成り果てています。
どうしても使うなら最新版に更新したうえで、これによるいかなトラブルに遭っても自己責任で。
ここでWindowsの標準機能である「システムの復元」での復元ポイントをひとつ、手動で作成しておいてください。
これはこの後の作業で、間違って対象外のものをいじってしまうとそれだけでWindowsに深刻な不具合を起こすこともあるので、万一の際に復元可能にしておくためです。
http://windows.microsoft.com/ja-jp/windows7/create-a-restore-point
次にここで一度ACを起動してください。
起動するとまず定義の更新が行われるはずなので、更新だけしてから、それができたらACは一旦終了してください。
ここではスキャンもしなくていいです。
今度はPCをセーフモードで起動してください(やり方↓)
http://freesoft.tvbok.com/win8/tips-and-tools/safemode.html
セーフモードでIUを使って、下記をアンインストールしてください。
>Bandicam Bandisoft.com 2014/12/26 26.3 MB 2.1.0.708
>Bandisoft MPEG-1 Decoder Bandisoft.com 2014/12/26
>NoMore Ads NoMore Ads 2014/02/22
>Search App by Ask APN, LLC 2015/02/16 6.05 MB 12.25.2.60
>Softonic for Windows Softonic International S.L. 2014/12/20 1.5.11
IU起動して、該当のアプリを選択して、アンインストール→パワースキャンの順にスキャンして、残骸ファイル、レジストリも表示されたらそれにチェックして削除です。
なお、IUは削除後ごくまれに異常が出ることもあるので、もし異常があればWindows標準のシステムの復元で、削除時の復元ポイントに戻してください。
セーフモードのままでATFを起動して、「Recycle bin」(ゴミ箱)以外の箇所全部にチェックしてから、下部の「Empty selected」を押してください。
これでPC内の一時ファイル等のゴミが掃除できます。
ゴミ箱を空にしないのは、もし間違って安全なファイルを削除しても戻せるようにとの対処です。
HJTを起動させ、スキャンを行ってください。
スキャン結果が表示されましたら、以下の項目にチェックを入れてください。
ただし、特にHJTでの作業は一歩間違えれば簡単にPCが起動しなくなるため、こちらが指示した以外のものは絶対にチェックを入れないでください。
>O2 - BHO: DiscoeunnTEoxxtensii - {4bf082b8-7177-40e1-97c7-764735ab0e43} - C:\Program Files (x86)\DiscoeunnTEoxxtensii\My4r7ePYWUQYeu.dll
>O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
>O2 - BHO: AllSavver - {5a80efcc-059a-4fcf-b64f-6c3da761b78d} - C:\Program Files (x86)\AllSavver\Ebtl826GLXxJpm.dll
>O3 - Toolbar: Search App by Ask - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)
>O4 - HKCU\..\Run: [SoftonicAssistant] "C:\Users\侑央\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe"
>O4 - HKCU\..\Run: [Softonic for Windows] "C:\Users\侑央\AppData\Local\Softonic\Softonic.exe" -minimize
>O4 - Startup: .mp3.lnk = C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
>O4 - Startup: ii.lnk = C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
>O4 - Startup: YTClock.lnk = ?
>O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.287\SSScheduler.exe
>O16 - DPF: {0725D9DE-4CB8-4BC3-8219-3E74C0D544F7} (DMM Downloader) - http://sample3.dmm.co.jp/downloader5/DMMDownloader.cab
>O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
必要な項目すべてにチェックが入りましたら、Fix checkedをクリックしてください。
探しても見つからないものはスルーして進めていいです。
マイコンピュータのCドライブを開いて、下記のフォルダを探して、見つかればゴミ箱に削除してください。
>C:\Program Files (x86)\DiscoeunnTEoxxtensii
>C:\Program Files (x86)\AskPartnerNetwork
>C:\Program Files (x86)\AllSavver
>C:\Users\侑央\AppData\Local\SoftonicAssistant
>C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}
>C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}
今度は先にも起動したACを再度起動してください。
起動したら今度は「スキャン」したあと、そのスキャン終了後に検出されたものがあったら「除去」を押してください。
表示された画面で「はい」を選択すると処置開始されます。
処置完了したらそこでPCを通常モードで再起動してください。
再起動後にACのあらたなログが出るので、それをデスクトップにでも保存しておいてください。
ですが、もし作業後にログが出ないorわからない場合はマイコンピュータのCドライブを開くとその直下に以下のような名前のファイルが作成されているので、それがACのログです。
>AdwCleaner[英数字].txt
同じような名前のログが複数ある時は、作成日時が作業処置時のファイルが対象のログです。
今度はCCを起動してください。
起動したら、「ツール」→」「スタートアップ」→「Windows」タブを開いてください。
そこで右下の「テキストとして保存」を押すと、表示の内容がログとして保存できるので、ログをデスクトップにでも保存しておいてください。
続いて「InternetExplorer」タブ以下の各タブも順番に開いて、そのログもとっておいてください。
ただし、「コンテキストメニュー」のログは取らなくていいです。
CCの各ログをとったらCCは終了してください。
このあとブラウザを起動して、数時間ほどPC状態を様子見したあと、あらたにHJTとCCでのインストール情報ログを取り直してください。
取り直した両ログと、ACとCCの各ログを返信に貼って、状態報告とともにレスください。
それらを見てから続きの作業を指示します。
なお、自分から次のレスできるのは明日夕か夜になりそうなので、ご了承ください
-
3:IVNO:
2015/02/23 (Mon) 10:09:30
-
おはようございます、IVNOと申します。
悪代官さん自分のことをアフォとか・・・
いえ悪代官さん自身がご納得しているならそれはそれで・・・
あと悪代官さん、HJTログでは拾ってるのにCCログでは取りこぼしてます。
さて本題です。
IUでアンインストールする際、ついでにもう一つ追加で削除をお願いいたします。
McAfee Security Scan Plus McAfee, Inc. 2014/11/24 10.2 MB 3.0.287.1
こちらのソフトウェアはセキュリティソフトと干渉してセキュリティソフトの行動を妨害する場合があります。
セキュリティソフトの行動が妨害されると、マルウェアの検出ができなくなる場合があり、
検出ができないから駆除もできないと言う状況に陥る可能性が結構な割合であります。
こちらの追加削除が完了しましたら、後は悪代官さんのご案内に従って処置を行ってください。
-
4:もも:
2015/02/23 (Mon) 20:50:58
-
こんにちはももです。 このたびは調査等有難うございます。
さっそくですが、経由で仕込まれた
>O4 - Startup: .mp3.lnk = C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
>O4 - Startup: ii.lnk = C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
これのことなのですが、過去に体験版?無料版?をsoftonicでダウンロードしようとしたときにDLしたのか、もしくはマインクラフトのMODを入れようとしたときに誤ってDLしたのかも知れません。自分でもよくわかりませんが...
次にIUをつかってアンインストールしろと言われた >Search App by Ask APN, LLC 2015/02/16 6.05 MB 12.25.2.60
これのことなんですけどありませんでした。さらにHJTでチェックを入れて消す>O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)と>O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exeこれもありませんでした。
次にマイコンピュータのCドライブを開いて削除する>C:\Users\侑央\AppData\Local\SoftonicAssistant
このファイルがありませんでした。しかし自分調べ方が悪いのかもしれませんが。
次に>AdwCleaner[英数字].txtのログを張ります。
有効 HKCU:Run ApplicationManager Kingsoft Corp. Ltd. C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKCU:Run GoogleChromeAutoLaunch_E0FA44F0AD6463988ED68B8A9A8A514C Google Inc. "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
有効 HKCU:Run Speech Recognition Microsoft Corporation "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
有効 HKLM:Run HotKeysCmds "C:\Windows\system32\hkcmd.exe"
有効 HKLM:Run IgfxTray Intel Corporation - pGFX "C:\Windows\system32\igfxtray.exe"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run PDVD9LanguageShortcut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
有効 HKLM:Run Persistence "C:\Windows\system32\igfxpers.exe"
有効 HKLM:Run RemoteControl9 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
有効 HKLM:Run RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
有効 HKLM:Run RtHDVBg_PushButton Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
次に「InternetExplorer」タブ以下の各タブを張ります。
無効 Extension Send by Bluetooth to Qualcomm®Atheros® C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Helper AllSavver C:\Program Files (x86)\AllSavver\Ebtl826GLXxJpm.x64.dll
有効 Helper CIESpeechBHO Class Qualcomm®Atheros® C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
有効 Helper DiscoeunnTEoxxtensii C:\Program Files (x86)\DiscoeunnTEoxxtensii\My4r7ePYWUQYeu.x64.dll
有効 Helper ExplorerWnd Helper IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
有効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
有効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin Google Earth Plugin 7.1.2.2041 Google default C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
有効 Plugin Google Update 1.3.25.11 default C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.310.13 11.31.2.13 Oracle Corporation default C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U31 11.31.2.13 Oracle Corporation default C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
有効 Plugin Nero Kwik Media Helper 1.1.2.0 Nero AG default C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
有効 Plugin Photo Gallery 16.4.3528.331 Microsoft Corporation default C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
有効 App Gmail 7 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
有効 App Google ドライブ 6.4 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0
有効 App Google 検索 0.0.0.20 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
有効 App YouTube 4.2.7 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0
有効 Extension Google スプレッドシート 1.1 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
有効 Extension Google スライド 0.9 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
有効 Extension Google ドキュメント 0.9 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
有効 Extension IesaiveR 4.6 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmilpnpfhocfabmbfncjbldfjejodnk\4.6
有効 Extension World Clock 214 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkidmpafdcfdcbkbpnmplgedohaijkd\214
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-626598575-2212014049-1334464977-1002 Microsoft Corporation %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
無効 Task Optimize Start Menu Cache Files-S-1-5-21-626598575-2212014049-1334464977-1001
有効 Task Optimize Start Menu Cache Files-S-1-5-21-626598575-2212014049-1334464977-1002
有効 Task Uninstaller_SkipUac_侑央 IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task WpsUpdateTask_侑央 Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task
有効 Task {D908B9D6-7FC2-4074-87C2-6DC80A463236} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\侑央\AppData\Local\Softonic\Uninstall.exe
次に数時間ほどPC状態を様子見したあとのHJTとCCのログを張ります
HJTのログです。
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 20:40:45, on 2015/02/23
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\syswow64\wwahost.exe
C:\Users\侑央\Desktop\a\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_E0FA44F0AD6463988ED68B8A9A8A514C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7997 bytes
CCのログです。
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 206 MB 11.0.10
Apple Application Support(32 ビット) Apple Inc. 2015/02/03 94.3 MB 3.1.1
Apple Application Support(64 ビット) Apple Inc. 2015/02/03 109 MB 3.1.1
Apple Mobile Device Support Apple Inc. 2015/02/03 27.9 MB 8.1.0.18
Apple Software Update Apple Inc. 2014/10/24 2.38 MB 2.1.3.127
ApplicationManager 2011.4.27.209 kingsoft 2014/12/14 2011.4.27.209
Bonjour Apple Inc. 2014/10/24 2.00 MB 3.0.0.10
CCleaner Piriform 2015/02/22 5.02
CyberLink PowerDVD 9.5 CyberLink Corp. 2014/09/29 135 MB 9.5.1.6523
Dell WLAN and Bluetooth Client Installation Dell Inc. 2014/10/02 10.0
FINAL FANTASY XIV - A Realm Reborn SQUARE ENIX CO., LTD. 2015/01/10 1.0.0000
Google Chrome Google Inc. 2014/11/08 40.0.2214.115
Google Earth Google 2014/11/08 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 2014/11/24 7.5.5111.1712
Intel(R) Management Engine Components Intel Corporation 2014/10/02 9.5.23.1766
Intel(R) Processor Graphics Intel Corporation 2015/01/16 10.18.10.3960
IObit Uninstaller IObit 2015/02/20 4.2.6.2
iTunes Apple Inc. 2015/02/03 234 MB 12.1.0.71
Java 8 Update 31 Oracle Corporation 2015/01/22 74.0 MB 8.0.310
Kingsoft Office 2013 (9.1.0.4840) Kingsoft Corp. 2014/12/14 9.1.0.4840
Logicool ゲーム ソフトウェア 8.57 Logicool 2014/12/25 110 MB 8.57.145
Microsoft OneDrive Microsoft Corporation 2014/10/31 29.3 MB 17.3.1229.0918
Microsoft Silverlight Microsoft Corporation 2015/01/16 50.7 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2014/10/26 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/10/26 3.22 MB 8.0.61001
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2014/12/25 20.5 MB 11.0.61030.0
Nero 12 Kwik Burn Express Essentials Nero AG 2014/09/29 628 MB 12.1.00200
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/10/02 6.0.1.7016
RPGツクールVX Ace RTP Enterbrain 2014/12/27 194 MB 1.00
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/10/29 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/21 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/09/25 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/21 17.0 KB 16.0.1016.1
VirtualDJ 8 Atomix Productions 2015/01/16 55.5 MB 8.0.2094.0
Windows Live Essentials Microsoft Corporation 2014/10/26 16.4.3528.0331
ドラゴンクエストX オンライン SQUARE ENIX CO., LTD. 2014/12/28 1.0.1.0
今の現状はyoutubeを見ても怪しい広告は出てこないしWEBページを開いても変なサイトやDMMのサイトに飛ばされることはなくなりました。
それとIVNOさんがおっしゃっていた McAfee Security Scan Plus McAfee, Inc. 2014/11/24 10.2 MB 3.0.287.1
これは削除しました。しかしウイルス対策ソフトがなくなったのでとても心配です。
-
5:もも:
2015/02/23 (Mon) 21:03:32
-
すみませんももです。
ACではなくHJTのログを張りました
改めてACのログを張らせていただきます
# AdwCleaner v4.111 - Logfile created 23/02/2015 at 20:59:48
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 8.1 Pro (x64)
# Username : 侑央 - DELL
# Running from : C:\Users\侑央\Desktop\a\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [8487 bytes] - [23/02/2015 18:21:23]
AdwCleaner[R1].txt - [3702 bytes] - [23/02/2015 19:22:39]
AdwCleaner[R2].txt - [728 bytes] - [23/02/2015 20:59:48]
AdwCleaner[S0].txt - [3604 bytes] - [23/02/2015 19:24:38]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [845 bytes] ##########
-
6:悪代官@鳥頭
:
2015/02/23 (Mon) 21:15:23
-
作業と報告、ご苦労様です。
説明も見せていただきました。
>O4 - Startup: .mp3.lnk = C:\ProgramData\{744ee83a-fdf2-5ca9-744e-ee83afdfa0eb}\.mp3.exe
>O4 - Startup: ii.lnk = C:\ProgramData\{79ec4d99-5e7f-acde-79ec-c4d995e73665}\ii.exe
>これのことなのですが、過去に体験版?無料版?をsoftonicでダウンロードしようとしたときにDLしたのか、もしくはマインクラフトのMODを入れようとしたときに誤ってDLしたのかも知れません
はい、ではこれは一旦置いて進めましょう。
>Search App by Ask APN, LLC 2015/02/16 6.05 MB 12.25.2.60
>O2 - BHO: Search App by Ask BHO - {4F524A2D-5350-4500-76A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll" (file missing)と>O23 - Service: Ask Update Service (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exeこれもありませんでした。
>C:\Users\侑央\AppData\Local\SoftonicAssistant
これらが見つからないのも処置できたせいかと思います。なのでこれもいまはスルーでいいです。
ではまた説明に沿って続きの作業をお願いします。
ACの今回のスキャンでは特に検出なかったようですね。
では同じ場所にあったはずの下記のログファイルを探してください。
>AdwCleaner[S0].txt - [3604 bytes] - [23/02/2015 19:24:38]
このログが見つかったらそのログ内容を次回レスで見せてください。
>今の現状はyoutubeを見ても怪しい広告は出てこないしWEBページを開いても変なサイトやDMMのサイトに飛ばされることはなくなりました。
>それとIVNOさんがおっしゃっていた McAfee Security Scan Plus McAfee, Inc. 2014/11/24 10.2 MB 3.0.287.1
>これは削除しました。しかしウイルス対策ソフトがなくなったのでとても心配です。
異常が沈静化しているなら気分的にも楽になったでしょう。
続きの作業は急がなくていいのでマイペースでどうぞ。
そしてOSがWin8のはずなので、Microsoft純正のWindowsDefenderが自動的に動作しているでしょうから、いまは最低限のウイルス対策はできているのでこれは心配なく。
ですが早めに信頼できるアンチウイルスソフトを用意して入れなおすことをお勧めします。
先の手順でCCを起動して「IE」タブ内の下記を右クリックから「無効」にしたあと「エントリの削除」してください。
>有効 Helper AllSavver C:\Program Files (x86)\AllSavver\Ebtl826GLXxJpm.x64.dll
>有効 Helper DiscoeunnTEoxxtensii C:\Program Files (x86)\DiscoeunnTEoxxtensii\My4r7ePYWUQYeu.x64.dll
無効にできないときはそのまま削除でもいいです。
次に「Chrome」タブ内の下記も同様に処置です。
>有効 Extension IesaiveR 4.6 Default C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmilpnpfhocfabmbfncjbldfjejodnk\4.6
続いて「スケジュールされたタスク」内の下記も同様に処置です。
>有効 Task {D908B9D6-7FC2-4074-87C2-6DC80A463236} Microsoft Corporation C:\Windows\system32\pcalua.exe -a C:\Users\侑央\AppData\Local\Softonic\Uninstall.exe
ここまでできたら次に以下のアプリを準備してください。
Malwarebytes' Anti-Malware(通称・MBAM)
本家サイト
http://www.malwarebytes.org/
ですが、MBAMは現在安定性や動作でかなり難が出ており、普通に使っても正常にスキャンができないバグまで多発中です。
そのため本家サイトから最新版のダウンロードせず、ここではあえて旧バージョンで作業します。
旧バージョンの説明サイト↓
http://fine.tok2.com/home/heto2/0700SecurityApp/Malwarebytes/0001.htm
以下のURLからMBAMの旧バージョンをダウンロードしてください。
http://www.oldapps.com/malwarebytes.php?old_malwarebytes=12090?download
ファイル直リンです。保存しておいてください。
注)インストール時に日本語でインストールすると文字化けすることがあります。英語でインストール後に日本語化してください。
MBAM起動して「Settings」タブ→「Language」→「Japanese」で日本語化できます。
準備できたらMBAMをインストールとアップデートまでしておいてください。
ただし、ここではまだスキャンはしないように。
なお、ここでMBAMの更新で「プログラム」自体は更新せず、定義だけ更新しておいてください。
プログラム本体を更新すると、バグ多発中の最新版になってしまうので、せっかく旧バージョンでインストールした意味がなくなります。
アップデートまでできたらPCをセーフモードで再起動してから、ATFを使ってゴミファイルの掃除してください。
続いてセーフモードのままMBAMでスキャンしてください。
MBAM起動したら「スキャナー」タブから「フルスキャン」してください。
対象ドライブはCを含めて全ドライブを選択してください。
スキャン対象は全ドライブを選択(チェック)してください。時間はかかりますができるだけ細かくスキャンするためです。
順番はどちらからでもいいですが、なにか検出されたらそれを選択して「remove」(隔離)したあと、再起動を促す表示が出たらそこで一度PCを再起動してください。
もし再起動表示が出ないときは手動で再起動してください。
またMBAMスキャン終了後、「詳細を表示」を押すとその結果が表示されるはずなので、そこで「ログを保存」を押すとそのログが保存可能になります。
そのログをデスクトップにでも保存しておいてください。
このログ確認が特に重要なので、忘れないようにお願いします。
このあとMBAMのログを返信に貼り付けて、それを状態報告とともにレスで見せてください。
-
7:IVNO:
2015/02/23 (Mon) 21:34:19
-
McAfee Security Scan Plus
Norton Security Scan
Kaspersky Security Scan
上記3つはセキュリティソフトではなく本来のアド(広告)ウェアです。
アドウェアとは本来は広告を表示させることで有料のソフトと同等の性能のものを
無料で利用できると言う広告主とソフトウェア双方にメリットのあるものか、
あるいは上記3つのように体験版的な役割を果たしてこれ以上やりたければ製品版を買えと促すものです。
こういう本来のアドウェアの用途から逸脱し、ただ純粋に広告を表示させるだけのものが、
現在私たちが駆除を行っているアドウェアとなります。
ですのでこれら3つはセキュリティソフトではないと言うのはそういうことです。
これら3つはただ純粋にスキャンする「だけ」であるならば問題なくできますが、
これはなまじスキャン機能があるだけほかのセキュリティソフトと競合し、
ほかのセキュリティソフトの動きを止めてしまう恐れがあるのです。
そのためこれら3つのアドウェアは削除が推奨されています。
-
8:もも:
2015/02/24 (Tue) 18:32:04
-
こんにちは、レス遅れて申し訳ありません。そして調査ありがとうございます。
早速ですが前回張り忘れたログを張ります。
# AdwCleaner v4.111 - Logfile created 23/02/2015 at 19:24:38
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Local]
# Operating system : Windows 8.1 Pro (x64)
# Username : 侑央 - DELL
# Running from : C:\Users\侑央\Desktop\a\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\4e28a18600002228
Folder Deleted : C:\ProgramData\8671808845841899475
Folder Deleted : C:\Program Files (x86)\IesaiveR
Folder Deleted : C:\Program Files (x86)\RobboSavEr
Folder Deleted : C:\Program Files (x86)\SaveNEwaAppza
Folder Deleted : C:\Users\侑央\AppData\Local\Temp\apn
Folder Deleted : C:\Users\侑央\AppData\Local\CrashRpt
Folder Deleted : C:\Users\侑央\AppData\Roaming\ASP
Folder Deleted : C:\Users\侑央\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\侑央\AppData\Roaming\Systweak
Folder Deleted : C:\Users\侑央\AppData\Roaming\IHlpr
Folder Deleted : C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlmilpnpfhocfabmbfncjbldfjejodnk
File Deleted : C:\Windows\System32\roboot64.exe
***** [ Scheduled tasks ] *****
Task Deleted : ASP
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{57B0DCF0-8B40-4449-8AA4-E297D6E779D4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4F524A2D-5350-4500-76A7-7A786E7484D7}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{704D511A-3B27-4367-BD23-FB473FEC8972}
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\euro-truck-simulator-2.softonic.jp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\microsoft-flight-simulator-x.softonic.jp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\minecraft.softonic.jp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.jp
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.softonic.jp
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Mozilla Firefox v
-\\ Google Chrome v40.0.2214.115
*************************
AdwCleaner[R0].txt - [8487 bytes] - [23/02/2015 18:21:23]
AdwCleaner[R1].txt - [3702 bytes] - [23/02/2015 19:22:39]
AdwCleaner[S0].txt - [3465 bytes] - [23/02/2015 19:24:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3524 bytes] ##########
次に、「アップデートまでできたらPCをセーフモードで再起動してから、ATFを使ってゴミファイルの掃除してください。」という文のごみファイルと言うところが良く分からなかったので行いませんでした。
次に、MBAMスキャン終了後のログを貼ります。(ずっと漢字 張 にして間違えてました)
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
定義バージョン: v2013.04.04.07
Windows 8 x64 NTFS (セーフモード)
Internet Explorer 11.0.9600.17631
侑央 :: DELL [管理者]
2015/02/24 17:24:44
mbam-log-2015-02-24 (17-24-44).txt
スキャンタイプ: フルスキャン (C:\|D:\|E:\|)
有効なスキャン領域: メモリ | スタートアップ | レジストリ | ファイルシステム | ヒューリスティック/追加アイテムのスキャン | ヒューリスティック/Shuriken エンジンを使用してスキャン | 不審なプログラム (PUP) | 不審な変更 (PUM)
無効なスキャン領域: ピア・ツー・ピアプログラム(P2P)
スキャンしたアイテム数: 413569
経過時間: 29 分, 41 秒
メモリプロセスの検出: 0
(悪意のあるアイテムは検出されていません。)
メモリモジュールの検出: 0
(悪意のあるアイテムは検出されていません。)
レジストリキーの検出: 0
(悪意のあるアイテムは検出されていません。)
レジストリ値の検出: 0
(悪意のあるアイテムは検出されていません。)
レジストリデータ項目の検出: 0
(悪意のあるアイテムは検出されていません。)
フォルダの検出: 0
(悪意のあるアイテムは検出されていません。)
ファイルの検出: 1
C:\Windows\WinSxS\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.3.9600.17415_none_018f2074f3cfcbbe\iccvid.dll (Trojan.FakeAlert) -> 再起動後に削除されます。
(終)
次に、現状の報告についてです。
前回に引き続きネットは不審な広告やWEBを開くとたまにDMMの広告が出てくることはありません。
最後に、アンチウイルスソフトについてなのですが自分はNortonの導入を検討しています。
いじっかしいとは思いますが、ご返答してくださるのであればお願いします。
以上
-
9:悪代官@鳥頭
:
2015/02/24 (Tue) 19:45:17
-
作業と報告、ご苦労様です。
説明も見せていただきました。
>前回に引き続きネットは不審な広告やWEBを開くとたまにDMMの広告が出てくることはありません。
>最後に、アンチウイルスソフトについてなのですが自分はNortonの導入を検討しています。
はい、異常も出てないようですね。
アンチウイルスも最新状態で正常に動作していればいいです。
ACの処置時ログを見たところ、こちらはかなり掃除されてましたね。
ですが検出処置した物もこれでわかったのでもういいでしょう。
ACは導入時の説明手順に沿って片付けてください。
MBAMでのスキャンではひとつだけ検出ありましたね。
>C:\Windows\WinSxS\x86_microsoft-windows-vcm-core-codecs_31bf3856ad364e35_6.3.9600.17415_none_018f2074f3cfcbbe\iccvid.dll (Trojan.FakeAlert) -> 再起動後に削除されます。
これですがどうも過剰反応(誤検出)の疑いがあるもので、先日から他の方のスキャン結果でも連続で出ています。
ですがすべての相談者さん事例で検出されるものでもなく、個々の環境によって検出されているようです。
いまのところ完全に誤検出かどうかの判断がつきかねているので、MBAMで隔離した上記はしばらくそのままにしておいてください。
では今度は別角度から解析してみましょう。
以下のツールを準備してください。
OTL(OldTimer Listit)
ファイル直リンなので、DLしたら保存しておいてください。
http://oldtimer.geekstogo.com/OTL.exe
片付けるときは起動後に「Cleanup」ボタンを押せば自動で削除されます。
他のプログラムを起動しない状態でOTLを起動してください。
起動したら、ウィンドウの上の方にある「Scan All Users」にチェックを入れ、以下のコマンドを「Custom Scan/Fixes」にコピペしてください。
%windir%\tasks\*.job
DRIVES
BASESERVICES
%SYSTEMDRIVE%\*.exe
CREATERESTOREPOINT
その後、左上の「Run Scan」を押すとスキャン開始されます。
スキャン開始後、PC環境にもよりますが数分ほどすると、「OTL.txt」と「Extras.txt」がOTL.exeと同じ場所に作成されるはずなので、この2つのファイルをデスクトップあたりに保存しておいてください。
なお、Extras.txtは出ないこともありますが、その場合はOTL.txtだけでもいいです。
このあとOTLログを丸ごと返信に貼り付けてレスで見せてください。
ただしOTLログはかなり長くなるため、一度に送信してもfc2の文字数制限で途切れます。
なのでログも適当なところで分割して、複数回に分けてレス送信してください。
OTLでスキャンしただけでは何も変化は起きません。
この結果を見て、検出されたものを次回以降の作業で処置することになるはずです
-
10:もも:
2015/02/24 (Tue) 23:03:18
-
悪代官さんこんばんわ。調査お疲れ様です。
早速ですがOTLのログから貼らせていただきます。
OTLのログ
OTL logfile created on: 2015/02/24 22:49:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\侑央\Desktop\a
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd
7.92 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 80.47% Memory free
9.17 Gb Paging File | 7.42 Gb Available in Paging File | 80.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 848.64 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: 侑央 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2015/02/24 22:37:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\侑央\Desktop\a\OTL.exe
PRC - [2015/02/20 21:14:44 | 002,635,552 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2015/02/20 21:14:43 | 001,088,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2015/02/09 19:08:24 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/10 06:27:38 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/12/10 06:27:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/08/30 11:37:00 | 000,860,608 | ---- | M] (Kingsoft Corp. Ltd.) -- C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/10/31 13:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 13:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 12:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 11:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 11:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 11:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/29 10:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/29 09:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/29 09:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/10/03 17:36:52 | 000,329,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:[b]64bit:[/b] - [2014/09/22 12:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/09/22 12:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/08/16 12:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/06/19 09:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:[b]64bit:[/b] - [2009/11/18 08:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2015/02/20 21:14:44 | 002,635,552 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/09 13:28:25 | 000,182,304 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/10/29 10:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 10:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/29 09:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/03 17:36:56 | 000,279,952 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/08/16 12:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/12/10 06:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 06:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/12 01:49:32 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2014/12/12 09:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/11/21 06:14:26 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2014/11/11 03:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/11/05 04:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 12:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/17 13:56:24 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/10/17 13:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/17 12:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/15 17:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/08 18:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 15:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/10/03 17:36:38 | 004,753,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2014/09/22 12:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/09/22 12:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/09/22 11:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/09/19 10:58:48 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2014/09/19 10:58:48 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/03/20 12:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/03/13 21:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/22 21:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/01/23 05:57:34 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2013/12/10 06:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/12/05 03:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2013/10/26 10:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/10/06 00:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/09/14 23:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:16 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:44 | 000,590,024 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:44 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/15 00:29:52 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/06/18 23:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/05/31 01:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2013/04/16 03:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:[b]64bit:[/b] - [2013/04/16 03:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/?gws_rd=ssl
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes,DefaultScope = {1A95DC8F-4A6D-4938-B715-50B59B516306}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "https://www.google.co.jp/?gws_rd=ssl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2015/01/24 20:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Extensions
[2015/02/18 15:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Firefox\Profiles\f9saai96.default\extensions
[2015/02/18 15:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Firefox\Profiles\f9saai96.default\extensions\staged
[color=#E56717]========== Chrome ==========[/color]
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkidmpafdcfdcbkbpnmplgedohaijkd\214\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logicool Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [ApplicationManager] C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe (Kingsoft Corp. Ltd.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [GoogleChromeAutoLaunch_E0FA44F0AD6463988ED68B8A9A8A514C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CD88A18-AFBA-4989-9806-35AC60EF0755}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{428601CE-9264-416E-AA9D-99C174C904DC}: DhcpNameServer = 192.168.3.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2015/02/24 22:34:19 | 000,000,000 | R--D | C] -- C:\Users\侑央\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2015/02/24 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/02/24 17:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/24 17:11:43 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/24 17:11:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/24 17:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/24 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\Malwarebytes
[2015/02/24 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/24 17:06:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/24 17:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/02/23 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\backups
[2015/02/22 21:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/02/22 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/02/22 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\a
[2015/02/21 10:05:50 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\I play judo
[2015/02/20 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\ProductData
[2015/02/20 21:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2015/02/20 21:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2015/02/20 21:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2015/02/20 21:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2015/02/20 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\IObit
[2015/02/18 15:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World Clock
[2015/02/15 13:40:06 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/13 21:29:36 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015/02/13 21:29:36 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015/02/13 21:29:14 | 000,788,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/13 21:29:07 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/13 21:29:07 | 000,393,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/13 21:29:06 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/13 21:29:06 | 001,762,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/13 21:29:06 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/02/13 21:29:00 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/02/13 21:28:59 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/13 21:28:59 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/13 21:28:59 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/13 21:28:59 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/02/13 21:28:59 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/13 21:28:59 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/13 21:28:58 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015/02/13 21:28:58 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/13 21:28:58 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/02/13 21:28:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/13 21:28:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/13 21:28:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/13 21:28:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/13 21:28:57 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/13 21:28:35 | 001,487,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2015/02/13 21:28:30 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/13 21:28:30 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/02/13 21:28:30 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/13 21:28:30 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/13 21:28:30 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/13 21:28:30 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/09 20:06:44 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\java
[2015/02/09 20:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{5230ce9c-0b01-a6ba-5230-0ce9c0b03a70}
[2015/02/09 20:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{1347db22-75bc-1cb6-1347-7db2275b6c89}
[2015/02/05 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\学習
[2015/02/03 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/02/03 23:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/02/03 22:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2015/02/24 22:34:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/24 18:25:01 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_侑央.job
[2015/02/24 17:59:58 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/24 17:56:19 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/24 17:55:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/02/24 17:55:43 | 2507,309,055 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/24 16:55:28 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/24 16:50:17 | 000,000,020 | ---- | M] () -- C:\Users\侑央\AppData\Roaming\appdataFr3.bin
[2015/02/23 20:12:39 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/14 18:33:39 | 001,496,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/14 18:33:39 | 000,722,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/14 18:33:39 | 000,499,650 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2015/02/14 18:33:39 | 000,135,458 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2015/02/14 18:33:39 | 000,135,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/13 22:06:30 | 000,337,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/09 19:08:32 | 000,000,708 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/04 08:38:41 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/04 08:08:38 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/04 08:08:37 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/04 04:31:19 | 000,714,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 04:31:19 | 000,106,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/03 23:13:21 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/02/03 08:11:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/03 08:11:24 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/03 08:11:24 | 000,894,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2015/02/24 17:06:35 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/24 16:55:28 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/20 21:14:50 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/19 16:37:54 | 000,000,020 | ---- | C] () -- C:\Users\侑央\AppData\Roaming\appdataFr3.bin
[2015/02/13 21:29:10 | 000,391,526 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/02/03 23:13:21 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/16 23:07:03 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/01/16 23:06:39 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/01/16 21:22:58 | 000,007,600 | ---- | C] () -- C:\Users\侑央\AppData\Local\Resmon.ResmonCfg
[2014/10/03 17:36:30 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/10/03 17:36:28 | 016,810,624 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll
[2014/10/02 11:32:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/10/02 11:32:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\RtkMsgs.dll
[2014/09/26 15:27:01 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013/08/27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2013/08/23 00:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/23 00:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 23:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 16:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 08:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 08:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2014/12/14 16:07:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/11/11 09:39:20 | 022,290,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/11/11 09:17:34 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 10:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 09:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 10:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/02/24 17:56:19 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/09 19:08:32 | 000,000,708 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/23 20:12:39 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/24 18:25:01 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_侑央.job
[color=#E56717]========== Drive Information ==========[/color]
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA DT01ACA100
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 350.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 368050176
Hidden sectors: 0
[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/10/29 11:42:20 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:33 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2014/10/29 10:21:02 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:34 | 000,933,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/11/10 10:37:02 | 000,845,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2014/10/29 10:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:28 | 000,516,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2014/10/29 09:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:50 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:06 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/10/29 10:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/11/05 10:43:48 | 000,252,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2014/10/29 10:14:35 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2014/10/29 10:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:07:58 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2014/10/29 10:08:58 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/10/29 10:01:45 | 000,706,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2014/10/29 09:51:03 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\
-
11:もも:
2015/02/24 (Tue) 23:13:18
-
申し訳ありません。先ほどのレスは不十分なコピペだったのでまた新しく貼ります。
OTL logfile created on: 2015/02/24 22:49:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\侑央\Desktop\a
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd
7.92 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 80.47% Memory free
9.17 Gb Paging File | 7.42 Gb Available in Paging File | 80.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 848.64 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: 侑央 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2015/02/24 22:37:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\侑央\Desktop\a\OTL.exe
PRC - [2015/02/20 21:14:44 | 002,635,552 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2015/02/20 21:14:43 | 001,088,800 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
PRC - [2015/02/09 19:08:24 | 000,232,264 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
PRC - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/10 06:27:38 | 000,390,616 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2013/12/10 06:27:36 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/08/30 11:37:00 | 000,860,608 | ---- | M] (Kingsoft Corp. Ltd.) -- C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:[b]64bit:[/b] - [2014/10/31 13:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2014/10/29 13:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter)
SRV:[b]64bit:[/b] - [2014/10/29 12:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:[b]64bit:[/b] - [2014/10/29 11:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:[b]64bit:[/b] - [2014/10/29 11:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2014/10/29 11:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:36 | 000,780,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:[b]64bit:[/b] - [2014/10/29 10:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:02 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:[b]64bit:[/b] - [2014/10/29 10:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:09:48 | 000,521,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:[b]64bit:[/b] - [2014/10/29 09:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:[b]64bit:[/b] - [2014/10/29 09:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:[b]64bit:[/b] - [2014/10/29 09:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:[b]64bit:[/b] - [2014/10/03 17:36:52 | 000,329,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:[b]64bit:[/b] - [2014/09/22 12:05:56 | 000,368,632 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:[b]64bit:[/b] - [2014/09/22 12:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/08/16 12:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:[b]64bit:[/b] - [2013/08/27 14:32:30 | 000,828,376 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/08/27 14:32:14 | 000,747,520 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2013/06/19 09:18:38 | 000,246,488 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:[b]64bit:[/b] - [2009/11/18 08:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2015/02/20 21:14:44 | 002,635,552 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014/12/19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/11/09 13:28:25 | 000,182,304 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2014/10/29 10:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2014/10/29 10:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2014/10/29 09:53:11 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2014/10/03 17:36:56 | 000,279,952 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/08/16 12:29:40 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/12/10 06:27:38 | 000,390,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/12/10 06:27:36 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2013/08/12 01:49:32 | 000,312,448 | ---- | M] (Windows (R) Win 7 DDK provider) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:[b]64bit:[/b] - [2014/12/12 09:51:20 | 000,075,776 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:[b]64bit:[/b] - [2014/11/21 06:14:26 | 000,064,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:[b]64bit:[/b] - [2014/11/11 03:06:59 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:[b]64bit:[/b] - [2014/11/05 04:33:40 | 000,058,176 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:[b]64bit:[/b] - [2014/10/29 12:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:[b]64bit:[/b] - [2014/10/29 12:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:[b]64bit:[/b] - [2014/10/29 12:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:41 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:[b]64bit:[/b] - [2014/10/29 11:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:[b]64bit:[/b] - [2014/10/29 11:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:[b]64bit:[/b] - [2014/10/17 13:56:24 | 000,238,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2014/10/17 13:56:23 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:[b]64bit:[/b] - [2014/10/17 12:35:04 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:[b]64bit:[/b] - [2014/10/15 17:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\refs.sys -- (ReFS)
DRV:[b]64bit:[/b] - [2014/10/08 18:24:09 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,324,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:[b]64bit:[/b] - [2014/10/07 15:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:[b]64bit:[/b] - [2014/10/07 15:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:[b]64bit:[/b] - [2014/10/03 17:36:38 | 004,753,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2014/09/22 12:06:16 | 000,258,368 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:[b]64bit:[/b] - [2014/09/22 12:06:16 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:[b]64bit:[/b] - [2014/09/22 11:49:43 | 000,035,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:[b]64bit:[/b] - [2014/09/19 10:58:48 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:[b]64bit:[/b] - [2014/09/19 10:58:48 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:[b]64bit:[/b] - [2014/08/15 23:35:00 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2014/08/15 09:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:[b]64bit:[/b] - [2014/03/20 12:41:20 | 000,376,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:[b]64bit:[/b] - [2014/03/13 21:35:24 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\wof.sys -- (Wof)
DRV:[b]64bit:[/b] - [2014/02/23 00:49:49 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:[b]64bit:[/b] - [2014/02/22 21:14:02 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:[b]64bit:[/b] - [2014/01/23 05:57:34 | 000,450,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:[b]64bit:[/b] - [2013/12/10 06:27:36 | 000,100,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2013/12/05 03:41:54 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:[b]64bit:[/b] - [2013/10/26 10:54:32 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:[b]64bit:[/b] - [2013/10/06 00:25:54 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:[b]64bit:[/b] - [2013/09/14 23:06:57 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:16 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp)
DRV:[b]64bit:[/b] - [2013/08/23 07:50:04 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:[b]64bit:[/b] - [2013/08/22 22:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:[b]64bit:[/b] - [2013/08/22 21:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:[b]64bit:[/b] - [2013/08/22 21:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:[b]64bit:[/b] - [2013/08/22 21:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:[b]64bit:[/b] - [2013/08/22 20:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:[b]64bit:[/b] - [2013/08/22 20:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:[b]64bit:[/b] - [2013/08/22 20:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2013/08/22 20:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:[b]64bit:[/b] - [2013/08/22 17:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:[b]64bit:[/b] - [2013/08/13 08:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:44 | 000,590,024 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:44 | 000,137,928 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,338,120 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,116,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,089,800 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2013/08/12 01:25:42 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2013/08/10 09:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:[b]64bit:[/b] - [2013/07/31 03:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:[b]64bit:[/b] - [2013/07/26 04:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:[b]64bit:[/b] - [2013/07/15 00:29:52 | 003,837,440 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:[b]64bit:[/b] - [2013/06/18 23:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:[b]64bit:[/b] - [2013/05/31 01:16:40 | 000,064,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:[b]64bit:[/b] - [2013/04/16 03:51:58 | 000,102,808 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:[b]64bit:[/b] - [2013/04/16 03:51:52 | 000,410,008 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:[b]64bit:[/b] - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2012/10/03 16:14:56 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/11/24 09:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2009/11/24 09:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.jp/?gws_rd=ssl
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes,DefaultScope = {1A95DC8F-4A6D-4938-B715-50B59B516306}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.isUS: false
FF - prefs.js..browser.startup.homepage: "https://www.google.co.jp/?gws_rd=ssl"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:35.0
FF - user.js - File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3528.0331: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2015/01/24 20:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Extensions
[2015/02/18 15:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Firefox\Profiles\f9saai96.default\extensions
[2015/02/18 15:41:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\侑央\AppData\Roaming\mozilla\Firefox\Profiles\f9saai96.default\extensions\staged
[color=#E56717]========== Chrome ==========[/color]
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.4_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkkidmpafdcfdcbkbpnmplgedohaijkd\214\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\侑央\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/08/22 22:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (ExplorerWnd Helper) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
O2:[b]64bit:[/b] - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:[b]64bit:[/b] - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logicool Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe" File not found
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [ApplicationManager] C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe (Kingsoft Corp. Ltd.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [GoogleChromeAutoLaunch_E0FA44F0AD6463988ED68B8A9A8A514C] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-626598575-2212014049-1334464977-1002..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Atheros Communications)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm®Atheros®)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0CD88A18-AFBA-4989-9806-35AC60EF0755}: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{428601CE-9264-416E-AA9D-99C174C904DC}: DhcpNameServer = 192.168.3.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2015/02/24 22:34:19 | 000,000,000 | R--D | C] -- C:\Users\侑央\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2015/02/24 17:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2015/02/24 17:11:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2015/02/24 17:11:43 | 000,093,400 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2015/02/24 17:11:43 | 000,064,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2015/02/24 17:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2015/02/24 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\Malwarebytes
[2015/02/24 17:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2015/02/24 17:06:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2015/02/24 17:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2015/02/23 18:47:15 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\backups
[2015/02/22 21:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2015/02/22 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2015/02/22 21:09:21 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\a
[2015/02/21 10:05:50 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\I play judo
[2015/02/20 21:15:52 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\ProductData
[2015/02/20 21:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2015/02/20 21:14:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[2015/02/20 21:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ProductData
[2015/02/20 21:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2015/02/20 21:10:46 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\IObit
[2015/02/18 15:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World Clock
[2015/02/15 13:40:06 | 006,041,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2015/02/13 21:29:36 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2015/02/13 21:29:36 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2015/02/13 21:29:14 | 000,788,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2015/02/13 21:29:07 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scesrv.dll
[2015/02/13 21:29:07 | 000,393,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scesrv.dll
[2015/02/13 21:29:06 | 007,472,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2015/02/13 21:29:06 | 001,762,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2015/02/13 21:29:06 | 001,733,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2015/02/13 21:29:00 | 000,816,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2015/02/13 21:28:59 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2015/02/13 21:28:59 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2015/02/13 21:28:59 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2015/02/13 21:28:59 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2015/02/13 21:28:59 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2015/02/13 21:28:59 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2015/02/13 21:28:58 | 002,865,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2015/02/13 21:28:58 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2015/02/13 21:28:58 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2015/02/13 21:28:58 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2015/02/13 21:28:58 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2015/02/13 21:28:58 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2015/02/13 21:28:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2015/02/13 21:28:57 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2015/02/13 21:28:35 | 001,487,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll
[2015/02/13 21:28:30 | 001,098,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/13 21:28:30 | 000,894,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[2015/02/13 21:28:30 | 000,761,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/13 21:28:30 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/13 21:28:30 | 000,414,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/13 21:28:30 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/09 20:06:44 | 000,000,000 | ---D | C] -- C:\Users\侑央\AppData\Roaming\java
[2015/02/09 20:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{5230ce9c-0b01-a6ba-5230-0ce9c0b03a70}
[2015/02/09 20:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{1347db22-75bc-1cb6-1347-7db2275b6c89}
[2015/02/05 19:13:22 | 000,000,000 | ---D | C] -- C:\Users\侑央\Desktop\学習
[2015/02/03 23:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2015/02/03 23:12:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
[2015/02/03 22:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SEGA
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
-
12:もも:
2015/02/24 (Tue) 23:16:59
-
続きです。
[2015/02/24 22:34:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2015/02/24 18:25:01 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_侑央.job
[2015/02/24 17:59:58 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/24 17:56:19 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/24 17:55:45 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2015/02/24 17:55:43 | 2507,309,055 | -HS- | M] () -- C:\hiberfil.sys
[2015/02/24 16:55:28 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/24 16:50:17 | 000,000,020 | ---- | M] () -- C:\Users\侑央\AppData\Roaming\appdataFr3.bin
[2015/02/23 20:12:39 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/14 18:33:39 | 001,496,524 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2015/02/14 18:33:39 | 000,722,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2015/02/14 18:33:39 | 000,499,650 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
[2015/02/14 18:33:39 | 000,135,458 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
[2015/02/14 18:33:39 | 000,135,394 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2015/02/13 22:06:30 | 000,337,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2015/02/09 19:08:32 | 000,000,708 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/04 08:38:41 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2015/02/04 08:08:38 | 000,761,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll
[2015/02/04 08:08:37 | 000,414,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll
[2015/02/04 04:31:19 | 000,714,720 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2015/02/04 04:31:19 | 000,106,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2015/02/03 23:13:21 | 000,001,765 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/02/03 08:11:29 | 000,609,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll
[2015/02/03 08:11:24 | 001,098,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2015/02/03 08:11:24 | 000,894,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2015/02/24 17:06:35 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2015/02/24 16:55:28 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2015/02/20 21:14:50 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/19 16:37:54 | 000,000,020 | ---- | C] () -- C:\Users\侑央\AppData\Roaming\appdataFr3.bin
[2015/02/13 21:29:10 | 000,391,526 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2015/02/03 23:13:21 | 000,001,765 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2015/01/16 23:07:03 | 000,107,008 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2015/01/16 23:06:39 | 000,046,080 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2015/01/16 21:22:58 | 000,007,600 | ---- | C] () -- C:\Users\侑央\AppData\Local\Resmon.ResmonCfg
[2014/10/03 17:36:30 | 000,186,368 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2014/10/03 17:36:28 | 016,810,624 | ---- | C] () -- C:\Windows\SysWow64\igd11dxva32.dll
[2014/10/02 11:32:54 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/10/02 11:32:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\RtkMsgs.dll
[2014/09/26 15:27:01 | 000,002,255 | ---- | C] () -- C:\Windows\SysWow64\WimBootCompress.ini
[2013/08/27 14:00:08 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2013/08/23 00:36:43 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2013/08/23 00:36:42 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2013/08/22 23:46:23 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2013/08/22 16:01:23 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2013/08/22 08:55:20 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/08/22 08:52:39 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2014/12/14 16:07:10 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/11/11 09:39:20 | 022,290,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/11/11 09:17:34 | 019,731,824 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014/10/29 10:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2014/10/29 09:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014/10/29 10:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %windir%\tasks\*.job >[/color]
[2015/02/24 17:56:19 | 000,000,704 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/02/09 19:08:32 | 000,000,708 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/02/23 20:12:39 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Uninstaller_SkipUac_侑央.job
[2015/02/24 18:25:01 | 000,000,368 | ---- | M] () -- C:\Windows\tasks\WpsUpdateTask_侑央.job
[color=#E56717]========== Drive Information ==========[/color]
Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: TOSHIBA DT01ACA100
Partitions: 2
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: USB
Media Type:
Model: Generic- Multi-Card USB Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 350.00MB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 931.00GB
Starting Offset: 368050176
Hidden sectors: 0
[color=#E56717]========== Base Services ==========[/color]
SRV:[b]64bit:[/b] - [2014/10/29 11:42:20 | 000,214,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:33 | 000,110,080 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:[b]64bit:[/b] - [2014/10/29 10:21:02 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:[b]64bit:[/b] - [2014/10/29 10:43:34 | 000,933,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:[b]64bit:[/b] - [2014/11/10 10:37:02 | 000,845,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV - [2014/10/29 10:01:27 | 000,046,592 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\keyiso.dll -- (KeyIso)
SRV:[b]64bit:[/b] - [2014/10/29 10:12:28 | 000,516,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2014/10/29 09:55:10 | 000,367,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:50 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:[b]64bit:[/b] - [2014/10/29 10:27:24 | 000,131,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:06 | 000,365,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2014/10/29 10:05:58 | 000,292,864 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:[b]64bit:[/b] - [2014/11/05 10:43:48 | 000,252,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:[b]64bit:[/b] - [2014/10/29 10:14:35 | 000,110,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (Eaphost)
SRV:[b]64bit:[/b] - [2014/10/29 11:44:23 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2014/10/29 10:59:46 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:07:58 | 000,452,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:[b]64bit:[/b] - [2014/10/29 10:08:58 | 000,397,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:[b]64bit:[/b] - [2014/10/29 10:01:45 | 000,706,048 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:[b]64bit:[/b] - [2014/10/29 10:22:44 | 000,071,168 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:[b]64bit:[/b] - [2014/10/29 09:51:03 | 000,266,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:[b]64bit:[/b] - [2014/12/06 10:41:58 | 000,391,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:29:16 | 000,028,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:[b]64bit:[/b] - [2014/10/29 11:45:24 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:[b]64bit:[/b] - [2014/11/04 14:01:49 | 000,827,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
No service found with a name of ProtectedStorage
No service found with a name of EMDMgmt
SRV:[b]64bit:[/b] - [2014/10/29 11:34:42 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:[b]64bit:[/b] - [2014/10/29 09:59:21 | 000,542,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:[b]64bit:[/b] - [2014/10/29 10:19:29 | 000,817,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:[b]64bit:[/b] - [2014/10/29 11:42:25 | 000,031,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:[b]64bit:[/b] - [2014/10/29 12:51:48 | 000,047,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:[b]64bit:[/b] - [2014/10/29 09:56:06 | 000,146,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:49 | 000,329,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:[b]64bit:[/b] - [2014/10/29 10:04:06 | 000,640,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2014/10/29 09:49:09 | 000,576,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:[b]64bit:[/b] - [2014/10/29 09:52:52 | 001,265,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:[b]64bit:[/b] - [2014/10/29 11:12:14 | 000,313,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2014/10/29 10:34:59 | 000,254,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:[b]64bit:[/b] - [2014/10/29 10:26:29 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:[b]64bit:[/b] - [2014/12/09 10:50:34 | 000,225,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:[b]64bit:[/b] - [2014/10/21 09:30:29 | 001,454,080 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:48 | 000,911,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (Audiosrv)
SRV:[b]64bit:[/b] - [2014/12/06 10:35:00 | 000,229,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
No service found with a name of SDRSVC
SRV:[b]64bit:[/b] - [2014/09/22 12:05:56 | 000,023,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:[b]64bit:[/b] - [2014/10/29 10:16:27 | 001,696,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (EventLog)
SRV:[b]64bit:[/b] - [2014/10/29 10:02:44 | 000,880,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:59:24 | 000,670,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:[b]64bit:[/b] - [2014/10/29 11:35:14 | 000,064,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2014/10/29 10:52:53 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:[b]64bit:[/b] - [2014/10/29 10:18:13 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:[b]64bit:[/b] - [2014/11/14 16:10:55 | 003,558,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:[b]64bit:[/b] - [2014/10/29 10:53:17 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:[b]64bit:[/b] - [2014/10/29 10:03:56 | 001,547,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (WlanSvc)
SRV:[b]64bit:[/b] - [2014/10/29 10:24:29 | 000,289,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 220 bytes -> C:\Users\侑央\OneDrive:ms-properties
< End of report >
-
13:もも:
2015/02/24 (Tue) 23:21:04
-
Extrasのログです。
OTL Extras logfile created on: 2015/02/24 22:49:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\侑央\Desktop\a
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17631)
Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd
7.92 Gb Total Physical Memory | 6.37 Gb Available Physical Memory | 80.47% Memory free
9.17 Gb Paging File | 7.42 Gb Available in Paging File | 80.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.17 Gb Total Space | 848.64 Gb Free Space | 91.14% Space Free | Partition Type: NTFS
Computer Name: DELL | User Name: 侑央 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\侑央\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Users\侑央\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
[color=#E56717]========== Security Center Settings ==========[/color]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0130C48C-00AA-47AF-85F9-A7C408ABE363}" = lport=138 | protocol=17 | dir=in | app=system |
"{16FC6B74-DA31-468D-AE8B-61EE77A795E0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{1C6333F5-75B7-40AD-81FB-60303760E583}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{205B32D0-5B35-449E-AE0C-59D7797A3556}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3212F4EA-908B-40F8-982C-7EBFBC014512}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{42D4FD8A-339B-4A1D-8F20-107BDE903E19}" = lport=54045 | protocol=17 | dir=in | app=c:\program files\logicool gaming software\lcore.exe |
"{4A027E8B-4503-47BF-852B-9795556297F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{537D35F6-DCBC-4996-8151-BB2F8B6C81BE}" = rport=139 | protocol=6 | dir=out | app=system |
"{6AB5A787-C69E-475C-9615-6EF6EC812D37}" = rport=445 | protocol=6 | dir=out | app=system |
"{741DB1E3-B9AD-4A43-ADB9-06765CD591D2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7AE0EB91-3F62-4D65-9CF0-F7FF9F64121C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D1B948B-8515-41E1-A759-292BE0767340}" = lport=139 | protocol=6 | dir=in | app=system |
"{89ED11FD-9E87-4BD5-A553-13E9511C30D7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8EA629D0-BE5C-48F5-9483-55E1125AAD00}" = lport=137 | protocol=17 | dir=in | app=system |
"{8F192036-0A37-4BDA-B1B7-387C044C10AE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{90A9879C-2835-45CA-B1C2-6D0883177058}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{93164DFD-CC40-487E-BEF2-8307462D2024}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9415BF4E-DE27-4325-A84A-D03D17703141}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ACEB50F6-5364-41BB-B82B-B474A104B83F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B17A31DB-A646-4B1E-BE30-43DAF8B29692}" = lport=445 | protocol=6 | dir=in | app=system |
"{D12DE0DC-D5EA-4A1E-836F-E8E6014CAEAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{D3BD611B-F8CC-4B32-BCA1-1209671BDC87}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6E5A81D-E5B0-4A3A-9925-F8036EB2B536}" = rport=138 | protocol=17 | dir=out | app=system |
"{D8928DDA-8B76-4861-A2C2-BE850DDCE820}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FBA0CF2D-5902-4E62-81DA-3E97E10FA451}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AAC18E-1581-4E06-8192-6272C75336C8}" = dir=out | name=google search |
"{02730296-7B9C-4895-816E-C12563C2F0B6}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxconfig.exe |
"{03463541-57FE-4317-8C06-338217E3336A}" = dir=out | name=@{microsoft.bingnews_3.0.4.213_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{03C7B5B2-5C3E-4F99-B6C8-65C1A0390E21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{05E71C18-9AFE-4A80-8299-086767E0868A}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxupdater.exe |
"{0C199BEF-0FD7-4D65-A458-99DF01EBE34F}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{0CC5CC33-4B15-40F8-96A8-7459F543C2EA}" = dir=out | name=amazon |
"{0CD6BA21-CE7D-4C69-9BA9-F58FAEFD906C}" = dir=out | name=@{microsoft.bingtravel_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{0CDD9AB2-B93F-467D-A9D0-ACAD0149D862}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{14419787-300A-47D3-839E-50DB356B28D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{15173087-55C4-48D9-850F-193344727C76}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{16135302-A4AC-47B0-A015-0D4278C3C4B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1A32BAB2-11A6-4F0B-AC2F-C9B0F6D874A8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1ACB2B90-FA91-4019-A3D5-313D080CA19D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EE35E0F-5777-471B-8758-8D4A8707F266}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxlauncher.exe |
"{22395C77-9CBF-48D9-8698-94BEE04227E9}" = dir=out | name=line |
"{25F2DEDD-99F2-4E70-94A3-F796775E4345}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{291866D7-D722-40FB-A92B-994A4A5913C2}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2F5B5D1F-CF41-4534-94F6-9A81D046905A}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxlauncher.exe |
"{3179A347-D07A-4B40-963B-DF13C2CBF35D}" = dir=out | name=@{microsoft.bingweather_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{31AAB025-D916-441C-9DF9-A4561F750050}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{324F8DDC-0D94-4400-8F47-6868C87C0078}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{339D9775-8B7E-4E08-885B-5149944DC4BC}" = dir=out | name=@{microsoft.zunevideo_2.6.314.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{3C0BDC9E-9C29-47D2-BA09-5B456E820457}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{3E86A8EA-D379-463D-A142-5E7BBE0BFCAC}" = dir=out | name=@{microsoft.bingnews_3.0.4.268_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} |
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn |
"{46030CEF-F882-45F0-845A-1AC7C38236CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4942B743-CC2D-4DFB-B5CE-62363A344AC8}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{50E99588-B096-4B27-B98A-8C65DB8B661C}" = dir=out | name=yahoo!天気・災害 |
"{5123BF57-C46D-4B9C-BF82-B8998E00AB82}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect |
"{56E8ABEA-AA2E-4583-AB3F-AB337021ABAB}" = dir=in | app=c:\users\侑央\appdata\local\microsoft\skydrive\skydrive.exe |
"{58C25E38-9E6D-4627-996B-61C3B06EFB84}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxconfig.exe |
"{58CA04CF-DA61-4970-9ACE-D65704304805}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxgame.exe |
"{5F2DA926-3EB2-470C-86D1-F23DC29286B3}" = dir=out | name=新版:英和辞典 |
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect |
"{61A8515D-A725-4581-A150-63590243D87A}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxboot.exe |
"{671C4CDB-D4F9-47DE-B8F8-85A6B2B9DE8A}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{678475BB-0601-4FAD-96DA-541416526F3C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{6BEE5627-EB74-4F10-8CAB-38DD7FD5C80F}" = dir=out | name=@{microsoft.zunemusic_2.6.653.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6EAF8CDB-7957-45D4-A1E4-6104735D9A0E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{73AC0E8E-E225-44A5-B1AF-9E34595F141A}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{78271E41-783A-4B78-B401-4936C4FD01BF}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{7D135E78-14B2-4D4D-851A-12E3CF7125E4}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivlauncher.exe |
"{7F8C3B09-D816-4ABE-9047-62C0482C7296}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxtitle.exe |
"{804BE4B8-82DA-4FE1-BAD6-69D8671D4CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{820D3C8F-E173-465C-86FE-127CF7D96A02}" = dir=out | name=@{microsoft.zunevideo_2.6.434.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{845952C2-FFF8-4A72-883F-4510CE541855}" = dir=out | name=skype |
"{878A9A99-725C-450E-9ADE-08D620A14DEF}" = dir=out | name=twitter |
"{886BB40B-7853-4A3F-9989-45AF865A57FC}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxgame.exe |
"{89A01B35-1E59-4B34-85FE-7F83AA8C01AC}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8C4DC221-1A19-41BA-A960-C984B4BD9052}" = dir=out | name=facebook |
"{8C826AA0-8A32-4666-899F-A0171DBBC42A}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{8DBCEDF8-EACC-4706-85AD-22C9A3E7CB6C}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxtitle.exe |
"{8F454CE8-794E-45A3-8F96-DE964735087E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{924C05DC-C7F6-4A17-81C0-B2B416576F64}" = dir=out | name=@{microsoft.bingsports_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{92D8707D-4C3C-448C-B2EE-4CB14D1B8FF1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95A129AA-51AB-47CC-9CB1-11D173D21542}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv - a realm reborn\boot\ffxivboot.exe |
"{9B907117-E84B-4107-8E69-223326F36C30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{A5CAB024-E3E4-45C3-B399-86939FA273EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A62F8CA6-A4D1-4769-8611-C6E9A48817C9}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxboot.exe |
"{A73CB9B4-3B6B-425C-9371-5B4DF085EDC9}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{A88D4CF0-0FF4-48C0-A5CB-8EB553300D1C}" = dir=out | name=@{microsoft.bingfinance_3.0.4.212_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{A89714F5-7879-4424-817D-A78812FDB4E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AC0838E4-CEA2-4755-B163-D28D2D891191}" = dir=out | name=@{microsoft.bingweather_3.0.4.214_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} |
"{AC91E784-5FAF-4F18-A672-A8351FAB7EAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AEE64CF5-FB6F-4B2F-890C-A14DE8F8B695}" = dir=out | name=putablecalc |
"{B0BCD2EE-0F9B-4F98-B15F-B5CE6F6341DC}" = dir=out | name=youtube emerald |
"{B1187997-F59D-4852-B71F-EE3DF5176399}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{B38903D0-CAA0-4155-98CE-95D7BCC21D85}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} |
"{B4EFCCB0-31AF-44B7-8050-90E07704BC8D}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.253_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} |
"{B4F33782-9610-49DF-A0C1-5EE842A1F031}" = protocol=6 | dir=out | app=system |
"{B66C422C-1D2E-4D55-AC35-F2942AEE78C3}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\km\kwikmedia.exe |
"{C11B57E6-50C4-43C6-ACA9-9ECA7062A4EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C2F4CFE0-EADB-465E-838F-D8BA75555E9D}" = protocol=6 | dir=in | app=c:\program files\logicool gaming software\lcore.exe |
"{C35E14CA-DB58-4602-A507-97AC8323567B}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} |
"{C3ACED41-415D-4369-ADE3-AFD15F0AC8F3}" = dir=out | name=skype |
"{C7FF4E64-1DD8-4940-9D21-9AAF4029866A}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxoffline.exe |
"{C8379696-9F45-4087-ACD6-AD7E7BEC67D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D16E6D47-1D4B-4644-96BB-3AA5BDA3AD1E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{D1D2BBD6-9019-42F5-BDF4-E04ABAAA5EBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D205FAFF-8FB2-431A-888D-08B68BF02CCB}" = dir=out | name=@{microsoft.bingsports_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} |
"{D40A6A00-57F4-4B5D-9656-FED35C5C433D}" = dir=in | name=skype |
"{D42ED4B8-4B63-4E55-A570-2C7C748B489C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn |
"{D8B8A3D2-1260-4308-9FAF-79706CAB176F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn |
"{DE8A8451-676D-43C4-8D40-8A6E504A3B6E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{DF2B8DA9-3408-4A55-B577-8ADFD0E06833}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EB4E3557-061E-42E2-B45D-F775A7B7D07C}" = dir=out | name=@{microsoft.bingtravel_3.0.4.303_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} |
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn |
"{F38CE930-2B4C-4FEB-9286-DB8FDE7296BD}" = dir=out | name=@{microsoft.bingfinance_3.0.4.298_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} |
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client |
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client |
"{F84857CC-11B9-47D3-B348-32BCB336599F}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\game\dqxoffline.exe |
"{F88E5E2B-28C0-4708-A97F-B7DC6FA4891A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F8EE42E6-4A01-44BE-8E04-34D478D2D6B5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{F943DB18-B6C5-4A12-A1D9-47DB2B20725D}" = dir=out | name=@{microsoft.zunemusic_2.6.320.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{FAE16D7D-EBCB-4030-BC0B-8C8F003F5AA1}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\dragon quest x\boot\dqxupdater.exe |
"{FB514529-2562-407A-A862-BEFABF068A6E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD58C4E5-3497-4DEB-AD2D-A9FB62D5C4D7}" = dir=in | name=skype |
"TCP Query User{73A1260E-8FF5-4209-BBF5-59B4BBC05BFF}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe |
"TCP Query User{EF4BF280-5239-442B-AFC1-077DF908B08F}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"TCP Query User{FED8BB8F-F848-42E0-A32D-A5411151511F}C:\program files\reflector\reflector.exe" = protocol=6 | dir=in | app=c:\program files\reflector\reflector.exe |
"UDP Query User{3A600187-47F8-4F95-B543-FAAC2C679F34}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{5F85CFA0-EFD6-4848-8AFA-0C6BBDE260BC}C:\program files\reflector\reflector.exe" = protocol=17 | dir=in | app=c:\program files\reflector\reflector.exe |
"UDP Query User{EBC5DAB0-7FAB-4071-9D5A-958CC138E340}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe |
-
14:もも:
2015/02/24 (Tue) 23:24:30
-
Extrasのログ2つ目です。
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B2C85A0-2B9E-4291-8B37-468D57503E98}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{25058321-C33E-496B-8915-6FD64D362CAF}" = Windows Live MIME IFilter
"{28791292-D18D-42FA-AE66-3D3D20AA8618}" = Apple Application Support(64 ビット)
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{5A1CD0BB-7E65-45DC-9A9A-682CE8B62AA4}" = Update for Japanese Microsoft IME Standard Dictionary
"{5ED7462B-EF58-4757-B609-53755021EC34}" = Apple Mobile Device Support
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{B5E06417-A4AC-4225-B36E-7E34C91616E7}" = Intel® Trusted Connect Service Client
"{B7CC660E-F31D-490C-BD2A-2CB2EC5A5E3A}" = Intel(R) Chipset Device Software
"{B939BFEB-824F-4456-A4EE-2B86ED04033D}" = Update for Japanese Microsoft IME Trending Words Dictionary
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logicool ゲーム ソフトウェア 8.57
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F9DB8C-65D7-4D47-AB5F-F698EE38580D}" = Windows Live UX Platform
"{024D6C9E-4775-421D-B0D0-D4F123687778}" = Windows Live Essentials
"{04BE4035-3C8E-4B48-BFB8-1655849C0C8B}" = Windows Live Writer
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{07AAB66E-4718-422D-9218-4AFB3C922A71}" = Photo Gallery
"{0BE9E708-5DC0-4963-9CFD-0AA519090E79}" = Junk Mail filter update
"{0D343606-1662-45F7-BB3B-F7FC068BA0C5}" = Nero 12 Kwik Burn Express Essentials
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{13E44DA9-FE06-4298-9179-BEF27214B47B}" = VirtualDJ 8
"{15015752-9990-4516-A2B1-93823281FB8E}" = Update for Japanese Microsoft IME Postal Code Dictionary
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1D6432B4-E24D-405E-A4AB-D7E6D088CBC9}" = Windows Live Photo Common
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83218031F0}" = Java 8 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}" = FINAL FANTASY XIV - A Realm Reborn
"{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}" = Apple Application Support(32 ビット)
"{300DCC8E-BE61-4FB5-B9D8-FDA19E3AAA38}" = ドラゴンクエストX オンライン
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{41C61308-6CFD-4D54-AB6A-7136ED08A18E}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{52D7E962-5F17-4D7E-858F-956EB09A5CB8}" = Windows Live Writer
"{5E848897-1113-49FE-8FCE-D4BF39EDE254}" = Windows Live UX Platform Language Pack
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{659CB81C-B54E-4DF1-B618-F35777393A54}" = Windows Live Installer
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6B1BB7E3-CF20-4842-B1FE-42C251B95E98}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{714E162E-CD4F-4F1B-8302-7F5179409C25}" = Windows Live Writer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}" = Update for Japanese Microsoft IME Standard Extended Dictionary
"{7DB71278-9AD7-4480-AB08-8649C5010B17}" = Update for Japanese Microsoft IME Standard Dictionary
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA12696-D38C-44DD-96E5-12C8DF6F8230}" = Windows Live Writer Resources
"{97E3AE69-8FB1-496A-8CA0-AE491902DCD7}" = Movie Maker
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-0804-1033-1959-001802114130}" = Adobe Refresh Manager
"{AC76BA86-7AD7-1041-7B44-AB0000000001}" = Adobe Reader XI (11.0.10) - Japanese
"{B2611F8A-EFE7-4E88-875D-19F0EFAE87E4}" = Windows Live PIMT Platform
"{B775C26B-EAA8-4A11-ACBF-76E52DF6B805}" = Windows Live Mail
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C8FEB019-F2E1-4E8F-886E-AB5C68FE531C}" = Windows Live メール
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CDC1AB00-01FF-4FC7-816A-16C67F0923C0}" = Windows Live SOXE
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1893000-EA77-493C-8DDD-E262436E959B}" = Windows Live SOXE Definitions
"{D6D69EE4-00F6-4DCE-B7AF-E90042BDE39B}" = フォト ギャラリー
"{DD67BE4B-7E62-4215-AFA3-F123A800A389}" = Movie Maker
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e48a2f61-851a-4155-82f9-af1b04db8c3b}" = インテル® チップセット デバイス ソフトウェア
"{E703613B-BDAB-433E-A66A-DE0263E3D35D}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3A02708-5138-4F72-907F-0546B5630C18}" = PLDS OEM Content
"{F3BB7E2D-62E0-4008-8727-588EDC274C25}" = Photo Common
"ApplicationManager" = ApplicationManager 2011.4.27.209
"Google Chrome" = Google Chrome
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"IObitUninstall" = IObit Uninstaller
"Kingsoft Office" = Kingsoft Office 2013 (9.1.0.4840)
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.4.1028
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"RPGVXAce_RTP_is1" = RPGツクールVX Ace RTP
"WinLiveSuite" = Windows Live Essentials
[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]
[HKEY_USERS\S-1-5-21-626598575-2212014049-1334464977-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2015/02/24 5:32:35 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2015/02/24 5:32:35 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4688
Error - 2015/02/24 5:32:35 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4688
Error - 2015/02/24 5:32:36 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2015/02/24 5:32:36 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5891
Error - 2015/02/24 5:32:36 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5891
Error - 2015/02/24 5:32:37 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 2015/02/24 5:32:37 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7047
Error - 2015/02/24 5:32:37 | Computer Name = DELL | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7047
Error - 2015/02/24 9:50:33 | Computer Name = DELL | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = 暗号化サービスで、システム ライター オブジェクトで OnIdentity() の呼び出しを処理中にエラーが発生しました。 Details:
AddLegacyDriverFiles:
Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System
Error: アクセスが拒否されました。 。
[ System Events ]
Error - 2015/02/24 4:23:41 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:27:43 | Computer Name = DELL | Source = Service Control Manager | ID = 7001
Description = Network Location Awareness サービスは、次のエラーが原因で開始できなかった DHCP Client サービスに依存しています:
%%1068
Error - 2015/02/24 4:27:43 | Computer Name = DELL | Source = Service Control Manager | ID = 7001
Description = Network List Service サービスは、次のエラーが原因で開始できなかった Network Location Awareness
サービスに依存しています: %%1068
Error - 2015/02/24 4:27:43 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:27:59 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:37:59 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:47:59 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:55:18 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 4:55:18 | Computer Name = DELL | Source = DCOM | ID = 10005
Description =
Error - 2015/02/24 9:34:14 | Computer Name = DELL | Source = BTHUSB | ID = 327697
Description = ローカルの Bluetooth アダプターは不明なエラーが発生したため、使用されません。ドライバーはアンロードされました。
< End of report >
-
15:悪代官@鳥頭
:
2015/02/25 (Wed) 18:15:20
-
作業と報告、ご苦労様です。
OTLログを見たところ、まだ怪しいものが残ってました。
今度はこれらをOTLで処置しましょう。
このレスの最後にスクリプトを貼っておくので、それを丸ごとコピーして、それをWindowsのメモ帳ファイルに貼り付けて保存しておいてください。
用意できたらPCをまたセーフモードで再起動してOTL起動してください。
起動したらOTLのウインドウ下部にスクリプトを貼り付けて、今度は「Run fix」(赤字のボタン)を押してください。
これでOTLでの処置が開始されます。
しばらく待って処置ができたらPCを通常モードで再起動すると、またOTLのログが出るはずなので、それを保存してから、しばらく様子見の後、OTLのログとともに状態報告をレスください。
OTLのスクリプトは以下になります。破線(-----)を含まない箇所を丸ごとコピーして、それをOTLに貼って作業してください
------------------------------------------
:OTL
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=DCJB
IE - HKLM\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
IE - HKU\S-1-5-21-626598575-2212014049-1334464977-1002\..\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}: "URL" = http://search.yahoo.co.jp/search?fr=sb-kingbrw1&ei=UTF-8&p={searchTerms}
[2015/02/09 20:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\{5230ce9c-0b01-a6ba-5230-0ce9c0b03a70}
[2015/02/09 20:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{1347db22-75bc-1cb6-1347-7db2275b6c89}
[2015/02/03 23:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
:Files
C:\ProgramData\{5230ce9c-0b01-a6ba-5230-0ce9c0b03a70}
C:\ProgramData\{1347db22-75bc-1cb6-1347-7db2275b6c89}
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
[reboot]
------------------------------------------
-
16:もも:
2015/02/25 (Wed) 21:49:21
-
こんばんわ、ももです。調査及び分析ご苦労様です。
早速ですが、現状報告です。
前回に引き続きWEBの怪しい広告は出ず、いきなりDMMの広告も出ません。
最後に、OLTのログを貼ります。
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ not found.
Registry key HKEY_USERS\S-1-5-21-626598575-2212014049-1334464977-1002\Software\Microsoft\Internet Explorer\SearchScopes\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A95DC8F-4A6D-4938-B715-50B59B516306}\ not found.
C:\ProgramData\{5230ce9c-0b01-a6ba-5230-0ce9c0b03a70} folder moved successfully.
C:\ProgramData\{1347db22-75bc-1cb6-1347-7db2275b6c89} folder moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64\x64 folder moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7\x64 folder moved successfully.
C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 folder moved successfully.
File rity] not found.
File sethosts] not found.
File ptytemp] not found.
File eaterestorepoint] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 02252015_211406
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
以上
-
17:悪代官@鳥頭
:
2015/02/25 (Wed) 22:05:22
-
作業と報告、ご苦労様です。
処置後のログを見たところ、OTLでの処置はできてますね。
ではOTLももういいので、準備時の説明に沿って片付けてください。
現在特に異常は出てないようなので、そのまま様子見にはいりましょう。
1週間の間普通にPCを使いながら様子見して、そのあとまたHJTとインストール情報ログと、CCでの各タブのログを取り直して、それらを様子見中の状態報告とともにレスください。
この時点でログにも状態にも異常でなくなっていれば「解決」に持って行けるかと思いますが、何か異常出たら1週間待たずにいいのでそこで報告ください
-
18:もも:
2015/03/05 (Thu) 22:13:26
-
https://bbs7.fc2.com//bbs/img/_767500/767497/full/767497_1425561206.png
ももです。遅れてしまい申し訳ありません。
1週間IEを使っていて特に異常は見られませんでした。
次にログを貼ろうと思うのですが、HJTを起動すると上の画像になります。そのあとにどうやってログをとればいいのかわかりません。
なのでCCのログだけ貼ります。
windowsのログです。
有効 HKCU:Run ApplicationManager Kingsoft Corp. Ltd. C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
有効 HKCU:Run CCleaner Monitoring Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
有効 HKLM:Run HotKeysCmds "C:\Windows\system32\hkcmd.exe"
有効 HKLM:Run IgfxTray Intel Corporation - pGFX "C:\Windows\system32\igfxtray.exe"
有効 HKLM:Run iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
有効 HKLM:Run Launch LCore Logitech Inc. C:\Program Files\Logicool Gaming Software\LCore.exe /minimized
有効 HKLM:Run PDVD9LanguageShortcut CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
有効 HKLM:Run Persistence "C:\Windows\system32\igfxpers.exe"
有効 HKLM:Run RemoteControl9 CyberLink Corp. "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
有効 HKLM:Run RtHDVBg Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX4
有効 HKLM:Run RtHDVBg_PushButton Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM
有効 HKLM:Run RTHDVCPL Realtek Semiconductor "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
IEのログです。
無効 Extension Send by Bluetooth to Qualcomm®Atheros® C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
無効 Extension このコンテンツを引用 Microsoft Corporation C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
有効 Helper CIESpeechBHO Class Qualcomm®Atheros® C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
有効 Helper ExplorerWnd Helper IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
有効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Helper Google Toolbar Helper Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Helper Java(tm) Plug-In 2 SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
有効 Helper Java(tm) Plug-In SSV Helper Oracle Corporation C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
有効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
有効 Helper Norton Identity Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
無効 Helper Norton Vulnerability Protection Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
有効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
有効 Toolbar Google Toolbar Google Inc. C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
有効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
有効 Toolbar Norton Toolbar Symantec Corporation C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll
Firefoxのログです。
有効 Plugin Adobe Acrobat 11.0.10.32 Adobe Systems Inc. default C:\Program Files (x86)\Adobe\Reader 11.0\Reader\browser\nppdf32.dll
有効 Plugin Google Earth Plugin 7.1.2.2041 Google default C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
有効 Plugin Google Update 1.3.25.11 default C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
有効 Plugin Intel® Identity Protection Technology 4.0.5.0 Intel Corporation default C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
有効 Plugin iTunes Application Detector 1.0.1.1 Apple Inc. default C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
有効 Plugin Java Deployment Toolkit 8.0.310.13 11.31.2.13 Oracle Corporation default C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npdeployJava1.dll
有効 Plugin Java(TM) Platform SE 8 U31 11.31.2.13 Oracle Corporation default C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll
有効 Plugin Nero Kwik Media Helper 1.1.2.0 Nero AG default C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
有効 Plugin Photo Gallery 16.4.3528.331 Microsoft Corporation default C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
有効 Plugin Silverlight Plug-In 5.1.30514.0 Microsoft Corporation default c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll
スケジュールされたタスクのログです。
有効 Task Adobe Acrobat Update Task Adobe Systems Incorporated C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
有効 Task CCleanerSkipUAC Piriform Ltd "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
有効 Task GoogleUpdateTaskMachineCore Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
有効 Task GoogleUpdateTaskMachineUA Google Inc. C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
有効 Task Microsoft OneDrive Auto Update Task-S-1-5-21-626598575-2212014049-1334464977-1002 Microsoft Corporation %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
無効 Task Optimize Start Menu Cache Files-S-1-5-21-626598575-2212014049-1334464977-1001
無効 Task Optimize Start Menu Cache Files-S-1-5-21-626598575-2212014049-1334464977-1002
有効 Task Uninstaller_SkipUac_侑央 IObit C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
有効 Task WpsUpdateTask_侑央 Zhuhai Kingsoft Office Software Co.,Ltd C:\Program Files (x86)\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe -from=task
コンテキストメニューのログです。
有効 Directory IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Drive Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll"
有効 File Atheros Atheros Commnucations C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll
有効 File FTShellContext Qualcomm®Atheros® C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll
有効 File IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 File MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 File Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll"
有効 Folder IObitUnstaler IObit C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight64.dll
有効 Folder MBAMShlExt Malwarebytes Corporation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll
有効 Folder Symantec.Norton.Antivirus.IEContextMenu Symantec Corporation "C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\NavShExt.dll"
以上
-
19:悪代官
:
2015/03/05 (Thu) 22:17:13
-
こんばんは。
>HJTを起動すると上の画像になります。そのあとにどうやってログをとればいいのかわかりません。
はい、ではその画面で下段の「Main menu」を押してから、次の画面で上から2段目の「Do a system scan only」を押してください。
それでスキャンになるはずです
-
20:もも:
2015/03/07 (Sat) 12:13:10
-
こんにちはももです。
早速HJTのログを貼ります。
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:10:07, on 2015/03/07
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Users\侑央\Desktop\a\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKCU\..\Run: [ApplicationManager] C:\Users\侑央\AppData\Roaming\ApplicationManager\bin\ApplicationManager.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour サービス (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update サービス (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update サービス (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod サービス (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8535 bytes
以上
-
21:悪代官
:
2015/03/07 (Sat) 19:27:47
-
作業と報告、ご苦労様です。
HJTログも見せてもらいました。
こちらではいまのところおかしなものは見えないので、あとひとつインストール情報ログもとってから、それもレスで見せてください
-
22:もも:
2015/03/07 (Sat) 19:51:36
-
ももです。いきなり恐れ入りますが、「あとひとつインストール情報ログ」とはどういう意味ですか。
申し訳ありません、無知で。
-
23:悪代官
:
2015/03/07 (Sat) 21:16:12
-
>「あとひとつインストール情報ログ」とはどういう意味ですか
はい、インストール情報ログは最初の投稿時にHJTとともに見せてもらった、もう一つのログです。
CCを使って最初の要領でインストール情報ログを取り直して、それをレスで見せてください
-
24:もも:
2015/03/07 (Sat) 21:58:11
-
こんばんは。ももです。
早速インストール情報のログを貼ります。
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 206 MB 11.0.10
Apple Application Support(32 ビット) Apple Inc. 2015/02/25 94.2 MB 3.1.2
Apple Application Support(64 ビット) Apple Inc. 2015/02/25 107 MB 3.1.2
Apple Mobile Device Support Apple Inc. 2015/02/25 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2014/10/24 2.38 MB 2.1.3.127
ApplicationManager 2011.4.27.209 kingsoft 2015/02/26 2011.4.27.209
Bonjour Apple Inc. 2014/10/24 2.00 MB 3.0.0.10
CCleaner Piriform 2015/02/22 5.02
CyberLink PowerDVD 9.5 CyberLink Corp. 2014/09/29 135 MB 9.5.1.6523
Dell WLAN and Bluetooth Client Installation Dell Inc. 2014/10/02 10.0
FINAL FANTASY XIV - A Realm Reborn SQUARE ENIX CO., LTD. 2015/01/10 1.0.0000
Google Earth Google 2014/11/08 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 2015/03/05 7.5.6227.252
Intel(R) Management Engine Components Intel Corporation 2014/10/02 9.5.23.1766
Intel(R) Processor Graphics Intel Corporation 2015/01/16 10.18.10.3960
IObit Uninstaller IObit 2015/02/20 4.2.6.2
iTunes Apple Inc. 2015/02/25 234 MB 12.1.1.4
Java 8 Update 31 Oracle Corporation 2015/01/22 74.0 MB 8.0.310
Kingsoft Office 2013 (9.1.0.4840) Kingsoft Corp. 2015/02/26 9.1.0.4840
Logicool ゲーム ソフトウェア 8.57 Logicool 2014/12/25 110 MB 8.57.145
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2015/02/24 19.3 MB 1.75.0.1300
Malwarebytes Anti-Malware version 2.0.4.1028 Malwarebytes Corporation 2015/02/24 57.3 MB 2.0.4.1028
Microsoft OneDrive Microsoft Corporation 2014/10/31 29.3 MB 17.3.1229.0918
Microsoft Silverlight Microsoft Corporation 2015/01/16 50.7 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2014/10/26 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/10/26 3.22 MB 8.0.61001
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/02/26 20.5 MB 11.0.61030.0
Nero 12 Kwik Burn Express Essentials Nero AG 2014/09/29 628 MB 12.1.00200
Norton Internet Security Symantec Corporation 2015/02/26 21.6.0.32
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/10/02 6.0.1.7016
RPGツクールVX Ace RTP Enterbrain 2014/12/27 194 MB 1.00
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/10/29 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/21 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/09/25 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/21 17.0 KB 16.0.1016.1
VirtualDJ 8 Atomix Productions 2015/01/16 55.5 MB 8.0.2094.0
Windows Live Essentials Microsoft Corporation 2014/10/26 16.4.3528.0331
ドラゴンクエストX オンライン SQUARE ENIX CO., LTD. 2014/12/28 1.0.1.0
以上
-
25:悪代官
:
2015/03/07 (Sat) 22:12:10
-
インストール情報ログも見せてもらいました。
ではちょっと作業をお願いします。
下記は現在最新になってないので、使うなら最新版に更新してください。
>Java 8 Update 31 Oracle Corporation 2015/01/22 74.0 MB 8.0.310
これの最新は現在8-40です。
更新できたら再度インストール情報ログだけ取り直してから、それをまた見せてください。
Javaが不要ならアンインストールしておくのがむしろ安全ですが
-
26:もも:
2015/03/07 (Sat) 23:24:16
-
こんばんはももです。
javaはあまり使わないと思ったのでIUでアンインストールしました。
一応インストール情報ログを貼っておきます。
Adobe Reader XI (11.0.10) - Japanese Adobe Systems Incorporated 2014/12/11 206 MB 11.0.10
Apple Application Support(32 ビット) Apple Inc. 2015/02/25 94.2 MB 3.1.2
Apple Application Support(64 ビット) Apple Inc. 2015/02/25 107 MB 3.1.2
Apple Mobile Device Support Apple Inc. 2015/02/25 27.9 MB 8.1.1.3
Apple Software Update Apple Inc. 2014/10/24 2.38 MB 2.1.3.127
ApplicationManager 2011.4.27.209 kingsoft 2015/02/26 2011.4.27.209
Bonjour Apple Inc. 2014/10/24 2.00 MB 3.0.0.10
CCleaner Piriform 2015/02/22 5.02
CyberLink PowerDVD 9.5 CyberLink Corp. 2014/09/29 135 MB 9.5.1.6523
Dell WLAN and Bluetooth Client Installation Dell Inc. 2014/10/02 10.0
FINAL FANTASY XIV - A Realm Reborn SQUARE ENIX CO., LTD. 2015/01/10 1.0.0000
Google Earth Google 2014/11/08 180 MB 7.1.2.2041
Google Toolbar for Internet Explorer Google Inc. 2015/03/05 7.5.6227.252
Intel(R) Management Engine Components Intel Corporation 2014/10/02 9.5.23.1766
Intel(R) Processor Graphics Intel Corporation 2015/01/16 10.18.10.3960
IObit Uninstaller IObit 2015/02/20 4.2.6.2
iTunes Apple Inc. 2015/02/25 234 MB 12.1.1.4
Kingsoft Office 2013 (9.1.0.4840) Kingsoft Corp. 2015/02/26 9.1.0.4840
Logicool ゲーム ソフトウェア 8.57 Logicool 2014/12/25 110 MB 8.57.145
Malwarebytes Anti-Malware version 1.75.0.1300 Malwarebytes Corporation 2015/02/24 19.3 MB 1.75.0.1300
Malwarebytes Anti-Malware version 2.0.4.1028 Malwarebytes Corporation 2015/02/24 57.3 MB 2.0.4.1028
Microsoft OneDrive Microsoft Corporation 2014/10/31 29.3 MB 17.3.1229.0918
Microsoft Silverlight Microsoft Corporation 2015/01/16 50.7 MB 5.1.30514.0
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 2014/10/26 1.92 MB 3.1.0000
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 2014/10/26 3.22 MB 8.0.61001
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 13.8 MB 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 2014/10/02 15.0 MB 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Corporation 2015/02/26 20.5 MB 11.0.61030.0
Nero 12 Kwik Burn Express Essentials Nero AG 2014/09/29 628 MB 12.1.00200
Norton Internet Security Symantec Corporation 2015/02/26 21.6.0.32
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 2014/10/02 6.0.1.7016
RPGツクールVX Ace RTP Enterbrain 2014/12/27 194 MB 1.00
Update for Japanese Microsoft IME Postal Code Dictionary Microsoft Corporation 2014/10/29 7.60 MB 16.0.1171.1
Update for Japanese Microsoft IME Standard Dictionary Microsoft Corporation 2014/10/21 34.8 MB 15.0.1215
Update for Japanese Microsoft IME Standard Extended Dictionary Microsoft Corporation 2014/09/25 11.5 MB 15.0.1215
Update for Japanese Microsoft IME Trending Words Dictionary Microsoft Corporation 2014/10/21 17.0 KB 16.0.1016.1
VirtualDJ 8 Atomix Productions 2015/01/16 55.5 MB 8.0.2094.0
Windows Live Essentials Microsoft Corporation 2014/10/26 16.4.3528.0331
ドラゴンクエストX オンライン SQUARE ENIX CO., LTD. 2014/12/28 1.0.1.0
以上
-
27:悪代官
:
2015/03/08 (Sun) 07:42:48
-
おはようございます。
>javaはあまり使わないと思ったのでIUでアンインストールしました。
はい、それがいいでしょう。
ログを見たところ他には問題点は見えませんね。
では「解決」でいいでしょう。
作業に使ったツール類は準備時の説明に沿って片付けていいです。
以後の再被害を防ぐための自衛も忘れないでください。
ブラウザの設定を少し固めるだけでも、セキュリティ上の効果を高めることが可能です。
「インターネットオプション」→「プライバシー」→「詳細設定」と開いて、「自動cookie処理」と「サードパーティのcookieをブロック」にチェックして「適用」して「OK」。
これをやっておくと、多くの危険サイトからの保護にかなり有効です。
が、これもすべての危険サイトに有効でもないし、本物の危険サイトではこの程度ではまったく太刀打ちできないので、過信はしないこと。
また、「すべてのcookieをブロックする」設定にすると、プロバイダのメールボックスなどログイン必要なページに入れなくなる弊害も出るので、これは状況を考えて使い分けるといいでしょう。
安全なサイトでもcookieブロックだと閲覧や投稿ができなくなるところもあるのでこれも注意。
次に、アンチウイルスやファイアウォール等のセキュリティソフトの使い方も注意してください。
セキュリティソフトはただ入れてさえいればそれだけでフル機能を発揮するものではありません。
設定と機能をできるだけ把握して、正しく使うことが重要です。
間違った使い方すると、本来ならブロックできた感染でもあっさりスルーします。
また、いくら高性能なセキュリティソフトがあっても、ユーザーが自分から危険なサイトやファイルにアクセスしてたらまったく保護もできません。
セキュリティソフトは使い方次第でその性能を、倍にも半にも無にも変動させます。
そして百聞は一見にしかず。
現在この掲示板で継続中や解決済みの他スレもできるだけ見ておくことをおすすめします。
同様、類似、別種含めて参考になる部分は多いでしょう。
このところ相談者さん激増や回答者の体調不良等で細かい箇所まで案内できなくてすみませんが、他の各スレも参考にしながらひとつずつPC環境とセキュリティ意識を再構築していってください。
お疲れ様でした。
以後は安全で快適なPCライフを
-
28:もも:
2015/03/10 (Tue) 18:23:53
-
ももです。悪代官さん及びIVNOさん約2週間本当にありがとうございました。
自分のくだらない質問にも回答いただいたりなど何よりこんなPCについて無知に等しいくらいの自分に何から何まで教えていただき誠に感謝しております。
お世話になりました。